Welcome to the Privacy Policy  

of UrbanAir 


Last Updated: April 2021


This privacy policy provides you with the relevant information about the processing of your personal data by our platform. It also informs you about your rights according to the General Data Protection Regulation (“GDPR”). By accessing and using our services you give your acceptance to the processing of your personal data. If you do not agree with any aspect of the Policy, please discontinue the access and use of our Services. 


If you have any questions related to this Privacy Policy, please feel free to contact us at the contact details provided below. 



1. Who are we? 

The Controller is Neobility S.R.L., having the following contact details: 

  • Postal address: Targoviste, 42 Calea Bucuresti, Block N3A, 2nd Floor, Flat 7, Dambovita county, Romania
  • E-mail address: privacy@rideurbanair.com



2. Definition of used terms 

  • Privacy Policy – the legal information contained or referenced herein that governs the way we collect, process and share personal information (“Policy”).  
  • T&C – the terms, conditions and legal information contained in our Terms & Conditions, that govern your use of our platform and form the legal agreement between you and us.  
  • Platform: the website www.rideurbanair.com together with the correspondent App, UrbanAir. The UrbanAir App is available in the app stores for download, for any device with internet connection, optimized for mobile phones and tablets and, through it, Users can contract mobility services provided by third party Service Providers. (“UrbanAir”, “App”) 
  • Users – the individuals having the minimum required age in order to access our information society services and who register on the UrbanAir Platform and create an Account in order to have access to mobility services (the “User”, “Users” or “you”). Also, in relation to certain mobility services, Users will have to comply with additional age limitations.   
  • Service Providers: the providers of mobility services available on the Platform, which can offer one or more of the following mobility services: e-scooters, bikes, mopeds, 4 wheeled vehicles etc.  
  • UrbanAir’s Services: the services offered by Neobility through the UrbanAir app, for the purpose of concluding and executing a contract between the User and the Service Provider.  
  • Mobility Services: the mobility services that are offered by the Service Providers, based on their own terms and conditions, made available to the Users, as provided in the T&C. 
  • User’s Account: comprises of the identification details that Users provide to register on our App. In case of Mobility Services that are accessible directly from our App, User’s Account comprises of authentication details required in order for UrbanAir to facilitate intermediation of Mobility Services.  
  • Controller – Neobility S.R.L. with the contact detail provided above. 


3. Personal data that we process  

For the purpose of offering our services we process different categories of personal data that can identify you or your device. Some of the data is actively provided by you and some is passively collected by us. Also, for running our platform, in certain cases, we use the help of third-party service providers which may collect and share data about you. More precisely, we collect and process:


  • identification data such as: name, surname, photo (if provided), date of birth and age (only if needed), username; Also, we may process needed documents such as national ID and/or driver license should you require certain mobility services or should you decide to send this data for safe keeping in your user account. We will match your identity with the documents sent using soft biometrics offered by a third-party service provider.
  • contact data such as: e-mail, phone number, home address (if provided), work address (if provided), favourite places address (if provided);
  • data that identifies you & your device such as: browser type, connection type, identification codes such as IP, MAC, IMSI, language preference, mobile device identifiers and SDK’s, mobile carrier, time zone setting, location data (non-continuous). 
  • data on how you use the service such as: date and time of online activity, errors, frequency of visits, page response time, clickstreams, purchase history, previous conversations, purchasing behaviour, preferences and others;
  • data related to your third-party accounts such as: social media accounts or accounts on the platforms of the Service Providers – the type of personal data processed will depend on the platform that you choose to log in/sign in with or the platform you choose to interact with, and with the Privacy Policy of such platform. 
  • data from your device such as: photos (only if provided), camera access (only if requested), contacts (only if requested);
  • financial data: limited data related to transactions: date of purchase, purchase amount, status of the payment (confirmed / not confirmed), invoicing. We do not store debit/credit card data, all card payments are done through an authorized payment processor. 


4. Purposes of processing and Categories of personal data 


4.1 Registration on the Platform:  

We process your data in order to:

  • identify you and authorize you to access our platform;
  • allow you to create a profile and User Account; 
  • facilitate the invitation of others to our platform. 

Data used for this purpose:

  • identification data; 
  • contact data;
  • data related to your third party accounts; 
  • data that identifies you & your device
  • financial data.


4.2 Placing the order: 

Given that the Platform is an aggregator for mobility services, which allows the interconnection between Service Providers and registered Users of UrbanAir, consider that the data necessary for the provision of the service is also going to be shared with and/or collected from the respective Service Provider.


We process your data in order to:


  • authenticate and enable you to connect to the platforms of the Service Providers and the accounts, should you choose to do so;
  • allow you to place the order;
  • provide the integrated service. 

Data used for this purpose:


  • identification data;
  • contact data;
  • data that identifies you & your device;
  • data on how you use the service;
  • data from your device;
  • data related to your third party accounts;  
  • financial data.


