Privacy policy
In this document (the “Privacy Policy”), we explain how we process personal data of our customers (“you”) when you use: (a) CityBee mobile app in order to make use of Mybee service (the “App”), (b) Mybee Vehicle: vehicles (the “Vehicle”), (c) Mybee website https://www.mybee.lt (the “Website”), and (d) when you communicate with us by phone, e-mail, on social media and otherwise.
In addition, in Chapter III of this Privacy Policy, we also explain how your data is processed by the App manager – UAB Prime Leasing, legal entity code 302565318, address of registered office: Ozo g. 10A, LT-08200 Vilnius, which provides services of identification and driving license verification, remote entry into an agreement, services of administration of fees for the service, intermediation in the conclusion of the services agreement or other necessary services, when you use the App.
We process personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as the GDPR), other applicable legal acts in the field of personal data protection as well as this Privacy Policy.
In this Privacy Policy, we provide the most important concepts about the protection of your personal data: the purposes and grounds on which we process your personal data, sources from which we receive the data and persons with whom we have the right to share them, our duties with regard to the processing of your data, your rights and how they are implemented.
Take time to carefully read this Privacy Policy and, if you have any questions, please feel free to contact us.
If you use the Website and/or the App, it means you have read this Privacy Policy and understood the purposes, methods and procedures for processing your personal data specified herein. If you do not agree with the Privacy Policy, do not use the Website or the App.
We may combine personal data provided by you when using the App and/or the Website with data we obtained from other public and available sources (e.g. we may combine personal data provided by you with data obtained from the use of Website cookies or data lawfully received from third parties).
The Privacy Policy is a living, constantly changing document, therefore, we can improve, modify, update it. You will be additionally informed about critical policy changes, but we encourage reviewing this Privacy Policy from time to time.
DEFINITIONS
The following terms are defined as follows in this Privacy Policy:
- We, or the Company, shall mean UAB Miesto Bitė, a private limited liability company, established and operating under the laws of the Republic of Lithuania, legal entity code 302793236, address of registered office: Ozo g. 10A, LT-08200 Vilnius, Lithuania.
- Services shall mean all services that the Company offers and provides to you, including, among other things, (i) lease (use) of Mybee Vehicle; (ii) maintenance of the Mybee Vehicle and assets therein, third party liability insurance, Casco insurance, (iii) other services provided on the App and/or the Website.
- Website shall mean the website accessible at www.mybee.lt.
- App shall mean CityBee software for smartphones, tablets and/or other mobile devices, which is used to perform actions in connection with lease of Mybee Vehicle – Vehicle reservation, unlocking, locking and/or other actions provided for therein. The App manager is UAB Prime Leasing, legal entity code: 302565318, address of registered office: Ozo g. 10A, LT-08200 Vilnius, Lithuania (the “App Manager”).
- Account shall mean a digital account created in the App.
- Services Agreement shall mean the agreement on provision of the Services concluded between you and the Company (e.g. Vehicle lease agreement).
Other terms shall have the meanings assigned to them and defined in the GDPR and/or the Services Agreement.
In case of contradictions between this Privacy Policy and other rules on provision of Mybee Services (if any), provisions of this Privacy Policy shall prevail.
ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
We process your data specified in this Privacy Policy on these legal bases:
- for conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR);
- for fulfilment of legal obligations and requirements of legal acts applicable to us (Article 6(1)(c) of the GDPR);
- for pursuing our legitimate interests and those of third parties (Article 6(1)(f) of the GDPR);
- for acting in accordance with your consent (Article 6(1)(a) of the GDPR).
In the scope and under the conditions set by applicable legal acts, one or several of the abovementioned legal grounds may apply to processing of the same of your personal data.
WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE THEM?
Account creation in the App
If you wish to start using the App in order to use Mybee Services provided by the Company, you must register in it, create an Account and provide us with the data specified below.
Please be informed that in order to use the App, you will have to read and accept the terms of the App Manager. Therefore, after installing and getting registered in the App, in order to use Mybee Service, first of all, you will have to read and understand the Rules of Use set by the App Manager, accessible via the App, and information that your personal data will be received by and, when you use the App, your personal data will also be processed by the App Manager as a separate data controller.
For the purposes of Mybee Services, the App Manager provides us with services of identification and driving license verification, remote entry into an agreement, services of administration of fees for the service, intermediation in the conclusion of the services agreement or other necessary services. At the time of the provision of these services, the App Manager shall process the data by its decision or in accordance with the instructions of the Company. The App privacy policy will be presented to you before you install the App and will always be accessible here or on CityBee website at https://citybee.lt/en (at the bottom of the page, in column “Aktualu”). The App privacy policy gives detailed information about your personal data collected and processed during use of the App (e.g. what personal data are collected and for what purposes they are used by the App Manager).
If you do not agree to the processing of your personal data by the App Manager, you will not be able to use the App and Mybee Services provided by the Company. You are aware and you understand that Mybee Services can only be used through the App in accordance with the procedure provided for therein. If you object to this or if such a way of providing Services is unacceptable to you, please do not use our Services.
If you wish to rent Vehicles, in order to verify your identity and your right to drive the Vehicle, we will need the following additional data about you: your facial image (selfie), photo of the first side of the driving license and the driving license data.
Before we start providing the Services, we must check whether the image of your face in the selfie made with the App coincides with the photo on the driving license and make sure that your driving license is valid.
