Privacy Policy - JojobRT

PERSONAL DATA PROCESSING NOTICE FOR THE USER

This notice is provided pursuant to Art. 13 of Regulation (EU) 2016/679 concerning the protection of natural persons with regard to the processing of personal data of the User.

Versione 3.0 updated on 10/23/2025

DATA CONTROLLER

Bringme S.r.l. Società Benefit

VAT number: IT10979400016

egistered office: Via Pier Carlo Boggio, 59, 10138 Turin (TO)

e-mail: [email protected]

DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) is Argo Business Solutions Srl, reachable for any matters at the following email address: [email protected].

SOURCE AND TYPE OF DATA PROCESSED

The categories of data processed are:
Identification data provided by the Data Subject during registration and access to the “Jojob” application services (for example: first and last name, address, phone number, profile picture, email, date of birth, travel routes, vehicle-related data, etc.)
Usage data generated through the use of the application (e.g., GPS location)
Device-related data, including the operating system, collected via the “universally unique identifier” (UUID), for statistical analysis and storing the user’s preferences

A minimum age of 18 is required to use the Services. The Data Controller does not knowingly collect information from individuals under 18 years of age. If it discovers that a minor under 18 has provided personal data, such information will be deleted. If you are aware of any user under the minimum required age using the Services, please contact the Data Controller at: [email protected].

PURPOSES OF PROCESSING

To allow the user to use and interact with the application, which also includes GPS location tracking.

As part of the interaction with the platform, messages and communications strictly necessary to ensure the use of the application may be sent to the user (for example: registration confirmation emails, password recovery emails, etc.) and in response to specific requests made by the user.

2. To allow the user to interact with other users on the platform in the manner defined by the Terms and Conditions of Service: https://www.jojobrt.com/termini_e_condizioni

3. To allow the user to benefit from any promotional initiatives, such as cashback and gift cards.

4. To fulfill pre-contractual, contractual, accounting, tax, and legal obligations arising from relationships with the user.

5. To collect statistics and metrics aimed at ensuring the proper functioning of the application.

6. To exercise the rights of the Data Controller (e.g., the right of legal defense, pursuing any misuse of the application).

7. To send the User emails, promotional communications, and push notifications containing commercial offers, promotional content, etc.

LEGAL BASIS

Processing necessary for the performance of a contract to which the Data Subject is a party or for the implementation of pre-contractual measures taken at the Data Subject’s request (Art. 6(b) GDPR).
Exclusively regarding the Data Subject’s location, explicit consent (Art. 6(a) GDPR) obtained via in-app pop-up.

Compliance with the legal obligations to which the Data Controller is subject (Art. 6(c) GDPR).

Legitimate interest of the Data Controller (Art. 6(f) GDPR) – i.e., to monitor the proper functioning of the application.

Legitimate interest of the Data Controller (Art. 6(f) GDPR).

Explicit consent of the Data Subject (Art. 6(a) GDPR).

RETENTION PERIODS

If a user does not interact with the application for a period exceeding 18 months, their profile will be deleted and all personal data will be erased through anonymization procedures (only anonymous statistics will be retained).

Logs generated by the user’s actions on the platform are retained for a period of 18 months.

10 years regarding correspondence of legal and commercial relevance.

Retained for the period necessary to achieve the specified purpose.

For the duration of any litigation, or until the expiration of appeal periods.

Retained until the Data Subject withdraws consent, and in any case for a period not exceeding 10 years from the moment the Data was collected.

To allow the user to use the “Jojob” app, specific permissions are also required (consent is requested via a pop-up within the application). The complete list is provided in ANNEX A.

NATURE OF DATA PROVISION

Providing Data for purposes 1 to 6 is mandatory. If the Data is not provided, the Data Controller will not be able to allow the user to use the Jojob application. Providing data for purpose 7 is optional and voluntary. The Data Subject may therefore choose not to provide any data or later deny the possibility of processing Data already provided; in this case, they will not receive offers related to the Products and Services offered by the Data Controller.

