Privacy Policy

1. General

This privacy policy ("Privacy Policy"), together with the user agreement and terms ("Agreement"), available on the Piffl website https://piffl.se, describes how Open Play AB, a company registered in Sweden with registration number 559273-5780 and headquartered at Vasagatan 7, 411 24 Gothenburg, Sweden ("Piffl", "We", "Us"), as the data controller, processes the personal data of its customer ("You") when you use the services.

Unless otherwise specified in this Privacy Policy, the definitions used herein shall have the same meaning as in the Agreement. Questions regarding this Privacy Policy and Piffl's processing of your personal data may be sent to info@piffl.se or to Piffl’s Data Protection Officer.

Open Play AB

Data Protection Officer: Martin Erlandsson, Email: martin.erlandsson@piffl.se

This Privacy Policy is intended to fulfill our obligations to provide you with information about our processing of your personal data under applicable privacy laws. It explains how we collect, use, and share personal information during our business operations.

2. Collection, Purpose, and Use of Personal Data

We collect personal data that you submit when you create an account in the Piffl app or that is generated when you use the Piffl app or services.

Piffl processes your personal data for the following purposes:

a)

To enter into, fulfill, and administer our contractual relationship (including handling payments) with you and to correspond with you regarding the services, we process the following personal data:

  • Location data (device location)
  • Contact information (e.g. name, address, email address, phone number)
  • Payment details (e.g. card info, invoice and payment history)
  • Device ID of your mobile phone
  • Images of rentals uploaded in the Piffl app

The legal basis for this processing is to fulfill our contractual obligations to you (Article 6.1(b) GDPR).

b)

To perform statistical analyses, analyze data to develop the services in terms of functionality, safety, and methods, and to analyze markets and customers, we and third parties as described below process the following data:

  • IP address
  • Device information such as brand, model, operating system
  • User data as described in (a) and age group, partial postal code, gender
  • Information about your use of the Piffl app and services, such as usage time, date, and duration

The legal basis is our legitimate interest in developing the services and understanding our markets and customers better (Article 6.1(f) GDPR). When possible, we anonymize or aggregate the data processed for this purpose.

c)

To segment and analyze location data to provide personalized information based on your preferences and behavioral patterns, we process the following:

  • Location data

The legal basis for processing your personal data for this purpose is to fulfill our contractual obligations (Article 6.1(b) GDPR).

d)

To meet any legal or regulatory requirements, we may process any of your personal data.

e)

To conduct marketing campaigns, we may process the following personal data:

  • Contact details (e.g. name, email, phone number)

The legal basis for this is our legitimate interest in marketing our services (Article 6.1(f) GDPR), or your consent (Article 6.1(a) GDPR) for third-party marketing. You can withdraw your consent at any time via the unsubscribe link in our emails or by contacting us via the information in Section 1.

3. Transfer of Personal Data

Piffl transfers personal data to the following categories of recipients:

  • Cities, authorities including the transport department, and public transport operators.

    We share data to help with urban planning, mobility insights, integrating with transport apps, and user surveys. Shared data includes:

    • User data: Piffl user ID, name, email, phone, age group, postal code, gender
    • Rental data: rental ID, rental dates, duration, location
    • Survey data: user experience and demographic survey responses

  • IT service providers.

    To provide full service functionality. These providers act as data processors on our behalf. We only share data needed for their tasks, under written agreement and lawful conditions.

  • Marketing partners.

    To support our marketing activities. The legal basis is our legitimate interest in marketing (Article 6.1(f) GDPR).

  • Group companies.

    For internal administration and service delivery. The legal basis is our legitimate interest in managing operations (Article 6.1(f) GDPR).

  • Insurance companies.

    To manage claims and administer policies. The legal basis is our legitimate interest in doing so (Article 6.1(f) GDPR).

  • Courts and opposing parties.

    To defend, exercise, or establish legal claims or in case of bankruptcy. The legal basis is our legitimate interest (Article 6.1(f) GDPR).

  • Regulators:

    To comply with laws, regulations, and government requests, including law enforcement.

  • Law enforcement, including the police.

    To assist investigations where legally required (Article 6.1(c) GDPR) or based on legitimate interest (Article 6.1(f) GDPR).

  • Potential buyers and sellers.

    For business transactions (e.g., mergers or acquisitions). The legal basis is our legitimate interest (Article 6.1(f) GDPR).

If Piffl transfers personal data outside the EU/EEA, it will ensure adequate protection via safeguards like EU Standard Contractual Clauses. Contact us using Section 1 details for more info.

4. Storage of Personal Data

Your personal data is stored only as long as necessary to fulfill the purposes for which it was collected. If processing is based on your consent or our legitimate interest, withdrawal of consent or a valid objection will halt further processing, without affecting any prior processing or legal obligations to retain data.

Data processed to establish, perform, or manage a contract between you and Piffl is retained as long as you have a Piffl account. If your account is closed, we delete your personal data unless we are legally required to keep it or need it to protect our legal interests.

5. Marketing

We may send you marketing communications about Piffl’s services as well as product-related information.

6. Rights and Contact

You have certain rights concerning our processing of your personal data. These rights include:

  • Right of access. You have the right to confirm whether we process your data, access it, and receive an electronic copy.
  • Right to rectification. You may request correction or updates to inaccurate or incomplete personal data.
  • Right to withdraw consent. Where processing is based on your consent, you may withdraw it at any time.
  • Right to object. You may object to processing based on our legitimate interests (Article 6.1(f) GDPR) or for direct marketing purposes. We may continue processing if we demonstrate compelling legitimate grounds.
  • Right to erasure (“right to be forgotten”). In certain situations, e.g. after a successful objection or if the data is no longer necessary, you can request deletion unless legal obligations require otherwise.
  • Right to restriction. In specific circumstances, you may request limited processing, allowing storage but not other processing.
  • Right to data portability. Where processing is based on consent (Article 6.1(a)) or contract (Article 6.1(b)) and data was provided directly by you, you may request it in a commonly used machine-readable format.

To exercise your rights, contact us using the details provided below. Piffl will typically respond within one month.

You can reach us at: info@piffl.se

7. Right to File Complaints

If you have any complaints regarding our processing of your personal data, you have the right to file a complaint with the relevant data protection authority in your country.

In Sweden, please contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

8. Security

The technology used by Piffl, along with this privacy policy, is designed to protect your personal data from unauthorized access and misuse. We apply appropriate technical, physical, and organizational measures to ensure a level of security appropriate to the risks. For example, we maintain a security policy and store all personal information on secure servers. These measures may be updated as new technologies become available.

9. Changes to the Privacy Policy

Piffl may update this privacy policy by publishing a new version on the website and in the Piffl app. If the change concerns modifications to how we process your data, we will notify you via email with relevant information about the update.