After you order and use Mybee Services and after you give your consent, personal data indicated in this paragraph 3.1 of the Privacy Policy will be provided to us by the App Manager.
| Account creation in the App | |
| Data categories | In the Account creation process you provide us with and we collect the following data: first name, surname, mobile phone number, e-mail address, address of the place of residence, payment card information (card type, card number digits, expiry date), Account creation date, IP address, and other technical data we have collected. In case of creation of a natural person’s Account, the following data shall also be collected: your facial image (selfie), photo of the first side of the driving license, driving license number, personal ID number and/or date of birth, expiry date, your facial image and other information from the driving license, the state and the authority that issued the driving license, driving license validity verification data (we do it by involving service providers), data of matching the face image with the photo on the driving license, date of uploading the driving license to the Account, other settings and system data. |
| Legal grounds for data processing | Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR).
Our legitimate interest and that of third parties (Article 6(1)(f) of the GDPR):
Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas:
|
| Duration of data processing | If the Services Agreement was terminated without using the Services of the Company – during the effective term of the Services Agreement and for a maximum period of 3 months after its expiry. |
| In all other cases, during the effective term of the Services Agreement and for a maximum period of 5 years after its expiry. | |
| Chapter VI of the Privacy Policy lists cases and conditions where personal data of yours can be stored or otherwise processed for a longer period of time. | |
We recognise you as our customer according to some data you presented during registration and creation of the Account, when, for example, you want to update or change your data, contact us for presentation of certain personal information, exercise of rights in connection with personal data processing, etc. We also use your mobile phone number, e-mail and other Account details when we need to confirm your registration, verify your identity, help you and in similar cases.
Use of the App and the Services
When you use the App and the Services, we collect and process the following data:
| Use of the App and the Services | |
| Data categories related to the use of the App | Information indicated in paragraph 3.1 of the Privacy Policy.
The operating system of your device, version of the App used, technical and system data of using the App. Internal information about your Account in order to use Mybee Services: (Account creation date and status, customer and Account identifiers, date of adding the driving license, the fact of blocking (suspension of the Services Agreement) and the reason for it, actions of changing your Account details to the extent it is related to a Mybee Service, actions in the Account, various systemic Account data, other information related to the use of the Account for using Mybee Services. |
| Data categories related to the use of the Services | Vehicle reservation, time of locking/unlocking it.
Information on the Vehicle you used, date and time of use of the Vehicle, the Vehicle GPS data, route, speed, travel distance, duration, other travel and Vehicle parameters. Price of Services provided to you, discounts, fact of payment, fact of invoicing, fact and amount of debt, etc. Payments you made for our Services, other data of performed payment transactions (date, amount, last four digits of the card used for payment, etc.). Data of periodic (regular) verification of driving license validity. Information on performance of the Services Agreement (violations, fines, etc.), violations of Road Traffic Regulations. |
| Categories of data used for provision of relevant information, communicating with you | your first name, surname, mobile phone number, e-mail address, address of the place of residence, other information you provided to us.
Title of the electronic notification sent to you, notification delivery fact and date, notification opening (reading) fact and date, fact and date of opening a link in the notification content and so on.
|
| Legal grounds for data processing | Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR).
Our legitimate interest and that of third parties (Article 6(1)(f) of the GDPR):
Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas (to the extent applicable):
|
| Duration of data processing | If the Services Agreement was terminated before you used Services under the Services Agreement – during the effective term of the Services Agreement and for a maximum period of 3 months after its expiry. |
| Route GPS data, speed data – no longer than 12 months after their generation. | |
| In all other cases – during the effective term of the Services Agreement and for a maximum period of 5 years after its expiry. | |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
There is an electronic system installed in each piece of Vehicle that records and transmits to us information on the location of the Vehicle, distance covered by the Vehicle, speed and other data relating to the Vehicle. We need these data in order to provide Services to you and to perform the Services Agreement otherwise.
If during use of the Vehicle you connect your device to the Vehicle devices (e.g. navigation, multimedia systems), your device data, e.g. the given name, contacts stored on the device and Bluetooth ID, shall be stored in the Vehicle unless you delete them following the instructions of the Vehicle manufacturer.
When you use the Vehicle and the Services, we have the right to periodically check the validity of your driving license (when it was provided for creation of a natural person’s Account). This service is provided to us by the App Manager. If we notice that your driving license is about to expire, we may contact you (by e-mail, SMS, push notifications, other notifications in the App) and inform you about the expiry of the driving license.
Collection of data about important notifications sent to you
We also use your contact data (e-mail, phone number, address of the place of residence) to communicate with you, including answers to your inquiries, requests, providing information relevant to you about use of our Services, essential changes in the Services Agreement, the Privacy Policy and/or other documents important for you, to contact you if you forgot your things in the leased and returned Vehicle or we have identified any problems in connection with Services provided, etc.
We have the right to make sure that you have been informed of the latest essential changes to the Services Agreement and/or this Privacy Policy and to collect evidence that this type of notification has been provided to you and read (opened) by you. When we send you notifications of this type, we collect the above-indicated information about the notifications sent to you.
Direct marketing, marketing
Notifications, offers and information by e-mail, SMS, push notifications in the App
We process your personal data in order to be able to provide general and personal offers (including offers from our partners) and other information. We can send notifications, offers and information to you in several ways: by e-mail, SMS, InApp notifications, push notifications in the App. In order to choose notifications and offers to be sent to you, to know you and your needs better, to improve your experience using our Services, to automate use of marketing tools for the most effective customer engagement, to expand the range of Services we offer and to constantly improve them, to give you relevant, interesting and useful offers and other information about our Services, we analyse data related to customers’ behaviour on the App when using Mybee Services, patterns of use of our Services and/or other signs, and will use such data to group customers. For these purposes, we use advanced data analytics tools (such as CleverTap), which are based on automated data analysis.
