PLEASE NOTE: This Policy only applies to the territory of Hungary.
Therefore, it will not be legally binding in any other state.
Unless you're in Hungary, please check the Privacy Policy applying to the country of your location.

Effective Date: July 29, 2022
Last updated: July 29,, 2022


1.1. Under the terms of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"), Whoosh Mobility HU Kft. (business seat: H-1133 Budapest, Váci út 76.; company registry number: 01-09-396406) acts as a Controller; i.e. the entity that determines the purposes and means of the processing of personal data, and that processes the data for its own purposes and in order to comply with legal obligations (referred to as "Whoosh" or "Controller").

1.2. We aim to make all Whoosh processes as transparent as possible, including how we collect, use, and protect our users' personal information. This document (the "Privacy Policy") includes information on how personal data is collected, describes how we handle personal data that we obtain in the interaction with users and other persons specified in this Privacy Policy, via our website* and the Whoosh mobile application (jointly referred to as the Platform).

1.3. This Privacy Policy applies to the personal data collected if you:

a) Use our services;

b) Submit a job application;

c) Are browsing our webpage;

d) Are sending a business inquiry;

e) Are already a partner from promotions or other projects;

f) Are a media representative.

1.4. Please read the full terms of use of the Whoosh Platform in Terms & Conditions (hereinafter referred to as T&C).

1.5. We reserve the right to change this Policy from time to time. If changes are made to this document, an updated version will be immediately published on the Platform; in the event of significant changes, we will notify users by e-mail or other means.

1.6. If you have any additional questions, don't hesitate to get in touch with us at privacyinquiries@whoosh.bike. We have also appointed a Data Protection Manager, that can be contacted by using the email address above.



2.1. Under the General Data Protection Regulation, personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2. The processing of personal data must have a legal basis (as provided for in Articles 6, 9 and 10 of the GDPR). As per the data retention periods, the data will be deleted after the term defined according to the GDPR unless there is a pending dispute, in which case, Whoosh will keep the data until the decision is final.

2.3. The General Data Protection Regulation defines processing of personal data as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4. The processing of personal data for a specific purpose must meet one of the legal grounds listed in the GDPR. We may process your personal data on the following grounds:

a) if data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a)). Data subjects can withdraw their consent at any time by sending an e-mail to privacyinquiries@whoosh.bike, or by sending a written request to the address of the Controller;

b) if the processing is necessary for the performance of a contract to which the Data subject is party or to take steps at their request before entering into a contract (Article 6(1)(b)), such as when data is needed to provide the service and fulfil Whoosh's obligations under Terms & Conditions (e.g. billing information);

c) if the processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c)), such as the obligation to provide information to public authorities;

d) if the processing is necessary for the purposes of the legitimate interests pursued by Whoosh or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6(1)(f)). Such interests may include, without limitation, an interest in the development of our Platform or the establishment/development of partnerships with contractors.

2.5. Neither users nor any other persons mentioned in this Privacy Policy are obliged to provide us with specific personal data; however, you should bear in mind that in some cases, we will not be able to perform particular actions in the absence of personal data.


3.1. We process personal data of users, including information about the user's location, to execute Terms & Conditions, solely:

a) at the request of the user, to provide a service, including for managing the account and travel history;

b) to control, track and maintain our electric scooters or electric bicycles, including while receiving a service;

c) to process payments and provide discounts, for example, not paying for the start of a ride;

d) upon the users' request, provide information about their accounts, such as transactions, and communicate with users as needed. For example, if necessary, to provide information about changes in Terms & Conditions of the Platform. Under the legislation in the territory where services are provided, we may also send a request for a survey or marketing messages, including information about new features and improvements to the Platform;

e) if necessary, to comply with our legal obligations, including compliance with legal requirements;

f) to detect, investigate and prevent actions that may violate the Whoosh Privacy Policy and T&C, or any illegal activities, in which case we exchange information with law enforcement agencies, including foreign ones;

g) to cooperate with third parties as described below.

3.2. We process personal data of job seekers, Whoosh parking lot owners, media representatives and potential partners based on the content of the request, for example:

a) prompt communication upon request;

b) approval and signing of documents;

c) negotiating;

d) exchange of information, including records on a specific project.

3.3. We process the personal data of the website visitors to find out which pages of the website were visited, which links on the website were followed, and other data of user activity on the website to personalize the services and improve them.


