Privacy Policy

Privacy policy for Optigon OÜ

Updated 1 February  2025

1. Introduction

Optigon OÜ, operating under the Vok Bikes brand (“we,” “us,” “our”), is committed to protecting the privacy and security of your personal data. This policy outlines how we collect, use, transfer, store, retain, protect, or otherwise process your information in compliance with the General Data Protection Regulation (“GDPR”).

For the purposes of this policy:

“You” refers to any natural person whose personal data is being processed, including but not limited to any individual who makes a purchase, accesses or uses our services or website, or interacts with us in any other way.

2. Data controller

We are the data controller with regard to the personal data processed when you, for example, visit, use our website, contact us or purchase our services or products. This means that we determine and are responsible for how your personal data is processed. 

Our website may contain links to other websites. Please be aware that once you leave our site and navigate to a third-party website, that site’s privacy policy will apply to any information you provide or that is collected through that site. We encourage you to review the privacy policy of any site you visit to understand its data practices.

3. Data collection and use

To achieve the purposes set out in this privacy policy, we process some or all of the following personal data. The exact composition of the personal data processed varies in each case, but we always follow the principle of processing as little personal data as necessary to achieve the purpose:

• Customer orders and delivery: To process orders and deliver our products, we process the names, personal identification numbers, email addresses, phone numbers, bank account numbers, and, if necessary, financial and other information needed for preparing, concluding, and fulfilling the contract, related to individuals and individuals associated with legal entities with whom we have business relationships (e.g., representatives, contact persons, certain employees, etc.). Until the contract is concluded, we process this information to conclude the contract (establishing a client relationship) and protect our rights. From the conclusion of the contract, we process the data to fulfil the contract and our statutory obligations and protect our rights. 
• Customer support: Personal data disclosed to us during communication with clients and potential clients (including the names, personal identification numbers, email addresses, phone numbers, postal addresses, bank account numbers, transaction history, and, if necessary, financial and other information needed of individuals and individuals related to legal entities, such as representatives, contact persons, certain employees, etc.) are primarily processed for the purpose of establishing and maintaining client relationships, including to provide customer support, handle inquiries, confirm the order, process payments, shipping, user onboarding, customer success and any related communications regarding your purchase of the vehicles or other products.
• Marketing: If you have subscribed to our marketing communications, we will process your personal data, such as your name and e-mail address, based on your consent, which you may always withdraw by an unsubscribe link provided in the marketing communication.
• Using our website: When you visit our website, we may process personal data that we gather ourselves (or by using third-party services) regarding how, when and for what periods you access and use our website, including IP addresses and information about the device you use to access our website. 
• Geolocation and performance data of the vehicles: Our vehicles are equipped with GPS devices and software for tracking the vehicle’s performance. As a standard practice, we keep personal and GPS/performance data separate, and we do not track the real-time location or performance of the vehicles. However, we may access the geolocation or performance data when necessary and only for specific, lawful purposes, such as locating a vehicle if we have a legitimate interest in doing so (e.g. to check the location of missing rental vehicles or determine the location, mileage or speed where necessary for resolving any disputes or incidents) or we have to fulfil a contractual obligation (in particular, to check the applicability of warranty coverage due to mileage limitations). The owner and lawful user of the Vehicle are provided access to GPS data on a Vok Bikes’ authorised third-party fleet management platform. The owner or lawful user shall be solely responsible for the legality of the purposes of such data processing and obtaining any required consents.
• Legal compliance: We may also process your personal data to fulfil our obligations set out in legal acts, such as ensuring data protection, retaining personal data for periods necessary to meet legal obligations (e.g., for accounting purposes), and fulfilling other duties as required by applicable laws and regulations.

We always ask for your prior explicit consent to process personal data if we use it for purposes not listed in the privacy policy or in cases where we do not have any other legal basis to process your personal data. You can withdraw such consent at any time.

We obtain personal data directly from our business clients during the negotiation, contracting, and order placement processes. Personal data may also be collected when you contact us via email, phone, or through our website. Additionally, we may receive personal data from third parties or publicly available sources, such as business directories, to the extent permitted by applicable law.