For the above-indicated purposes, we process the following data of yours:
| Notifications, offers and information by e-mail, SMS, push notifications, etc. | |
| Data categories | your name, surname, e-mail address and/or telephone number, customer identifier, date of birth, login type, country, city, age, customer registration date, type (private/business customer), status (complete/incomplete); the App version; operating system; direct marketing consents; whether the customer added the driving license, payment card; the number of trips per period; amount of money spent on the Services; date, time and place of the trip; Vehicle used. |
| Legal grounds for data processing | Our legitimate interest (Article 6(1)(f) of the GDPR, Article 13(2) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), paragraph 2 of Article 69 of the Law on Electronic Communications):
your consent (Article 6(1)(a) of the GDPR) to receive our partners’ offers and information, also, as much as applicable, consents presented by you before the effective date of this Privacy Policy to receive direct marketing notifications. |
| Duration of data processing | We will store the fact of consent during the period of validity of the consent and for 24 months after its expiry. The consent validity period shall be up to 36 months unless it is withdrawn by you earlier. |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
The actions described above do not have any legal or similar significant impact on you, but they will allow us to better understand your needs, interests and hobbies, create and offer you a wider range of Services that meet your needs better, install the App updates you anticipate in the context of the Company’s Services, provide a better-quality experience of using our Services.
You can easily unsubscribe from notifications with offers and information in the App, see also Chapter VII of the Privacy Policy. You can easily refuse the App push notifications in the App, which are enabled for all customers be default, see also Chapter VII of the Privacy Policy.
Optimisation of the marketing tools
In order to improve the efficiency of the management of our various marketing tools, we use Apps Flyer and other advanced tools to help us collect your data related to your behaviour in the App and/or interest in our ads displayed on websites of third parties (Apps Flyer and similar partner platforms), our offers or other of our marketing tools. For this purpose, we may analyse the data collected and evaluate the effectiveness, efficiency and payback of our marketing decisions (e.g. evaluate channels where ads are displayed, their number, etc.) and take better marketing decisions for the sake of more efficient re-attracting of customers.
Data are obtained in the App with the help of integrated data collection technology and based on your consent given in the App. Data are generated when you use the App and/or Apps Flyer or apps and websites of other partner platforms of Facebook and Google.
For analysis and advertising purposes, we also use third party tools such as Google Firebase, Google Ads, Google Analytics, Facebook Ads Manager, in order to collect aggregated and anonymised information on how individuals use the App, to understand how we can improve it and provide up-to-date non-personalized advertising about our Services.
The listed means and tools will help us better understand your needs, interests and hobbies, which in its own turn will allow us to create and offer you a wider range of Mybee Services that meet your needs better, install the App updates you anticipate in the context of Mybee Services we provide, provide a better-quality experience when you use the App for Mybee Services.
For the above-indicated purposes, we collect and process the following data of yours:
| Optimisation of the marketing tools
|
|
| Data categories | Technical information related to the customer’s device, such as browser type, device type and model, processor, system language, memory, OS version, Wi-Fi status, time stamp and zone, device motion or other parameters. |
| Technical identifiers that normally identify only a computer, device, browser or program, such as an IP address, User agent, IDFA (identifier for advertisers), Android ID (in Android devices); Google advertiser ID, other similar unique identifiers. | |
| Engagement information, i.e. information related to ad campaigns and ultimate actions of the customer, such as clicks on ads, display of revised ads, audiences or segments, to which the ad campaign is assigned, the type of ads and a website or program where such ads were displayed, websites visited by the end user, URL from the referring site, program downloads and installs, and other interactions, events and customer actions in the program (e.g. selected vehicle, clicks, entry time, etc.). | |
| Data categories (Google FireBase, Google Analytics) | Data on how you use the App. |
| Legal grounds for data processing | Your consent (Article 6(1)(a) of the GDPR):
Our legitimate interest (Article 6(1)(f) of the GDPR, Article 13(2) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), paragraph 2 of Article 69 of the Law of the Republic of Lithuania on Electronic Communications):
|
| Duration of data processing | No longer than 24 months after data are collected. We will store the fact of consent during the period of its validity and for 24 months after it expires. |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
For more information on how Apps Flyer tool works and what data it collects, go to Apps Flyer privacy policy: https://www.appsflyer.com/services-privacy-policy/.
You can read more information how Google collects and uses these data in Google privacy policy: https://policies.google.com/privacy?hl=en.
Marketing on social media
We administer our profiles and accounts on social networks: LinkedIn, Facebook, etc.
If you are interested in our Services and follow our profiles on social media, we collect and process these data of yours (which we obtain directly from you (on the social media account), so that we can manage our social media accounts):
| Marketing on social media
|
|
| Data categories | Name, surname, gender, country, photograph, information about communication in the account (“like”, “follow”, “comment”, “share”, etc.), notifications sent, information on notifications (message receipt time, message content, message attachments, correspondence history, etc.), comments, reactions to published entries, sharing, information on participation in events and/or games organized by us. |
| Legal grounds for data processing | Your consent (Article 6(1)(a) of the GDPR).
Our legitimate interest to manage our social media profiles (Article 6(1)(f) of the GDPR), Facebook Insights, etc. |
| Duration of data processing | During the period of consent validity and for 24 months after it expires.
