Privacy Policy - Tomorrow Mobility Solutions

Effective Date: November 10, 2025 (Last Updated: November 10, 2025)

This Privacy Policy describes how Tomorrow Mobility Solutions (hereinafter “the Company” or “we”) processes the personal data of its customers, potential customers, and cooperation partners in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller Information

This section provides the official details of the company responsible for processing your personal data.

2. Purpose and Legal Basis for Processing Personal Data

The Company processes personal data for the following purposes and under the stated legal bases (GDPR Article 6):

Customer Relationship Management (Consulting, delivering services, and invoicing): Contract or Legitimate Interest (maintaining an existing customer relationship).
Targeted B2B/B2G Sales & Marketing (Sending insights, newsletter, direct contact for new opportunities): Legitimate Interest (promoting our business to relevant professional contacts).
Communication & Networking (Responding to inquiries, managing strategic alliances): Legitimate Interest (managing communication essential for business operations).
Recruitment (For future specialist roles): Consent (if the individual applies) or Legitimate Interest (assessing suitability for a role).

We do not use personal data for automated decision-making or profiling.

3. Data Content of the Register

The personal data we collect typically relates to business contact persons and may include:

Identification and Contact Data: Name, job title/role (e.g., Director of Transport), organization name (PTO, PTA, City), business phone number, and business email address.
Customer Relationship Data: Information regarding ordered services, projects of interest, communication history (emails, meeting notes), and contract information.
Marketing Data: Data on subscription to newsletters, and activity related to our communication (e.g., email opens, link clicks).

4. Sources of Information

Data is collected from:

Directly from the Data Subject: Through our website contact forms, email inquiries, phone calls, meetings, and signed contracts.
Public Sources: Information is gathered from public domain sources such as organization websites, directories, and professional networking services (e.g., LinkedIn) to establish initial contact with relevant decision-makers (based on legitimate interest).

5. Data Disclosure and Transfer

The Company does not regularly disclose data to third parties. Data may only be disclosed under the following circumstances:

With Consent: Data may be published or transferred if specifically agreed upon with the customer or data subject (e.g., published testimonial, case study).
Legal Obligation: Data may be disclosed to authorities when required by law.
Data Processing: Data may be transferred to our authorized service providers (e.g., accounting, email providers, CRM tools) who process data on our behalf. These service providers are legally bound to follow this policy and relevant legislation.

We prioritize storing all data within the European Union (EU) or European Economic Area (EEA). If data must be transferred outside the EU/EEA, we ensure that the recipient adheres to GDPR principles, typically by implementing Standard Contractual Clauses (SCCs).

6. Data Retention Period

Personal data is retained only for as long as necessary to fulfill the purposes defined in this policy or as required by law.

Customer and Contract Data: Retained for the duration of the customer relationship plus any legally required retention periods (e.g., for accounting or legal claims).
Marketing Contacts (Legitimate Interest): Retained while the data subject is employed in a relevant position and is considered a legitimate business contact, subject to regular review and the data subject’s right to object.

7. Data Subject Rights

You have the following rights regarding the processing of your personal data:

Right of Access: You have the right to receive confirmation as to whether or not personal data concerning you are being processed, and to access that data.
Right to Rectification: You have the right to request the correction of inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data. We will delete data unless there is a legal obligation or overriding legitimate reason to retain it.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your data in certain situations (e.g., if you contest the accuracy of the data).
Right to Object: You have the right to object to processing based on our legitimate interest (e.g., direct marketing).
Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format.
Right to Lodge a Complaint: You have the right to lodge a complaint with your national supervisory authority if you believe your data has been processed unlawfully.

Requests concerning these rights should be submitted in writing to the contact person listed in Section 1.

8. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. We will inform data subjects of any significant changes on our website.