Privacy policy

PRIVACY AND PERSONAL DATA MANAGEMENT POLICY

Below you will find information about the personal data we collect about you and how we use it.

This policy complies with the European General Data Protection Regulation (GDPR) and respects the laws and regulations in force in each of the other jurisdictions where the Communauto Group is present and/or operates (see 3.3).

  1. What is personal data?

 

  1. Why does Communauto ask me for this information?

 

  1. Who is responsible for processing my personal data and how do I contact Communauto if I have any questions or requests about it?

 

  1. What type of personal data does Communauto collect and what is it used for?

 

  1. Who can have access to my personal data and why?

 

  1. How long does Communauto keep my personal data?

 

  1. What are my rights in relation to the storage and use of my personal data?

 

  1. What are Communauto’s commitments for the protection of my personal data?

 

  1. Cookies

 

  1. Modification of this policy

 

 

1.     What is personal data?

Personal data is any information relating to a person which, taken separately or combined with other data, makes it possible to identify a person, such as a name, an address, an identity document number, personal location data, an online identifier, etc.

2.     Why does Communauto ask me for this information?

This information is necessary so we can provide you with the services you want to access. Efforts are made to collect only what is strictly necessary. If you refuse to provide us the information or to give us the required consents for its use, it may be impossible for us to do business with you.

Most information is collected directly from you. Other information is collected from third parties or when you use the service (for example a vehicle), or one of the tools we make available to you (website, mobile application, etc.).

Subject to exceptions provided for by law, it is only with your consent that we may collect personal information about you from third parties.

All the information collected by Communauto meets specific, explicit and legitimate purposes. Your data may be used for, in particular:

  1. Verifying your eligibility for the
  2. Preventing fraud and identity
  3. Managing access to our vehicles and controlling their
  4. Managing the business relationship, in particular billing for our
  5. Carrying out debt
  6. Managing collision follow-up and knowing who to contact in case of

 

  1. Comply with our legal obligations, in connection with the use of vehicles, and also in connection with our obligations to meet the requirements of tax and regulatory authorities.
  2. Respecting our commitments to our partners and sub-
  3. Communicating to you information about our
  4. Keeping you informed of changes to the service via our newsletters from which you can unsubscribe, if you wish, in the “Preferences” section of your online account (the newsletters will then no longer be sent to you unless they contain information deemed essential under the Contract or Rules and Regulations of Communauto).
  5. Carrying out research and analysis to better understand how our customers use our service, what to do to improve it, and to measure impacts on the environment.
  6. Understanding how our customers use our websites and improve their
  7. Understand how our customers use our mobile application to detect flaws and be able to make

 

Respect for privacy and the protection of personal data of our users is a priority for us. Whatever information is requested or collected about you, we ensure that it is treated in accordance with its legal basis, whether it is:

 

  • in the execution of the contract, concluded or to be concluded, with you;
  • in response to our legal and regulatory obligations;
  • in response to our legitimate interests;
  • the collection of your consent for a specific

 

 

3.     Who is responsible for processing my personal data and how do I contact Communauto if I have any questions or requests about it?

3.1.    Data controller

 

Communauto is the entity responsible for processing your personal data. In this regard, it is notably responsible for implementing appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each purpose are processed. This applies to the amount of personal data collected, how to protect it, how long it is stored, and how accessible it is.

 

3.2.     How to contact data controller?

Whether it is to exercise your rights (access, correction, deletion, etc.) or for general questions, please send your requests via the online contact form of your branch.

