We may update this Policy from time to time, provided that Policy updates will only become effective in regards to our Customers (as defined below) after 7 days from publication (or 30 days if the updates are significant).
This Policy is divided into different parts, to describe how we process personal data in different contexts, as follows:
Part 1 - visitors to our website at www.ridebeam.com (‘Website’)
Part 2 - our mobile app-based shared micro mobility service (hereinafter referred to as our ‘App’ and the ‘Service’ respectively)
Part 3 - job candidates
Part 4 - vendors, service providers and other business partners
Part 5 - General provisions relating to all personal data (detailing how it is stored, protected, otherwise shared, and what your rights are).
Note the following terminology used in this Policy:
Vehicles - means the personal mobility devices (including any equipment or accessories attached thereto) offered as part of the Service from time to time.
As people cannot open accounts and/or log into our Website, all Website users are pure visitors and when we refer to ‘you’ in this Part 1, we are referring to a Website visitor.
Webform Data: The Website may make web forms available for various purposes from time to time which you may choose to complete and submit. In doing so you may provide your name, contact details, and/or other personal data to us which we use for the purposes disclosed to you in relation to the relevant web form (eg to investigate a Vehicle accident you report to us and contact you in relation thereto). We only retain the data as long as needed therefor and as otherwise required by law. Note that, as explained in Part 5, we may share such data with law enforcement or other authorities as required and we may also use your contact details to send you promotional communications if you opt-in thereto.
Data Controller: The Website is operated by Beam Mobility Holdings Pte. Ltd for itself and the Beam entity operational in the country in which you are based (if any).
When we refer to ‘you’ in this Part 2, we are referring to our Customer.
What personal data we process & why: Most of our Service-related data processing is needed to provide the Service to you along with related support, billing, account management and account security functions, on the basis of our contract with you or as otherwise required by local laws. Additional processing may take place for market research, business development, service improvement and promotional purposes (in our overriding legitimate interest or on the basis of your consent) and for investigations into contraventions of our ToS and applicable law, including in relation to credit card fraud, Vehicle accidents, theft and damage (as per our contract and to defend the rights of others). Some data is automatically collected via usage of the App and/or Vehicles (like your location and Trip details), with the rest being actively provided by you and/or others via the App and other available methods (eg email, phone). More specifically:
The data processed about all Customers is as follows:
How we share it: Vehicle Trip data is only shared on an anonymous basis with the likes of city councils and universities for public transport planning and research purposes respectively. However, we do share some of your personal data externally (i.e. to non-Beam entities to use independently for their own purposes) as follows:
How long we keep it: As long as needed to satisfy the above purposes, normally being for so long as you remain a Customer and for such period thereafter as required or permitted by law (generally being approximately 6 years to maintain statutorily-required records and allow for any ongoing dispute resolution).
Data Controller: The Beam entity providing the Service to you, being the Beam entity operational in the relevant country where the Service is being provided, possibly in joint control with one or more other Beam affiliates.
When we refer to ‘you’ in this Part 3, we are referring to anyone who applies for a job with Beam.
Personal Data: We process what one would ordinarily expect of any job application process, i.e. contact details (like your name, physical address, email address and phone number); employment-related information (eg previous work experience, skills, qualifications, referees, working rights and police clearance, to the extent permitted under relevant employment laws); records of your communications with us (including information gathered during interviews); and whatever other information you have chosen to include in your resume and cover letter. Note that, save for very specific roles which may necessitate police checks or other background checks (as allowed by applicable law), we do not need any sensitive personal data (i.e. data relating to race, ethnicity, health, political opinions, religious, philosophical or other beliefs, political or trade union membership, biometrics, sexual orientation or criminal convictions) and your provision thereof would be entirely voluntary.
How we collect it: Usually directly from you, be it in person, by phone, email, and/or our Website and related recruitment system, or when you provide your details via our recruitment websites or social media accounts (including via job portals). We may also collect certain information about you more indirectly from our recruitment agencies, your referees, background checking service providers, and from other public sources (eg LinkedIn profile).
