PRIVACY POLICY

Information on the processing of personal data - Jojob Real Time Carpooling application

(pursuant to Article 13 of the GDPR)

DATA OF THE OWNER OF THE TREATMENT

Name: Bringme Srl Benefit Company
P.IVA: 10979400016
Registered office: Via Pier Carlo Boggio, 59 – 10138 Turin

Bringme Srl Società Benefit (hereinafter, “Owner”, “Bringme” or “Jojob”), as data controller (“Owner”), informs you pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the following purposes:

1. Object of the Treatment

The Data Controller processes the identification data communicated by you during the registration and access to the services of the “Jojob” application (for example: name, surname, address, telephone, profile picture, e-mail, date of birth, of the interested party, data relating to the vehicle, etc.) – hereinafter, “personal data” or also “Data” and usage data generated indirectly through the use of the application. The payment data of the interested party may also be processed on the application through the MangoPay service (the data will not be processed and/or stored directly by the Data Controller).

The “Jojob” app is able to track the user’s device by saving the so-called “universal unique identifier” (UUID) and the operating system for statistical analysis purposes and to store your preferences.

2. Purpose and legal basis of the processing

Your personal data is processed for the following purposes:

a) allow the user to use and interact with the application;

b) send the user messages and communications strictly functional to guarantee interaction with the application (for example: registration confirmation email, password recovery email, etc.);

c) allow the user to interact with other users of the platform in the manner defined by the Terms and Conditions of the service: https://www.jojobrt.com/terms-and-conditions/?lang=en

d) process the user’s payments and collections through the MangoPay payment service provider (the payment data are processed by the MangoPay service provider as data processor and are not kept by the Owner);

e) allow the user to benefit from any promotional initiatives such as: cashback and gift cards;

f) fulfill the pre-contractual, contractual, accounting and tax obligations deriving from existing relationships with the user;

g) fulfill the obligations established by law, by a regulation, by European legislation or by an order of the Authority;

h) acquire statistics and metrics aimed at ensuring the correct functioning of the application;

i) manage user requests;

j) exercise the rights of the Owner (for example the right of defense in court);
The legal bases of the treatments listed above are as follows:
▪ in relation to the purposes a), b), c), d), e), f) and i) the processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same;
▪ in relation to the purposes f) and g) the processing is necessary to fulfill a legal obligation to which the data controller is subject.
▪ With regard to the purposes h) and j), the legal basis is the Legitimate interest of the Data Controller, or that of monitoring the correct functioning of the application and exercising the rights of the Data Controller such as defense in court.
The provision of data for the purposes listed above is mandatory. In case of failure to communicate the Data, it will not be possible for the Owner to allow you to use the Jojob application.
Furthermore, your Data may be processed only with your specific and distinct consent (Article 7 of the GDPR), for the following purposes:
k) Send the user emails, communications and push notifications containing promotional content, etc.
The provision of Data for Marketing Purposes is free and optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing Data already provided: in this case, you will not be able to receive offers relating to the Products and Services offered by the Owner. You can withdraw your consent to data processing at any time without prejudice to the lawfulness of the processing based on the consent before the withdrawal.

3. Duration of treatment

Personal data will be kept for the time necessary to fulfill the purposes indicated in this statement.
In particular, the Data Controller will keep for ten years, as required by the Civil Code, a copy of correspondence with legal and commercial relevance (including information relating to transactions).
If a user does not interact with the application for a period exceeding 18 months, his profile will be deleted and all personal data will be eliminated through anonymization procedures (only anonymous statistics will be kept).
The logs generated by user actions on the platform are kept for a period of 18 months.
In some cases, the user’s personal data may finally be kept for the time necessary to guarantee the defense in court or to prosecute any abuse in the use of this application.


The user’s location data is used, subject to the user’s permission, solely to be able to deliver the service the user has signed up for. The data is neither shared nor shown to third parties, used exclusively for the purpose of delivering the requested service. These data are kept for a period of 30 days, after this period, they are automatically deleted.

4. Data communication

User data will not be disclosed but may be made accessible, where necessary for the provision of services or by law:
▪ to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons authorized to process personal data and/or system administrators;
▪ to third-party companies or other subjects who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors;
▪ to other users of the platform, in the cases provided for by the Terms and Conditions of the Service;
The Data Controller may communicate your data for the purposes referred to in art. 2. to supervisory bodies, judicial authorities, public bodies to which it is mandatory to communicate the data, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the aforementioned purposes.
The Data Controller lists below the main managers and sub-managers employed for the correct functioning of the application:

5. Permissions requested by the application

To allow you to use the “Jojob” app, we ask for the following permissions (consent is requested via pop-up within the application):

Authorization Scope
Push notifications
Allow the User to receive notifications from the app.
Camera
1. Allow the User to take a photo and use it as a profile picture.

2. Allow the user to scan the QR code to certify specific trips.
Image Gallery
Allow the User to select a photograph from their image gallery and use it as a profile picture.
Position
The application may need to detect the user's GPS position for the sole purpose of measuring the distances traveled through the different mobility alternatives. This detection takes place with a sampling of the position.

Detection occurs when one of two events occurs:
- moving more than 50 metres;
- 120 seconds after the last acquired point.
Mobile Phone
Allow to verify the actual possession of the telephone number indicated in registration by the user by sending a code via sms
Physical activity
Record the User's alternative mobility methods (for example: use of the bicycle).

6. Data Transfer

Personal data is stored on servers located within the European Union, owned by the Data Controller and by third-party companies appointed and duly appointed as Data Processors.

The Data Controller may transfer certain categories of User data to third countries with respect to the European Union. The data will be transferred exclusively to countries deemed adequate by the European Commission or to companies that meet the guarantees provided by the articles 44 – 50 of the GDPR.

7. Rights of the interested party

In relation to the data processing described therein, you may exercise the rights provided for by the GDPR (articles 15-22), including:
a. receive confirmation of the existence of the Data and access their content (access rights);
b. update, modify and/or correct the Data (right to rectification);
c. request the cancellation or limitation of the processing of Data processed in violation of the law including those whose retention is unnecessary in relation to the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to limitation);
d. oppose the treatment (right of opposition);
e. propose a complaint to the Supervisory Authority (Guarantor for the protection of personal data www.garanteprivacy.it) in the event of a violation of the regulations on the protection of personal data;
f. receive an electronic copy of the Data concerning him as an interested party, when such Data have been returned in the context of the contract and request that such Data be transmitted to another data controller (right to data portability).

8. Processing of Data of Minors

In Italy, to use the Services you must be at least 18 years old.
We do not knowingly collect information from children under the age of 18. If we discover that a child under the age of 18 has provided us with your personal data, we will delete the information collected. If you know of any user using the Services who are under the age required to use it, please contact us at: [email protected]

9. How to exercise the rights and contact details of the Data Controller

The Data Controller is:
Bringme Srl Benefit company with registered office in Via Pier Carlo Boggio, 59 – 10138 Turin

You can exercise your rights at any time by sending:
▪ a registered letter with return receipt to: Bringme Srl Società Benefit with registered office in Via Pier Carlo Boggio, 59 – 10138 Turin
▪ an email to the address: [email protected]

10. Contact details of the Personal Data Protection Officer (RPD or DPO)

Bringme’s Data Protection Officer (RPD or DPO) can be contacted by writing an email to the following address: [email protected]

11. Information not contained in this Policy

Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact information.

12. Changes to this Policy

This information may be subject to changes. We therefore recommend that you regularly check the updated version of this Policy in the “Profile” section within the app.

Version updated on 10/20/2022