You can also exercise your personal data rights by post to the following addresses: 29, rue des Trois Bornes, 75011, Paris, France

1117 Ste-Catherine St. W, Suite 806, Montreal, Quebec, Canada, H3B 1H9

3.3.    Who is Communauto?

For the purposes hereof, Communauto refers to all legal entities of the Communauto Group offering car sharing services or technological solutions allowing such services to be operated in Canada and France. In Canada, Communauto refers to Communauto Inc. and Reservauto Inc. in the province of Quebec, Virtue Transportation Systems Inc. in Ontario, Carshare Atlantic Limited in the Atlantic provinces, and Otto Canada Inc. in Alberta; in France, Communauto refers to the company Mobizen SASU, with a share capital of €6,250 registered in the Registre du Commerce et des Sociétés de Paris under number 422 711 523, and whose registered office is at 29, rue des Trois Bornes, 75011, Paris.

 

 

4.     What type of personal data does Communauto collect and what is it used for?

4.1.     When registering for the service

The following personal information is requested from you:

  • Your first and last names (to know your identity).
  • An email address (to serve as an identifier and to be able to contact you).

 

  • Your home address (to be able to contact you, verify your eligibility for certain offers, authenticate your payment information and to plan the distribution of our service offering).
  • Telephone numbers where you can be reached (to be able to contact you).
  • The first and last name and telephone number of an emergency contact person (to be able to contact a person close to you in an emergency).
  • Your date of birth (to verify your eligibility for the service and to be able to confirm your identity to protect us from the risk of identity theft).
  • Your sex or gender identity (to find out how to address you and be able to confirm your identity to protect us from the risk of identity theft).
  • Your payment information such as credit or debit card information, or a RIB in France (to process payments).
  • Your driver’s licence information and a photo of both sides of your driver’s licence, as well as a selfie-type photo of you holding your driver’s licence with the photo side up to your face (to verify your eligibility for the service and be able to confirm your identity to protect us from the risk of identity theft).
  • The number of your public transport card if you wish to use it to access vehicles (where the technology used allows it).
  • In Canada only, authorization to view your credit report (to ensure your eligibility for the service given the quality of your credit report).
  • In Canada only, a copy of your driving record(s) or the authorization given to Communauto to obtain, on your behalf, the validation of your driving record with its insurance representative (to ensure your eligibility to the service with regard to the quality of your driving record(s)).
  • Any other photo identification document sometimes required such as a passport or visa (to ensure the eligibility, identity and/or legal status of people from a country other than Canada or France).

 

4.2.    When you reserve a vehicle

After identifying yourself, either by your customer number or by using your e-mail address, the following information is either requested from you or is automatically generated by our systems:

  • The date, time, and place of pick-up of the vehicle you wish to
  • The date on which you created the reservation as well as the information relating to the reserved vehicle, the accessories selected, if any, and the information relating to its station.
  • If it is a FLEX vehicle: the date and time the vehicle was blocked, as well as information relating to the selected vehicle including its geolocation.

 

Thanks to your customer number or email address, this data is associated with your account and allows us to manage access to vehicles and obtain some of the information that will be used to bill you.

 

4.3.     When you use a vehicle

Communauto vehicles are equipped with on-board equipment commonly called “on-board computers” which include an immobilizer system and collect geolocation data. The following information is systematically collected when you use a vehicle:

  • The odometer reading (to know the number of kilometers driven).
  • The location of the vehicle in real time or in deferred
  • The speed the vehicle is
  • The fuel or charge level (in the case of electric vehicles).
  • The date, time, and place of the following events: taking possession of the vehicle, removal of the vehicle key from its holder in the glove box, start of the trip, start and end of temporary stops, withdrawal and return of the gas card from its holder, fluctuation in fuel level, or charge level, connection to a charging station (electric vehicles), state of the engine (on or off), state of the doors (closed or open), state of the door locks (locked or unlocked), return of the vehicle key and return of the vehicle (end of the trip).

 

The recording of events occurring at the start and end of the trip is used to:

  • Allow you to know where to find your vehicle at the start of your trip;
  • Allow you to know if you are permitted to end your trip at this location;
  • Assist customers who may have difficulty finding or accessing a vehicle;

 

  • Allow Communauto to know where its vehicles are located between two reservations (in particular for maintenance purposes).