4.3 Invoicing and payment:


This process is done in accordance with our Terms & Conditions with the help of an external payment service provider, which helps us issue process payments. All the data that you provide for this purpose is processed only by such external provider and we receive only a notification related to the status of the payment (confirmed or not).

Data used for this purpose:


  • identification data; 
  • contact data;
  • data on how you use the service;
  • data related to your third party accounts;  
  • financial data.


4.4 Removing errors and improving Platform functionality & security 


For this purpose we process your personal data in order to:

    • keep the Platform running by removing errors, enhancing the security, combatting spam and verifying identity or service access; 
    • track and analyse your clickstream and your response in relation to different changes on our Platform, such as changes in the structure or in the content available;
  • to perform analysis of functionalities in order to enhance the provided features and to adapt the Platform to your needs.

Data used for this purpose:


  • identification data;
  • contact data;
  • data related to your third party accounts;  
  • data that identifies you & your device; 
  • data from your device;
  • data on how you use the service.


4.5 To provide Customer Support 


We process your data for the purpose of offering you support and replying to your requests. In order to make our interaction more efficient we use the help of third parties which help us manage our database and give us easy access to information relevant for resolving your request. In this process we also consider, where available, data related to your degree of satisfaction with the mobility services and with the functionalities of the Platform. In certain cases, we will require the mobility service provider for settlement of your queries.

Data used for this purpose:


  • identification data;
  • contact data;
  • data that identifies you & your device;
  • data related to your third party accounts;  
  • data from your device;
  • data on how you use the service. 
  • financial data.


4.6 Marketing and personalized offers


We process your data in order to be able to promote products & services by sending you messages and by showing you advertising messages based on the use of the Platform during the registration process or, subsequently, in the profile of the Platform, unless we do not obtain your consent for marketing purposes or, unless you oppose to such communications, as the case may be.

Data used for this purpose:


  • identification data;
  • contact data;
  • data that identifies you & your device;
  • data related to your third party accounts;
  • data from your device;
  • data on how you use the service. 


For this purpose, we might build and use user profiles and so, the content could be tailored to your interests and behaviour. Also, some communications might be triggered automatically by a specific action you perform on our Platform, such as a click. 



4.7 Enforcing our Terms & Conditions 


When using the Platform, you agree to our Terms and Conditions, that define how you can use our Services. To ensure that the usage is in accordance with our policies we store your personal data and we may process it in for purposes such as: 

  • investigate, prevent and mitigate any potentially prohibited or illicit activities related to, for e.g. fraud, damaged vehicle, IP infringement etc.
  • enforce our agreements with third parties such as the Service Providers; 
  • collect fees based on your use of our services. 

Data used for this purpose:


  • identification data;
  • contact data;
  • data that identifies you & your device;
  • data on how you use the service;
  • data related to your third party accounts;  
  • data from your device;
  • financial data.



4.8 Contractual relationship with the Service Providers and/or with the User


For intermediating the Mobility Services we constantly collect and exchange data with the Service Providers for the purpose of being able to implement the contractual relationship and manage all the requests and related operations. For this purpose we process data for purposes such as: 

  • allow and enhance authentication and interconnectivity;
  • allow eligibility verification for certain Mobility Services;
  • measure and improve the provision of the Mobility Services; 
  • create campaigns and commercial strategies;
  • collect payment and manage the inherent responsibilities;
  • resolve controversies, misuse, litigation and other events having contractual impact. 

Data used for this purpose:


  • identification data;
  • contact data;
  • data that identifies you & your device;
  • data on how you use the service;
  • data related to your third party accounts;  
  • data from your device;
  • financial data.


Also, please take into account that UrbanAir is constantly evolving and seeks to offer the best services to its Users by constantly responding to requests, trends and market changes. For this purpose, we process statistical and aggregated data in order to analyse and predict such trends. 



5. Legal Basis for Processing 


In general, the processing of personal data is necessary in order to carry out the activity specific to the purpose of processing, more precisely, the provision of mobility services through the Platform.


In order to process your personal data, we rely on various legal grounds, as follows:


  1. Contract – in this case the processing is necessary either for entering into a contract (e.g. you have registered on the platform and we have to take the necessary steps to implement your registration) or for performing contract concluded (e.g. placing the order);
  2. Consent – you gave us your consent for processing your personal data for a specific purpose. Please take into account that in line with the applicable legislation, consent can be granted in multiple ways. In this sense, you give us your consent by clicking a tick-box, by performing a certain action, by voluntarily introducing data or by facilitating a certain interaction, depending on the situation. We facilitate the way in which you grant consent for experience and usability purposes. You can always withdraw you consent and, if we do not have another legal basis for processing your data, we will immediately stop such processing. Please take into account that consent withdrawal is not retroactive and so it affects only future processing activities not past processing. Also, the implementation of the withdrawal will be executed considering the time needed for technical implementation and the timelines provided by law.
  3. Legal obligation – the processing is necessary for us to comply with the applicable laws. 
  4. Legitimate interest – the processing is necessary for our legitimate interests or the legitimate interest of a third party, as long as such legitimate interests are not out-weighted by your rights and interests. Such legitimate interests could refer to:


