Last updated April 2019
Eloop operates a fleet of electric vehicles ("Vehicles") which Users can currently book and lease in the home area in Vienna ("Home Zone") and use within Austria in accordance with the Eloop General Terms and Conditions, available at [www.eloop.to/terms], as updated from time to time.
Eloop is subject to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, "GDPR") as well as the Austrian Data Protection Act (Datenschutzgesetz).
1. What is personal data?
2. Processing of data in relation to our service
2.1. Registration process
2.2 Fraud prevention
2.3. Lease of Vehicle
2.4. How long is your data stored? (retention period)
3. Processing of data on our website
3.1. Comments on blog posts
6. Your rights
B.2 Third party processing on our website
Article 4(1) GDPR defines personal data as: "any information relating to an identified or identifiable natural person ('data project'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person".
Eloop is a data "controller" in the meaning of Article 4(7) GDPR: "the … legal person … which, alone or jointly with others, determines the purposes and means of the processing of personal data".
If you have any questions about how we process your data or if you want to exercise your rights as detailed below, please do not hesitate to contact us at:
As all of our Users must be over 18 years old to register with our service, we do not collect personal data on children.
As part of the registration process, we collect:
We collect and process this data in order to identify you as our contractual partner and for the fulfilment of various mutual contractual obligations, including in particular processing of payments and ensuring that you are entitled to operate the Vehicle, as well as to be able to contact you if necessary. The legal basis for this processing is necessary for the performance of your contract with us (legal basis for processing is therefore Article 6(1)(b) GDPR). If you do not provide us with this data, we will be unable to conclude our contract with you.
Recipients of data: insurance company, IT service providers.
We furthermore process your credit card details (your name, title, credit card number), your address, your cell phone number and your driving license details (your name, license number, birthdate, expiration date) in order to perform a fraud check. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) to ensure that you are able to fulfil your payment obligations pursuant to the General Terms and Conditions.
Recipients of data: Our service provider that provides us with background checks
During lease of a Vehicle, we collect:
We use geo-fencing technology, which defines a virtual area using GPS coordinates and creates a virtual boundary around these. This is used to define the Home Area, allowing us to detect when the Vehicle is back in the Home Area and a lease can be ended. Geo-fencing is not used to create a movement profile.
Geo-fencing is also used to define the territory of the European Union. Should you leave the European Union in a Vehicle, the position will be recorded by GPS, and Eloop will be notified by a silent alarm, as this constitutes a breach of our General Terms and Conditions.
These forms of data processing are performed to ensure our legitimate interests, in accordance with Article 6(1)(f) GDPR. These legitimate interests are:
Furthermore, the name, address and lease details of the User will be transferred to the relevant authority in the event of justified official enquiries. In the event of claims that the rights of a third party has been breached (e.g. property damage during a lease), the name, address and lease details of the User will be transferred to the third party.
Recipients of data: IT Service providers, if necessary relevant authorities (in case of legal proceedings)
All of the above data (2.1. -2.3.) is stored for the duration of Master Agreement, and will be deleted on termination of either you or us in accordance with the Eloop General Terms and Conditions. Your data may be retained for a longer period to the extent we are subject to a mandatory retention obligation under statutory law (such as the 7 years retention period regarding financial records), or to the extent we have a specific and justified reason to retain your data, e.g. in case of pending claims.
We process a number of data on our website for different purposes. You can find the details regarding the particular data processing below. Please note that due to implemented Social media plugins, also third parties can process your personal data. You can further detail in the section B.2. Third party processing on our website.
The users of our website are allowed to comment in our Caroo Eloop blog section. We collect your name, your email address and optionally other data, that you decide to share with us in the comment. We process this data to ensure that we know who this person is in the event of complaints or illegal comments and in case of complaints we can tell the commenting person is a user of Eloop. Your data will be deleted after 3 months.
Your data is processed on the basis of Article 6 Para 1 Subpara a - consent. You can withdraw your consent by writing an email to firstname.lastname@example.org at any time, without affecting the lawfulness of processing based on consent before its withdrawalYour data is processed on the basis of Article 6 Para 1 Subpara a - consent. You can withdraw your consent by writing an email to (please insert email email@example.com) at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Recipients of personal data: Our IT Provider.
This website uses the Talkus application by Talkus SAS, Attn: Data Protection Officer / Legal Department, 24 rue Alphonse Daudet, 91400 Saclay, France. This application serves to offer visitors a live chat on our website. If you use Talcus following data are collected - data you disclose to us in your message and optionally Your email address.
These data are processed on the ground of your consent - Article 6 Para 1 Subpara a GDPR. You can withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Recipient of your data is Talkus (processor). The data are stored at Caroo Mobility GmbH for 24 hours and then deleted. If a visitor wishes to prematurely delete them, they can do so by sending an e-mail to firstname.lastname@example.org.
