Privacy Policy

Privacy Policy

Last updated: 14 July 2020

1. INTRODUCTION: DATA CONTROLLER AND WHO TO CONTACT

Neuron Mobility Pte. Ltd. and our associated companies (we) are committed to the highest standards of privacy and data protection compliance. We are bound by privacy requirements in the countries in which we operate as may be applicable to you depending on where you are using our products or services (local laws), including:

  1. If you are a resident of Asia Pacific, you are protected by:
  • Australia’s Privacy Act, 
  • New Zealand’s Privacy Act, 
  • Malaysia’s Personal Data Protection Act,      
  • Singapore’s Personal Data Protection Act 2012 of Singapore (PDPA), and
  • Thailand’s Personal Data Protection Act, and in each case the regulations enacted under those (as may be amended from time to time).
  1. If you are a resident of the European Union, you are protected by and enjoy additional rights under the European Union’s General Data Protection Regulation 2016/679 (GDPR); and 
  2. If you are a resident of the United Kingdom, you are protected by the Data Protection Act 2018.

(As each of those laws may be updated from time to time.)

This Privacy Policy sets out how and why we collect, store, use, transfer and disclose your personal data and how you may access your personal data and correct it. This Privacy Policy also explains the use of cookies on our website www.rideneuron.com (our site).

For the purposes of local laws the relevant legal entity is Neuron Mobility Pte. Ltd. of 37 Jalan Pemimpin, #07-17 Singapore 577177. Where you are based in the United Kingdom, however, your controller shall be Neuron Mobility (United Kingdom) Limited. 

Our nominated Data Protection Officer is Stephen Farmer who can be reached at privacy@neuron.sg (please include “Personal Data” in the email subject).

Personal data includes reference to personal information as defined by relevant local laws.

2. INFORMATION YOU PROVIDE AND INFORMATION WE COLLECT

Information you provide

Where you create an account on our site and other platforms, including any mobile applications (apps), and purchase services from us (including rental of scooters), you must provide us with your name, contact information (email address and mobile number) and payment information (including card details). This information is contractually mandatory and we are unable to provide the services unless this is provided. 

You may also choose to allow us to use your contact information (e.g. email address) to receive marketing materials or so that we can respond to an inquiry you make. 

You may also create or upload data when using our site and other platforms, including apps. This may include user feedback, messages, and photographs (e.g. end trip photos, helmet verification photos, scooter fault photos).

Information we collect about your browser and devices

While you use our site and other platforms, including apps, we will also collect GPS data relating to your device and the scooter to trace any trips and provide map functionality which is strictly necessary for the services. This information is contractually mandatory and we are unable to provide the services effectively without this data. 

We also collect general information of the sort that web browsers, servers and network operators typically make available, which may include unique identifiers (e.g. IP address, IMEI numbers), browser type and settings, device type and settings and operating system (including mobile network information such as operator name and phone number and application version number). This information is necessary for us to provide basic functionality, including troubleshooting. 

Some of this information could be “personal data” or “personally-identifiable” (that is they could be used to directly or indirectly identify you as an individual and natural person) for example IP addresses, phone numbers, and unique identifiers. We treat such information in the same way that we treat all other personal data (such as your name), and will only use and disclose such personal data as described in this Privacy Policy. 

Information we collect about how you use our app, site and services

As you use our app, site and services, we may (provided that we are permitted by local law or you have provided your consent) collect information about how you interact with our platform and how you use our services (your activity), such as the links that you click, content that you view, terms, products and services that you search for, products and services that you buy, and how you interact with promotional materials or advertisements (if any), language preferences, crash reports, system activity, and the date, time and referral URL of each visitor request. This information will be collected using cookies and other technologies (including local storage). Learn more from our Cookie Policy available here.

