Privacy Policy
my·mo ecosystem
Your trust is our top priority. We treat your personal data confidentially and in accordance with applicable data protection laws. The 42hacks mobility cooperative (also referred to as “we”, “us”, “42hacks”), operator of the my·mo ecosystem, collects and processes personal data concerning you and, in some cases, other persons (“third parties”).
This Privacy Policy describes what we do with your data when you use the my·mo ecosystem and informs you about your rights. If you disclose data to us or data about other people, we assume you are authorized to do so and that the data is correct. Please ensure that these persons have been informed about this Privacy Policy.
1. Who processes my personal data?
Unless otherwise stated, the controller for the processing of your personal data is:
42hacks mobility Genossenschaft, 9043 Trogen, Switzerland
For any inquiries, contact us at: info@42hacks.com
We may also disclose your personal data to third parties (processors or independent controllers) for the purposes described in this policy.
2. What personal data do we process and for what purpose?
2. 1 Communication
When you contact us (in writing, by phone or digitally), we process your name, contact details, and the content and timing of the communication to respond to your inquiry or fulfill your request.
2.2 Use of the my·mo ecosystem
When you use the my·mo move (for employees) or my·mo manage (for HR/managers) apps, we may process:
-
Name, email, phone number, license plate number, employee ID, place of residence, date of birth
-
Device and usage data (IP address, access times, log data)
-
Commute and mobility preferences (e.g. subscriptions, parking behavior)
-
Parking entrance and exit times (via license plate recognition)
This data is required to provide the agreed mobility concept and to manage access to company mobility benefits, such as parking, public transport offers, and bike services.
-
Improve IT security, app performance, and system stability
-
We also use data to:
-
Generate anonymized, aggregated insights for employers
-
Support mobility behavior nudges (optional and non-binding)
-
We do not make automated decisions that have legal or similar effects. Parking checks are done manually via the my·mo monitor app. You always stay in control of your choices.
-
We use cookies in the app and website to support functionality and improve the user experience. These do not usually contain personal data.
2.3. Administration
We process personal data for accounting, archiving, service improvement, and internal process optimization.
iv. Legal compliance and protection of rights
We may process data to comply with legal requirements, detect or prevent misuse, and defend our rights (including in court or with public authorities).
3. What is the legal basis for processing?
We process your personal data based on:
• Contractual necessity (e.g. access to parking, mobility services)
• Legitimate interest (e.g. system security, user guidance, aggregated analytics)
• Legal obligations
• Consent, where separately obtained (e.g. newsletters or specific features)
4. How long is my personal data stored?
We retain personal data only as long as necessary for the purpose of processing or legal obligations.
Specifically:
• Data is anonymized after 12 months of inactivity or when your employment ends
• Event logs from parking lot cameras are stored in a secure Swiss cloud and automatically deleted after 8 weeks
• Some data may be retained longer if required by law (e.g. 10 years for certain documents)
Anonymized data is used only for statistical and system improvement purposes.
5. How do we protect your personal data?
We use appropriate technical and organizational security measures to protect your data from unauthorized access, loss or misuse, including:
• Encryption of all data in transit and at rest
• Role-based access controls for employees and admins
• Secure login via Firebase Authentication
• Strong password policies
• Audit logging of changes using MongoDB Change Streams
Multi-factor authentication (MFA) is planned for future updates.
6. Do we share your personal data with others?
Access to your data is restricted to employees and processors on a need-to-know basis.
We work with subprocessors under strict contractual agreements, including:
• Amazon Web Services (AWS Europe) – hosting
• Firebase Authentication (Google Ireland Ltd.) – login/authentication
• Sendgrid (Twilio Netherlands B.V.) – email delivery
All subprocessors store data in the EU and apply Standard Contractual Clauses (SCCs) where required.
Your data is not processed outside Switzerland, the EU, the EEA or the United Kingdom.
To meet legal obligations, we maintain an internal Record of Processing Activities (RoPA) and have a documented incident response plan for handling personal data breaches.
7. What rights do I have regarding my personal data?
You have the following rights under applicable data protection law:
• Right to information: to be informed about what data we collect and how we process it
• Right of access: to view your personal data stored by us
• Right to rectification: to correct incorrect or incomplete data
• Right to erasure: to request deletion of your data under certain conditions
• Right to restriction: to request that we limit how we use your data
• Right to data portability: to receive your data in a machine-readable format
• Right to lodge a complaint: with a supervisory authority or by contacting info@42hacks.com
• Right to withdraw consent: at any time, with effect for the future
• Right to object: to data processing based on legitimate interest
You may also request deletion of your my·mo account and data at any time via this form:
https://4hig7a9i8xv.typeform.com/mymo-acc-delete
8. Updates to this policy
This Privacy Policy may be updated as our data processing changes. The most recent version will always be available within the my·mo ecosystem.