Last update: 15.06.2021
Data controller and service provider is:
Tier Operations Limited (“TIER”, “we”)
c/o WeWork 145 City Road,
London,EC1V 1 AZ
The protection of personal data and hence your privacy is of utmost importance to us and taken very seriously. The following privacy notice informs you about the collection and processing of your data when using the TIER service and the TIER website. Our privacy notice does not apply to your activities on the websites of social networks or other providers that can be reached via the links on our website. Please check the data protection regulations on the respective websites of these providers.
- General information about the collection and processing of your personal data
1.1 Personal data
We collect and use your personal data only insofar as necessary to deploy a fully functional website as well as our contents and services. Personal data are information that is associated with you as an individual. Examples are your name, address, postal address, phone number or email address. Non-personal data are information such as the number of users of a website or aggregated movement data, as they can no longer be traced to a certain individual.
1.2 Processing of personal data
Processing is any process in connection with personal data, carried out with or without the help of automated procedures, such as collecting, recording, organising, sorting, storing, adapting or changing, reading, retrieving, using, disclosing through transferring, processing or another form of provision, synchronising or connecting, restricting, deleting or destroying. Personal data will be collected via our apps or website if you make them available on your own initiative, e.g. by registrations, completing forms, by sending emails, or by booking a TIER vehicle. We will use the data for the appropriate purposes or purposes resulting from the request, such as the booking inquiry for processing your booking request. A transmission to third parties will only be performed if this is explicitly permitted by law or if you agreed to the transfer as part of your registration or during an active business relationship.
1.3 Legal bases of the processing
The collection and use of personal data of our users only happens with informed consent of the user. Insofar we seek consent for the processing operations of personal data of the person concerned, Art. 6(1)(a) GDPR serves as legal basis for the processing of personal data. An exception is made in such cases in which a prior consent is for factual reasons not possible and the processing of the data is permitted by law. For the processing of personal data for the purpose of the preparation or conclusion of a contract with you, Art. 6(1)(b) GDPR serves as legal basis. This also applies to processing operations that are required for the execution of pre-contract measures. Insofar the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6(1)(c) GDPR serves as legal basis. In case the processing is necessary to protect the vital interests of our company or a third person and the interests, fundamental rights and freedoms do not override the former interest, Art. 6(1)(f) GDPR serves as legal basis for the processing. The retention of the functionality of our IT systems, the marketing of our own products and services and the legal measures of documenting business contacts are such legitimate interests.
We implement technical and organisational security measures to protect your data that we hold against manipulation, loss, destruction and against access by unauthorised persons. We continually improve our security measures in line with technological development.
1.5 Deleting your personal data
The personal data processed by us will be deleted or restricted according to Art. 17 and 18 GDPR. Unless clearly indicated in this privacy notice, all data currently stored with us will be deleted, as soon as they are no longer necessary for their purpose or as long as there are no legal obligations for us to retain them. If the data is not deleted because they are legally required, their processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies for example to data that have to be retained for business or taxation reasons.
- Data collection during the use of TIER services
On our website and in our applications, we enable our users to register themselves by indicating personal data. The registration is mandatory for the use of the TIER services.
2.1 Data collection and permissions when using the TIER app
All data we can access within the context of the permissions will be used only for the purposes indicated in this privacy notice. We do not collect any data that are used for other purposes than the ones mentioned in this data policy.
You may rent a scooter by scanning its QR code, and for that we will ask access to your camera. You may also rent a scooter in other ways which do not require access to your camera, such as by typing the number under the scooter’s QR code on the app, or selecting a nearby scooter directly on the app.
Access to your camera is necessary to verify your driver’s license and identity, as we are legally obligated to do so. See section 6, “Driver’s License Verification for E-Scooter Customers” for further information about the verification of your identity and driver’s license.
We need information about your location to show you on Google Maps (Google Ireland Limited) and Apple Maps (Apple Inc.) whether you are near a vehicle and how you can get there. See the next section “Data collection when renting a TIER vehicle” for more information about data processing of Google Maps and Apple Maps.