3. HOW WE USE THE INFORMATION WE COLLECT

We collect information to enable you to receive the benefit of our site, platforms, apps, products, and services. Subject to this Privacy Policy and your data preferences, we may use the information we collect for some or all of the following purposes:

  • carry out our obligations and to provide you with agreed products and services;
  • process payment from you in consideration of the receipt of the products and services (if applicable) and issue receipts; 
  • secure and protect you, us, our site, platforms, apps, products, and services, and the public;
  • establish, maintain and administer your account;
  • maintain, troubleshoot, and improve our site, platforms, apps, products, and services
  • understand how and where visitors use our app, site, and services to allocate and balance resources;
  • monitor speed locations / track where helmets are placed to end trips; 
  • measure performance of our site, platforms, apps, products, and services which helps us to understand customer preferences, optimise our site and other platforms, including apps;
  • develop new products and services;
  • if your preferences permit, to provide you with recommendations and personalised products and services;
  • communicate with you about our site, platforms, apps, products, and services—such as to notify of changes and updates, alert you to data or security breaches, and to provide you with customer support;
  • for quality assurance and training purposes;
  • to create or distribute promotional and marketing material that is relevant to you, with any required consent if required by local laws;
  • to contact you to let you know about products and services that we believe may be of interest to you, new features and how they may benefit you, solicit your feedback, or just keep you up to date with what’s going on with us and our products and services and/or products, to promote and market ourselves, our products and services, and our websites (including any social media pages maintained or operated by us such as Facebook, Instagram, Snapchat, Twitter, YouTube etc) via email and (if applicable) in-app notifications, with any required permissions / consent if required by local laws;
  • meeting our legal, regulatory, and tax reporting obligations; 
  • Comply with requests from local authorities and government bodies (including local transport departments, police, public health agencies and similar bodies); 
  • investigating incidents of potential or suspected breaches of our Terms of Service (including any accidents or incidents involving our scooters) or applicable laws; and
  • any other uses identified to you at the time of collecting your personal data or as reasonably contemplated by this Privacy Policy and our Terms of Service,

(the Purposes).

We take steps to ensure that we minimise the collection of personal data and personally-identifiable information. Where the use of personal or personally-identifiable information is not necessary for any of the above listed Purposes, we will process the personal data or personally-identifiable information in such a way as to render it non-personally identifiable before use (pseudonymisation or anonymisation as required by local law). 

If you are a resident of the European Union or United Kingdom, we have set out details of the “legal basis” for our processing as required by the GDPR and UK Data Protection Act 2018 in Annex 1.

4. WHEN WE SHARE YOUR PERSONAL DATA WITH OTHERS

Data Recipients 

We may disclose personal data or personally-identifiable information in the following circumstances:

  • when you give us explicit consent to share your data;
  • when we share it with our affiliated and group companies;
  • when we share it with our partners, and other trusted organisations we work with to provide products and services to you;
  • when we share it with trusted external service providers and data processors such as data centres, web hosts, cloud storage and cloud software providers, customer support providers, payment processors, debt collectors, accountants, and insurers;
  • when we share it with prospective sellers or buyers of our business or assets and if we, or substantially all of our assets, were acquired, or in the event that we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. If such transfers occur, any acquirer of our business will continue to use your personal data as set forth in this Privacy Policy unless otherwise notified to you; or
  • when we are required or requested to share it with regulators, law enforcement agencies and other relevant parties for the purpose of enforcement action, legal or contractual compliance and reporting purposes, in accordance with applicable laws and regulations                          

Data transfers

We are a global organisation and accordingly data may be processed and shared  outside of the country in which you live (as part of intra-group transfers and also to the recipients noted above including service providers); however we will only do this when we comply with local laws and put in place appropriate measures in accordance with the requirements prescribed under the local laws to ensure that the recipient of data provides a standard of protection to the personal data transferred that is comparable to the protection under the PDPA, GDPR, other applicable data protection law and this Privacy Policy. Where you are a resident of the European Union or the United Kingdom, we will only transfer your personal data: (a) to countries that have been deemed to provide an adequate level of protection for personal data listed here (or equivalent in the United Kingdom); (b) where we have specific contracts approved by the European Commission which give personal data the same protection it has in Europe (or equivalent in the United Kingdom); and/or (c) where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield see EU-US Privacy Shield here (or equivalent in the United Kingdom).

