Privacy Policy for MOQO

(Stand 01.05.2025)

The protection of your personal data is important to us. In this data protection declaration we inform you about what data we collect, how we use it and what rights you have in relation to your data. This data protection declaration applies to the use of the Website moqo.de (see I.), of the MOQO App und der MOQO Shared Mobility platform (see II).

I. Data protection declaration applies to the use of the website moqo.de

1. Responsible person The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is: Digital Mobility Solutions GmbH, Römerstraße 41-43, 52064 Aachen

2. Data collected and processing purposes We collect and process different categories of (personal) data to provide and improve our services. These include, among others:

  • Browser type and browser version
  • operating system used
  • Refer URL
  • Host name of the accessing computer
  • Time of server request
  • IP Address

Processing is carried out on the basis of Article 6 Paragraph 1 Letter b of the GDPR (fulfillment of the contract) and Article 6 Paragraph 1 Letter f of the GDPR (legitimate interest in improving our service).

2.1 Cookies

The MOQO platform uses cookies. You can find the current description of the cookie policy on the following page: moqo.de/cookie-policy

3. Recipient of the Data We use the following subcontractors to provide our services:

Recipient

Processing purpose

Odoo S.A.Chaussée de Namur,
401367 Grand-Rosière
Belgium
Provision of a web presence and associated ERP processes (customer inquiries, offers, etc.)
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
Our website uses Google Analytics, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies that enable analysis of the use of the website. The information generated by the cookies is usually transferred to a Google server in the USA and stored there.

We have activated IP anonymization on this website so that your IP address is shortened by Google within the European Union or in other contracting states to the Agreement on the European Economic Area before transmission.

Further information on data processing by Google Analytics can be found in Google's privacy policy: https://policies.google.com/privacy.

You can prevent Google Analytics from collecting your data by installing the following browser plugin: https://tools.google.com/dlpage/gaoptout.
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
We use Google Tag Manager, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager manages website tags and enables the integration of services such as Google Analytics. The Tag Manager itself does not set cookies and does not store any personal data.

Further information about Google Tag Manager can be found here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
bunny.net
(Giant Rabbit LLC,
1110 Nuuanu Ave #A1-104,
Honolulu, HI 96817,
USA
On us On our website we use web fonts provided by bunny.net. provider is bunny.net (Giant Rabbit LLC, 1110 Nuuanu Ave #A1-104, Honolulu, HI 96817, USA). When you access our site, your browser loads the required fonts into the cache in order to display texts and fonts correctly.Your IP address will be transferred to bunny.net. Bunny.net claims to process this data in a data protection-friendly manner and does not store any personal data. Further information can be found in bunny.net's privacy policy: https://bunny.net/privacy.

5. Storage period Your personal data will only be stored for as long as necessary to fulfill the respective processing purposes. Once statutory retention periods have expired or the processing purposes no longer apply, the data will be deleted.

6. Rights of data subjects As a data subject, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to information (Article 15 GDPR): You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you can obtain information about this data as well as further information about the processing.
  • Right to rectification (Article 16 GDPR): You have the right to have incorrect or incomplete personal data corrected or completed.
  • Right to deletion (“Right to be forgotten”, Art. 17 GDPR): Under certain conditions, you can request the deletion of your personal data, provided there is no legal obligation to retain it or a legitimate interest in further processing.
  • Right to restriction of processing (Article 18 GDPR): You have the right to request the restriction of the processing of your personal data if one of the conditions set out in Article 18 GDPR is met.
  • Right to data portability (Article 20 GDPR): You have the right to receive your personal data in a structured, common and machine-readable format and, if necessary, to transmit this data to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR. This applies in particular to processing for direct advertising purposes.

To exercise your rights, you can contact us at any time using the contact details provided above. In addition, you have the right to complain to a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).

7. Changes to this Privacy Policy We reserve the right to adapt this data protection declaration to implement legal requirements or to take into account changes to our services. You can find the current version on our website.

8. Contact If you have any questions about data protection, you can contact us at any time at datenschutz@moqo.de.

II. Data protection declaration for the use of the MOQO app and the MOQO shared mobility platform and thus Data protection information on joint responsibility According to Article 26 Paragraph 2 of the General Data Protection Regulation

With the following data protection information, we provide you with the essential information that we contractually provide as part of a shared responsibility with the respective product 8039 and 8004 are placed on invoice

Product 8011 is not placed on invoice

Provider for whose service you register, in accordance with Article 26 of the General Data Protection Regulation (hereinafter “GDPR") for the processing of your personal data as part of the use of our mobility solution (hereinafter "Mobility solution“).

