Latest offers
    Mobifer

    Privacy Policy

    Considering the importance of collecting data to fulfill its mission, Mobifer as the data controller makes its best effort to protect users’ data privacy and security. Mobifer is committed to following and continuously evolving best practices to support this principle.

    1. General Provisions

      1. This privacy policy governs the principles of collecting, processing, and storing personal data. Personal data is collected, processed, and stored by the data controller, Hansa Technologies OÜ (hereinafter referred to as the data processor).
      2. In the context of this privacy policy, the data subject is a customer or any other natural person whose personal data is processed by the data processor.
      3. In the context of this privacy policy, a customer is anyone who purchases goods or services from the data processor's website.
      4. The data processor follows the principles of data processing established by legal acts and processes personal data lawfully, fairly, and securely. The data processor can confirm that personal data has been processed in accordance with legal regulations.

    2. Collection, Processing, and Storage of Personal Data

      1. The personal data collected, processed, and stored by the data processor is gathered electronically, primarily through the website and email communication.
      2. By sharing their personal data, the data subject grants the data processor the right to collect, organize, use, and manage personal data for the purposes defined in this privacy policy, which the data subject directly or indirectly shares with the data processor when purchasing goods or services on the website.
      3. The data subject is responsible for ensuring that the data they provide is accurate, correct, and complete. Knowingly providing false information is considered a violation of the privacy policy. The data subject is obliged to immediately inform the data processor of any changes to the provided data.
      4. The data processor is not responsible for any damage caused to the data subject or third parties due to the provision of false data by the data subject.

    3. Processing of Customer Personal Data

      1. The data processor may process the following personal data of the data subject:
        1. First and last name;
        2. Phone number;
        3. Email address;
        4. Bank account number;
        5. Payment card details;
        6. Location data; Our application uses location services solely to track the real-time location of a bus when a ride is active. Location data is collected only during the ride and stops immediately after the ride ends. We do not collect or store location data outside of active ride sessions. This data is used to ensure accurate, safe, and efficient service. Location data is not shared with third parties, and all data is processed and stored securely in accordance with our privacy policy. Users can manage their location data preferences in their device settings.
      2. In addition to the above, the data processor has the right to collect information about the customer that is available in public registers.
      3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
        1. a) The data subject has given consent to process their personal data for one or more specific purposes;
        2. b) Processing of personal data is necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject;
        3. c) Processing of personal data is necessary for compliance with a legal obligation to which the data controller is subject;
        4. f) Processing of personal data is necessary for the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly if the data subject is a child.
      4. Processing of personal data according to processing purposes:
        1. Purpose of processing – Security and safety
          Maximum retention period – according to the deadlines specified in the law
        2. Purpose of processing – Order processing
          Maximum retention period – up to 1 year.
        3. Purpose of processing – Customer management
          Maximum retention period – up to 10 years.
        4. Purpose of processing – Financial operations, accounting
          Maximum retention period – according to the deadlines specified in the law
        5. Purpose of processing – Marketing
          Maximum retention period – up to 10 years.
      5. The data processor has the right to share customer personal data with third parties such as authorized data processors, accountants, transport and courier companies, and payment service providers. The data processor is the data controller. The data processor transfers personal data necessary for payment execution to the authorized processor.
      6. When processing and storing the personal data of data subjects, the data processor implements organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
      7. The data processor retains the data of data subjects depending on the purpose of processing but no longer than 10 years.

    4. Data Subject Rights

      1. The data subject has the right to access and review their personal data.
      2. The data subject has the right to receive information about the processing of their personal data.
      3. The data subject has the right to supplement or correct inaccurate data.
      4. If the data processor processes personal data based on the data subject’s consent, the data subject has the right to withdraw consent at any time.
      5. The data subject can exercise their rights by contacting Mobifer customer support at .
      6. The data subject also has the right to file a complaint with the Data Protection Inspectorate to protect their rights.

    5. Final Provisions

      1. These data protection terms have been prepared in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Estonian Personal Data Protection Act, and other Estonian and European Union legal acts.
      2. The data processor has the right to partially or fully amend the data protection terms, informing data subjects of changes via the .