5. YOUR DATA RIGHTS

Right of access

You may access and review any personal data we hold about you. On your specific request we will be able to, as soon as reasonably possible, provide you with some or all of (as requested) the following information, where available:

  • personal data about you that is in our possession or under our control and the source of such data;
  • the ways in which your personal data has been or may have been used or processed by us, including the logic behind any automated decisions (if applicable), during the two years preceding the date of the request;
  • the ways in which your personal data has been or may have been disclosed by us, and information on to whom or to which categories of recipients such data has been disclosed, during the two years preceding the date of the request;
  • how long we expect to hold on to your data, or if specific information is not available, the criteria we use to determine such a time period; 
  • the purpose of any use, processing, or disclosure; and 
  • any other information that we are required to provide pursuant to local law.

However, to the extent permitted by law, we reserve the right not to provide you with your personal data or other related information if providing it could reasonably be expected to:

  • threaten the safety or physical or mental health of another individual;
  • cause immediate or grave harm to your safety, physical or mental health;
  • reveal personal data about another individual;
  • reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; 
  • affect the prevention, investigation, detection, and prosecution of criminal offences, or of breaches of ethics for regulated professions; or
  • be contrary to national and public security, defence needs, or the national interest (including important economic, financial, monetary, budgetary and taxation matters).

If you wish to exercise your right of access, you should contact us at privacy@neuron.sg and we will respond to your request within a reasonable period after the request is made and in any event within the timescales required by local law. We aim to process all requests within a month for simple requests, however where permitted by local law, complex and/or voluminous requests may take up to three months to process but we will notify you if there is likely to be a delay within a month. If we deny you access, we will provide our reason for doing so.

In order to respond to any request in relation to your data access rights, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response.

We do not typically charge a fee for reasonable requests for access to your personal data. However, in some countries (as permitted by law) we may charge a reasonable fee, which will be notified to you before we move forward with the request, for time and cost in the following circumstances:

  • if an extended amount of time is required to collate and prepare material for you; and
  • if you wish to receive and we are able to provide hard copies or physical media (i.e. CDs, USB drives or other storage media); and/or
  • if your request is clearly unfounded, repetitive or excessive.

Right to rectification and erasure

Please contact us at privacy@neuron.sg as soon as possible if there are any changes to your personal data or if you believe the personal data we hold about you is not accurate, complete, up-to-date, no longer necessary for the purpose for which it was collected or processed, or lacks a valid legal ground for processing so that we can update your file accordingly. Depending on the circumstance we may change, erase, or block from use any inaccurate, incomplete, or outdated information. We may require documentary proof or evidence for certain requests. We will process any legitimate requests to correct inaccurate data as soon as practicable, and incomplete data within a reasonable time frame and in any event in accordance with timescales required by local law. Where required by local law, we will send the updated personal data to other organisations to which the data was disclosed during the year preceding the date of the correction, unless it is impossible, involves disproportionate effort, the other organisations no longer require the corrected personal data for any legal or business purpose, or you otherwise agree that we do not need to resend the corrected information to any other organisation. Where information is not corrected, you can request that there be attached to the information a statement of the correction sought but not made.  

Right to object to the collection of personal data due to your personal situation

You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms and for other reasons where permitted by local law. You also have the right to object where we are processing your personal data for direct marketing purposes. Please contact us at privacy@neuron.sg if you wish to make such a request, along with details of your personal situation and your reasons for objection. We will respond to all requests within a reasonable time frame and in any event in accordance with timescales required by local law. If we disallow your objection (for example in some cases we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms), we will inform you of our reasons for doing so.

Where you are a resident of the European Union or United Kingdom, you also have the right to:

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. In particular, every directly addressed marketing contact sent or made by us will include a means by which you may unsubscribe (or opt out) of receiving further marketing information. Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us at privacy@neuron.sg to make a request.

Automated Processing

In the United Kingdom, data subjects have the right not to be subject to automated decision making which produces legal effects concerning him or her or similarly significantly affects him or her. ‘Automated Decision Making’ refers to a decision which is taken through the automated processing of your personal data alone – this means processing using, for example, software code or an algorithm, which does not involve any human intervention. We do not do this. 

However, where we have permissions or have the ability to do so in local laws, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in and to automatically pass discounts based on email addresses (e.g. for essential workers). We also use automated processing as part of the services for example, to manage auto ended trips and automated charging of users for lost helmets – this does not have a serious negative impact.

