Driver privacy policy

Last updated: [Submission time], 2025. To see the prior version,

Note:

We know that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. This Privacy Policy describes how Hayles Mobility Limited (hereinafter referred to as "we") collect and process your personal information through our websites, devices, products, services and applications that reference this Privacy Policy. By using services, you are consenting to the practices described in this Privacy Policy. Please read and understand this Privacy Policy carefully before using our products or services. Our Privacy Policy explains the following issues:

HOW DO WE COLLECT DATA
HOW DO WE USE DATA
HOW DO WE SHARE DATA
WHAT ABOUT COOKIES AND OTHER IDENTIFIERS
HOW DO WE ENSURE DATA SECURITY
HOW DO WE RETENTION YOUR DATA
YOU RIGHTS
TRANSFER OF PERSONAL DATA OUTSIDE OF YOUR JURISDICTION
ARE CHILDREN ALLOWED TO USE SERVICES
UPDATES TO THE PRIVACY POLICY
DELETE USER ACCOUNT FROM APP
CONTACT US

1 HOW DO WE COLLECT DATA

We collect your personal information in order to provide and continually improve our products and services.

Here are the types of personal information we collect:

Information You Give Us
Account registration and login. You can complete registration and login through your personal email, and we need to collect your email during the process. We also provide third-party account login services (Apple and Google) for you, and we will not collect your personal data through third-party account login. You can complete registration and login through your personal email, and we need to collect your email during the process. We also provide third-party account login services (Apple and Google) for you, and we will not collect your personal data through third-party account login.

Map. When you enter the homepage map page, we will apply for location permission from you to obtain your current location information, so that we can display nearby charging stations for you.

Personal center. Here, you can edit your profile picture. During the editing process, we need to collect your camera and album permissions.

Scan the code to charge. To scan and charge, we need to collect your camera and album permissions in order to implement the scanning function.

Payment page. Please be informed that we cooperate with professional payment companies. The payment page you see on the APP is provided by a third-party payment company. During the process, they need to collect your card information (card number, expired date, security code), cardholder name, billing email, billing address (country+street+province+city+postal code) for compliance purposes. However, we do not collect the above fields.
Automatic Information
Charging list. For your convenience in checking your charging status, we have collected your current SOC energy, Est.Costs, Duration based on display need.

Order list. For your convenience in viewing your order data, we need to collect your connector ID energt Consumed, start time, end time, costs.

Payment list. To facilitate your viewing of your payment information, we need to collect your payment details (customized fee Flat fee, incl.TAX, Excl.TAX）, Transaction ID, Connecter NO., energy, charging duration, charging start, charging end.

Order payment. During the payment process of your order, we will collect your productName, unitAmount, currency.

2 HOW DO WE USE DATA

We use your personal information to operate, provide, develop, and improve the products and services that we offer our customers. These purposes include:

Purchase of services. We use your personal information to take and handle orders, deliver services, process payments, and communicate with you about orders, services, and promotional offers.
Provide, troubleshoot, and improve Services. We use your personal information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of services.
Provide voice, image and camera services. When you use our voice, image and camera services, we use your voice input, images, videos, and other personal information to respond to your requests, provide the requested service to you, and improve our services.
Comply with legal obligations. In certain cases, we collect and use your personal information to comply with laws.
Communicate with you. We use your personal information to communicate with you in relation to Services via different channels (e.g., by phone, email, chat).

3 HOW DO WE SHARE DATA

Information about our customers is an important part of our business, and we are not in the business of selling our customers' personal information to others.

Based on the needs of global payments, we have collaborated with two payment institutions (Stripe and Airwallex）. During the payment process, we need to share your order payment data (including product Name, unit Amount, currency) with the payment institutions for verification and payment. Regarding the privacy agreements of these two companies, please refer to https://stripe.com/zh-us/privacy and https://www.airwallex.com/terms/privacy-policy#scope-of-policy. You will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

4 WHAT ABOUT COOKIES AND OTHER IDENTIFIERS

To enable our systems to recognize your browser or device and to provide and improve services, we use cookies and other identifiers.