WITHDRAWAL OF CONSENT

The Data Subject may, at any time, withdraw consent previously given for purpose 7. Following withdrawal, the Data Controller will cease processing, without prejudice to the lawfulness of the processing already carried out before the withdrawal. With regard to purpose 1 and the location collected via GPS, consent can be withdrawn in the permissions section of the device settings.

DATA RECIPIENTS

User Data will not be disclosed but may be made accessible, where necessary for the provision of services or by law, to:

Employees and collaborators of the Data Controller in Italy and abroad, in their capacity as authorized processors and/or system administrators;
Third-party companies or other subjects (e.g., banks, professional firms, IT consultants, etc.) that perform outsourced activities on behalf of the Data Controller, in their capacity as data processors;
Other users of the platform, in cases provided for by the Terms and Conditions of Service.

Furthermore, the Data Controller may communicate the Data of the Data Subject to:

Supervisory bodies;
Judicial authorities;
Public entities to which communication of Data is mandatory;
Subjects to whom communication is required by law to fulfill the aforementioned purposes.

The Data Controller lists the main data processors and sub-processors employed for the proper functioning of the application in ANNEX A of this notice.

TRANSFER OF DATA

OUTSIDE THE EU

Personal Data is stored on servers located within the European Union, managed by third-party companies duly appointed as Data Processors.

The Data Controller may transfer certain categories of User Data to countries outside the European Union. Data will be transferred only to countries deemed adequate by the European Commission or to organizations that provide safeguards pursuant to Articles 44–50 of the GDPR.

DATA SUBJECT RIGHTS

The Data Subject may exercise, in relation to the processing of Data described herein, the rights provided by the GDPR (Articles 15-22), including:

receive confirmation of the existence of Data and access its contents (right of access);
update, modify, and/or correct Data (right of rectification);
request the deletion or limitation of processing of Data processed unlawfully, including those not necessary for the purposes for which the Data was collected or otherwise processed (right to erasure and right to restriction);
object to processing (right to object);
lodge a complaint with the Supervisory Authority (Italian Data Protection Authority: www.garanteprivacy.it) in case of violation of data protection laws;
receive a copy of Data concerning them in electronic format, when such Data was provided in the context of the contract, and request that such Data be transmitted to another Data Controller (right to data portability).

COMPLAINT TO THE AUTHORITY

The Data Subject has the right to file a complaint with the Italian Data Protection Authority (Article 77 GDPR).

AUTOMATED DECISION-MAKING PROCESSES

The Data Controller does not carry out any processing of personal data consisting of automated decision-making processes.

ANNEX A

1. Main processors employed for the proper functioning of the application

Responsible for the treatment

Reference

Amazon Web Services

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_Italian_2020-08-15.pdf

Tawk.to

https://www.tawk.to/privacy-policy/

Cloudflare

https://www.cloudflare.com/trust-hub/privacy-and-data-protection/

Skebby

https://www.skebby.it/wp-content/uploads/2018/05/Informativa-Privacy-Estesa-SKEBBY.pdf

OneSignal

https://documentation.onesignal.com/docs/gdpr-compliance

Firebase Analytics

https://firebase.google.com/terms/data-processing-terms

Brevo (Email, Sms)

https://www.brevo.com/legal/privacypolicy/

2. Permissions requested by the application

Responsible for the treatment

Reference

Push notifications

Allow the User to receive notifications from the app.

Camera

1. Allow the User to take a photo and use it as a profile picture.
2. Allow the User to scan QR codes to certify specific trips.

Image Gallery

Allow the User to select a photograph from their image gallery and use it as a profile picture.

Position

The application may need to detect the User’s GPS location and instantaneous speed to measure distances traveled using different mobility options. This detection is performed via location sampling. Specific controls can detect if the location is simulated by software.

Mobile Phone

Allow verification of the phone number provided during registration by sending a code via SMS.

Physical activity

Record the User’s alternative mobility methods (for example: use of the bicycle).

PERSONAL DATA PROCESSING NOTICE FOR THE USER

Previous version

Our history

Green Area

Questions

Legal