  1. Responsible/shared responsibility

The joint operation of the mobility solution is carried out by

Digital Mobility Solutions GmbH

Römerstrasse 41-43

52064 Aachen

as well as respective partners, whose services you can register for separately via app and web

(hereinafter “MOQO"; Partners and MOQO individually also "Responsible person” or together the “responsible persons“).

The joint operation of the mobility solution This means that in the cases set out in this data protection notice, we jointly determine the purposes and means of processing personal data and are to this extent regarded as joint controllers with MOQO within the meaning of Article 26 Paragraph 1 Sentence 1 GDPR.

As the person responsible, we and the partners have defined the principles for the joint processing of personal data and the respective data protection-relevant tasks and responsibilities within the framework of the operation of the mobility solution in a written agreement.

In particular, we have reached an agreement as to which person responsible is responsible in what way for exercising the rights of those affected in accordance with Articles 15 to 22 of the GDPR and for fulfilling the information obligations in accordance with Articles 13 and 14 of the GDPR.

The agreement reached also contains the basic regulations for the internal organization of cooperation in the area of ​​data protection in order to ensure the conditions for seamless and smooth cooperation.

In the agreement, we have specifically defined which responsibilities, responsibilities and authorities the responsible employees are entitled to with regard to joint data processing.

To ensure joint data processing that complies with data protection regulations, we as those responsible continually coordinate with each other and inform each other about all circumstances and findings from our respective spheres that could have a practical or legal impact on joint data processing.

Regardless of this distribution of responsibility, which only regulates the internal relationship between us as those responsible, we are jointly responsible to you as the data subject for the lawfulness of the joint data processing.

The essential content of this agreement as well as data processing within the framework of joint responsibility is explained to you in the following sections.

2. Purpose, groups of people affected, data categories

2.1. Purpose of joint data processing

The purpose of joint data processing as part of the operation of the mobility solution is to detect attempts at fraud at an early stage and to prevent fraud, as well as to provide effective customer service for the users of the mobility solution.

For this purpose, we collect the data listed below during registration and compare them with existing user accounts with other contractual partners of MOQO for the aforementioned purposes. In addition, your data is stored on MOQO's servers and updated centrally based on your entries.

Processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR (fulfillment of the contract) and Article 6 Paragraph 1 Letter f GDPR.

2.2. Affected groups of people

The following groups of people are affected by data processing as part of the operation of the mobility solution under joint responsibility:

  • End user (driver)
  • Team administrators (administrators of user groups)
  • The organization administrator
  • The provider administrator
  • Customer service agent
  • employees

2.3. Data categories of personal data

The following data categories of personal data are processed under joint responsibility as part of the operation of the mobility solution:

  • Personal master data:
  • Email-Address
  • First name
  • Last name
  • birth date
  • Smartphone used
  • Address
  • Mobile number
  • Driver's license number
  • Payment method
  • Customer history

2.4 Recipient of the data

We use the following subcontractors to provide our services:

Recipient

Processing purpose

Hosting Services
Amazon Web Services EMEA SARL38 avenue John F. Kennedy, L-1855 Luxembourg
Server and hosting services, primarily email sending, SMS for 2FA (Frankfurt server region)
Customer service and communication services
walter services GmbH
Eduard-Rhein-Str. 58
53639 Königswinter
Telephone customer service service
Zendesk, Inc
989 Market Street
San Francisco, CA 94103, USA
CRM and customer success support
Chatbot

(Contract based on the Standard Contractual Clauses)
Sipgate GmbH
Gladbacher Strasse 74
40219 Düsseldorf
Germany
Optional: SMS-Verification
Twilio Ireland Limited
70 Sir John Rogersons Quay
Dublin 2, D02 R296
Optional: SMS-Verification
Survicate S.A.Warsaw (postal code 02 – 786 at ul. Zamany 8 LU2
Optional: user experience surveys
Map and navigation services
Google Ireland LimitedGordon House, Barrow StreetDublin 4Ireland
Services for providing the Android application (push services, geodata processing, maps)
Mapbox, Inc740 15th Street
NW, 5th Floor, Washington DC 20005
Map display in web applications (no transfer of personal data, but possible conclusions about IP or location data)

(Contract based on the Standard Contractual Clauses)
Driver License Validation Services
Jumio Corporation395 Page Mill Rd, Suite 150, Palo Alto, California 94306
Optional: Driving license validation (data processing mainly in Ireland, backup in Germany)(Contract based on the Standard Contractual Clauses)
Website and customer data processing
Odoo S.A.Chaussée de Namur,
401367 Grand-Rosière
Belgium
Enterprise Resource Planning

The storage period depends on legal retention obligations or necessity to fulfill the purpose.

2.5 Cookies

The MOQO platform uses cookies. You can find the current description of the cookie policy on the following page: https://portal.moqo.de/cookies

3. Allocation of responsibilities

Even if there is a shared responsibility, we as those responsible have to fulfill the data protection obligations in accordance with our respective responsibilities for the individual processes presented below.