5 HOW DO WE ENSURE DATA SECURITY

At present, our platform supports have passed international ISO27001 ISO27701, ISO37301, TISAX industry certifications. We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

The data security lifecycle includes the following stages: data collection, data storage, data usage, data transmission, data backup, and data destruction. Here is an introduction to each stage:

Data Collection: In the data collection stage, compliance with privacy protection regulations is followed, and only the necessary fields for business purposes are collected. Measures such as TLS encryption for transmission and frontend input encryption (e.g., for credential information) ensure the security of the information collection and input process.
Data Storage: The storage stage primarily ensures security through mechanisms such as data encryption, backup, and access control. For more details, refer to the sections on "Data Storage Mechanisms," "Data Encryption Mechanisms," and "Data Backup Mechanisms."
Data Usage: The main security mechanisms during the data usage process include permission control, page watermarking, and data anonymization. Permission control involves functional and data-level permissions, both following the principle of least privilege. The scope of data usage is strictly limited to within the scope of business functions and is not used for any purposes outside of the business. During data transmission, TLS encryption is employed to ensure the security of data during the usage process.
Data Sharing: Data is not shared with any third party without the authorization of the tenant.
Data Backup: A mechanism combining full backups and incremental backups is used, and data is regularly synchronized with the disaster recovery center, following the principle of having data backed up in two locations.
Data Destruction: When a tenant contract terminates, if there are no additional data retention requirements, the data deletion mechanism is triggered upon the termination of the business process, and the data is deleted within the time frame specified by legal or regulatory requirements.

6 HOW DO WE RETENTION YOUR DATA

We retain your personal information as long as we have an ongoing legitimate business need to do so, for example, to provide services or products to you, or as required or permitted by applicable laws, such as tax and accounting laws. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

For your personal data storage location, please refer to Section 8.

7 YOUR RIGHTS

As a user, you may have the following data protection rights, which you can exercise pursuant to applicable laws at any time by contacting us using the contact details provided under section 11. “CONTACT US” below:

The right to access, correct, update or request deletion of your personal information.
The right to object to processing of your personal information when it is based on our legitimate interests, and separately the right to object to direct marketing.
The right to ask us, in some situations, to restrict processing of your personal information or request portability of your personal information.
The right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under section 14. “HOW TO CONTACT US” below.
If we have collected and processed your personal information with your consent, then you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
The right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you live in a jurisdiction that provides for a right to appeal a denial of your request to exercise such rights, you may submit your appeal using the contact details provided under section 11. “CONTACT US” below.

If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.

8 ARE CHILDREN ALLOWED TO USE SERVICES

We does not sell products for purchase by children. We sell children's products for purchase by adults. If you are under 18, you may use Hayleys Mobility Services only with the involvement of a parent or guardian. We do not knowingly collect personal information from children under the age of 13 without the consent of the child's parent or guardian.

9 UPDATES TO THE PRIVACY POLICY

We may update this Privacy Policy from time to time including in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to notify you, consistent with the significance of the changes we make. We will obtain your consent if and when we materially change this Privacy Policy in a way that reduces the protection of your personal information collected in the past. Any changes to this Privacy Policy will be communicated by us posting an amended Privacy Policy on the Platform. Once posted on the Platform, the new Privacy Policy will be effective immediately. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

10 DELETE USER ACCOUNT FROM APP

Login into the App, open left panel and click on “View Profile”
Under Profile, click on “Edit Profile”
Click on the button “Delete Profile”

11 CONTACT US

If you have any comments or questions about this Privacy Policy or any questions relating that we collect, use or disclosure of your personal data, please contact us at the address below referencing "Privacy Policy":

Hayleys Mobility Limited

200, Deans Road, Colombo 10, Sri Lanka

Email: info@hayleysmobility.lk

Phone: +94 112 222 222

Thank you for taking the time to understand our Privacy Policy!