The real-time or deferred-time location of a vehicle, as well as location data linked to events other than the start or end of a trip (for example, during a temporary stop) are only used when necessary, in particular to:

  • Find a vehicle for which location data is missing or incorrect;
  • Respond to your requests for justification following a ticket or an FPS, for the purposes of contesting the ticket/FPS in particular;
  • Locate the vehicle at your request;
  • Attempt to reconstruct a trip when data is missing (necessary for billing purposes);
  • Separate the costs between two users when two people in a row have not followed the procedures for picking up and returning a vehicle;
  • Find a vehicle in the event of a suspected collision in order to provide the necessary equipment or medical assistance;
  • Track a suspected stolen vehicle;
  • Respond to requests from the competent authorities in connection with an offense that could have been

 

4.4.     When you communicate with us by telephone or electronic mail

When exchanges take place with you by telephone, the call may be recorded for the purposes of improving telephone service, in particular to allow the evaluation and training of our agents. You have the right to object to the recording of your call by requesting it during your call, and the right to access the recordings.

When exchanges take place electronically, in particular through our online contact form, the messages are kept for the purpose of tracking your requests.

 

4.5.     When you visit our websites or use our mobile application

When you visit our websites or use our mobile application, several technical data for navigation and interaction with users are collected: IP address, type of browser, identity of your service provider, type of operating system, browser language, etc. We also collect information about your activities: the pages you visit, the links you click. This information is useful to us for, in particular:

  • Personalizing the browsing
  • Improving the user-friendliness of our tools by avoiding repetitive clicks (repetition of sessions).
  • Adapting our tools taking into account the functionalities used by
  • Improving their ergonomics and developing new tools based on what we learn from the activity of our
  • Perform statistical
  • Compile information that can be used in aggregate form (therefore anonymous) to negotiate agreements with business partners.
  • Identify and understand any technical problems related to the operation of our

 

See also on this subject our cookie management policy.

IP address information is also used to limit access to our sites in order to protect us from the risk of cyber attacks that may originate from locations outside of our service area.

 

4.6.     When you use our mobile application or the secure part of our website (including our “mobile web” application).

When using our mobile application or its web equivalent, we ask you to provide us with your username and password as well as authorization to obtain your location. Your username and password are also required to login to the secure section of our website.

This information is necessary to allow you to reserve and/or access vehicles or access features that are reserved for active users.

 

On some occasions we may use analysis software that allows us to record where our app is downloaded, how often you use it, and how you use it. This data is used for the purpose of continuous improvement, and always in aggregate form.

 

 

5.     Who can have access to my personal data and why?

5.1.    Categories of recipients

Your personal data is only disclosed to authorized and determined recipients. They can only have access to your data if this is necessary and/or relevant.

Can be recipients:

  1. Authorized personnel from Communauto and its group of entities as defined above (see 3).
  2. Service providers and subcontractors providing services on our
  3. Our brokers and
  4. Duly authorized judicial and/or administrative
  5. Members of regulated professions (examples: notaries, lawyers).

 

5.2.    International transfers

With the globalization of trade and use of cloud-based technologies, data is likely to be transferred or transmitted to recipients located outside the territory of Canada and the European Union.

The standards to which Communauto refers for the purposes hereof to ensure an adequate level of data protection are those contained in the General Data Protection Regulation (GDPR) adopted by the European Parliament.

Under these standards, Communauto undertakes, if transfers take place to certain recipients located in countries which, from the point of view of the European Commission, do not ensure an equivalent level of data protection, to rely on the standard contractual clauses approved by the European Commission to put in place the appropriate guarantees.

 

 

6.     How long does Communauto keep my personal data?

With some exceptions, your personal data is kept for the duration of the business relationship with you.

In the event that the relationship never passes the registration request stage (registration not completed or refused in regard to our eligibility criteria), the information you send us online is kept for a maximum period of 18 months from its collection or from the last contact with you. The information is then destroyed, unless for legitimate reasons we have to keep it (for example, security reasons, to prevent the risk of fraud, etc.). In the latter case, however, the data is anonymized (i.e. we do not keep information that would allow it to be associated with a particular person).