6. WE LOOK AFTER YOUR PERSONAL DATA

a. Accuracy

We take all reasonable steps within our control to ensure that the personal data we hold about you is accurate. We also take reasonable steps to ensure that the information is complete, up-to-date, relevant, and not misleading. However, we also rely on you to advise us of any changes to your personal data.

b. Protection of personal data

We take reasonable steps to ensure that your personal data is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we aim to create a safe, secure environment by trying to limit access to the site to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal data.

We will take reasonable steps to inform any relevant authority within the timescales required by local law and we will otherwise comply with any data breach notification obligations in applicable data protection law. We will also inform you without undue delay if the risk to your individual rights and freedoms is high — such as if the compromised data was well encrypted. We may have other grounds for delaying or not notifying a data breach under applicable data protection law, which we may choose to rely on.

Please contact us at privacy@neuron.sg immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.

c. Retention of personal data

We will only retain your personal data to fulfil the Purposes we collected it for, including for the purposes of satisfying any legal, tax, accounting, or reporting requirements. Accordingly, we will cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the Purpose for which that personal data was collected or further processed is no longer being served by retention of the personal data. In particular, we retain registration, account profile, transaction, trip and other information for as long as a user maintains their account. Users may request deletion of their account at any time through the profile settings in the app or by contacting us at privacy@neuron.sg. Following such a request, we delete the data that it is not required to retain for purposes of legal, tax, accounting, reporting, insurance, litigation, or other regulatory requirements which we will retain for 6 years from collection. In particular, we retain location, device, and usage data for these purposes for a minimum of 6 years during which time we may also use it for purposes of safety, security, fraud prevention and detection. In certain circumstances, we may be unable to delete a user’s account, such as if there’s an outstanding credit on the account or an unresolved dispute. Upon resolution of the issue, we will delete the account as described above.

7. LINKS TO THIRD PARTY WEBSITES

Our site may contain links to and from third party websites. If you click on such links, you do so at your own risk and subject to whatever privacy policy and/or website terms may govern the use of such websites. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them. You should read the privacy policy of these third parties to find out how they handle your personal data when you visit their websites.

8. PRIVACY COMPLAINTS

If you believe that we have breached your privacy rights in any way, or you would like to discuss any issues about our Privacy Policy please contact us at privacy@neuron.sg. Any breaches will be dealt with in accordance with applicable local laws. All such enquiries or complaints will be taken seriously and will be handled as soon as reasonably practicable, and where appropriate, we will work together with the Singapore Personal Data Protection Commission or other relevant authority to address your complaint, and/or make improvements to our systems and processes. If you are a resident of the European Union, you can find the list of data protection authorities here. If you are a resident of the United Kingdom, you also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach any regulator so please contact us in the first instance using the details at the start of this Privacy Policy.

9. PRIVACY POLICY CHANGES

We may change our Privacy Policy from time to time, and so we encourage you to frequently check our site for any changes to our Privacy Policy. Any changes will comply with local laws. If we make significant changes to this Privacy Policy, we will provide a more prominent notice of the changes, such as by emailing you. If you do not agree with any changes, you should stop using our products and services.

Annex 1 – Further Details if you are a Resident of the European Union or United Kingdom

Purpose  Type of Data  Legal Basis
To maintain our sites and apps and to provide core functionality, including features to protect rider safety.

Technical and Usage 

GPS Location



 

Necessary for our legitimate interests (to maintain the relevance of our brand and reputation and to grow our business); and

Where required by privacy laws (for example, in relation to cookies), consent.

Where necessary to provide our services, performance of a contract.

Where necessary to comply with applicable laws, legal obligation.

Where necessary for protecting the life or physical safety of a person, vital interests.  
To tailor our sites and apps and improve our marketing strategies and create profiled audience segments (including custom and look-a-like audiences) so that we can issue tailored marketing content and offers.

Name (if provided)

Email address

GPS location

Marketing and Communications

Technical and Usage

Contact (where we send direct electronic marketing)



 

Necessary for our legitimate interests (to define types of customers for our products and services, to develop our business and to inform our marketing strategy and grow our business by issuing relevant tailored offers).

Where required by privacy laws, consent. 
 Registration Email address (includes name and avatar if sign up with Google or Facebook)

Mobile number

Device details (brand, model and operation system)

IP address (provide city and country details)



Performance of a contract 

Necessary for our Legitimate interest (to authenticate and verify a customer, to provide a product configured to the customer’s device system, to provide a service specific to the customer’s location)

Where necessary to comply with applicable laws, legal obligation.