4. Retention period

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the duration of the contract and as required by applicable laws (e.g., for tax and accounting purposes). After this period, we will securely delete or anonymise personal data unless longer retention is required or permitted by law. Specific retention periods are based on factors such as legal requirements, the nature of the data, and our legitimate business needs:

• Personal data related to contracts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule, Vok Bikes retains your personal data as long as it is necessary to provide services during the term of the contract concluded between you and Vok Bikes and for three years after the term of the contract. In this regard, as a general rule, if you have not used our services for three years, your profile and all personal data therein will be deleted unless we have a legal basis for retaining your personal data for a longer period.  
• Pursuant to the Accounting Act, we may retain accounting documents such as billing details, transaction history, bank account information, and invoices for 7 years. 
• Personal data collected for marketing purposes shall be retained as long as you continue to consent to receiving marketing communications. Once consent is withdrawn, data shall be deleted. However, data concerning the giving and withdrawal of consent (such as records of your initial consent and the subsequent withdrawal) shall be retained to demonstrate compliance with applicable data protection laws and for legal or regulatory purposes. These records will be kept for as long as required by law or our legitimate business interests.

There may be justifiable exceptions where data must be kept longer, such as ongoing legal proceedings or specific legal or regulatory requirements.

5. How do we protect your personal data?

To protect your personal data from unauthorised access, unlawful processing or disclosure, accidental loss, modification, or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include, but are not limited to, the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, and controlling and limiting access to documents and buildings. 

6. Data Sharing

We may share personal data with third parties in the following situations:

• Service providers: Companies that provide services to us or on our behalf (e.g., accounting services, delivery services, maintenance services, custom services).
• Legal requirements: To comply with legal obligations or respond to lawful requests by public authorities. This may include court orders and judgements, as well as data protection supervisory authority requests. In honouring such orders, judgements, and requests, we shall make sure that a lawful basis exists under which we share the information.
• Protection of rights: We may share your personal data in connection with legitimate exercise or protection of our or our customers’ rights or in investigating contract breaches or illegal activity. In such cases, the recipients of your personal data may be professional advisors or law enforcement agencies.
• Data Disclosure in Corporate Transactions: Your personal data may be disclosed to third parties if we are involved in a merger, sale of all or part of our assets or shares, reorganisation, or financing.

This list is not exclusive and is subject to change over time based on provider availability, service agreements, and our policy updates. 

Any transfers of personal data outside the EU/EEA shall be done under a lawful basis, including to a recipient in a country that provides an adequate level of protection for personal data or under appropriate safeguards that cover the EU/EEA requirements for the transfer of personal data outside the EU/EEA.

7. Cookies

Our Services and website, www.vokbikes.com (“Website”) use cookies. This section incorporates our cookie policy (“Cookie Policy”).

Cookies are small data files stored on your hard drive by a website. Cookies help us monitor and improve the functionality and usage of our Website and your experience when using our services. We can use cookies to see which areas and features are popular and to count visits to our Website to recognise you as a returning visitor and to tailor your experience of the Website according to your preferences. We may also use cookies for targeting or advertising purposes. 

Cookies may be session cookies or persistent cookies:

• session cookies are temporary cookie files, which are erased when you close your browser;
• persistent cookies remain in the browser’s subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie’s file. 

Cookies may be first-party cookies or third-party cookies:

• first-party cookies are cookies set by the website you’re visiting and only that website can read them;
• third-party cookies are cookies set by external services.

Cookies and similar technologies are managed through our cookie banner. Except for strictly necessary cookies, cookies are placed/read only on the basis of user consent collected through the banner. Users can update or withdraw their choices at any time in the cookie settings.

You can delete or block cookies on the Website through your browser settings anytime. However, some cookies might be necessary for the functionality of the Website. Therefore, you understand that when blocking or deleting the cookies, some features of the Website might not function correctly. 

For more general information about cookies, including the difference between session and persistent cookies, please see www.allaboutcookies.org. 

If you have any questions about the Cookie Policy, please use the contact details provided below. 

8. Data subject’s rights

Under the GDPR, you have the following rights regarding your personal data:

• Access: The right to request access to your personal data (including a copy thereof, if requested), including the lawful bases and purposes thereto.
• Rectification: The right to request correction of inaccurate data.
• Erasure: The right to request deletion of your data unless prohibited by statutory provisions or overridden by our legitimate interests.
• Restriction: The right to request restriction of processing if we do not have a valid legal basis for processing.
• Data portability: The right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
• Objection: The right to object to data processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at [email protected]

If you believe your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable to your jurisdiction (Data Protection Inspectorate in Estonia address Tatari 39, Tallinn 10134, [email protected] or other competent authority in your jurisdiction).

9. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We suggest that you periodically review our Website for any changes.

10. Governing law and jurisdiction

This privacy policy is governed by the laws of the Republic of Estonia. Any disputes arising from this privacy policy shall be settled in the Harju County Court in the Republic of Estonia unless you have a right to turn to the court of your residence pursuant to statutory law.

11. Contact us

If you have any questions about this privacy policy or Cookie Policy or if you have any concerns about how we use your personal or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information: 

Optigon OÜ at Kassi 17, Tallinn 12618, Estonia

Email: [email protected]