2.2 TIER analytics
We would like to understand the usage behaviour of our app to be able to improve our service continuously. For this purpose, we collect the data in aggregate form, i.e. connected: Device information (e.g. Information about the operating system and the app version), the point in time when you open the TIER app, your behaviour in the app (e.g. the selection of vehicles), the duration of use or the time spent in certain functionalities.
To optimize our marketing activities, we commission the service provider Adjust (Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin). The data collected by Adjust provide insights into e.g. the download of the TIER app, the online advertising channel that was used to generate the download, the point in time when the app was opened, the duration of app usage and particularly used app functions (especially about the successful login and completed rides). Adjust uses IP and Mac addresses of the users for the analysis. They will be hashed after the collection and used by Adjust only in pseudonymised form.
2.3 Data collection when renting a TIER vehicle
2.3.1 Google Maps
2.3.2 Telematics units
To be able to see and book the TIER vehicles on the map, we use IoT boxes and telematics units in our vehicles. They send GPS data on a regular basis. Our service provider cannot allocate the data sent to you. The reconstruction of the location of the rented vehicle based on the GPS data sent takes only place in the following cases and for the following purposes:
- Through “geofencing”, a warning will be issued when the circulation zone is left or the booking is terminated outside the area of use. According to the General Terms, a vehicle can only circulate within the circulation zone and the booking can only be terminated within our area of use (Art. (6)(1)(f) GDPR). You can see the circulation zone of the place where you are located in the TIER app at any time.
- This applies also for the termination of the rent not carried out by the user, e.g. after an unusually long rental period, in your and our interest (Art. 6(1)(f) GDPR), or
- As part of service requests during the usage (e.g. booking cannot be terminated, vehicle cannot be found, assistance in case of an accident) (Art. 6(1)(b) and (f) GDPR).
- Proof in case of damage: In case of an accident or another case of damage, such as the damage of the vehicle, we have a legitimate interest to prove where the accident in case of damage happened (Art. 6(1)(f) GDPR).
- Transparent billing: After the rent was terminated, you will receive an overview of the rent in your app and optionally by email. We indicate the start and end point of your rides as well as parking locations (if applicable) in your booking history (Art. 6(1)(b) GDPR).
- Improvement of availability: anonymous evaluation of places where the users already performed bookings in order to optimize the distribution of the vehicles. (Art. 6(1)(f) GDPR).
2.4 Data collection during contacting
In case you contact us via the contact form, email or phone, we will process the information you give us for the purpose of processing your request as well as for possible follow-up questions. The processing is based on our legitimate interest to be able to answer customer requests. Your data will be deleted as soon as they are no longer required for the purpose of the request or the fulfillment of legal obligations.
What are cookies?
Cookies are text files placed on your computer to collect standars internet log information and visitor behaviour information. Cookies cannot be used to start programs or place viruses on a computer. By means of the information contained in the cookies, we can improve the navigation and enable the correct display of our website. In no event we will pass on the processed data to third persons or connect them with other personal data without your prior consent.
What types of cookies do we use?
- Necessary — TIER uses these cookies to remember your cookie preferences (set on our cookie banner) and to maintain security measures.
- Functionality — TIER uses these cookies so that we recognise you on our website and remember your previousl selected preferences. These could include what language you prefer and location you are in.
- Advertising — TIER uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. TIER sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
Cookie banner – how to manage cookies
By setting your preferences using our cookie banner, you may choose which cookies you would like us to place on your computer. You may accept all cookies, reject all cookies (except for necessary cookies), or granularly accept only chosen categories of cookies by clicking on “adjust cookie settings” and enabling or disabling the respective toggles.
- Transferring personal data to third parties
Besides the service providers mentioned under point 2 and 3 above, we involved processors for the following processing operations:
- providers of information society services, such as web server, email server, storage server, cloud management systems, geolocation systems, cloud storage.
