Privacy policy

GLINT OUT DATA PROTECTION NOTICE (PRIVACY POLICY)

1. Our Commitment to Your Privacy: Principles and Scope of Application

This Data Protection Notice ("Notice") is a fundamental document that outlines our unwavering commitment to protecting your privacy. Kevin Leci Mobility, a sole proprietorship of Kevin Leci, headquartered at Othmarstrasse 20, 8008 Zurich, Switzerland (hereinafter "Glint Out", "we", "our"), as the Data Controller, undertakes to process your personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

This Notice applies to all personal data of natural persons ("Personal Data") that we collect, use, share, or otherwise process when you interact with our mobile application, our website www.glint-out.ch and all related services, features, and content (collectively, the "Platform").

2. Identity and Contact Details of the Data Controller

The Data Controller, i.e., the legal entity that, alone or jointly with others, determines the purposes and means of processing your Personal Data under the Swiss Federal Data Protection Act (nLPD), is

Kevin Leci Mobility

Othmarstrasse 20, 8008 Zurich, Switzerland

VAT No.: CHE-210.582.467

Email: info@glint-out.ch

For any questions, concerns, requests for clarification, or to exercise your data protection rights, please use the above contact channel, inserting "Glint Out Privacy Request" in the subject line of your communication to ensure priority handling.

3. Types of Personal Data Processed

To provide you with excellent and functional service, we collect various categories of Personal Data from different sources.

3.1. Data Provided Directly by You:

  1. Identification and Contact Data: Name, surname, email address (used for account validation, service communications, and, with your consent, for marketing), mobile phone number (used for urgent service notifications and to facilitate contact by the Washer).
  2. Account Data: Password (stored in encrypted format and not readable by us), user preferences, and Platform settings.
  3. Vehicle-Specific Data: Make, model, color, and license plate number. This data is essential to allow our Washer to unmistakably identify the vehicle on which the service must be performed, which must be located exclusively on private property.
  4. Sensitive Financial Data: When making a payment, your credit card details (full number, expiration date, CVV code) are collected and processed directly by our third-party payment gateway, Stripe, through a secure connection. Glint Out does not store, nor has access to, this information. We only receive a non-sensitive "token" to manage future transactions and a payment confirmation.
  5. User-Generated Content: Any information you voluntarily choose to provide, such as reviews of Washers, service ratings, feedback on the Platform, or the content of your support requests.

3.2. Data Collected Automatically during Use of the Platform:

  1. Precise Location Data: With your explicit consent provided via your mobile device's operating system, we may collect data about your real-time geographic location. This allows us to offer advanced features, such as automatic filling of the service address and showing nearby Washers. You may revoke this consent at any time through your device settings.
  2. Technical Browsing and Usage Data (Log Files): When accessing the Platform, our servers automatically record technical information, including: your IP address, browser type and version, User-Agent, device type, operating system, unique device identifiers (such as IDFA for iOS or Google Advertising ID for Android), pages visited, time spent on each page, clickstream, and the dates and times of your interactions.

Data Obtained from Third-Party Sources:

  1. Photographic Evidence of the Service: Our staff (Washers) documents the work by taking pictures of your vehicle before and after the service. These images are a key tool for us in quality control and transparent management of any complaints or disputes.
  2. Platform Infrastructure:Our software architecture integrates with essential third-party services, such as Google Maps for location services and Stripe for payments.

4. Purposes of Processing and Related Legal Bases

We process your Personal Data exclusively for legitimate, explicit, and specific purposes, each supported by a valid legal basis under the FADP.

  1. Provision and Management of Services (Legal Basis: Contract Performance): To create and manage your account, process your bookings, assign our staff (Washers) to perform the service, process payments, and provide support.
  2. Improvement, Optimization, and Security of the Platform (Legal Basis: Legitimate Interest): To analyze how the Platform is used in order to improve usability, develop new features, fix bugs and technical issues, and protect the Platform from fraud, abuse, or cyberattacks.
  3. Service Communications (Legal Basis: Contract Performance): To send you essential transactional notifications, such as booking confirmations, appointment reminders, Washer arrival notifications, or payment receipts.
  4. Marketing and Promotional Communications (Legal Basis: Consent): Only with your explicit, free, and informed consent (opt-in), we may send you newsletters, information on special offers, discounts, or new services. You may withdraw this consent at any time and as easily as it was given.
  5. Compliance with Legal Obligations and Legal Protection (Legal Basis: Legal Obligation; Legitimate Interest): To comply with tax and accounting regulations, respond to binding requests from judicial or administrative authorities, and assert or defend our rights in court.