Once the business relationship has ended, your personal data will either:

  • be destroyed; or
  • be removed from the database accessible through our usual transactional tools (hereinafter “standard database”) for an intermediate archival period

The retention periods are determined by the need to comply with the legal or regulatory obligations to which we are subject or to assert our rights or defend our interests.

Here is a summary of how your personal information is processed according to its category and the purpose of its processing:

 

Category

Retention Period

Data collected at registration

If the registration is never completed:

 

 

Data kept for a maximum period of 18 months from their collection or from the last contact with you, unless for legitimate reasons we need to keep a record of the registration. In this case, all data is deleted except for the driver’s licence number which is kept as an identifier in an encrypted form, as well as the notes (including attached documents, if applicable) necessary to justify the fact that we have kept a record of this information.

During the subscription:

The information and documents required as physical proof to prove your eligibility for the service (copy of driver’s licence, etc.) are kept for the duration of your subscription.

 

After withdrawal:

 

Data kept for a maximum period of 18 months from the effective date of the withdrawal or after the stay of proceedings, if applicable (unresolved dispute, recovery, case of fraud, insurance monitoring, legal procedure, etc.), whichever is later. After this period, the following data is deleted from the standard database: the photos of both sides of your driver’s licence, the selfie-type photo of you holding your driver’s licence with the photo side up to your face, first and last names, email address, telephone numbers, residence address (except postal code), information relating to the person to contact in case of emergency, the number of your public transport card if you used one, the payment information which could be in our possession (does not apply to the numbers of credit cards which are managed by an external supplier governed by the PCI DSS (“Payment Card Industry Data Security Standard”) security standards.

Only the driver’s licence number is kept in the standard database in an encrypted form to serve as an identifier.

Although deleted from the standard database, the following data is nevertheless kept in a highly secure environment and accessible to a limited number of people for an additional “intermediate archiving period” provided for by law in order to respond to our legal obligations in terms of taxation and retention of proof of transaction: customer number, first and last names, residence address, e-mail address.

Booking notes (notes written by customers themselves)

Data kept for a maximum period of 18 months from the effective date of the withdrawal or after the termination of proceedings, if applicable, whichever is later.

Notes in the customer’s file (notes entered by our employees)

Data kept for a maximum period of 18 months from the effective date of the withdrawal or after the stay of proceedings, if applicable, whichever is later, unless for legitimate reasons we have to keep a record of this information. In this case, all the notes

 

 

are deleted with the exception of notes (including attached documents, if applicable) necessary to justify the fact that we have kept a record of this information.

Booking history and billing history

As the identifiers allowing this information to be associated with a particular person is, within the time limits specified herein, either deleted from the standard database or anonymized, this data is kept indefinitely.

GPS tracking of trip-related events

Data kept for a maximum of 18 months after the end of the trip for operational purposes and anonymized after this period.

Call recording

Recordings kept for a maximum period of six months in France and 12 months in Canada unless for legitimate reasons we have to keep them longer (unresolved dispute, legal proceedings in progress, etc.). In this case, the recordings are kept for a maximum period of six months following the termination of proceedings in France, and 12 months in Canada.

Content of exchanges with Communauto that took place by email

Data kept for a maximum period of 18 months from the effective date of the withdrawal or after the termination of proceedings, if applicable, whichever is later.

Solicitations and promotional operations, sending of offers

Data anonymized after a maximum period of 18 months from the end of the campaign.

Responses to satisfaction surveys

Anonymized data, if applicable (these consultations are usually carried out anonymously), after a maximum period of 18 months from the date of the end of the survey.

Browsing data when you visit our websites

See our Cookie Management policy.

