Privacy policy

Mobitrends AG is committed to safeguarding the privacy and security of its users' personal data.

This document sets out the policy adopted by Mobitrends AG in the collection and processing of data of users of the Mobalt application and has been drawn up taking into account the applicable legal obligations, in particular the Swiss data protection act (DPA) and the European legislation (GDPR).

Scope of application

The provisions contained in this document are valid in the context of the use of the 'Mobalt' application, both in its mobile and web version.
Mobitrends AG may change its confidentiality policy at any time without prior notice. The version published at shall take precedence at all times.

This document has been drawn up in several languages. In case of doubt, the Italian version of the document shall prevail.

Owner of the data processing

The data controller is Mobitrends AG.

For any requests, questions or suggestions concerning data processing, please contact the data controller:

Acceptance of the provisions

The present provisions describe the data collected by Mobitrends AG through the Mobalt application, the purpose and the manner in which these data are processed.

If you do not wish your data to be processed in accordance with the provisions contained herein, please do not register with the Mobalt application or provide data that you do not wish to share with Mobitrends AG.

Anyone who registers with Mobalt and enters his or her personal data declares his or her agreement with these provisions.

Purpose of data collection and processing

Mobitrends AG only collects the data necessary to provide the services of the application and, in an anonymous and aggregate form, for statistical purposes and to analyze the demand, supply and use of mobility infrastructure.

Mobalt: customers, users, modularity and customization

The Mobalt application is purchased as a SaaS service by companies or entities that wish to use it to manage one or more aspects of their employees' or citizens' mobility.

Employees of companies or citizens of entities constitute the users of the application and are the individuals whose personal data are the subject of this document.

The application is modular, and the modules installed are determined by the company or entity that purchased the product.

The modules installed and the specific needs of use in the business context also determine the exact list of required fields, as some services require additional information.

Features of the Mobalt application

Application functions include:

Data collected

With the exception of data found in the "Automatically collected data" section, all collected data listed are collected solely through explicit input by the user.

Registration data entered by the user

During registration, all or part of the following data are collected. Only the data entered by the user are collected.

E-mail address: e-mail is used as the user's unique identifier during authentication and to determine the permissions associated with it. It is also used to communicate via e-mail with the user in case there is a need in connection with application functions (e.g. during the procedure to reset the password).

Home address, workplace address, working hours: home and work addresses as well as work hours are used to provide recommendations on the alternatives available to the user for the home-to-work route. Together with the usual means, they are also used to determine the usual route and calculate the CO2 emissions, costs, and physical activity attributable to it. Finally, if the company uses the ranking based on home-to-work alternatives, the data are used to calculate the user's score.

Usual means of transportation used, usual route: these data are used together with home address, workplace address, and working hours to determine the usual route and calculate the CO2 emissions, costs, and physical activity attributable to it.

First and last name: first and last name are used to identify the person associated with the user. This data is not used in the app and is not visible to other users.

Pseudonym and avatar: the pseudonym and avatar (optional) represent the user in all interactions with other users and ensure their ability to remain anonymous.

Date of birth and gender: data collected for statistical purposes. This data is used only in the context of aggregate and anonymous statistics.

Automatically collected data

Cell phone brand and model, operating system and app version: mobile phone make and model, operating system and app version are essential elements for analyzing issues encountered during the use of the application. They are collected to analyze and improve the performance of the application and to provide faster and more effective troubleshooting service.

IP address and user name: the IP address and user name are saved in the application log files when the user makes a request. The data are used in the analysis of technical issues reported by the user.

In addition, in the case of activation of certain modules or services, the following additional data are collected.

Carpooling module

Team name, see vehicle model, color, and license plate: if the carpool module is activated, the user has the option of registering as a carpool team driver. In this case, his route and usual times are used to propose to other users with compatible transportation needs to carpool with his team. The proposal is made by showing the name of the team and proposing a common route. The team owner will also receive a request to join the team on the app's chat through which he can agree with the user. If the two users decide to share a car, the passenger will be able to see the model, color and license plate of the vehicle used.

Bikecoin module

GPS tracks and activities: if the Bikecoin module is activated, the user will be able to track his or her bicycle, walking, or scooter routes. Tracking takes place only at times when the user activates it. During the time when tracking is active, GPS points are collected and activities recorded by the phone (walking, driving, biking etc.). The tracks are used to determine whether the route is valid for incentive purposes. Tracks are not transmitted to third parties and in particular are not transmitted to the employer, who only receives data on the accumulated score and incentives collected from individual users.

If the user wishes, geofencing can be activated for the addresses specified in the settings of Bikecoin. When geofencing is active, the app will automatically warn the user when one of his addresses has been reached. Geofencing will work even when the app is in background, but only while the tracking is active.

Alternative addresses for the home-to-work route: in some cases, incentives are granted only for certain routes, such as the home-to-work route. To enable validation of routes, additional addresses can be entered to the list of valid addresses.

Parking space management module

Vehicle license plate, user badge identifier: if the parking module is activated, the vehicle license plate and/or user badge identifier may be requested in order to ensure access to those entitled to the parking space and to calculate the costs associated with its use.

Public transport subscriptions module

Swisspass number: if the public transport module is activated, the user's personal Swisspass number may be required to be entered. This information is used to make the purchased transport ticket available on the Swisspass.

Personal statistics module

Means of transportation/daily route: if the statistics module is activated, the user has the option of entering the means used to travel to work and, if applicable, details of the route taken on a day-to-day basis. This data is used to show the user the evolution of their personal CO2 emission and physical activity statistics.

Payment service

In cases where your company has made fee-based services available and activated collection through the respective form, credit card information is also collected.

Credit card and related transaction data: credit card and related transaction data is shared with our partner Stripe, solely for the purpose of materializing user payments. Credit card data is transmitted via an encrypted connection to Stripe, which uses and processes it according to its Stripe Privacy Policy.

Data sharing and transfer mode

Personal data are shared with other entities in the following cases:

Data processing carried out by third parties

Mobitrends AG may engage third-party personnel, including software developers, to process user data. In this case, data access and processing are limited to the purposes for which the personnel were hired.

Mobitrends AG requires that third parties involved in data processing behave in accordance with applicable data protection laws and expected security requirements.

The employer can access user data where it is relevant to ensure and control the services offered by the company.

Legal obligations

Mobitrends AG may also share users' personal data for the following purposes:

Duration of data retention

When a company terminates its contract with Mobitrends AG for the use of the Mobalt app, Mobitrends AG agrees to anonymize its first name, last name, and e-mail address within six months of the termination of the contractual relationship. Other data are retained for statistical analysis.

Data Security

Mobitrends AG is committed to protecting the security of users' personal information. All information disclosed to Mobitrends AG and collected through Mobalt is treated with the utmost care and following industry security standards. Data will not be used improperly or contrary to what the user may legitimately expect.

Mobitrends AG uses a variety of technical and organizational measures to protect information stored in systems under its supervision from loss, misuse, unauthorized access, uncontrolled dissemination, alteration or destruction.

Nevertheless, IT security cannot be 100% guaranteed and Mobitrends AG cannot guarantee the security of the information provided through its application.

Data localization and applicable laws

The data is located at the datacenter of our Microsoft Azure Cloud partner based in Switzerland.

Depending on who is involved, applicable laws include Swiss and European data protection regulations.

User rights

You have the right at any time to request your personal information and to request correction of any inaccuracies.

In any case, all rights under Swiss law and European law, where applicable, are guaranteed.