Why we need it: We only process your personal data to the extent needed for the job application process and/or your subsequent employment, as required by our overriding legitimate interests, applicable laws and/or for purposes of entering into an employment contract with you. More specifically, we use it to assess and process your job application; decide whether to employ you; deal with your queries; defend against potential claims relating to the recruitment process; consider you for future job opportunities (if you have consented to us retaining your details for such purpose); and, if you are hired, make decisions about your employment with us. If we don’t receive certain required information, we may not be able to properly assess or proceed with your job application.
How we share it: To the extent necessary for the above purposes (or otherwise permitted by law), we may share such data with your referees; third parties who conduct background/police checks; the institutions that issued your qualifications, and as otherwise detailed in Part 5.
How long we keep it: Beam deletes unsuccessful candidates’ personal data after the application process is finished (i.e. once a suitable candidate is hired) save for those who have consented to their data being retained for future employment offers, or applicable laws entitle or require Beam to retain the data for longer (e.g. for up to 6 months to defend against potential legal claims related to the recruitment process). The successful candidate’s personal data will be retained and processed in accordance with Beam’s internal employee-facing policies and processes.
Data Controller: The Beam entity that will be employing you (if you’re the successful candidate), possibly in joint control with one or more other Beam affiliates.
In doing business we engage with various service providers, suppliers, independent contractors, and Participating Businesses (collectively our “Partners”) and process certain personal data in relation thereto, as follows:
Personal Data: We process the contact details of Partners’ human representatives (i.e. the name, position, email address and phone numbers) along with their communications with Beam. In the case of sole proprietorships or partnerships, we also process their banking details, billing and service history (as required for our contract with them or by law, or in our overriding legitimate interests).
How we collect it: We collect such data directly from the Partner via their websites or representatives (be it in person, via phone or email). Partners are responsible for the completeness and accuracy thereof and for ensuring that the people to whom the data relates have been notified and, where required by law, have consented. Personal data related to prospective Partners is collected from publicly available sources (e.g. their website or LinkedIn), via participation at conferences and other events, and via referrals from existing business associates.
Why we need it: We need such data to appropriately engage with the Partner to manage our relationship with it (as required by our contract with it and/or in our overriding legitimate interests). More specifically, we use it for prospective Partner assessment and contract negotiation purposes as well as the ongoing administration of our Partner agreement.
How we share it: To the extent necessary for the aforesaid purposes (or otherwise permitted by law), Beam may share a Partner’s personal data with the Partner’s other authorised representatives, and as otherwise detailed in Part 5.
How long we keep it: Partner-related personal data is stored only as long as needed to satisfy the above purposes, normally being for so long as Partner’s business relationship with us is effective and for such period thereafter as required or permitted by law.
Data Controller: The Beam entity holding the relevant account or business relationship with the Partner, possibly in joint control with one or more other Beam affiliates.
When we refer to ‘you’ in this Part 5, we are referring to each of our Website visitors, Customers, Group Riders, and Partner representatives.
Promotional communications: It’s in our legitimate business interest to promote our business and service offerings, but we will only do so in accordance with applicable direct marketing laws, including that you be entitled to opt-out from promotional communications by following the unsubscribe instructions at the bottom of promotional email messages (or contacting firstname.lastname@example.org). Note that your opt-out won’t be of immediate effect (as we require reasonable time to give effect thereto in our systems). Also note that Customers cannot unsubscribe from service and/or billing-related communications as these are not promotional in nature. We generally retain marketing database records and market research data for approximately 2 years.
Criminal investigations: Personal data may be used to prevent, investigate and take action in response to suspected fraud or other crimes, with us taking steps that we reasonably believe to be necessary to protect the safety, security and rights of Beam, its employees, service providers and others (as per our contract with the data subject, overriding legitimate interests, as required by law, or to establish, exercise and protect a right)
Anonymous data: We may anonymise personal data so that it is no longer reasonably possible to associate the data with you. We do this to produce aggregated and/or individualised anonymous reports and/or as an alternative to deletion where deletion is not reasonably possible. Subject to applicable law, we may use such anonymised information for any purpose, including without limitation for research and marketing purposes. For example, we anonymise Trip data in order to share it with universities we’ve partnered with for purposes of micro mobility research and to share it with town councils and other government bodies for their transport planning purposes. We may also anonymise job applicant data for purposes of internal statistical analysis.
Where we process data: Regardless of the country that you may reside in, Beam operates in various countries globally through various Beam entities and our outsourced service providers may be located in various other countries too, both within and outside of the APAC region, including the United States. This means that Beam stores and processes personal data in jurisdictions foreign to the data subject. We put appropriate measures in place to protect the personal data, as required by applicable laws, to ensure that the foreign recipient thereof provides appropriate standards of protection thereto. Nonetheless, you acknowledge that your personal data may be processed and stored in foreign jurisdictions and consequently that foreign governments, courts, law enforcement or regulatory agencies may be able to access or obtain disclosure of your personal data under a lawful order or otherwise through the laws of that foreign jurisdiction.
How else we may share data: Beam does not share or sell any personal data to third parties to use for their own purposes other than as set out in this Policy in Part 1 to 4 above, and as follows:
How long we keep data: We only retain your personal data for as long as needed for the purposes we collected it for (including to satisfy any legal, accounting, or reporting requirements). In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure thereof, the purposes for which we process it, and any particular legal requirements. Note that when you delete your account, it may take additional time to fully delete your data from our databases and system logs. We may also retain certain data from deleted accounts to prevent fraud, collect unpaid fees, enforce our ToS, comply with our legal obligations or enforce our other legal rights.
How we protect data: Beam stores personal data electronically and sometimes in hard copy form. We take a range of technical, physical and organisational measures to protect the security of personal data, including by storing electronic information in password-protected servers that are in restricted and monitored areas. We do not store full credit card details on our own systems, but instead make use of PCI DSS-compliant payment service providers. However, no method of transmission over the internet and no means of electronic or physical storage, is absolutely secure. Please contact us at email@example.com if you believe there has been any unauthorised use of your account or any other breach of security.
Other third-party data controllers: Our Website and App may include links to websites, plug-ins and applications of others. Clicking on those links or enabling those connections may allow third parties to collect or share your personal data. We have no control over and are not responsible, nor liable for those third parties and the content, privacy practices or website terms they follow. Please check their policies before you submit any personal data to them.
How to access & correct your personal data: Beam takes all reasonable steps to ensure that the personal data we hold is accurate, complete and up to date. Please keep us informed if your personal data changes during your relationship with us. Any submission of false or incorrect information may result in our failure to deliver our service to you. Customers can access and correct most Customer-related personal data (such as contact details) directly via the App.
Your rights & how to exercise them: You have the right to not receive any direct marketing messages from us. You have the right to request information about the personal data of yours we process (including as to who we may have shared it with and why); to get copies thereof; to demand the correction of incorrect data, the blocking or restriction of processing, and/or data deletion (which, as a Customer, you can do yourself by deleting your account in the App); and to data portability in certain situations. If our personal data processing is based on your consent, you may at any time freely withdraw your consent to the future processing thereof. If our processing is based on our overriding legitimate interests, you may still be entitled to object thereto if the reason for your objection relates to your special set of circumstances. You can contact us to exercise such rights at any time and we will respond to you within 30 days or such shorter period as may be required under local law (bearing in mind that we may request certain information from you to verify your identity before responding to your request). Please use the following contact details:
Privacy Team & Complaints: We have a dedicated Privacy Officer and team, so if you believe we have infringed your privacy rights in any way and wish to complain, please contact our Privacy Team at firstname.lastname@example.org who will deal with your complaint seriously. Although you have the right to complain to your relevant Data Protection Authority (detailed below), we encourage you to contact our Privacy Team first to facilitate swift resolution of your complaint.