Privacy policy

Privacy policy

How Binny Mobility collects, uses, and protects personal data. Written to comply with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and the national implementations in Norway, Sweden, Denmark, Germany, and Portugal.

Last updated: 19 April 2026

1. Data controllers

The data controllers responsible for your personal data depend on the country in which our services are delivered to you. For general website use and pre-contract contact, the parent entity (Norway) is the primary controller.

  • Binny Mobility AS — Gulleråsveien 15C, 0779 Oslo, Norway. Primary controller for website visitors, contact-form submissions, and pre-contract commercial conversations.
  • Binny Mobility Filial — Stackvägen 22, 163 55 Spånga, Sweden. Controller for operations and personal data processing related to services delivered in Sweden.
  • Binny Mobility ApS — Njalsgade 21 F, 2., 2300 Copenhagen S, Denmark. Controller for operations and personal data processing related to services delivered in Denmark.

All contact for data-protection matters can be addressed to privacy@binnymobility.com.

2. What personal data we collect

2.1 Website visitors

When you visit binnymobility.com we automatically collect: IP address, user-agent string, referrer URL, pages viewed, time and duration of visit, and anonymised interaction events (scroll depth, CTA clicks). This is collected through our analytics tooling and server logs.

2.2 Contact and enquiry forms

When you submit a form (contact, book an audit, newsletter signup, PDF download), we collect the specific fields you provide — typically name, work email, company, country of operation, phone (optional), and the message content.

2.3 Business contacts (CRM)

Where we have an ongoing commercial conversation with you or your organisation, we retain business-contact information (name, role, email, phone, company) in our CRM system for the purpose of that commercial relationship.

2.4 Job applicants

When you apply for a role with Binny Mobility we collect the personal data you provide (CV, cover letter, references, identity verification where required by local law). A separate applicant privacy notice will apply and is available on request.

2.5 Cookies and similar technologies

We use cookies and similar technologies for essential website function, analytics, and — with consent — advertising. Full details are in our Cookie policy.

3. Purposes and legal bases (Art. 6 GDPR)

  • To respond to enquiries and provide services — legal basis: performance of a contract (Art. 6(1)(b)) or pre-contractual steps at your request.
  • To operate and secure the website, including fraud and abuse prevention — legal basis: legitimate interests (Art. 6(1)(f)).
  • To improve our services through analytics — legal basis: legitimate interests, balanced against your privacy (Art. 6(1)(f)), with consent for non-essential tracking.
  • To send you operational updates, newsletters, or commercial communications — legal basis: consent (Art. 6(1)(a)) or legitimate interests in an existing commercial relationship (Art. 6(1)(f)).
  • To comply with legal obligations — legal basis: legal obligation (Art. 6(1)(c)). This includes accounting, tax, and employment records.

4. Who we share data with

We share personal data only with service providers acting as data processors on our behalf, with clients and their explicit authorisation (where you are an end-user of services we deliver to an operator), or where required by law.

  • Hosting and infrastructure providers (website, email, CRM, analytics) — under GDPR-compliant data processing agreements.
  • Operator clients — where your personal data relates to services we deliver on behalf of a specific micromobility operator, that operator is an independent controller under a data sharing agreement.
  • Professional advisers — legal, accounting, insurance, where necessary.
  • Competent authorities — where required by applicable law.

5. International data transfers

We prefer EU/EEA-based service providers. Where transfers outside the EEA are unavoidable — for example, certain analytics, advertising, and infrastructure tooling — we rely on European Commission adequacy decisions where available, or on Standard Contractual Clauses (SCCs) supplemented by appropriate technical and organisational measures.

6. Retention periods

  • Website analytics (anonymised): up to 26 months.
  • Contact and enquiry form submissions: up to 24 months from last contact, unless a commercial relationship begins.
  • CRM records in an active commercial relationship: for the duration of the relationship plus applicable statutory retention periods (commonly 5–10 years for accounting records under Norwegian, Swedish, and Danish law).
  • Job applicant data: up to 6 months after the recruitment process ends, unless consent is given for longer retention.

7. Your rights under GDPR

You have the following rights in relation to your personal data:

  • Right of access (Art. 15) — to know what data we hold about you.
  • Right to rectification (Art. 16) — to correct inaccurate data.
  • Right to erasure (Art. 17) — to have your data deleted in specified circumstances.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21), including to direct marketing.
  • Right to withdraw consent at any time, where processing is based on consent.
  • Right not to be subject to automated decisions with legal or similar significant effects (Art. 22). We do not currently use automated decision-making in this sense.

8. How to exercise your rights

To exercise any of your rights, email privacy@binnymobility.com with a clear description of your request. We will respond within one month of receipt (extendable by two months for complex requests, as permitted by Art. 12(3) GDPR). We may need to verify your identity before responding.

9. Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement:

  • Norway: Datatilsynet — datatilsynet.no
  • Sweden: Integritetsskyddsmyndigheten (IMY) — imy.se
  • Denmark: Datatilsynet — datatilsynet.dk
  • Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) — bfdi.bund.de
  • Portugal: Comissão Nacional de Protecção de Dados (CNPD) — cnpd.pt

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration, including access controls, encryption in transit, backups, and regular review of our security posture. No system is perfectly secure; we commit to notifying affected individuals and the competent supervisory authority of any personal data breach in line with our GDPR obligations.

11. Changes to this policy

We may update this policy from time to time. The current version is identified by the “Last updated” date at the top. Material changes will be communicated on our website or by direct communication where appropriate.

12. Contact

For privacy-related enquiries: privacy@binnymobility.com

For general enquiries: info@binnymobility.com