1.1 Shared Mobility doo, with registered place of business at Generala Tranijea 13, 18000 Niš, registration number 21550884, incorporated in 2020 as technology partner of Toyota Financial Services UK (TFS) Under TFS leadership, and essential part of the KINTO brand for smart and simple mobility solutions. Shared Mobility team is dedicated to crafting the KINTO applications and developing a unique platform that provides verifiable ridesharing services and enables the incentivisation of people engaging in sustainable travel. Shared Mobility in capacity of the data controller hereby informs the users of the website (hereinafter “Users”) available at www.sharedmobility.rs about data processing activities and users’ rights.
1.2 The information on Users is divided into personally identifiable and non-personally identifiable information depending on whether information can identify the User as a specific person. Personally identifiable information shall be referred to as “personal data”.
1.3 The operator of the Platform is Shared Mobility doo, with registered place of business at Generala Tranijea 13, 18000 Niš, registration number 21550884, and we are responsible for compliance with the principles relating to processing of personal data. If you have any question or concern regarding your privacy, you can contact us by mail to the registered place of business email@example.com, or you can contact our DPO.
1.4 The following words and abbreviations shall have the meaning provided herein:
- “personal data” means any information relating to an identified or identifiable natural person (‘User’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of Shared Mobility.
- “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
2. Personal data that we process
2.1 We do not collect or process your personal data when you access our website at www.sharedmobility.rs (hereinafter “Site”). We may collect personal data when you interact with the Platform or when you contact us. In the event that you contact us using the contact information available on the Site we will collect and process the personal data that you provide us or make available to us, such as first and last name and email address, as well as any other data that you provide in communication. We use this personal data in order to reply to your inquiries and to comply with your requests, all in accordance with the Law on personal data protection.
3. Purposes for processing of personal data
3.1 We process your personal data for the following purposes:
- to provide you with access to our Platform,
- to provide you with the Services you requested,
- to contact you in relation to the Services, your listings, and submitted queries,
- to verify your information,
- to provide you with customer support,
- to send you information about the Platform,
- to analyse the use of our Platform,
- to comply with our legal obligations.
4. Legal basis for data processing
4.1 Depending on the type of personal data and the purpose for which it is processed, we process the personal data on the following legal basis:
- You have given us consent for data processing for a specific purpose,
- Processing is necessary for the performance of our obligations under the Agreement,
- Processing is necessary for compliance with legal obligations,
- Processing is necessary for the purpose of our legitimate interest.
4.2 We may process your email address to send you information about changes to the Platform, introduce you to new Services or to provide general news about our Platform. We have a legitimate interest in keeping you informed about the Services and to promote our new Services which we believe you might be interested in. You can unsubscribe from these emails at any time by following the unsubscribe link in the email. We will not use legitimate interest to send you advertising emails for any Third-Party services.
5. General provisions
5.1 Some Services will not be available to you if you do not provide requested personal data. Different Services may require additional information which will be requested at the time of requesting the specific Service.
5.2 We may keep records of any questions, complaints or compliments made by you and the response if any. Whenever you contact us, we shall collect any information which you choose to provide. We shall store and use this information only for the purpose of responding to your inquiries. Information contained within the inquiry, free from any personally identifiable information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible.
5.4 We have implemented security procedures and measures to ensure appropriate protection of the personal data we process, against any misuse, unauthorised access, disclosure, or modification.
5.5 We acknowledge that the safety of your personal data is one of the highest priorities and therefore only authorised processors have access to your information. Although we take all appropriate measures in respect to keeping your personal data secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.
5.6 The processing of personal data is being performed wholly or partly automatically, without human intervention. However, whenever you contact us, the personal data within such communication will be handled and processed by a real person to provide you with the answers and support required.
6. Children’s privacy
6.1 The services are intended for a general audience and are not targeted at children. We take children’s online safety very seriously, and if we ever learn that the personal data collected belongs to a child and is not provided by the child’s parent, we will immediately remove such personal data.
7. Collection And Use Of Non-Personally Identifiable Information
7.1 The Platform collects a series of general data and information when a User or automated system calls up the Platform. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the internet site, (6) the internet service provider of the accessing system, and (7) any other similar data and information that may be used in the event of attacks on our information technology systems.
7.2 We collect this information for breach investigation purposes. When using this information, we do not draw any conclusions about the User. Rather, this information is needed to (1) deliver the content of our Platform correctly, (2) optimize the content of our Platform as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The anonymous data of the server log files are stored separately from all personal data provided by a User.
8. Storage and transfer of personal data
8.1 Personal data will be stored on secure servers controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer information on Users to processors located internationally, provided that such processors implement appropriate and suitable safeguards regarding the security of personal information. We may share your personal data with Third-Parties if you provide your explicit consent for such sharing.
8.2 We may keep your personal data for up to a year after your interaction with the Platform or your initial contact, in order to maintain the integrity of our backup storage data as well as in order to address any appeals or requests of yours. We may store some personal data for longer periods of time if we are required to do so by any applicable law, or prevailing legitimate interest.
Shared Mobility will only keep Personal data for as long as it is strictly necessary to perform the purpose for which they are collected.
8.3 We may utilize Third-Party services in our Platform, and they may have access to some personal information under our control and supervision. In each such case we enter into a separate Data Processing Agreements with such Third-Parties to ensure that Third-Partis handles personal data only for the purposes that we allow, all the while implementing the adequate levels of data security.
9. User’s Rights
9.1 We will process all personal data in line with Users’ rights, in particular their right, in certain circumstances, to:
- Request access to any data held about you by Shared Mobility in a commonly used and machine-readable format.
- Transmit their personal data to another data controller (free of charge), where such personal data is processed on the basis of consent or contractual performance, unless in doing so, it would adversely affect the rights or freedoms of other Users.
- Prevent the processing of your personal data or withdraw their consent at any time in certain circumstances.
- Ask to have inaccurate personal data amended.
- Erasure of your personal data where data is no longer required for the original purpose or where you have withdrawn your consent and no other lawful processing grounds apply, including an overriding legitimate interest of Shared Mobility.
- Object to the processing of your personal data in certain circumstances.
- Be notified where your personal data is subject to automated decision making.
9.3 Where we are required to provide a copy of personal data this will be free of charge, however, any further copies requested may be subject to reasonable fee based on administration costs.
9.4 Where we stop processing personal data or delete User’s personal data, it will possibly mean that that particular User is unable to continue using some of our Services, and they shall be notified accordingly.
9.5 Where a User requests to rectify or erase (except data required by any legal obligations) their personal data or restrict any processing of such personal data, we may be required to notify certain Third-Parties to whom such personal data has been disclosed of such request.
9.6 If the User considers that the processing of personal data relating to them infringes the applicable laws they may without prejudice to any other administrative or judicial remedy, lodge a complaint with the supervisory authority.
10. Authorized persons
10.1 We have appointed a Data Protection Officer (DPO) to handle data protection matters. If you wish to contact us in order to exercise any of your rights referred to above or any other data protection matter, please contact the DPO via email.
Our Data Protection Officer is:
Maja Jevremović, from Niš
Our Data Protection Officer can be contacted directly by emailing them at the following address:
or by phone: 00381656705895.
Our EU representative is:
Mauro Clementi, from Toyota Financial Services Belgium, Leuvensesteenweg 369, B-1932 Zaventem, Belgium
Our EU representative can be contacted directly by emailing them at the following address: DataProtectionOfficer@KintoJoin.io
Our UK representative is:
Chehin Toumi, from Kinto Join Ltd, Great Burgh, Burgh Heath, Epsom, Surrey, KT185UZ, England
Our UK representative can be contacted directly by emailing them at the following address: