Privacy Policy

Translations: please refer to our Language Accessibility Statement below.

1 December 2025

  1. ABOUT US, YOUR DATA CONTROLLER

    KINTO JOIN Limited a company with registered address at Great Burgh, Burgh Heath, Epsom, Surrey, KT18 5UZ, England and affiliate entities, together (KINTO) specialize in providing mobility, sustainability and related technology products, platforms and services for companies, governmental and non-governmental organizations. References in this policy, which also serves as our privacy NOTICE, to We, Us, Our are to KINTO.

    KINTO acts as Data Controller for certain personal data processing activities, operations in respect of which KINTO is responsible for determining and controlling the collection and processing of your personal data, for example where you upload your data to a KINTO service managed, configured and administered by KINTO or use our publicly available web resources.

    KINTO may act as Data Processor to your employer or sponsor for certain personal data processing activities, operations in respect of which your employer is responsible for determining and controlling the collection and processing of your personal data, for example where your employer uploads your data to a KINTO service managed, configured and administered by your employer. Your employer is responsible for arranging any required notices about data processing activities in respect of which they act as Data Controller of your Personal Data information and you may contact them to exercise your rights.
  2. YOUR PRIVACY IS IMPORTANT TO US

    We are committed to respecting your privacy through appropriate protection and management of your personal data. This policy describes how we may collect, use, share and otherwise process your personal information, also known as personal data, as an employee, contractor or related person of one of our corporate clients or other individual to whom we offer our services through our public or private websites, mobile applications, communications channels or other online or offline means. This Privacy Policy also contains information about your rights under applicable data protection laws and regulations and details how we protect and secure your data and your rights.
  3. HOW WE COLLECT, PROCESS YOUR PERSONAL DATA

    We collect personal data directly from you for example when you create or update an account with us or communicate or engage with us about our services. We may collect personal data indirectly, for example from your employer or their service provider to set up or update our services for you, or from our management of service technology tools, or other third party automated technologies such as cookies or from other external, for example public, sources. KINTO will, during and after your engagement with us, our services or technology collect, process and make determinations regarding processing of your personal data as relevant or required for our service provisioning, which may include:

    Data Category Data Elements
    Account data username, login credentials, account config
    Identity data name, gender, photograph, address, username or nickname
    Contact data email address and telephone number (mobile and work phone)
    Employment data employer, work location, other work information
    Usage data information about how you use our technology, app, website etc
    Marketing data your preferences in receiving marketing from us and our business
    Communications data feedback or other communications, including in writing
    Other data other data detailed in our Privacy or Cookie Policy or provided by you
    KINTO Join Only Carpooling Platform Only
    Location data GPS location, Wi-Fi, Bluetooth location and route
    Mobile data device gyroscope, accelerometer, heading, motion
    Ridesharing data ride-sharing timestamp; pick-up and drop-off location
    Carpooling data carpooling preferences and ridesharers
    Vehicle data pass number, vehicle registration, vehicle type
    We may also process your anonymised and aggregated data to analyse trends and statistics about the use of our services.

    In certain circumstances we may collect from you and process through our services personal data you provide relating to another person, for example a work colleague or other person, for limited purposes related to our service provisioning. If you choose to provide such data to us we will understand you have made the relevant data subject/s aware of this notice when using our service and by supplying us with the data are relaying to us consent provided to you by the data subject to our processing operations, if consent is relevant to the particular circumstances, processing operations and services.
  4. OUR PROCESSING ACTIVITIES, PURPOSES AND LEGAL BASIS

    Your personal data will be processed (collected, stored, used, accessed, transferred, deleted) in accordance with applicable laws and regulations, for purposes which, if relevant to your use of our products and services may include:

    Processing Activity / Purpose Data Category Legal Basis
    Service, Access, Support Management Identity data
    Employment data
    Account Data
    Technical Data    		 Performance of a contract (6b) Legitimate interests (effective customer service provisioning) (6f)
    Security, Safety Managemen Identity data
    Usage data
    Communications data    		 Performance of a contract (our T&Cs) (6b) Legitimate interests (platform security and terms compliance) (6f)
    Communications Management Identity data
    Contact data
    Information you give to us    		 Performance of a contract (our T&Cs) (6b) Legitimate interests (to contact you, including about service updates) (6f)
    Service Improvement Location data
    Communications Data    		 Legitimate interests (to improve, test and develop our services) (6f)
    Profile Management Identity data Legitimate interests (to identify you) (6f)
    Business Management Identity data
    Contact data
    Technical and usage data    		 To comply with our legal and regulatory obligations (6c) Legitimate interests (business, operations security, fraud prevention) (6f)
    Records Management Identity data
    Contact data
    Marketing data
    Communications data    		 To comply with our legal and regulatory obligations (6c) Legitimate interests (accurate records) (6f)
    Legal Proceedings Management Identity data
    Contact data
    Technical and usage data    		 To comply with our legal and regulatory obligations (6c)
    Legal, Compliance Management Identity data
    Contact data
    Usage data
    Communications data    		 To comply with our legal and regulatory obligations (6c)
    Survey Management Identity data
    Contact data
    Marketing data
    Usage data Communications data    		 Performance of a contract (6b) Legitimate interests (to improve and develop products and grow our business) (6f)
    Marketing Management Marketing data Communications data Contact data Consent (you configure settings) (6a) Legitimate interests (service promotion) (6f)
    KINTO Join Only Carpooling Platform Only Carpooling Platform Only
    Carpooling Management Sensor data
    Device data
    Location data
    Identity data
    Employment data
    Ridesharing data
    Carpooling data
    Vehicle data    		 Performance of a contract (6b) Legitimate interests (carpooling service operation) (6f)
    Further legal basis for the processing may include our performance of a contractual obligation (including a service contract, or related document), our legal obligations (including compliance management), our legitimate interests (including safety and service quality management), necessity to establish or defend legal claims (including in relation to services), your consent, where legally required or allowed. In addition if other legal basis are required, recognised by applicable laws in your country these may be relied on or if no legal basis are required the above are made available for information and reference purposes.

    We may send messages for Communications Management purposes, which are essential for our services; for example to communicate with you about servicing your account, to fulfil your requests, or otherwise as required by law. Some of these service messages contain information presented to you as part of our service relationship with your employer, for example, messages that help you use our services in the manner intended by your employer.

    We may use personal information for Marketing Management purposes, to tell you about our products and services or those from related businesses, to help us determine whether you may be interested in new products or services, and to present advertising content tailored to your interests, location or services you use (with your consent or as permitted by law). To make choices about how we market to you, you can 1: set preferences using technology resources we make available for this purpose; 2: follow the instructions in our marketing messages if you’d like us to stop sending. Please note if you opt out of our marketing messages you will continue to receive service messages relevant to your use of our services.
  5. HOW WE USE (ACCESS, SHARE) AND TRANSFER YOUR DATA

    Your personal data will be processed by KINTO in locations where business processes supporting your engagement with our services are fulfilled by our internal or external teams and technology.

    In certain circumstances and subject to relevant access and security controls some of your personal data may be accessed in a country other than that of your location or residence, for example, the country in which the office of your account manager or tech support lead person fulfilling or supporting your use KINTO technology is located.

    If one or more business processes for your country are fulfilled internally by KINTO or affiliates (such as KINTO Digital Service Center, a branch of our UK operating company located in Serbia) and/or externally by one or more vendors located outside your country your personal data may be processed in, transferred to that country to fulfil the relevant processing purpose in line with this Privacy Policy and in compliance with data protection laws.

    To provide our services, we may need to share your Personal Data with third parties and vendors outside the UK/ European Economic Area (EEA). If we do this, we will ensure your Personal Data receives the same protection as if it were being processed inside the UK/EEA.

    Data transfers and international data transfers are implemented in compliance with one or more data protection agreements with our group companies (Internal transfers) and/or data processing agreement terms with vendors (External transfers). Our data protection agreements include robust legal protections and provide for safe data handling including security mechanisms such as data encryption.

    In addition, where suitable or required KINTO adopts regulator approved international data transfer mechanisms to legalise international data transfers. We will only transfer personal data to countries that have been deemed by the Information Commissioner or European Commission to provide an adequate level of protection, or by using specific contractual protections, such as the standard contractual clauses (see European Commission: Model contracts for the transfer of personal data to third countries and United Kingdom Addendum).