If you wish to receive the newsletter offered on this website, we will collect your email address. We also collect your first, last name on an optional basis.
After confirming your registration we collect your login, confirmation times and the IP address. Legal ground for this processing is your consent - Article 6 Para 1 Subpara a GDPR.
We will process these data until you revoke your consent. You can revoke consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Recipients of your data: MailChimp (for more information regarding this data transfer and the way we use MailChimp please see below).
The registration to the newsletter is done via a so-called double-opt-in procedure. In other words, you will receive an e-mail after logging in, requesting confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes saving the login and confirmation times and the IP address. The changes of your stored data will also logged be with the newsletter provider of the operator of this website.
We use MailChimp, a newsletters shipping platform owned by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA, as a processor to send you our newsletter. The headquarters of MailChimp is in the United States of America. MailChimp is a participant in the EU-US Privacy Shield, which requires the company to maintain a level of data protection consistent with European privacy standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
MailChimp will receive your name, first name and your e-mail address in order to contact you. MailChimp uses so-called web beacons in e-mails - these are small graphics in the e-mails that allow a log file recording for statistical purposes. Your IP address, browser, time of retrieval or e-mail client type will be collected; the use of this web beacons shows us if you have opened our email sent to you and if you have clicked certain links. For technical reasons, this information can be assigned to the individual newsletter recipients. The use of web beacons is common in the Internet sector. Web beacons are used in emails only with your consent. You can revoke this consent at any time by sending us an e-mail to email@example.com or contacting us by post at the addresses below.
As a data subject under GDPR, you have certain rights regarding your personal data. These are:
If you wish to exercise your rights as listed above, please contact us in writing using the contact details provided in clause 1 above.
We use a number of analytic services in order to continuously optimize our website and provide you with a better browsing experience. We also use advertising services and have built Social Media Plugins and content of third parties (Embeds content) into our website. You can review the list of used Cookies here. You can review the comprehensive list of Social Media Plugins here.
The Austrian Telecommunications Act ("TKG") differs between cookies that can be used without consent and those that require a prior consent in order to be used lawfully.
We use only cookies that require your prior consent. The legal basis for initial use is your prior consent pursuant to provision 96 (3) TKG.
Your IP-Address, All cookies, Server-Logfiles
We process the given data exclusively for the purposes below. We neither sell these data to third parties nor combine them with data from other data sources.
In addition to the data generated by your use of our website, we also process data that you send to us yourself. For more Information see our Data Privacy Notice above.
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). We have also added the code "anonymizeIP" on this website to Google Analytics. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google is Privacy Shield certified. Thus Google has the comply with legal frameworks that establish an equivalent level of data protection with EU law.
In order to evaluate the behaviour of the visitors of this website, Google Analytics uses the information generated by the cookies. This information is transmitted to Google's servers in the USA and stored there. This data processing is profiling. This processing constitutes profiling. You can object to it here.
We use Google AdWords, a internet advertising service that allows advertisers to run both Google and Google Network search engine. This service is provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). Google is Privacy Shield certified. Thus Google has the comply with legal frameworks that establish an equivalent level of data protection with EU law.
We use the so called Tracking Pixel services ("Pixel services") of different social media providers:
By using these Pixel services, we can track users' behavior after seeing or clicking on a Facebook/Twitter/LinkedIn ad. This process is designed to evaluate the effectiveness of Facebook/Twitter/LinkedIn advertisements for statistical and market research purposes and may help to optimize advertising efforts. The Pixel services can save cookies on your device.
For further information, please visit the respective privacy and cookie policies of these companies:
Your data can be transmitted to the servers of the respective company in the USA. Twiter, Facebook and LinkedIn are participants to EU-US Privacy Shield, which requires the company to maintain a level of data protection consistent with European privacy standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.
Cookie name: _ga
Duration: 2 Years
The cookie captures and stores the Client ID field; a unique, randomly generated string that gets stored in the browser’s cookies, so subsequent visits to the same site can be associated with the same user. If not removed, the cookie is stored for two years.
Cookie name: _gid
The cookie also captures and stores the Client ID field. If not removed the cookie is stored for 24 hours.
Cookie name: _fbp
Duration: 10 min
Facebook pixel allows us to report conversions, build audiences and get rich insights about how people use our website.
Cookie name: _hjIncludedInSample
Duration: 365 Days
This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Heatmaps, Funnels, Recordings, etc.
We have built the plug ins of the typical Social media platforms into our website, so you can share the contents of our website on your favourite social media. We have also build in ("embed") content of third parties into our website. We do not have any influence whatsoever on the processing of your personal data by these third party. The Social Media Plugins and embed content are loaded only after you have consented to do so.
We have built in following Social media Plugins:
We have built in following third party content: