Privacy Policy
As of
September 7, 2023

Introduction

This Privacy Policy (“this Policy”) explains how Beam Mobility Holdings Pte. Ltd. and its subsidiaries (“Beam”, “we”, “us” or “our”) collect, use, share, store and retain (i.e. ‘process’) information relating to identified or identifiable human beings (‘personal data’ or ‘personal information’) in the course of our business globally, other than South Korea.  

Although we provide translated versions of this Privacy Policy in the non-English countries we operate in, this English version is the official version and will override what may be provided in any translated version to the extent of any inconsistencies. 

We may update this Policy from time to time, provided that Policy updates will only become effective in regards to our Customers (as defined below) after 7 days from publication (or 30 days if the updates are significant).

This Policy is divided into different parts, to describe how we process personal data in different contexts, as follows:

Part 1 - visitors to our website at www.ridebeam.com (‘Website’)

Part 2 - our mobile app-based shared micro mobility service (hereinafter referred to as our ‘App’ and the ‘Service’ respectively)  

Part 3 - job candidates

Part 4 - vendors, service providers and other business partners

Part 5 - General provisions relating to all personal data (detailing how it is stored, protected, otherwise shared, and what your rights are).

Note the following terminology used in this Policy:  

  • Behavioural Data - data relating to someone’s Website or App-related behaviours, like date & time used; full URL clickstream to, through & from our Website; page response times, error logs, time spent on certain pages; page interactions (eg scrolling, clicks, videos watched, & mouse-overs), files downloaded; and content uploaded/posted
  • Customer – a human being who has an account in the App in order to use the Service
  • Franchisee - someone that provides the Service for its own account in a particular geographical location under franchise by/from Beam
  • Group Rider - a human being who takes a Trip as a Customer’s guest on a Group Ride (as explained in our ToS)
  • Participating Business – a company participating in our ‘Beam for Business’ offering by subsidising Trips taken by certain Customers via their Business Profiles (as defined in our ToS)
  • Related Offerings – Beam’s other Vehicle-related products or service offerings
  • Technical Data - data automatically collected from someone’s use of our Website and/or App, being things like device ID; IP address; browser type & plug-ins; operating system & platform; time zone settings; network location; and App version.
  • ToS - Our ‘Terms of Service’ as published at www.ridebeam.com/terms-of-service
  • Trip - means a single continuous ride taken on a Vehicle as part of our Service, from when the Vehicle is unlocked until it is ended via the App (or by Beam due to prolonged inactivity);

Vehicles - means the personal mobility devices (including any equipment or accessories attached thereto) offered as part of the Service from time to time.

PART 1: WEBSITE VISITORS 

As people cannot open accounts and/or log into our Website, all Website users are pure visitors and when we refer to ‘you’ in this Part 1, we are referring to a Website visitor.  

Technical & Behavioural Data: Although we collect certain Technical- and Behavioural Data automatically during your Website visits via common tracking technologies (like cookies and web beacons), this is only regarded as personal data to the extent it can be associated with you in an identifiable way (eg: if your IP address is unique/personal to you or if, as part of your browsing session, you complete a webform and indicate who you are).  Generally, we need Technical Data for the Website to work properly (eg: IP address used to infer your general location so we can show you content appropriate to your country) and we use Behavioural Data in an aggregated anonymous fashion to improve our Website functionality and/or service offering (generally retaining it for up to 2 years).  However note that Technical- and/or Behavioural Data may also be captured by third party cookies which we don’t control (usually deployed by advertising networks for targeted advertising purposes or by web traffic analysis providers). You can find out more in our Cookie Notice. Note that our Website may incorporate social media features enabling you to share content on social media (eg a Facebook ‘like’ button) and in doing so, you will be sharing your IP address and the page you are visiting with such social media site, subject to its own privacy policy and practices.

Webform Data: The Website may make web forms available for various purposes from time to time which you may choose to complete and submit. In doing so you may provide your name, contact details, and/or other personal data to us which we use for the purposes disclosed to you in relation to the relevant web form (eg to investigate a Vehicle accident you report to us and contact you in relation thereto). We only retain the data as long as needed therefor and as otherwise required by law. Note that, as explained in Part 5, we may share such data with law enforcement or other authorities as required and we may also use your contact details to send you promotional communications if you opt-in thereto.

Data Controller:  The Website is operated by Beam Mobility Holdings Pte. Ltd for itself and the Beam entity operational in the country in which you are based (if any). 

PART 2: OUR SERVICE

When we refer to ‘you’ in this Part 2, we are referring to our Customer. 

What personal data we process & why: Most of our Service-related data processing is needed to provide the Service to you along with related support, billing, account management and account security functions, on the basis of our contract with you or as otherwise required by local laws.  Additional processing may take place for market research, business development, service improvement and promotional purposes (in our overriding legitimate interest or on the basis of your consent) and for investigations into contraventions of our ToS and applicable law, including in relation to credit card fraud, Vehicle accidents, theft and damage (as per our contract and to defend the rights of others). Some data is automatically collected via usage of the App and/or Vehicles (like your location and Trip details), with the rest being actively provided by you and/or others via the App and other available methods (eg email, phone).  More specifically:

The data processed about all Customers is as follows:

Personal Data

How we collect it

Why we need it

Login details (i.e. App password and username) Directly from you via the App To enable access to the Service (as per our contract)
Technical Data Automatically via the necessary & functional cookies we deploy on your device To spot malfunctions and ensure the functionality of the App & Service (as per our contract) or make improvements thereto (in our overriding legitimate interest) eg: IP address used to infer your generalised location so we can display country-appropriate content; and device ID used to enhance account security & combat fraud.
Behavioural Data Automatically via cookies and/or your existing mobile advertising identifier (assigned to your device by Apple, Google & Facebook). To improve customer experience and for business development (in our overriding legitimate interest). Also to provide customized services and advertising (on the basis of your consent, which you can manage via your device settings as follows: Android: Settings → Google (Google Settings) → Advertising → Deselect Ads Personalization iOS: Settings → Privacy → Advertising → Limit Ad Tracking
Your precise location/s whilst using the App, including whilst on a Trip Automatically when you use the App (via your device GPS). You consent to this when you download the App. You can disable location tracking via your device’s operating system location features, but if you do, we won’t be able to provide the Service properly or at all. To display appropriate App content to you (e.g. available Vehicles, parking zones & no-ride zones in your immediate vicinity). We also use it (in combination with your ‘Trip details’ described below) to monitor your use of the Service for billing purposes and possible investigations of malfunctions, incidents & violations of our ToS and/or law (as required by our contract or by law). We also use it for statistical business analysis on an aggregated, anonymized basis.
Trip details like Vehicle ID & the speeds it did, along with the relevant date, times & locations (i.e. start & end points as well as other points along the way) associated with you and your Group Riders Automatically via use of the Vehicles as part of the Service (via Vehicle GPS) To track Vehicle use for billing, inventory management, and possible investigations of complaints & violations of our ToS and/or law (as per our contract or as statutorily-required). We also use it for research and reporting to governmental authorities, but on an anonymized basis, except for in Turkey, where the Turkish eScooter Regulations of 2021 require us to report your Trip details on an identifiable basis to the Turkish Minister of Transport & Infrastructure.
Demographic info (gender, age, nationality) Provided by you directly via the App Statutorily required in certain countries to verify Service eligibility and/or for anonymous aggregated reporting to local authorities. Otherwise based on your consent. If provided, also used to improve account security, mitigate fraud, and anonymously in aggregate for business development.
Other Identifiers (government-issued identification; date of birth, nationality) Directly from you via App To verify your identity & eligibility for the Service, where required by local law
Billing details (i.e. credit card details; bank account details; gift certificate numbers etc ) Directly from you via the App via our PCI-compliant payment service provider To facilitate payment (as per our contract)
Transaction history (i.e. amounts payable and/or paid in respect of Trips taken) via the App and related systems For Billing & debt collection (as per our contract)
Details of Vehicle incidents relating to you (incl. theft, damage and injuries you may have suffered or caused) Directly from you when reporting an incident you were involved in and indirectly from others who may report incidents they have witnessed or been involved in To investigate and take action as entitled or required under our ToS; initiate, exercise or defend legal claims (and related insurance claims) to protect our rights and property; and report to authorities if required by our contract, applicable law, public interest, or our overriding legitimate interests. However, details of injuries are only processed with the injured person’s consent
Your content (eg ratings, reviews, photos of helmets & parked Vehicles) Directly from you Ratings & reviews are used to improve our Services (based on voluntary submission thereof). Vehicle photos are used to verify compliance with our ToS (required for our contract)
Special Offer eligibility info (as detailed to the specific Customers to whom we make Special Offers available ) Directly from you To verify eligibility for participation in special offers aimed at certain Customers (eg local residents or pensioners). Participation is voluntary, but in order to do so, the data is required on the basis of our contract in that regard.
Your public social media content - incl. name, contact details and audio/visual recordings Collected from your social media platforms You’ve made this publicly available and so we use it to improve our own social media advertising/marketing marketing activities, save that we won’t publish any of your social media content on our own social media platforms without getting your prior consent.
  • Group Riders: Group Riders’ names are collected via the App at initiation of a Group Ride and Group Riders’ Trip Details are collected via the assigned Vehicle’s GPS as usual for billing and inventory purposes.  
  • Business Profiles: Someone’s entitlement to a Business Profile in the App derives from their separate relationship with the relevant Participating Business. In order to provide Business Profiles to those people, the Beam entity holding the relationship with that Participating Business processes personal data as follows: It collects from the Participating Business the qualifying people’s names and business email addresses so that Beam can email those people their unique Business Profile activation codes. To activate and use a Business Profile in the App, the person will need to be or become a Customer. As the Participating Business pays for your Business Profile Trips in accordance with its own policy with you in that regard, Beam will share your Business Profile Trip details with the Participating Business so it can check and manage your use of the Business Profile in accordance with its own policy (the Participating Business being an independent controller thereof).
  • Passers-by:  Although unlikely, some images of passers-by in public spaces (including Customers) may be captured inadvertently as follows: (a) when our Customers take photos of the parked Vehicle at the end of their Trip as evidence of proper parking and lack of damage (in our overriding legitimate interest); and (b) via Vehicle cameras (on some of our Vehicles) which are directed towards the ground to detect the nature of the surface being ridden on to facilitate automatic speed adjustment (eg automatic deceleration on footpaths) and detect accidents or other incidents involving the Vehicle (done to comply with our legal obligations and/or in the public interest). 
  • People using our Related Offerings: We already have the contact details of people using our Related Offerings and may contact them to promote the Service to them (subject to direct marketing law requirements).
  • Franchisees: Although some Franchisees may operate in certain places within certain countries (i.e. South Korea & Malaysia), Beam retains control over the operation of the App (including payments) and the customer support function. Consequently, Franchisees have no need for and thus no access to any Service-related personal data. Only anonymised aggregated data is given to them for financial record-keeping and billing purposes. In certain limited circumstances (eg where Vehicles owned by the Franchisee have been stolen or damaged by a Customer) certain personal data may be given to the Franchisee to the extent required to enable it to pursue legal remedies to enforce its rights.
  • People who contact Beam: Customers, Group Riders and other people (including members of the public) may contact us via online chat, email, phone or other available methods to make queries, complaints, report Vehicle theft, loss, damage, accidents or otherwise. We collect and process their name, contact details and the content of their communications in order to respond, manage and facilitate their complaint/request as per our contract, statutory requirements, our overriding legitimate interests and/or because they've consented thereto by proactively engaging with us. Information about other people may be disclosed in the process (eg accidents, where personal data is used to identify and process the cause).
  • Investigations & Legal proceedings: Personal data processed in the course of providing our Service (whether relating to Customers, Group Riders, or otherwise) may also be used to prevent, investigate and take action in response to suspected contraventions of our ToS, fraud or other crimes, with us taking steps that we reasonably believe necessary to protect the safety, security and rights of Beam, its employees, service providers and others (as per our contract, overriding legitimate interests, as required by law, or to establish, exercise and protect a right). 
  • Survey responses: We may conduct surveys for purposes of research, business development and/or service improvement.  These surveys are usually done on an anonymous basis, but if not, they are voluntary, with any information you provide, being so provided on the basis of your consent.
  • Automated decision-making: Critical decisions having a significant impact on you (e.g. whether to terminate your access to the Service or hold you accountable for damages etc) are not taken automatically. There is always human involvement. However, we do use algorithms and the like to automatically make certain relatively minor decisions relating to your use of the Service, in accordance with our ToS (eg: whether to impose a parking penalty for improper parking or extend a special offer to you based on your riding habits etc). If you are unhappy with any such decision, you can contact support@ridebeam.com to query how it was reached and request human intervention.
  • Age limits: Note that age limits may apply to the use of the Service in certain countries (as detailed in the relevant country’s ToS) and people under such age limit should not use or attempt to use our Service. We do not knowingly process any data related to people under such age limit. 

How we share it:  Vehicle Trip data is only shared on an anonymous basis with the likes of city councils and universities for public transport planning and research purposes respectively. However, we do share some of your personal data externally (i.e. to non-Beam entities to use independently for their own purposes) as follows: 

  • to government authorities & regulatory bodies if and to the extent required by law (eg: our Turkish Customers’ Trip data is shared with the Turkish Ministry of Transport as required by the Turkish eScooter Regulations of 2001); 
  • your Business Profile Trip data is shared with the relevant Participating Business so it can check your Business Profile use as against its own policy in that regard, as per its own separate contractual relationship with you
  • as otherwise detailed in Part 5.

How long we keep it:  As long as needed to satisfy the above purposes, normally being for so long as you remain a Customer and for such period thereafter as required or permitted by law (generally being approximately 6 years to maintain statutorily-required records and allow for any ongoing dispute resolution).  

Data Controller: The Beam entity providing the Service to you, being the Beam entity operational in the relevant country where the Service is being provided, possibly in joint control with one or more other Beam affiliates.

PART 3: RECRUITMENT

When we refer to ‘you’ in this Part 3, we are referring to anyone who applies for a job with Beam.

Personal Data: We process what one would ordinarily expect of any job application process, i.e. contact details (like your name, physical address, email address and phone number); employment-related information (eg previous work experience, skills, qualifications, referees,  working rights and police clearance, to the extent permitted under relevant employment laws); records of your communications with us (including information gathered during interviews); and whatever other information you have chosen to include in your resume and cover letter.  Note that, save for very specific roles which may necessitate police checks or other background checks (as allowed by applicable law), we do not need any sensitive personal data (i.e. data relating to race, ethnicity, health, political opinions, religious, philosophical or other beliefs, political or trade union membership, biometrics, sexual orientation or criminal convictions) and your provision thereof would be entirely voluntary

How we collect it:  Usually directly from you, be it in person, by phone, email, and/or our Website and related recruitment system, or when you provide your details via our recruitment websites or social media accounts (including via job portals).  We may also collect certain information about you more indirectly from our recruitment agencies, your referees, background checking service providers, and from other public sources (eg LinkedIn profile).

Why we need it:  We only process your personal data to the extent needed for the job application process and/or your subsequent employment, as required by our overriding legitimate interests, applicable laws and/or for purposes of entering into an employment contract with you.  More specifically, we use it to assess and process your job application; decide whether to employ you; deal with your queries; defend against potential claims relating to the recruitment process; consider you for future job opportunities (if you have consented to us retaining your details for such purpose); and, if you are hired, make decisions about your employment with us.  If we don’t receive certain required information, we may not be able to properly assess or proceed with your job application.

How we share it: To the extent necessary for the above purposes (or otherwise permitted by law), we may share such data with your referees; third parties who conduct background/police checks; the institutions that issued your qualifications, and as otherwise detailed in Part 5.

How long we keep it:  Beam deletes unsuccessful candidates’ personal data after the application process is finished (i.e. once a suitable candidate is hired) save for those who have consented to their data being retained for future employment offers, or applicable laws entitle or require Beam to retain the data for longer (e.g. for up to 6 months to defend against potential legal claims related to the recruitment process). The successful candidate’s personal data will be retained and processed in accordance with Beam’s internal employee-facing policies and processes. 

Data Controller:  The Beam entity that will be employing you (if you’re the successful candidate), possibly in joint control with one or more other Beam affiliates. 


PART 4: VENDORS & PARTICIPATING BUSINESSES

In doing business we engage with various service providers, suppliers, independent contractors, and Participating Businesses (collectively our “Partners”) and process certain personal data in relation thereto, as follows: 

Personal Data: We process the contact details of Partners’ human representatives (i.e. the name, position, email address and phone numbers) along with their communications with Beam. In the case of sole proprietorships or partnerships, we also process their banking details, billing and service history (as required for our contract with them or by law, or in our overriding legitimate interests).

How we collect it:  We collect such data directly from the Partner via their websites or representatives (be it in person, via phone or email). Partners are responsible for the completeness and accuracy thereof and for ensuring that the people to whom the data relates have been notified and, where required by law, have consented.  Personal data related to prospective Partners is collected from publicly available sources (e.g. their website or LinkedIn), via participation at conferences and other events, and via referrals from existing business associates.

Why we need it:  We need such data to appropriately engage with the Partner to manage our relationship with it (as required by our contract with it and/or in our overriding legitimate interests).  More specifically, we use it for prospective Partner assessment and contract negotiation purposes as well as the ongoing administration of our Partner agreement.

How we share it:  To the extent necessary for the aforesaid purposes (or otherwise permitted by law), Beam may share a Partner’s personal data with the Partner’s other authorised representatives, and as otherwise detailed in Part 5.

How long we keep it: Partner-related personal data is stored only as long as needed to satisfy the above purposes, normally being for so long as Partner’s business relationship with us is effective and for such period thereafter as required or permitted by law.  

Data Controller: The Beam entity holding the relevant account or business relationship with the Partner, possibly in joint control with one or more other Beam affiliates.

PART 5:  GENERAL 

When we refer to ‘you’ in this Part 5, we are referring to each of our Website visitors, Customers, Group Riders, and Partner representatives. 

Promotional communications: It’s in our legitimate business interest to promote our business and service offerings, but we will only do so in accordance with applicable direct marketing laws, including that you be entitled to opt-out from promotional communications by following the unsubscribe instructions at the bottom of promotional email messages (or contacting support@ridebeam.com). Note that your opt-out won’t be of immediate effect (as we require reasonable time to give effect thereto in our systems). Also note that Customers cannot unsubscribe from service and/or billing-related communications as these are not promotional in nature. We generally retain marketing database records and market research data for approximately 2 years.

Criminal investigations: Personal data may be used to prevent, investigate and take action in response to suspected fraud or other crimes, with us taking steps that we reasonably believe to be necessary to protect the safety, security and rights of Beam, its employees, service providers and others (as per our contract with the data subject, overriding legitimate interests, as required by law, or to establish, exercise and protect a right)

Anonymous data: We may anonymise personal data so that it is no longer reasonably possible to associate the data with you. We do this to produce aggregated and/or individualised anonymous reports and/or as an alternative to deletion where deletion is not reasonably possible.  Subject to applicable law, we may use such anonymised information for any purpose, including without limitation for research and marketing purposes. For example, we anonymise Trip data in order to share it with universities we’ve partnered with for purposes of micro mobility research and to share it with town councils and other government bodies for their transport planning purposes. We may also anonymise job applicant data for purposes of internal statistical analysis. 

Where we process data: Regardless of the country that you may reside in, Beam operates in various countries globally through various Beam entities and our outsourced service providers may be located in various other countries too, both within and outside of the APAC region, including the United States. This means that Beam stores and processes personal data in jurisdictions foreign to the data subject.  We put appropriate measures in place to protect the personal data, as required by applicable laws, to ensure that the foreign recipient thereof provides appropriate standards of protection thereto. Nonetheless, you acknowledge that your personal data may be processed and stored in foreign ‎jurisdictions and consequently that foreign governments, courts, law ‎enforcement or regulatory agencies may be able to ‎access or obtain disclosure of your personal data ‎under a lawful order or otherwise through the ‎laws of that foreign jurisdiction.

How else we may share data:  Beam does not share or sell any personal data to third parties to use for their own purposes other than as set out in this Policy in Part 1 to 4 above, and as follows:

  • to other Beam group entities, as required to meet the specified purposes, based on our corporate group structure and locations of staff (in that certain Beam entities perform certain functions/services for other Beam entities).
  • to non-Beam outsourced service providers who perform functions and services on our behalf on our instructions (eg our customer support system, mailing functions, credit card payment processing, debt collectors, marketing providers, IT service providers like AWS & Google cloud-based hosting providers as well as our legal, accounting and financial advisers).
  • to a specific third party and its advisors in order to facilitate an acquisition or sale of assets between such third party and Beam (which is most likely to occur in relation to a purchase by such third party of any Beam entity or its business or assets, as Customer-related data and employee-related data may be part of the assets so sold);
  • Laws & rights: if required or permitted by local law or in a good faith belief that such disclosure is reasonably necessary to: (i) comply with law or legal process (e.g. court order); (ii) enforce our ToS,this Policy, or other contracts with you; (iii) respond to your requests for service/support; and/or (iv) protect the rights, property or personal safety of Beam, its agents and affiliates, its users, and/or the public. This includes exchanging information with other companies and organisations for fraud protection, spam/malware prevention, and similar purposes. 

How long we keep data: We only retain your personal data for as long as needed for the purposes we collected it for (including to satisfy any legal, accounting, or reporting requirements).  In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure thereof, the purposes for which we process it, and any particular legal requirements.  Note that when you delete your account, it may take additional time to fully delete your data from our databases and system logs.  We may also retain certain data from deleted accounts to prevent fraud, collect unpaid fees, enforce our ToS, comply with our legal obligations or enforce our other legal rights.

How we protect data:  Beam stores personal data electronically and sometimes in hard copy form. We take a range of technical, physical and organisational measures to protect the security of personal data, including by storing electronic information in password-protected servers that are in restricted and monitored areas. We do not store full credit card details on our own systems, but instead make use of PCI DSS-compliant payment service providers. However, no method of transmission over the internet and no means of electronic or physical storage, is absolutely secure. Please contact us at support@ridebeam.com if you believe there has been any unauthorised use of your account or any other breach of security.   

Other third-party data controllers: Our Website and App may include links to websites, plug-ins and applications of others.  Clicking on those links or enabling those connections may allow third parties to collect or share your personal data. We have no control over and are not responsible, nor liable for those third parties and the content, privacy practices or website terms they follow. Please check their policies before you submit any personal data to them.

How to access & correct your personal data:  Beam takes all reasonable steps to ensure that the personal data we hold is accurate, complete and up to date. Please keep us informed if your personal data changes during your relationship with us. Any submission of false or incorrect information may result in our failure to deliver our service to you.  Customers can access and correct most Customer-related personal data (such as contact details) directly via the App.  

Your rights & how to exercise them: You have the right to not receive any direct marketing messages from us.  You have the right to request information about the personal data of yours we process (including as to who we may have shared it with and why); to get copies thereof; to demand the correction of incorrect data, the blocking or restriction of processing, and/or data deletion (which, as a Customer, you can do yourself by deleting your account in the App); and to data portability in certain situations. If our personal data processing is based on your consent, you may at any time freely withdraw your consent to the future processing thereof. If our processing is based on our overriding legitimate interests, you may still be entitled to object thereto if the reason for your objection relates to your special set of circumstances. You can contact us to exercise such rights at any time and we will respond to you within 30 days or such shorter period as may be required under local law (bearing in mind that we may request certain information from you to verify your identity before responding to your request). Please use the following contact details: 

Privacy Team & Complaints: We have a dedicated Privacy Officer and team, so if you believe we have infringed your privacy rights in any way and wish to complain, please contact our Privacy Team at privacy@ridebeam.com who will deal with your complaint seriously. Although you have the right to complain to your relevant Data Protection Authority (detailed below), we encourage you to contact our Privacy Team first to facilitate swift resolution of your complaint.

Country Data Protection Authority
Australia Office of the Australian Information Commissioner (www.oaic.gov.au)
New Zealand Office of the Privacy Commissioner (www.privacy.org.nz)
Taiwan Taipei City Simple Petition System (hello.gov.taipei/Front/main) or Personal Data Protection Area of the National Development Council (pipa.ndc.gov.tw)
Turkey Personal Data Protection Authority (www.kvkk.gov.tr)
Japan Personal Data Protection Commission (www.ppc.go.jp/en)
Malaysia Personal Data Protection Department (www.pdp.gov.my/index.php/my)
Indonesia The Ministry of Communication & Informatics (Kementerian Komunikasi dan Informatika at www.kominfo.go.id)
Thailand Personal Data Protection Committee (www.mdes.go.th)