- marketing service providers
- email service providers
- payment system providers
- providers of incident management systems
- Furthermore we may transfer your personal data to the following recipients:
- companies of the TIER group
- government authorities and / or public administrations
- banks and financial institutions for the collection of the services
- state security forces and institutions according to the provisions of the law
Your data is only passed on to third parties wherever permissible and required by the European data protection. This is the case if you expressly consent to the transfer of your data to one of our cooperation partners and / or the transfer is necessary for the performance of the contract. Furthermore, a transfer is legal from a data protection perspective if it is required for the enforcement of other regulations (e.g. criminal law provisions) and the transfer is allowed from a data protection point of view. Aggregated and anonymous data about routes are furthermore provided to public facilities, such as research centers, cities and municipalities for the purpose of improving the local traffic situation. Individual persons can no longer be derived from these aggregated data. Insofar as we pass on data to recipients located outside the European Economic Area, we ensure that the recipient provides either an adequate level of data privacy protection (e.g. due to an adequacy decision of the EU commission for the respective country or the agreement of EU Standard Contractual Clauses with the recipient) or we have your consent for the transfer.
- Data sharing with cities and government authorities
We may receive information on you from third parties like the police or other government authorities, in case you commit an offence while riding our vehicles. This information may be used by us to action your account in line with our General Terms.
We share data in the Mobility Data Specification (MDS) format with cities and government authorities. This data is used for the purposes of city planning, understanding navigation traffic and travel patterns in a city. Following MDS, we remove certain user identifiers, such as names, email addresses, phone numbers, TIER user IDs etc. We share the resulting information, including individual trip records and trip location (journey) history, sometimes linked to an individual scooter identification number, with third parties for research, business or other purposes.
Data sharing with the Department for Transport (DfT)
We are required to share personal data with the DfT and do so under Art. 6(1)(e) GDPR i.e. public task; The DfT requires this data in order to enable the Secretary of State for transport (SoS) to gather sufficient evidence to assess the use and impacts of e-scooters. The results of the insights will be used torwards developing the regulations which will be applied to e-scooters in ways that promote safe and sustainable travel and fulfil the SoS obligations under the Public Sector Equality Duty as set out under section 149 of the Equalities Act 2010.
Personal data to be shared with the DfT:
TIER User ID, full name, email address, phone number
User Trip ID, trip timestamp, trip distance and duration, trip area
User ID, survey timestamp, questions and answers
Other pseudonymised data which cannot be linked to individuals will also be shared, such as our vehicle IDs, our vehicle statuses and locations etc.
- Driver’s license verification for e-scooter customers
We need to verify your driver’s license and your identity before you can rent TIER e-scooters. We use an automated verification process that works as follows:
- Step 1: Verification of the driver’s license. You are asked to take front and back pictures of your driver’s license with your smartphone camera. The app automatically checks if the license is valid, unexpired and government-issued based on the pictures and the data included in the pictures (usually name, birthday, license number, issuing country, expiration date, issue date, license classes). Instructional permits, learner’s permits, provisional / probationary licenses and junior licenses are not accepted. Photocopied and temporary licenses are not accepted. Licenses without photographs of the driver may warrant the request of additional legal identity documents.
- Step 2: Identity verification. You are asked to use the TIER app to take a picture of your face with your smartphone camera. The app compares the camera picture with the photo on the driver’s license. To do this, you must look into your camera and the app takes a series of pictures. Thereafter, the app will automatically select and store the good quality images. The remaining images are discarded. After that, the app compares the images with the driver’s license. It does this by calculating a value based on biometric algorithms. If this value exceeds a defined threshold, the identity verification is considered successful.
- Step 3: Liveness verification. The app also checks whether it is a live person performing the identification. To do this, you must turn his head to the left and to the right. The app takes a series of images and creates a 3D model of the face. Finally, a value is calculated based on biometric algorithms. If this value exceeds a defined threshold, the person verification (liveness) is considered successful. If problems are encountered, the data will be manually verified by a human operator. The manual verification might take up to 24 hours. You will be notified in the TIER app if your data is referred to manual verification and you will be notified by e-mail about the outcome. If verification fails for whatever reason, you can always contact the TIER user support for clarification and manual verification.
All data, in particular the pictures of your driver’s license and your face, is automatically deleted at latest 24 hours after successful completion, failure or abortion of the verification process. We only retain the verification status (i.e. verification successful / failed) and the expiry date of your driver’s license as part of your user profile data.
The verification is a necessary prerequisite for entering into and the performance of the rental agreement pursuant to Art. 6(1)(b) GDPR and Art. 22(2)(a) GDPR.