5. Sharing and Disclosure of Personal Data to Third Parties

Your trust is our most valuable asset. We will never sell your Personal Data. Sharing is strictly limited to the following categories of recipients and for the purposes described:

  1. Within our organization: Data necessary to perform the service (such as your name, address, and vehicle details) is internally shared with our staff (Washers) assigned to the task. Such communication is necessary to fulfill our contract with you.
  2. Third-Party Service Providers: Essential third-party service providers may process your data, including:
    1. Payments: Stripe, Inc. (https://stripe.com/it/privacy)
    2. Maps and Geolocation: Google LLC (https://policies.google.com/privacy)
  3. Public Authorities: If required by law, we may disclose your data to judicial, tax, or other competent public authorities.
  4. Corporate Transfers: In case of a merger, acquisition, corporate reorganization, or sale of assets, your Personal Data may be transferred to the acquiring or succeeding party, always respecting the commitments made in this Notice.

6. International Data Transfers

Operating in a global digital context, some of our service providers may be located or process data outside Switzerland and the European Economic Area. In the case of data transfers to a country that does not offer an adequate level of protection under Swiss law, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved and recognized by the Federal Commissioner, to guarantee that your data continues to be protected with a level of security equivalent to that in Switzerland.

7. Data Security Measures

The security of your data is a critical responsibility for us. We adopt a multi-layered approach to security, implementing appropriate technical and organizational measures, including: end-to-end encryption for sensitive data in transit (SSL/TLS), encryption of stored data (at-rest), application-level firewalls, intrusion detection systems, disaster recovery procedures, and a strict access control policy based on the "least privilege" principle.

8. Data Retention Period

We apply the principle of storage limitation. Your Personal Data is retained only for as long as necessary to achieve the purposes for which it was collected, after which it is deleted or irreversibly anonymized. Retention periods are defined as follows:

  1. Account Data: As long as the account is active or until you request deletion.
  2. Transactional and Accounting Data: For a period of 10 years, as required by the Swiss Code of Obligations.

9. Your Rights and How to Exercise Them

In accordance with the FADP, you have the following rights, which you may exercise at any time:

  1. Right to Information (Access): The right to know what data we process about you and to receive a copy.
  2. Right to Rectification: The right to correct inaccurate data or complete incomplete data.
  3. Right to Erasure ("Right to be Forgotten"): The right to have your data deleted, subject to legal exceptions.
  4. Right to Restrict Processing: The right to temporarily "freeze" the processing of your data in certain situations.
  5. Right to Data Portability: The right to receive your data in a structured, machine-readable format.
  6. Right to Object: The right to object to the processing of your data based on our legitimate interest.
  7. Right to Withdraw Consent: The right to withdraw your consent at any time for future processing (e.g., marketing).

To exercise your rights, please send a written request to info@glint-out.ch, attaching a copy of an identity document so that we can verify your identity.

If you believe that the processing of your data violates the law, you have the right to lodge a complaint with the competent supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1, CH - 3003 Bern

Phone: +41 (0)58 462 43 95

Website: https://www.edoeb.admin.ch/edoeb/en/home.html

10. Protection of Minors

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from minors. If we become aware that we have collected data from a minor without parental consent, we will immediately take the necessary steps to remove such information.

11. Cookies and Similar Technologies

For detailed information about the cookies we use, their purposes, and how you can manage your preferences, please refer to our dedicated Cookie Policy.

12. Updates to this Notice

We reserve the right to amend this Notice to reflect new operational practices or regulatory changes. Any material changes will be proactively communicated to you. The most recent version will always be available on our Platform, with the date of the last update indicated.