 

 

7.     What are my rights in relation to the storage and use of my personal data?

The regulations on the protection of personal data allow you to have certain rights concerning the processing of your personal data, namely:

 

  • The right to access your data: you have the right to be informed of the information collected and how it is
  • The right to correct your information: you have the right to request a modification of your personal information if it is inaccurate, incomplete, or appears to be out of date.
  • The right to the erasure of your data and to the limitation: you have the right to request the erasure or to limit the use of your data, in particular when the information is no longer necessary, unless we have legal or legitimate reason to retain them.
  • The right to object: you can object to the use of your data:
    • for business generation purposes in the form of direct marketing;
    • when we process your personal information on the basis of a legitimate interest (or those of a third party), on the condition that you provide Communauto with a description of the situation that legitimizes your request, provided that Communauto is not able to prove the superiority of its legitimacy in view of the situation in question or that there is no legal basis against it.
  • The right to withdraw your consent: you have the right to withdraw your consent at any time when the processing of your personal data is based on your consent (the withdrawal of consent does not, however, compromise the legality of the processing based on the consent in effect before that withdrawal).
  • The right to portability of your data: you have the right to request to receive the personal data that you have provided to Communauto in a structured format commonly used and machine-readable (for example in Word or Excel format) to consult them or for the purpose of transmitting them to a third party. This right applies if these three conditions are all met:
    • the right to portability is limited to personal data provided by the data subject;

 

  • it only applies if the data is processed automatically (paper files are therefore not affected);
  • the exercise of the right to portability must not infringe the rights and freedoms of third parties whose data may be found in the data transmitted following a portability request.
  • Post-mortem directives: you have the right to give specific or general instructions concerning the retention, erasure and communication of your personal data, applicable after your death or general directives which can be registered with a trusted digital third party. These directives may designate a person responsible for their execution, failing which your heirs will be appointed.
  • The right to lodge a complaint with the competent authorities: in France, if you consider that the processing of your personal data infringes legal requirements, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), online contact forms: https://www.cnil.fr/fr/vous-souhaitez- contacter-la-cnil. In Canada, depending on the province, complaints can be forwarded to the Commission d’accès à l’information (for Quebec), or to the federal Office of the Privacy Commissioner (Ontario, Nova Scotia) or its provincial equivalent, if applicable (Alberta). For more information, see “Provincial and Territorial Privacy Laws and Oversight”.

 

 

It is important to specify that the exercise of some of these rights may make it impossible for Communauto, on a case- by-case basis, to maintain your access to the service.

 

Furthermore, we may be justified in continuing to process your personal data, despite exercising your right to erasure and to limit or oppose the processing of your data, if we have a legitimate interest in doing so or if regulatory provisions require us to keep your data (see 6).

 

8.     What are Communauto’s commitments for the protection of my personal data?

Communauto pays particular attention to the security and confidentiality of your personal data. We implement technical and organizational measures to protect your data, in particular by putting in place IT, logical, and procedural security measures to guarantee its confidentiality and integrity and to prevent unauthorized access.

Communauto’s systems are configured for data encryption and standard firewall protection. When you send personal information over the Internet via a Communauto website, your data is protected by SSL (Secure Sockets Layer) encryption to ensure secure transmission. All credit card transactions are made through a payment service provider that complies with PCI DSS (acronym of “Payment Card Industry Data Security Standard”).

 

In an ongoing concern for security and protection, we encourage you to exercise caution to prevent unauthorized access to your personal data and to protect your devices (computer, smartphone, tablet) against any unwanted or even malicious access, by a strong password, which it is recommended to change regularly. If you are sharing a terminal, we recommend that you log out after each use.

 

 

9.     Cookies

Our cookie management policy can be accessed at this address.

 

 

10.  Modification of this policy

This policy is likely to be updated at any time, in particular to change it depending on the legal and regulatory context or following a change in our procedures. As such, you are invited to consult it regularly.

In the event of a change affecting your rights or which has an impact on processing based on your consent, you will be informed.

 

 

 

 

 

 

 

 

 

Last updated February 28, 2023.