To the extent that pictures of your face are processed for identity verification purposes, the data processing is based on your consent pursuant to Art. 9(2)(a) GDPR and Art. 22(4) GDPR. We also record and retain a timestamp of your consent to the data processing based on our legitimate interest to prove the consent pursuant to Art. 6(1)(f) GDPR. You can withdraw your consent at any time, in particular by aborting the verification process.
We use IDnow GmbH, Auenstraße 100, 80469 Munich, Germany, as a service provider for the verification process. IDnow GmbH is acting as a subcontractor and data processor on our behalf and receives personal data solely for the performance of their services for us. They are contractually obliged not to use personal data for other purposes.
- Product, research and advertising communication
We’d like to communicate with you in certain circumstances. These may be to communicate new TIER products and services (more details in 8.1), to offer you to take part in user research initiatives (8.2), and to show you campaigns, promotions and advertising tailored to your user behaviour in the TIER app (8.3). Also, you can read more about how your data is used when you sign up to our newsletters (8.4) and how you can opt-out of receiving these communications (8.5).
7.1 New TIER products and services
From time to time, TIER releases new products, services and functionalities that we want you to know of. As some of these products and services may be available only in certain areas, we do not show these communications to all of our users, but only the ones who use TIER in the area where the service or product is now available. Hence, we need to process your location data for this purpose. We do not use user behaviour data to target you with these communications, and we rely on our legitimate interest of keeping you updated about our products to reach out to you. You may opt-out of this at any time under your app’s “Settings”. To do that, you only need to disable the toggle beside “service and products news”.
7.2 TIER User research campaigns
We would like to know how our users like our service, products and features. For this reason, we would like to reach out to users who fulfil a certain criteria of usage in our app. Some of these criteria may be: users who have purchased certain packages, heavy users, users who only use one of our vehicles (e.g. TIER e-bikes), users who use both of our vehicles (TIER e-bikes and e-scooters), etc. If you fulfil one of these criteria, we may send you in-app notifications asking you to take part in our user research initiatives. We reach out to you based in our legitimate interest in understanding how you like our service, but participation in our user research initiatives is completely voluntary and therefore based on your consent.
7.3 TIER offer emails and personalised advertising
We send our customers marketing communications about TIER products or services which are tailored to their ‘profile’ (i.e. based on the information about a customer to predict their preferences). We send such communication to customers by email, SMS or in-app push notifications. We may send you this tailored marketing communication only with your consent, which can be revoked at any time in your app settings. In order to send you marketing communication tailored to your preferences, we will use the information you submitted during the creation of your customer account as well as automatically collected information, such as:
- notices of receipt and read confirmations of messages;
- information about your device and the browser used;
- your activities in our apps;
- your history of using TIER services.
We also send our customers non-personalised marketing communication (such as offer emails) from time to time. We may send you this information, as we have a legitimate interest to keep you up to date about our services. We will use the email address or other contact data you provided during the creation of your customer account for this purpose. In this way, our customers may only receive tailored messages about TIER products or services based on their preferences or non-tailored special offers of the TIER services. You will receive these notifications whether or not you registered for our newsletter.
We would like to send our potential and existing customers advertising of our products and services and products of our cooperation partners by email on a regular basis. For this purpose, we will use the email address indicated for the registration to our newsletter and the country. As part of the registration to our newsletter, we will ask for your consent in the following way:
The identification of your email address is carried out through the double opt-in process. This means that you will receive a confirmation email in a further step to agree to the receipt of the newsletter. When subscribing to our newsletter, we log the following information:
- IP address used;
- time of the subscription to the newsletter;
- time of mailing the confirmation email;
- content of the confirmation email;
- time of clicking on the confirmation link or archiving the email reply.
The purpose of this process is to prove your registration and resolve a potential misuse of your personal data. We will inform you about any withdrawal options in the confirmation email and in every newsletter.
7.5 Disclosure of data and revocation
The data will not be made available to third parties. Your data may be held only for the time we have a business relationship with you and if you did not object to this data processing
You will find a cancellation link in every notification, which is regarded as objection or revocation when clicked on. You can also send your objection to the receipt of product and advertising emails or the revocation of your consent regarding our newsletter by email to firstname.lastname@example.org or by mail Tier Mobility AG (“TIER”, “we”), c/o WeWork Eichhornstr. 3, 10785 Berlin, Germany.