3.1. Responsibility of the partner

We are within the framework of shared responsibility responsible for processing personal data in the following processes:

  • Collection of the aforementioned personal data of the relevant groups of people affected.
  • Fulfillment of the information obligations in accordance with Articles 14 and 26 Paragraph 2 Sentence 2 GDPR.
  • Guaranteeing the rights of those affected in accordance with Art. 16 GDPR.

3.2. Responsibility of MOQO

Within the scope of shared responsibility is MOQO responsible for processing personal data in the following processes:

  • Collection of the previously named personal data of the relevant affected groups of people for existing user accounts.
  • Storage of the aforementioned personal data on the servers managed by MOQO.
  • Collection and processing of the aforementioned personal data on the servers managed by MOQO.
  • Comparison of the previously mentioned personal data with existing user profiles.
  • Updating the previously named personal data when appropriately entered by a data subject.
  • If necessary, the previously named personal data will be passed on to the relevant person responsible.
  • Printing, copying, archiving, deleting and destroying the aforementioned personal data and documents within the framework of the legal requirements.
  • Evaluation and monitoring of processors in accordance with Art. 28 GDPR.
  • Provision and documentation of processing records in accordance with Art. 30 GDPR.
  • Guaranteeing the rights of those affected in accordance with Articles 20 and 21 GDPR,
  • Documentation of the technical and organizational measures (TOM) in accordance with Art. 32 GDPR.
  • Coordination with supervisory authorities.

3.3. Joint responsibility

Within the framework of shared responsibility, those responsible are is jointly responsible for the processing of personal data in the following processes:

  • Determination of the purpose and means of data processing.
  • Information obligations in accordance with Art. 13 GDPR.
  • Creation and updating of user profiles.
  • Guaranteeing the rights of those affected in accordance with Articles 15, 17, 18 and 19 GDPR.

4. Agreements between those responsible regarding their data protection obligations

Below we present the essential contents of the agreement reached between those responsible with regard to our data protection obligations:

4.1. Information obligations according to Articles 13 and 14 GDPR and Article 26 Paragraph 2 Sentence 2 GDPR

As those responsible, we have agreed that we will do so in accordance with Art. 13 and 14 GDPR and Article 26 Paragraph 2 Sentence 2 The data protection information required by the GDPR must be coordinated with each other and made available to those affected in a transparent and easily accessible manner.

4.2. Exercising the rights of those affected

If you would like to assert the rights to which you are entitled under Articles 15 to 22 of the GDPR with regard to the joint processing of your personal data by us as the person responsible, the contact person named below acts as the main contact person (see Section 5).

Regardless of this, you can also assert the rights to which you are entitled in connection with the joint processing of your personal data directly against each individual person responsible. In this case, the respective person responsible will immediately forward the concern to the other person responsible. Where necessary, we will support each other in answering and processing inquiries and concerns from data subjects.

4.3. Data protection incidents, communication with supervisory authorities

MOQO is responsible for checking and processing in the event of a breach of the protection of personal data or a security-relevant disruption in joint data processing, including the fulfillment of any resulting reporting obligations to the responsible supervisory authority (Art. 33 GDPR) or notification obligations to the data subjects (Art. 34 GDPR).

As those responsible, we are also committed to informing each other immediately and completely if we discover errors or irregularities with regard to data protection regulations when checking the processing activities.

4.4. Carrying out other essential obligations under the GDPR

As those responsible, we have also contractually committed ourselves to ensuring compliance with legal provisions within our area of ​​responsibility and influence, in particular the legality of data processing carried out within the framework of joint responsibility. In particular, each person responsible has, within their respective area of ​​responsibility and influence:

  • to ensure that only personal data that is absolutely necessary for the lawful operation of the mobility solution is collected;
  • to ensure that one's own staff maintains the confidentiality of data in accordance with Articles 28 Para. 3, 29 and 32 GDPR and is accordingly obliged to maintain data secrecy and are instructed in the data protection provisions relevant to them;
  • to implement the necessary technical and organizational security measures in accordance with Art. 32 GDPR, to check them regularly and to always keep them up to date with the latest technical standards;
  • to include the processing operations falling under joint responsibility in their processing register in accordance with Article 30 (1) GDPR and
  • Properly store documentation within the meaning of Art. 5 Para. 2 GDPR, which serves to provide evidence of proper data processing within the scope of accountability.

5. contact person

MOQO acts as the central contact for all concerns and questions in connection with the joint data processing described and for exercising your data subject rights in this context. The data protection officer can be reached via datenschutz@moqo.de

You can also view the other contact details in the help center in the app or on the web.