    Transfers of personal data may be arranged with your employer for purposes such as account administration. We may need to transfer your data to third parties if we sell or re- structure our business or to governmental authorities if required by applicable law. Official data requests we receive are subject to legal evaluation and review under our official data request handling process.

    All processing and any related personal data transfers are arranged strictly in compliance with relevant contracts, applicable laws, regulations and KINTO risk management processes.

    Further information on Data Processors is available on this LINK.
  6. HOW WE SECURE YOUR DATA

    KINTO takes the security of your personal data seriously and all processing operations (collection, storage, use, transfer, deletion) are conducted in accordance with relevant legal obligations and technical, organisational and administrative security measures and processes and policies relating to safety, security and legal compliance. KINTO implements information security protocols to protect your data processed by KINTO, KINTO affiliates, group companies and external vendors.

    To protect your Personal Data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any data incident or suspected data breach.

    In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

    Further information on our robust information security arrangements and technical and operational measures is available on this LINK.
  7. DATA RETENTION, DELETION

    We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it.

    When calculating the appropriate retention period for your Personal Data, we consider the nature and sensitivity of the Personal Data, the purposes for which we are processing the Personal Data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.

    When we determine that Personal Data can no longer be retained (or where we must comply you request us to delete your Personal Data in accordance with your right to do so) we ensure that this Personal Data is securely deleted or destroyed.

    In some circumstances we may decide to retain your Personal Data for research or statistical purposes and in such circumstances, we will anonymise your Personal Data before retaining it. We may irreversibly anonymise your personal data so that it can no longer be associated with you, in which case we may use this anonymous information indefinitely without further notice to you.

    Further details on our Data Retention Policy (Schedule) is available on this LINK.
  8. HOW WE PROTECT YOUR RIGHTS

    You can generally access, update, rectify and/or correct your personal data yourself using technology made available directly to you directly and/or to or through your employer for these purposes as part of our services. It is important that whilst you are a user of our products or services, you update your information to ensure that the data we hold about you is accurate and up to date.

    If, in limited or exceptional case your efforts have been unsuccessful, you may contact your employer lead person or KINTO account manager with a request to arrange on your behalf according to the applicable service configuration.

    Subject to applicable law, you may have the right to be fairly informed of processing, erasure, restriction and/or objection to the processing of your personal data, change consents (if any) as well as the right to portability of your data.

    In addition the following privacy resources are available to you:
    Privacy questions or issues should be resolved directly with KINTO where possible. If you are unable to resolve a privacy issue with KINTO you may file a complaint with your local data protection supervisory authority or equivalent privacy regulator.

    We usually do not charge for handling data privacy requests, however we may ask you for proof of identity to protect you. If requests are manifestly unfounded or excessive we may make a reasonable charge or decline to act on your request. Once a request and identity has been validated, we will process the request promptly within the applicable period.

    If you are unhappy with the way in which your Personal Data has been or is being processed, you have the right to make a complaint about it to your national data protection regulator. In the UK, this is the Information Commissioner’s Office (ICO).
  9. FURTHER INFORMATION PARTICULAR TO YOU AND SERVICES YOU USE

    For information specific to you, KINTO services available to you under the applicable configuration requested by your employer or sponsor you may refer to the resources below in addition to this global privacy policy if available and applicable to you:
    • any supplementary privacy notice for:
      • your country;
      • a particular KINTO product or service.
    • if your employer acts as Data Controller:
      • your contract, engagement or other employer terms;
      • one or more employer privacy notices, policies or SAR etc processes;
  10. LANGUAGE ACCESSIBILITY STATEMENT

    We are committed to transparency and accessibility in our communications. Accordingly this content is published in our main operating language and made accessible to you in a format optimised for open web browser technology access with the aim of enabling and optimising accuracy of machine learning or other translation tools available through technology made available by your company or popular web browsers for clear and effective presentation in your preferred language, if different from our main operating language. If you are unable to arrange translation you may contact us to request translation to an alternative language.
  11. CHANGES TO THIS PRIVACY POLICY

    We may update this Privacy Policy from time to time. Updates to this Privacy Policy will be made available on relevant technology, including web and mobile technology platforms. Changes apply immediately upon publication. We therefore recommend that you visit this page regularly for awareness of the latest content and to find out about any updates.