Personal data used for this purpose shall be stored as long as you are registered on a specific social network. |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
We can create and manage our fan pages or groups on the Facebook platform and we are jointly responsible only for data processing of Facebook Insight (https://lt-lt.facebook.com/help/pages/insights) (Article 26(1) of the GDPR) and only to the extent that these data are used to create “page insights” and only concerning steps from data collection from our fan page to their transfer to Facebook. As for any other data processing, we and Facebook are independent controllers.
Data processing of our fan page visitors is intended for statistical assessment of the use of such page. All information obtained with Facebook tools is linked to Facebook Insight tool, which provides us with anonymised information about pages you visit and your activeness (e.g. at what time you and other visitors pay attention to videos, when you read longer notifications, when your top activeness on a social network is recorded). These data are used to improve the content placed on the fan page and your experience of using it and to select marketing tools.
Please note that the Company’s fan page is integrated into the Facebook platform, therefore Facebook has all the possibilities to collect your other personal data as well. Detailed information about the data processing activities of Facebook, the purposes and scope of data use related to the data provided by you can be found at: http://www.facebook.com/policy.php.
If you want to exercise your rights in connection with these data, it would be more effective for you to contact Facebook directly. If you still need help to exercise of your rights, you can contact us in the ways provided in Chapter VII of the Privacy Policy.
Statistics, analytics, customer behaviour research
In order to monitor, evaluate, analyse, improve and further the quality of Services provision, the App in the context of provision of Mybee Services, offer new Services or new quality Services, increase the availability of Services, improve the security of use of the Services, improve user experience when using the Services, we analyse various statistical data.
Statistics, analytics, customer behaviour research
| Data categories
|
Vehicle reservations, their locking/unlocking time, Vehicle information, start of the Vehicle use, date and time of use, places where Vehicle was taken and left, Vehicle GPS data, route, speed, travel distance, duration, other travel parameters, travel history, telemetric data, etc. |
| Legal grounds for data processing | Our legitimate interest to analyse data, install and use data analysis and processing modules and methods, in order to create, increase value both for you as a customer and for our business (Article 6(1)(f) of the GDPR). |
| Duration of data processing | No longer than 36 months after data is generated. |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. |
The Company, as a socially responsible business entity, is implementing the mission to contribute to road safety, responsible and careful driving and a safe and healthy society. The methods and modules used to analyse data will enable us to predict, identify dangerous driving, identify drivers under the influence, which will allow to reduce accident statistics, prevent or reduce losses due to accidents, will contribute to responsible, safe and polite participation in traffic.
We use automated data analysis tools based on the latest scientific achievements (including artificial intelligence) to conduct these data research, introduce and use data analysis and processing modules and methods.
Data analysis actions, performed for the purposes described in this chapter, do not have any legal or comparable significant effect on you.
Operation and security of the App, information systems
We process your personal data to identify potential threats of abuse of the Mybee Services, fraud or other illegal activities, protect the App when you use Services of the Company, the Website, information systems and data from unauthorized modifications, cyber-attacks, unauthorized access and other related risks, ensure the operation, integrity, security of the App in provision of Mybee Services and of information systems. We register information about your and our actions in the App in using and providing Mybee Services, respectively, in the Account, on the Website:
| Operation and security of the App, information systems | |
| Data categories
|
Data about login to the App in order to make use of Mybee Services, data about the device operating system, entry, use, change of Mybee Account, data or other activities on the App to the extent it is related to Mybee Services in the Account, log entries, changes and their history, settings, other system parameters. |
| Legal grounds for data processing | Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR).
Our legitimate interest (Article 6(1)(f) of the GDPR):
Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas:
|
| Duration of data processing | Log entries – up to 3 months. |
| If the Services Agreement was terminated before you used Services – during the effective term of the Services Agreement and up to 3 months after its expiry. | |
| In all other cases – during the effective term of the Services Agreement and for a maximum period of 5 years after its expiry. | |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
If we notice actions in your Mybee Account that we find suspicious, we may ask you to do certain actions (e.g. check your e-mail accounts, change PIN, etc.).
Prevention of fraud, enforcement of legal requirements, administration of debts and damages
We process your personal data in order to implement our legal requirements and defence of legitimate interests (including fraud prevention), protect our property and interests and those of our customers and other persons, collect evidence of violations and prevent the abuse of our interests, those of our customers and other persons, abuse of the App when you use our Services, the Website, Vehicle, also to administer, manage and recover your debts and damages inflicted on us and our property.
| Prevention of fraud, enforcement of legal requirements, administration of debts and damages
|
|
| Data categories
|
Information on your debt to the Company, including the debt amount, date, history, information on performance of the Services Agreement, violations of Road Traffic Regulations, damage to the Company, Vehicle, third parties, insured events related to you, other related information.
Data about you from public registers and information systems lawfully available to our service providers (involved in debt administration, administration of damages, debt recovery). Information about inquiries, requests, information, etc. provided by companies (e.g. insurance companies), authorities (e.g. police). Information on assets, other persons that were in the Vehicle (in case of damage, violations, etc.). All other personal data specified in this Privacy Policy. |
| Legal grounds for data processing | Our legitimate interest (Article 6(1)(f) of the GDPR):
Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR). |
| Duration of data processing | During the entire effective term of the Services Agreement and for a maximum period of 5 years after its expiry. |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
We have the right, to the extent permitted by applicable legal acts and in the light of our legitimate interests, to analyse and evaluate the above data and to make decisions based on them that may affect how we will provide Services to you and whether we will provide them. If we have reasonable doubts about your ability to pay for our Services or other reasonable doubts about data and information provided by you when you are registering in the App and/or use our Services, we will have the right, based on our legitimate interest, to request our service providers (e.g. UAB Creditinfo Lietuva) to provide or to access lawfully accessible data about you on our own (including your credit rating, etc.) and evaluate them for the purposes of prevention of fraud, other actions of bad faith, for assessing your solvency, for debt management and/or recovery.