4.1. User data

You are a user if you have installed the Whoosh mobile application on your device and have accepted Terms & Conditions and this Policy. The amount of user data processed depends on the purpose of the processing (for example, contacting customer support, registering in the mobile application). We process this data for the purposes described below. The personal data we may collect includes:

a) Account creation data: name, e-mail, telephone, bank card details, day, month and birth year;

b) When users register on or use the Platform, we receive and process their location data. For example, to locate Whoosh electric scooters closest to the user, it is necessary to collect, record and process information about where the user's device is located right now. We track the location of electric scooters and bicycles during the trip, along with the route and other trip data;

c) We may offer features designed to help you use the services, such as to locate vehicles available through the network, including in whole or in part based on your location. You will be asked to give consent to location-based services, normally through an opt-in screen on the app. If you choose to enable location-based services, we may collect your location based on information provided by you or your mobile device, including, if available, GPS, IP address or cell tower information. It you choose to not opt-in to location-based services, you may not have access to the features necessary to use the services;

d) In case of contacting customer support or communication in any other way, we request contact information (contact phone number and e-mail) to answer the question or help. We store the history of communication with customer support and the information transmitted during this communication, including records of phone calls;

4.2. Website visitors' data

if you visit our website, you are a visitor.

a) We use cookies placed on your device when you visit the website; clear conditions for the processing of cookies are given in the cookie processing policy.

b) You can disable cookies in your browser settings if you do not want us to process the above information.

4.3. Jobseeker data

You are a job seeker if you have submitted a job application to Whoosh by using the feedback form in the relevant section of the website.

a) The job seekers enter and send their data to Whoosh via our webpage.

b) Data submitted by job seekers may include name, contact information, city and desired position and other data at the discretion of the job seeker or if necessary.

4.4. Whoosh parking lot owners

You fall into this category if you intend to host a Whoosh parking lot or, on the contrary, want to remove a previously equipped parking lot.

a) We request and use data of this category (name, telephone, e-mail, city, organization, intended parking address, and additional information at the discretion of the applicant).

4.5. Potential partners for promotions and other projects

If you are interested in working with Whoosh in marketing, advertising, bonus programs, or other partnerships, you fall into this category.

a) Whoosh requires data, including name, contact information (telephone, e-mail), city, organization name, and other information at the discretion of a potential partner

4.6. Media representatives

You fall into this category if you contact Whoosh on behalf of the media.

a) Media representatives provide their contact details, name of the media. They may also offer other information depending on the nature of the communication, for example, the city, the position of the contact person, etc.

4.7. Third party data

By providing us with the personal data of third parties when using the Platform, you confirm that the party has consented to such a transfer.


5.1. Also, sometimes, in order to fulfill our obligations, including within the framework of T&C, we transfer user data to affiliates and partners, service providers, and third parties. We make sure that this process is safe. Here are those with whom we can partially share the data:

a) Partners and service providers. To provide the service, we engage trusted and reliable partners and suppliers. This includes payment processing, customer support, insurance, marketing or promotions. For example, we share information with banks for processing payments and refunds, and with an insurance company when a user chooses an insurance service. Please check section 5.2. below to find out specifically what recipients we may share your data with.

b) Third parties. After removing identification data such as name, telephone and e-mail (if any), and combining the information received with similar information from other users, we may use, license and share the aggregated anonymized data (in such cases the data is always anonymized first). This may be travel information provided by third parties for research, business or other purposes. For example, Whoosh works with local authorities to study the specifics and volume of transport traffic within the city. In case of business reorganization, we may transfer user information as part of a sale, merger, or preparation for any of these events. In any case, we will bind the recipients to adopt adequate measures if personal data is involved.

c) State, regulatory and law enforcement authorities. We can transmit information only on the grounds stipulated by the law in response to official requests, in order to comply with the requirements of the applicable law in the territory of the services' provision. This is done to detect, investigate, prevent and eliminate cases of fraud and other illegal actions related to security, as well as to prevent harm to the property or health of users of the Platform, members of the public, employees of the Platform or third parties. The information may be transmitted to State bodies and for the protection of the legitimate rights or property of the Platform, for taking measures in cases of illegal actions or violations of traffic rules, for ensuring the fulfilment of the conditions of use of the service specified in Terms & Conditions.

5.2. We may share your data with the following recipients:

  • Payment service providers;

  • Live chat software providers;

  • Marketing platforms;

  • Cloud storage providers We also use metric programs (Yandex.Metrica, Google Analytics) to measure website traffic and analyze user behavior, which helps us to constantly improve our service
    5.3. We also use metric programs (Yandex.Metrica, Google Analytics) to measure website traffic and analyze user behavior, which helps us to constantly improve our service.

    5.4. In addition, we may transfer aggregated, anonymized or pseudonymized information that cannot be used to identify a specific person by third parties, including the types of third parties listed above, for the purpose of performing or participating in statistical research and/or reports.

    5.5. Whoosh is a global Platform, which means that we work with the data of our users all over the world and can transfer this data to other countries, but strictly for the purpose of providing services or on other legal grounds in a secure way. Before such a transfer, we will bind the recipients to adopt adequate measures.

    5.6. The storage as well as the processing of your personal data as described above may require that your personal data be ultimately transferred to, and/or stored at, a destination outside of your country of residence. We may also transfer your personal data to countries outside the European Economic Area ("EEA"). Including to countries which have different data protection standards to those which apply in the EEA.
    In particular, we can transfer Whoosh users' data to Russia for the purposes of online support provision.

    5.7. If this should happen, special safeguards are foreseen to ensure that the protection travels with the data. These safeguards include entering into a contract incorporating the standard data protection clauses adopted by the Commission ("standard contractual clauses") or adopting of any of the other instruments set out in the GDPR.


    6.1. We retain your personal data for the periods referred to in Annex I to this Policy.

    6.2. Except for the retention periods that result from the law, to determine the appropriate retention periods, we take into consideration the quantity, nature and sensitivity of the personal data, the potential risk of damage resulting from its use or unauthorized access, as well as the processing purposes, as well as how long it is necessary to keep personal data to comply with them.

    6.3. When users delete their accounts, we may need additional time to remove information from our databases and system logs altogether. We may also store information from deleted accounts to prevent fraud, collect payments, enforce the terms of T&C, fulfil legal obligations, or ensure our legal rights. We undertake to store your data no longer than is required by statutory time limits so that both you and Whoosh will have the possibility of the legal protection of their interests.


    7.1. With regard to the processing of your personal data, and to the extent the legal requirements applicable are met, you have the rights described below, under the terms of articles 15 to 21 of the General Data Protection Regulation.

    7.2. Right to access

    You have the right to obtain from the controller confirmation as to whether or not personal data are being processed by Whoosh, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

    7.3. Right to rectification

    If you consider your personal data are inaccurate or incomplete, you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

    Your right to rectification only applies to the personal data you have provided to Whoosh and not to data resulting from Whoosh actions (e.g. performance reviews).

    7.4. Right to erasure

    To the extent legally admissible, you have the right to obtain from Whoosh the erasure of your personal data without undue delay and Whoosh shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you have withdrawn consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; (iii) you have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21(2); (iv) the personal data have been unlawfully processed (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Whoosh is subject; (vi) the personal data have been collected in relation to the offer of information society services.
    Right to erasure does not apply if the processing is (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (iii) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3); (iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (v) for the establishment, exercise or defence of legal claims. After the exercise of the right of erasure in the terms legally admissible your personal data will be deleted.

    7.5. Right to restriction of processing

    You shall have the right to obtain from the controller restriction of processing where one of the following applies: (i) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and you have opposed to the erasure of the personal data and have requested the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.

    7.6. Right to data portability

    You have the right to receive your personal data provided by you, in a structured format, in common use and automatic reading. You also have the right to ask Whoosh to transmit this data to another controller, as long as this is technically possible, where applicable under article 20 GDPR.

    7.7. Right to object

    You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Whoosh shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

    7.8. Right to lodge complaints with the supervisory authority

    You have the right to file complaints with the competent supervisory authority regarding matters related to the processing of your personal data. In Portugal, the competent supervisory authority is the National Data Protection Commission. For more information, go to www.cnpd.pt.


    8.1. This Privacy Policy may be amended occasionally to reflect changes in the law or in our data processing practices, the issuance of new guidelines from the local data protection authority, or advances in technology. We will give you appropriate notice of any changes to this Policy and will provide you the opportunity to explicitly assent to any changes prior to being subject to the same.

    8.2. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the "Effective Date" and "Last updated" included at the beginning of the document.

    8.3. We encourage you to periodically review this Policy to stay informed about how we collect, use and disclose your Personal Data, in case you missed our notice of changes to this Privacy Policy.

    Cookie Statement
    By clicking "Accept All", you agree to the storing of cookies and similar technologies on your device for the purposes of enhancing navigation, analyzing usage, and to assist us and our partners in our marketing efforts. Because we respect your right to privacy, you can choose not to allow some types of cookies by clicking "Manage Choice". Additionally, you can find out more by visiting our Cookie Policy or restrict the processing of all cookies in your browser's settings anytime.
    Accept All
    Manage Choises
    Cookie Statement
    Cookie Settings
    Cookies necessary for the correct operation of the site are always enabled.
    Other cookies are configurable.
    Essential cookies
    They allow you to browse the website and use its applications as well as to access secure areas of the website. Without these cookies, the services you have requested cannot be provided.
    Analytics cookies
    They store user preferences for site usage so that you do not need to reconfigure the site each time you visit it.
    Advertising cookies
    They are meant for direct advertising according to the interests of each user so as to direct advertising campaigns, taking into account the preferences of users, and they also limit the number of times you see the ad, helping to measure the effectiveness of advertising and the success of the website organization.