Where necessary for protecting the life or physical safety of a person, vital interests.

Establishment or defence of legal claims. 
Process payment transactions Email address

Payment details (name, card number, expiry and  CCV)

PayPal email address

Performance of a contract 

Necessary for our Legitimate interest (to verify customer’s payment details, to process payment securely and to respond to any transaction disputes)

Establishment or defence of legal claims 

Trace trip and understand pertinent details (distance, routes, speed)

Customer service communication for feedback, inquiries and incidents

Name (if provided)

Email address

Mobile number

GPS location


 

Necessary for our Legitimate interest (to respond to customer and third party enquiries, disputes and investigations, to provide troubleshooting services, to enforce riding rules and safe practices, and to maintain our brand and reputation)

Performance of a contract 

Where necessary to comply with applicable laws, legal obligation.

Where necessary for protecting the life or physical safety of a person, vital interests.

Establishment or defence of legal claims. 
 Fraud detection

Name (if provided) 

Email address (from registration and/or PayPal)

Payment details

Device details

IP address

Necessary for our Legitimate interest (to respond to disputes and investigations from customers, third parties, law enforcement and banks, to protect our business, and to maintain our brand and reputation)

Establishment or defence of legal claims

Compliance with legal obligation 

Performance of a task carried out in the public interest. Specifically for the UK, paragraph 14 of Part 2 Schedule 1 of the Data Protection Act 2018      
Co-operating with enforcement agencies,  including when investigating possible criminal activity

Name (if provided)

Email address 

Device details

IP address

Helmet selfie (optional)

Parking photos (optional)

Necessary for our Legitimate interest (to respond to disputes and investigations from customers and law enforcement, to protect our business, and to maintain our brand and reputation)

Establishment or defence of legal claims

Compliance with legal obligation 

Performance of a task carried out in the public interest. Specifically for the UK, paragraph 6 and 10 of Part 2 Schedule 1 of the Data Protection Act 2018      
Co-operating with public health agencies, including for contact tracing purposes or to otherwise protect public health or safety or the life or health of an individual.

Name (if provided) 

Email address 

Device details

IP address

Helmet selfie (optional)

Parking photos (optional)    

 

Necessary for our Legitimate interest (to respond to disputes and investigations from customers and law enforcement, to protect our business, and to maintain our brand and reputation)

Establishment or defence of legal claims

Compliance with legal obligation 

Performance of a task carried out in the public interest. Specifically for the UK, paragraph 6 and 10 of Part 2 Schedule 1 of the Data Protection Act 2018     
 Safety and compliance audit

Helmet selfie (optional)

Parking photos (optional)

Where required by privacy laws, Consent

Necessary to protect vital interests of data subject 

Establishment or defence of legal claims
Incident management

Photos of injuries (optional)

Medical reports and records (optional)

Necessary for our legitimate interest (to respond to customer communications, to investigate incidents and to maintain our brand and reputation)

Necessary to protect vital interests of data subject 

Establishment or defence of legal claims 
 Analytics Usage data

Where required by privacy laws, consent

Necessary for our legitimate interest (to improve our service and products, to develop new technology relevant to our customers and localities, and to build our business, brand and reputation)

Where necessary to provide our services (eg troubleshooting and responding to specific requests for support), performance of a contract.
Surveys

Email address

Mobile number

Name

Necessary for our legitimate interest (to improve our service and products, to develop new technology relevant to our customers and localities, and to build our business, brand and reputation)

Where required by privacy laws, consent.

Compliance with local  authorities (e.g. Department for Transport in the UK) requirements for e-scooter trials.


Note: in some instances, the local authorities may act in the capacity of controller.

Name

Demographic information (further details will be provided at point of collection)

Legitimate interest (to participate in e-scooter trials and launch in new locations, and to comply with regulatory and contractual requirements)

Performance of contract 

Performance of task carried out in public interest. Specifically for the UK, paragraphs 6 and 8 of Part 2 Schedule 1 of the Data Protection Act 2018

Processing is necessary for scientific or historical research and statistical purposes
Close Menu