Website administration, support, improvement
When you visit and browse our Website, for the purpose of collecting statistical data and improving the quality of Mybee Services and visitor experience, we process the following data:
| Website administration, support, improvement | |
| Data categories
|
IP address, MAC address, date of visit, duration of visit, pages visited, devices and applications used for web browsing, etc.
|
| Legal grounds for data processing | Your consent (Article 6(1)(a) of the GDPR).
Our legitimate interest to analyse data in order to administer, improve the Website operation, improve our activities and create value both for you as a customer and for our business (Article 6(1)(f) of the GDPR).
|
| Duration of data processing | See the Cookie Policy. |
Cookies are used on the Website. More information on cookies used on the Website can be found in our Cookie Policy.
We use the analytical service Google Analytics, which allows to capture and analyse statistical data on the use of the Website. More information about Google Analytics and information collected with its tools can be found here https://support.google.com/analytics/answer/9019185?hl=en&ref_topic=2919631#zippy=%2Cin-this-article.
If you do not want Google Analytics tools to capture your browsing information, you can use Google Analytics opt-out browser add-on or change your cookie settings.
>Customer service – inquiries, requests, complaints
If you contact our customer service centre by phone and agree that your telephone call is recorded, we will record the information you provide, including personal data, so that we can properly examine your request and/or respond to your inquiry.
If you contact us in writing (by e-mail or otherwise), we will store the fact of your contacting us and the information provided, including personal data, so that we can properly examine your request and/or respond to your question, request or complaint.
For the above-indicated customer service purposes, we will use the following data:
| Customer service – inquiries, requests, complaints | |
| Data categories
|
The telephone number you are calling from or the e-mail address, other information pertaining to your inquiry, including, but not limited to, first name, surname, licence plate number of the vehicle you drive, break-down, traffic accident data, inquiry content, etc.; call record, technical details of the call (date, duration, etc.); history of calls; complaint, request, inquiry text, description of the circumstances of the complaint or another inquiry, documents supporting the complaint, request, inquiry, other information provided to us. |
| Legal grounds for data processing | Your consent (Article 6(1)(a) of the GDPR).
Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR). Our legitimate interest and that of third parties (Article 6(1)(f) of the GDPR). |
| Duration of data processing | Call records are stored for a maximum period of 6 months from the moment of the call. |
| Complaints, claims, written requests related to the performance of the Services Agreement and/or which may be related to disputes, shall be stored throughout the entire effective term of the Services Agreement and no longer than for 5 years after its expiry, unless longer periods specified below apply. | |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
Compliance with tax, accounting, other statutory obligations
In order to be able to ensure proper implementation of tax, accounting, other statutory obligations (i.e. correct issuance of accounting documents and their declaration to public authorities, implementation of anti-money laundering requirements, etc.), we will process the following personal data of yours. The App Manager, as an independent data controller, will process personal data indicated in this chapter when providing you with a payment service.
| Compliance with tax, accounting, other statutory obligations
|
|
| Data categories
|
First name, surname, address, personal ID number, VAT number (when a person is registered as a VAT payer), data about the Service (Service description; price/amount paid), issued accounting documents and their details, other accounting and tax data that we must collect, process and store under laws and other legal acts. |
| Legal grounds for data processing | Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas:
|
| Duration of data processing | Legal acts provide for periods of storing documents and data therein (e.g. a period of 10 years is set for accounting documents, invoices, etc.). |
| The periods of storage, archiving and management of documents of the Company apply and are set according to effective legal acts, in compliance with requirements of the Index of the General Document Storage Periods, as approved by the Chief Archivist of Lithuania, and other documents and/or recommendations. | |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
Business Customers’ Accounts
If the Services Agreement for Mybee Services is sought to be concluded with us by a business customer (company, institution, organisation) (hereinafter referred to as a Business Customer), we process personal data of representatives of such a Business Customer, as indicated below. Below we specify how we process personal data we collect when you, a representative of our Business Customer, complete the application form on Mybee Website in order to get Mybee’s offer.
We also process any other personal data referred to in paragraphs 3.1–3.9 of this Privacy Policy about employees or representatives of Business Customers, who use the App in order to receive Mybee Services.
| Business Customers’ Accounts | |
| Data categories | Name, address, legal entity code of the Business Customer (company), first name, surname, title, e-mail address, telephone number of the person responsible for the performance of the Services Agreement (representative, employee of the Business Customer), information about vehicles you are interested in, other information; VAT number (when the entity is registered as a VAT payer), data of the payment card used (card type, last four digits of the card number, expiry date), bank account data. |
| Data categories – employees and representatives of Business Customers | Personal data indicated in paragraphs 3.1–3.9 of this Privacy Policy. |
| Legal grounds for data processing | Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR).
Our legitimate interest and that of third parties (Article 6(1)(f) of the GDPR):
Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR) in the following areas:
|
| Duration of data processing | During the entire effective term of the Services Agreement and for a maximum period of 5 years after its expiry. |
| Periods indicated in relevant paragraphs 3.1–3.9 of this Privacy Policy. | |
| Chapter VI of the Privacy Policy lists cases and conditions when these personal data of yours can also be stored or otherwise processed for a longer period of time. | |
Our Business Customers shall ensure and undertake that:
- they have the right to transfer to us personal data of their representative or employees required for the creation of Mybee Account and provision of the Services;
- their employees and representatives are informed that a representative of the Business Customer will have a possibility to see, process data on the trips of the Business Customers’ employees or representatives, who will be using Mybee Services on behalf of the Business Customer, and Services provided to them when they use the Business Customer’s Account;
- their employees and representatives would get familiar with and properly comply with general conditions of the Services Agreement, the Vehicle Agreement, other rules of Mybee and conditions and requirements of this Privacy Policy.
Representatives, employees of Business Customers have all rights of data subjects provided for in Chapter VII of this Privacy Policy.
Business Customers acknowledge and understand that all actions taken by their employees and representatives or other persons that they perform or allow others to perform by downloading, installing, accessing, using Services of the Company via the App, the Account, Services and Vehicle, are legitimate and appropriate and assume liability for them.
The Business Customer and its appointed representative or employee undertake to protect login data and passwords for the App given to them and to immediately inform us using the contact details indicated in the App in case such data is lost or comes to the knowledge of third parties.
FROM WHAT SOURCES DO WE OBTAIN YOUR DATA?
We receive almost all of your personal data from you, when you create an Account in the App, use the App, the Account, Services and in other cases, as explained in more detail in Chapter III of this Privacy Policy. Also, as stated in paragraph 3.1 of the Privacy Policy, we receive your personal data from the App Manager when you have already provided data to the App Manager when installing the App and getting registered on it. Such personal data will be transferred to us if you opt to receive Mybee Services and give your consent – but only to the extent necessary for provision of Mybee Services.
Data we receive from you indirectly under a legitimate basis (the list is non-exhaustive):
- data of periodic (regular) verification of driving license validity;
- information on violations of Road Traffic Regulations, traffic accidents, damage to the Company, Vehicle, third parties;
- information on your payment transactions that we receive from providers of payment services;
- information about inquiries, requests, information, etc. provided by companies (e.g. insurance companies), authorities (e.g. police).;
- your data lawfully accessed by providers of debt, damages management, administration, credit rating and/or debt recovery services, other service providers;
- data transferred by providers of internet services, communication services when you use the internet, communications;
- information we receive from service providers, partners, competent authorities (e.g. when the State Data Protection Inspectorate performs an investigation), other data controllers indicated in Chapter V of the Privacy Policy;
- information we receive from public registers and information systems.
DO WE SHARE YOUR DATA WITH OTHERS?
The Company has involved various service providers (e.g. providers of software, server hosting, data centres, cloud computing, support, IT, payment, identity verification, document validity verification, intermediation, payments, audit, accounting, legal, tax advisory services, administration of damages, debt collection, analytics, direct marketing, e-mail, SMS messaging, customer service, call centre and other services).
Data processors we use are usually located in the Member States of the European Union or store data entrusted to them by the Company in the European Union. Only a few carefully selected data processors (such as Google, Apps Flyer, CleverTap) process data outside the European Union. In addition, when we manage our social media accounts, we receive and provide data to social network platform operators (e.g. LinkedIn, Facebook, Google), which operate also outside the European Union, e.g. in the USA. We closely follow practices of data protection supervisory authorities and the guidelines on the transfer of data outside the European Union, and we diligently consider conditions, under which data are transferred and may be subsequently processed and stored after the transfer outside the European Union. To ensure an adequate level of security of data and to guarantee legitimate transfer of data we provide Standard Contractual Clauses approved by the European Commission for data transfer outside the European Economic Area (EEA) or follow other grounds and conditions set out in the GDPR.
We use cloud computing solutions (e.g. Microsoft Azure) for data processing. Servers / storage facilities for the cloud computing solutions used are located and operate in the Member States of the European Union. Microsoft Azure database data are stored in data centres located in the EEA Member States (see more at https://azure.microsoft.com/en-us/global-infrastructure/geographies/).
Data processors can process your personal data only in accordance with our instructions. Besides, they must ensure security of your data in accordance with applicable legal acts and agreements concluded with us.
If necessary and legally justified, we also provide your data to service providers that are separate data controllers, including to the App Manager, also to competent authorities, institutions, organisations, also other data controllers who are entitled to receive information in accordance with applicable legal acts and/or our legitimate interests (Article 6(1)(b) of the GDPR, Article 6(1)(c) of the GDPR, Article 6(1)(e) of the GDPR, Article 6(1)(f) of the GDPR) (the list is non-exhaustive):
- we contact (or that is done by service providers selected by us) the authority that issued the driving license to make sure that the driving license you have presented is valid;
- in the event of a traffic accident, your data will be transferred to insurance companies and, if necessary, to other parties involved in the traffic accident;
- based on Vehicle data available to us, we have the right and, in certain cases, an obligation to transfer information about violations of Road Traffic Regulations (e.g. about speeding, driving under the influence) to competent authorities (e.g., the police);
- we have the right and the obligation to transfer information to the competent authorities (pre-trial investigation bodies, etc.) for the purposes of prevention of fraud, offence and crime prevention and investigation;
- if you fail to meet your financial obligations under the conditions of the Services Agreement and the Terms and do not pay your debt within the time limit specified in the notice, we have the right to transfer data on your debt and your personal data (including first name, surname, personal ID number and other data proving the debt) to persons with legitimate interest in obtaining such data for the purposes of debt management, administration, credit rating and/or debt recovery;
- your personal data may also be transferred to other data controllers (insurance companies, vehicle maintenance service providers or other additional service providers) if you order additional services, as well as to providers of vehicle financial lease services, credit institutions;
- we provide data to service providers that are separate controllers of your data (partners whose offers you have agreed to receive, etc.).