  • gaining insights from your behaviour on the platform;
  • delivering, developing and improving our service;
  • enabling us to enhance, customize or modify our services, content and communications;
  • evaluating your feedback and solving your queries;
  • enhancing data security and detecting fraud or misbehaviour;
  • marketing our products & services to existing users;
  • displaying advertising on our Platform, tailored to your interests.




6. Categories of recipients 


For running our platform and for making our services more efficient for some of the processes we may involve third parties. We guarantee that all our business partners, technicians, suppliers or independent third parties are obliged by contractual commitments to process the personal data shared with them only in accordance with our instructions, this Policy and the applicable data protection legislation. Also, if we are required by law or by an administrative authority such as police or court, we reserve the right to disclose personal data about you. 


Furthermore, in order to fulfil contractual obligations, the data of the Users may be disclosed to and/or collected from the Service Providers according to our Terms & Conditions for the purposes of providing and managing the mobility services offered through the Platform. However, the right of the Service Providers to use data for other purposes has been restricted contractually. Considering the relation, the scope of processing and the means by which the data is processed, the Service Providers do not act as processors for the Controller, their relation being of independent controllers. 


In order to facilitate the activities related to the purposes of processing detailed above, we communicate these data to third parties, including partners, such as:


1. Third parties which help us with access and connectivity by:


  • managing the user registration process and the log in / sign in operations;
  • allowing interconnectivity with other platforms;
  • allowing you to invite connections on the platform.


2. Third parties which help us with marketing and advertising such as:


  • marketing agencies and commercial affiliation partners; 
  • integrated marketing tools for emailing, notifications and pop-ups, surveys, analytics and measurement. 
  • direct advertising and remarketing tools.


3. Third parties which help us with operations by: 


  • managing contact and support requests, complaints and by collecting data about the interaction and result;
  • offering customer relationship management software, aggregating info and making our interactions more efficient; 
  • managing payments and invoicing; 
  • offering insurance, training, archiving tools;


4. Third parties which help us with infrastructure by:


  • offering hosting and external backup services;
  • managing security systems and traffic distribution systems;
  • offer IT support; 
  • remove errors and improve functionality & security; 
  • payment processors;


5. Other third parties such as:


  • companies from the group to which the Controller belongs; 
  • business partners, investors, assignee for the purpose of facilitating transactions in commercial assets (which may include a merger, acquisition, debt or sale of goods); 
  • professional advisers, such as auditors or lawyers; 
  • regulatory authorities, professional bodies and / or public authorities for compliance with applicable regulations. 


When choosing service providers, the Controller may transfer user data outside the borders of the European Economic Area. In such cases, before any transfer takes place, we will ensure that these service providers comply with the minimum security standards set by the European Commission and that they always process the data in accordance with our instructions.




7. Data Subjects Rights 


7.1 Right of access


Upon request you have the right to be informed if your personal data are processed, and if so, you have the right to request access to your data. This allows you to obtain information about: 


  • the purposes of processing;
  • the categories of personal data we are processing;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • for how long the data will be processed or the criteria to determine that period. 


You have the right to obtain a copy of the personal data processed free of charge. For additional copies, we may charge a reasonable fee based on administrative costs.


We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others like, for e.g. another’s person confidentiality or intellectual property rights. 


7.2 Right to rectification


You have the right to request and obtain the modification of any personal data that is incorrect or obsolete. 


7.3 Right to erasure (“right to be forgotten”)


You have the right to ask us to delete your personal data and we will honor such request unless the circumstances do not allow us to do so like, for e.g. in the case in which we are legally obliged to keep contract & financial details for a number of years. 


7.4 Right to restriction of the processing


You have the right to request a restriction on the processing of your personal data and this is applicable in different circumstances such as: 


  • we no longer need your data but you ask us to keep it so that you can establish, exercise or defend legal claims; 
  • you appreciate that the personal data we hold is not accurate and you request us to review it. 
  • you oppose to the processing of your personal data based on our legitimate interests. 


7.5 Right to data portability


You have the right to ask us to transfer your data either directly to you or, if possible, to another service provider. This is applicable only for the data that you have actively provided to us and that we process automatically based on your consent or based on a contract. Where possible, we will transfer your data in a structured, commonly used, machine-readable format. 


Please consider that we are not able to honor such transfer request in those cases in which it would have a negative effect on other individuals like, for e.g. if the data also contains personal data of other people. 


7.6 Right to object to the processing


You have the right to object to the processing of your personal data, for reasons related to your situation, at any time and free of charge. In relation to direct marketing, such objection can be made at any time and without any justification. In relation to the processing based on our legitimate interest, for objecting, you will need to provide a specific reason. Please consider that such right is not always applicable, in particular in those situations in which the processing of your personal data is related to a contract and it is necessary for the preliminary steps related to its conclusion or to the performance of a contract already concluded.



7.7 Right not to be subjected to a decision based solely on automated processing, including profiling


We may use your data for taking decisions by automated means, without any human involvement. This processing activity is taking place in compliance with the data protection regulation, respectively if: (a) it is necessary for entering into, or for performing the contract between the User and UrbanAir, (b) is authorised by Union or Member State law, or (c) we have your explicit consent. Such decisions may be based on factual data like, for e.g. the expiration date of your driving license as well as on digitally created profiles. Please consider that, in case of mobility services which require by law that the user holds a valid driver’s license, such processing is necessary for the lawful conclusion of the contract.


With respect to such decisions, you have the right to (a) obtain human intervention, (b) express your point of view and, (c) contest the decision. 


7.8 Right to lodge a complaint in front of the National Supervisory Authority, which in our case in the Romanian Supervisory Authority (“ANSPDCP”) 


We would appreciate hearing and trying to solve your problem first but if you consider that we have not responded to your requests properly, you have the right to file a complaint with the Romanian data protection authority.


For exercising any of your rights under the data protection laws please contact us at the contact details provided under Section 1. Also, please note that these rights are not without limitations so please exercise them in good faith. We will make our best to respond to your request as soon as possible and always within one month. We reserve the right to protect ourselves against malicious or unjustified repeated requests.




8. Data Security and Storage 


We take all necessary measures in order to make sure that all Users data is stored within EU / EEA. However, if by processing your data alone or together with other third parties as provided in this Policy we transfer and/or store data outside of the EU / EEA we will take all necessary measure in order to make sure that the provisions of data protection regulations are respected. 


We have taken appropriate technical and organizational measures to ensure the security of your data and, in particular, to protect your personal data against access by third parties and against any intentional alteration, loss or destruction. These measures are regularly reviewed and adapted according to the latest technologies.


Please consider that no electronic transmission of data is ever fully secure or error free so please take care in deciding what information you disclose. Furthermore, we are not to be held responsible for the functionalities and security measures of any third party. 




9. Cookies


Cookies are small text files stored in browsers or devices by websites, applications, online social media pages, and ads. The Controller uses cookies and similar technologies for purposes such as:


  • user authentication;
  • saving Users’ preferences and settings; 
  • determining the popularity of the content; 
  • delivery and measurement of the efficiency of advertising campaigns; 
  • analysis of trends and traffic on sites and general understanding of the behaviour and interests manifested online by those who interact with our services.


We may also allow others to provide us with audience measurement and analysis services, display advertisements on our behalf on the Internet, track and report on the effectiveness of those advertisements. These entities may use cookies, web transmitters, SDKs and other technologies to identify the devices used by visitors to our websites, as well as when accessing other websites and online services.




10. Retention period


We limit the storage period of your personal data to the time necessary to fulfill the purpose for which we have collected it and, as a general principle, for the period required or permitted by applicable law, as follows:


  • if the data is collected and processed for the purpose of a contract, we will retain such data for the entire period of its performance;
  • if the data is collected and processed with your consent, we will retain it until you withdraw such consent;
  • if the data is collected and processed based on our legitimate interest, we will retain it until such interest is fulfilled and, as a general rule, for a period of 3 (three) years from the termination of the contractual relationship;
  • if the data is collected and processed pursuant to a legal obligation, the time frame will depend on the legal provisions regarding mandatory retention periods. 


Please consider that the period may be longer if we are required to store the data for the purpose of satisfying any legal, accounting or reporting obligations or to resolve any legal disputes. 


Also please note that, as underlined under Purposes of Processing, we process data for statistical and analytics purposes. When the data is no longer necessary for fulfilling the purpose of processing, we will remove / delete your personal data from our systems and records and / or take steps to anonymize them so that you can no longer be identified based on them. Afterwards, the rights related to access, erasure, rectification and transfer will not be enforceable. 




11. Final provisions 


We may change this Policy at any time and the changes will apply to any personal data we already hold and to any new personal data collected after the change. Independently of the changes, we:


  • compromise ourselves to always respect your privacy;
  • and, if we make any material changes to this Policy, we will endeavour to notify you by email or by posting a prominent notice on the Platform prior to the change becoming effective. 


We encourage you to periodically review this page for the latest information as your continued use of our services after the effective date of this Policy constitutes an acceptance of the amended terms. You may refer to the “Version date” to determine if the Policy has changed since the date of your last visit.