- User research
If you consent to taking part in one of our user research initiatives, we may ask you to fill a survey or participate in a recorded call with our Research team.
We may ask you for information such as your usage behaviour of TIER vehicles, your age range, the work industry you are in, your opinions and preferences of our services, etc. Participation in the survey or call is voluntary and based on your consent. If you decide to agree to taking part in a user interview with us, we will ask you whether you agree to a video recording. If you do not consent, you can let us know and we will do the interview without a video recording. Regardless of your option, we will ask you to sign electronically our consent declaration.
Your data will be deleted in no more than 6 months, and is usually kept for 3 months. This data is solely used for the purpose of research, and will later be used in an aggregated form to improve our services and products. You may withdraw your consent for the processing of your data, ask for information about this data, aks for a copy of it and ask for its deletion, given that it is within the 6 months of its retention.
We use SurveyMonkey for our surveys, Calendly for booking calls with participants and Google Meet for video and audio calls.
SurveyMonkey Europe, 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4. SurveyMonkey Europe may use SurveyMonkey Inc., One Curiosity Way, San Mateo, CA 94403, United States as a sub-processor.
Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, United States.
Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
SurveyMonkey, Calendly and Google are acting as subcontractors and data processors on our behalf and receive personal data solely for the performance of their services for us. They are contractually obliged not to use personal data for other purposes. We have entered into EU Standard Contractual Clauses with SurveyMonkey Europe, Calendly LLC and Google LLC pursuant to Art. 46 GDPR.
- Your data protection rights
9.1 Right to information
You have the right to to demand information about the data stored about you, about the origin of the data, their recipients or categories of recipients, and the nature and purpose of the processing.
9.2 Right to revocation
If you have given your consent to the use of your personal data, you can revoke it for the future at any time without providing reasons.
9.3 Right to rectification
Should you later on establish that personal data held by us are not accurate or complete, you can correct or complete them in your customer account at any time or let them be corrected or completed by us.
9.4 Right to erasure (‘right to be forgotten’)
Under certain circumstances you have the right to block or delete the data about your person held by us. The deletion or blocking of your personal data takes place as soon as we were able to verify the preconditions regarding the legitimacy of your demand. As far as the deletion of your data has legal, contractual, fiscal or business retention requirements or other legally based reasons, your data will be blocked instead of deleted. After your data have been deleted, an exchange of information is no longer possible.
9.5 Right to data portability
You may receive your personal data we processed and received from you in a machine-readable format designated by us or you can instruct us to directly transfer these data to a selected third person, if this recipient enables this from a technical point of view and no unreasonable burden or other confidentiality obligations or considerations on our part or from third persons prevent this.
9.6 Right to object
You are entitled at any time, and without giving reasons, to refuse the data processing for direct advertising purposes. It should be noted that the objection to data processing operations may limit or prevent the implementation of the framework contract and the processing of individual contracts.
9.7 Extended rights referring to the automated data processing for personalised data evaluation
In relation to the automated data processing for personalised data evaluation you have, in addition to the above mentioned rights, the right to engage a natural person in the decision-making process as well as a right of appeal and a right to express our concern.
9.8 Contact for claims made in connection with the rights of the persons affected
For claims made in connection with the rights of the persons affected you can contact us via email to: email@example.com or in writing to:
Tier Mobility AG c/o WeWork Eichhornstr. 3, 10785 Berlin, Germany.
9.9 Right of appeal at the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. The ICO contact details follow:
Information Commissioner’s Office (ICO)
Telephone: 0303 123 1113
Fax: 01625 524510
Live chat: https://ico.org.uk/global/contact-us/live-chat/
- Changes to this Privacy Notice
We reserve the right to occasionally adapt this privacy notice so that it continually meets the current legal requirements or in order to incorporate changes to our services into the privacy notice, e.g. following the launch of new services. We recommend that you check the privacy notice for any changes on a regular basis. If a change to our services or the launch of a new service requires your prior consent, we shall inform you accordingly and ask for your permission.
- How to contact us
If you have any questions about this privacy notice, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
TIER Mobility Data Protection Officer
You can contact TIER’s Data Protection Officer at firstname.lastname@example.org.