With your consent, your data may be disclosed to persons you have indicated.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
Personal data specified in this Privacy Policy shall be stored and otherwise processed for no longer than the period specified in Chapter III of this Privacy Policy for each relevant data category and for no longer than necessary to achieve the purposes for which the data were collected.
In those cases when the data storage period is not indicated in this Privacy Policy, your data will be stored no longer than necessary for achievement of the purposes, for which the data were collected, or for a period set by legal acts.
After the end of your data processing and storage duration set in this Privacy Policy, we destroy your data or anonymise them irreversibly and reliably as soon as possible, within a period reasonably necessary for performance of such an action.
If different processing or storage periods can be applied to the same data category for different purposes in accordance with this Privacy Policy, the longest of the applicable periods shall apply.
Your personal data can be stored for a period longer than indicated in this Privacy Policy only when:
- your data is necessary for the proper administration of the debt, damages (for example, you have not fulfilled your financial and/or property obligations or caused damage to us or other persons), examination and settlement of a dispute, complaint, the protection of our legitimate interests or those of third parties;
- that is necessary in order that we could defend ourselves from existing or threatening demands, claims or legal actions and exercise our rights;
- there are reasonable suspicions of violations, illegal activities, which are or may be subject to investigation;
- this is necessary for ensuring the functioning, resilience, integrity of backup copies, information systems, traceability of operations, statistical and other similar purposes;
- there are other grounds provided for in legal acts.
WHAT RIGHTS DO YOU HAVE?
You, as a data subject, have rights under the GDPR, including the right:
- to request access to your personal data and get their copy;
- to request rectification or restriction of inaccurate or incomplete personal data;
- to request deletion or restriction of personal data which are excessive or processed unlawfully;
- to object to the processing of your personal data;
- to request transfer of your personal data provided in a structured, machine-readable format;
- to withdraw your consent at any time if data processing is based on the data subject’s consent. Withdrawal of the data subject’s consent shall not affect lawfulness of data processing before the withdrawal of the consent;
- to file a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, LT-10312 Vilnius, by e-mail: ada@ada.lt), but we would recommend contacting us first and we will try to resolve all your concerns together with you.
How can you contact us for exercise of your rights?
You can submit your request for the exercise of your rights (as far as Mybee Account is concerned) to us in the following ways:
- submitting a request by e-mail at info@mybee.lt, signed with qualified e-signature (e.g. by use of Smart-ID or M-signature), or
- sending a request by e-mail at info@mybee.lt with a notarised copy of the personal ID document, or
- arriving at our customer service department (in such a case, we will ask to produce a personal ID document).
The right to access data processed and the right to obtain a copy of personal data
In order to exercise this right, contact us in ways indicated in paragraph 7.1 of this Privacy Policy and we will send you a letter with information (or will explain in person) how you can obtain a copy of personal data related to the Account.
Right to rectification of personal data
In case of changes in data presented by you to us (surname, e-mail address, telephone number), change of driving license data (you changed or updated your driving license) or in case you think that the information processed by us about you is inaccurate or incorrect, you have the right to demand to modify, amend or correct such information.
You can make some corrections and changes to your data on your Account on the App (e.g. upload a new driving license after the previous license expires). In other cases, you must contact us in the ways indicated in paragraph 7.1 of the Privacy Policy and request that we correct or amend your data.
Right to withdraw consent
In case where we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will stop.
For example, you can withdraw your consent to receive offers and information at any time. The withdrawal of these consents will not prevent you from continuing to use our Services, but this will mean that we will not be able to give offers that may be useful to you.
You have the right to withdraw consent at any time in the following ways:
- by phone: +370 70077024;
- by e-mail: info@mybee.lt;
- by clicking on the link “Unsubscribe from newsletters” in the e-mail at any time.
You can opt out of push notifications:
- by changing the operating system settings in your device.
Right to object to data processing, when processing is based on legitimate interests
You have the right to object to personal data processing, when personal data is processed based on our legitimate interests. In the event that we send you general offers and information on the basis of our legitimate interest, you have the right to opt out of general offers at any time:
- by phone: +370 70077024;
- by e-mail: info@mybee.lt;
- by clicking on the link “Unsubscribe from newsletters” in the e-mail at any time.
You can opt out of push notifications in the App:
- by changing the operating system settings in your device.
Right to erasure (right to be forgotten)
When there are certain circumstances indicated in legal acts on personal data protection (e.g. when the basis for data processing has disappeared, etc.), you have the right to request that we erase your personal data. In order to exercise this right, please contact us in the ways indicated in paragraph 7.1 of the Privacy Policy.
We will treat your request to erase all your data as a request to terminate the Services Agreement, which shall be terminated in accordance with the Terms.
A request to erase only certain data of yours can result in suspension or termination of the Services Agreement.
If you express a wish “to be forgotten”, we will no longer process those data of yours which will no longer be necessary for the purposes for which they were collected or otherwise processed. After you have exercised the right “to be forgotten”, your personal data will be further processed for the following main purposes and on the following main grounds (the list is non-exhaustive):
- for the purposes of meeting accounting, tax requirements, personal data will be further processed in accordance with Article 6(1)(c) of the GDPR (data processing is necessary to fulfil the legal obligation imposed on the data controller);
- GPS (location) data will be further processed in accordance with Article 6(1)(f) of the GDPR (data processing is necessary in pursuance of legitimate interests of the data controller or a third party);
- in order to manage customers’ complaints and other requests and inquiries, personal data will be processed in accordance with Article 6(1)(b) of the GDPR (it is necessary to process data in order to fulfil the contract, a party to which the data subject is);
- in case of disputes, administration of damages and debts, in order to pursue our other legal claims and protect our rights, data will be further processed in accordance with Article 6(1)(f) of the GDPR (data processing is necessary in pursuance of legitimate interests of the data controller or a third party).
If you delete (uninstall) the App, it shall not mean termination of the Services Agreement, it will continue in effect until terminated in accordance with the Terms.
Right to restriction of processing
When there are certain circumstances indicated in personal data protection legal acts (when personal data are processed unlawfully, when you challenge data accuracy, you state an objection to data processing on the basis of our legitimate interest, etc.), you also have the right to restriction of Your data processing.
However, we must point out that, because of the restriction of data processing and during the period of such restriction, we may be unable to guarantee you all the Services which may lead to the suspension or termination of the Services Agreement.
In order to exercise this right, please contact us in the ways indicated in paragraph 7.1 of the Privacy Policy.
Right to data portability
In order to exercise this right, contact us in ways indicated in paragraph 7.1 of this Privacy Policy and we will send you a letter with information (or will explain in person) how you can obtain a copy of personal data related to the Account.
Right to lodge a complaint
If you think that we process your data in breach of requirements of personal data protection legal acts, we always ask that you contact us directly at first. We believe that our good will efforts will be enough to disperse any doubts you may have, to answer your questions, to satisfy requests and correct any errors we made, if any.
If you are not satisfied with a problem solution we suggest or if, in your opinion, we are not taking actions that must be taken in order to satisfy your request, you will have the right to lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, LT-10312 Vilnius, e-mail ada@ada.lt).
Examination procedure of the requests
In order to protect our customers’ data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity. For identity verification, we, first of all, use the ways indicated in paragraph 7.1 of the Privacy Policy.
In those cases when you do not have an Account any more or there is no possibility to use the ways indicated in paragraph 7.1 of the Privacy Policy, in order to verify your identity we may ask you to indicate relevant data of your Account (e.g. name, date of birth, e-mail address or telephone number). In performance of this verification, we may also send a control notification at the last contact that was in the Account (SMS or e-mail), asking to take an authorisation action, we may also request additional documents or data. If the verification procedure fails, we will be forced to state that you are not the data subject of the requested data and we will have to reject your request.
Upon receipt of your request regarding implementation of any right of yours and having successfully performed the above-indicated verification procedure, we undertake without undue delay, but in any case no later than within one month after receipt of your request and completion of the verification procedure, to give you information about actions we took upon your request. With regard to complexity and number of requests, we have the right to extent the period of one month for two more months, informing you about it before the end of the first month and indicating reasons for such an extension.
If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g. due to a particularly large scope of information) or when you request to answer you in some other way.
We have the right to refuse to satisfy your request by our reasoned written response under the conditions and grounds provided for in legal acts. We will provide you with information free of charge, however, if the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, we may require a reasonable fee to cover administrative costs or may refuse to act upon your request.
HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?
We use appropriate organisational and technical personal data security measures, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage. Such measures have been selected taking into account the risks that may arise for your rights and freedoms as those of a data subject.
We strictly control access to your personal data, providing it only to those employees who need personal data for the performance of their work, and monitor how they use the access provided. Employees who have access to personal data shall be made aware of the personal data protection requirements and shall ensure the confidentiality of the personal data processed. We provide access to personal data with passwords of the required level and prepare agreements for the protection of confidential information with individuals or partners who are given access to your personal data.
We regularly monitor our systems for possible breaches or attacks, but it is not possible to guarantee full security of information transmitted online. With this in mind, you provide us with information by use of the internet connection via the App at your sole discretion and assuming any associated risks.
In order to ensure the security of customers’ data, we constantly assess and strengthen applicable security requirements. Please note that if you allow the App to use the device functionality that allows recognizing a fingerprint or facial image, we will not receive and will not process such data (we will only process the system confirmation from your device whether the device user login was successful).
In order to ensure your data security, the Company will continue to perform regular IT security audits in the future.
YOU CAN CONTACT US AS FOLLOWS:
The data controller that processes your personal data indicated in this Privacy Policy, when you use the Company’s Service, is:
- UAB Miesto bitė, legal entity code 302793236, address: Ozo g. 10A, LT-08200 Vilnius, Lithuania.
You can contact us on all issues concerning this Privacy Policy, data processing by UAB Miesto bitė as follows:
by e-mail: info@mybee.lt;
by phone: +370 70077024.
Also, a lot of relevant information can also be found in the FAQ section on our Website.
VALIDITY OF AND CHANGES TO THE PRIVACY POLICY
If we change this Privacy Policy, we will publish its updated version on our Website and in the App, besides, you will be additionally informed about the most important/essential changes via e-mail and/or otherwise. The latest changes to the Privacy Policy were made on and are valid from 27 July 2021.
All you need is the CityBee app
Download the CityBee app and click on the MyBee icon. Registration is less than a minute!
Fill in the blanks at the bottom and enter your/your company’s contact details for a successful car purchase. Once you have filled in the details, click on the “send” button.
Thank you, we have received your application.
Our consultant will contact you shortly.
Return to home page