Last updated February 2025
Below, you find information about how we process your personal data (the Privacy Notice) and our use of cookies on this website
The protection of personal data is important to Spiro (including all branches), Uganda, Rwanda, Kenya, Nigeria, Togo, Benin, Dubai and India (hereinafter referred to as either Spiro, us, our or we). That is why safeguarding personal data is essential to everything we do, and why we strive to provide the best possible protection of personal data. This also includes the visitors to our websites, physical premises and other parties that may be in contact with Spiro.
Spiro will process personal data about you when you choose to interact with us, including (i) when you visit our website https://www.spironet.com and its subpages, (ii) when you visit Spiro offices, (iii) when we use social media when interacting with you (e.g. Facebook and LinkedIn) and (iv) when you perform your rights under the General Data Protection Regulation (the GDPR) and applicable local data protection regulations by making a data subject request and other relevant interactions.
Spiro will act as the data controller of the processes listed under the table in Section 2 below.
In relation to the services that Spiro offers to its customers, individuals and financial institutions, other privacy notices may exist and cover those products and services where needed. You can find the service/product related privacy notice on the Privacy Notice – Spiro Products
When you visit https://www.spironet.com including its subpages, your browser sends certain personal data to our webserver for technical reasons.
The purpose is to provide you with the websites' functionalities.
In addition, we use the data to optimize our website and to ensure the security of our information technology systems. Website also, provide simple informational questions and lead you to webpages and portals of www.spironet.com
Spiro has a legitimate interest in registering and analysing activities and statistics in relation to the use of the Spironet website to ensure and improve the usability of our website and related services, cf. Article 6(1)(f) of the GDPR.
We may share pseudonymized or aggregated data with third-party vendors to improve the usability of the website and to perform statistical analysis.
Our retention periods for personal data are based on business needs and local legal requirements.
We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain the information you provided to us as long as necessary to provide you with the services you requested through our Website and until the time limit for claims which may arise from those services has expired, or to comply with regulatory requirements regarding the retention of such data.
So, if we use your personal data for more than one purpose, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose(s) with a shorter period once that period expires.
At Spiro India or offices in other countries
When you visit one of our physical locations, including video surveillance (CCTV).
We have CCTV at our physical premises to ensure a high level of safety and security. This may result in situations where you can be recorded on CCTV. The recording cams are set up in accordance with applicable national legislation (e.g. , Section 67 & 67A of the Information Technology Act, 2000 or other similar local legislation), and signs are set up to inform about TV monitoring when required.
We process identification information and reasons for visiting, because we have a legitimate interest in registering both your identity, the reason for your visit and because we have a general legitimate interest to ensure the resilience and safety of our physical premises cf. Article 6(1)(f) of the GDPR.
We perform CCTV, because we as leading electric vehicle (EV) company in India and Africa have a legal obligation to safeguard our systems, which inherently also includes ensuring the physical premises giving access to our systems, cf. Article 6(1)(c) of the GDPR.
We only share CCTV recordings with the police and competent national investigation authorities on basis of a specific request from the police, where required to report or pursue legal claims against perpetrators, a court, or a competent supervisory authority.
Likewise, we only share data with public authorities and courts on basis of a specific request with a clear legal basis (e.g., regulation, court ruling).
We store CCTV recordings for 30 days running.
When you interact with us via social media, e.g., Facebook or LinkedIn.
Spiro processes personal data from social media such as Facebook and LinkedIn, where Spiro has profiles in order to perform marketing activities and interact with you upon request.
The purpose of this processing is image branding and marketing of Spiro and potential recruitment.
Our use of so called "social media plugins" on our website www.Spiro.eu provides us with information about the number of visitors on the website in response to social media advertisements.
The legal basis for the processing of your personal data is Spiro' legitimate interests in making content available on social media to users who follow Spiro, recruiting research, in branding Spiro' image and in marketing of Spiro, cf. Article 6(1)(f).
Spiro is a joint controller with Facebook and LinkedIn with regards to the processing of personal data on our social media profiles.
You can read more about the joint controllership arrangements here:
Facebook: http://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn: www.legal.linkedin.com/pages-joint-controller-addendum
The data will be erased when the content is deleted or when you withdraw your response to our content (likes, sharing etc.).
When you excise one (or more) of your data subject rights set out in the GDPR.
The purpose is to handle your submitted data subject request either through the Spiro DSR-portal in Trust Center or via an email, a letter or via another means of communication.
We will process the information in order to identify you and verify your identity, to assess your request and determine how and to what extent we shall accommodate your request.
We have a legitimate interest to assess your request in order for us to fulfil our obligation under the GDPR and other applicable data legislation to assess and answer your request, cf. Article 6, litra 1(f) of the GDPR.
We will share your request across the Sipro Group and/or third parties if deemed necessary taken your specific data subject request into consideration (e.g., if you excise the right to be forgotten).
We will delete your data subject request five (5) year after we have received it in order to document the request and handling hereof.
Log and Usage Data: Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
The IoT devices in Spiro vehicles and Energy infrastructure help in critical analytics for business operations and ensuring better customer experience for our valuable users.
Contact person at Spiro,s customer/Vendor/partner
Customer Survey
Statistics and business intelligence
Call recordings
Other communication (e.g email correspondence with Sipro’s employees)
The personal data what we process are mainly obtained from you, but it depends on the facts or the specific circumstances.
Generally, Spriø will not use your personal data for other purposes, which are not compatible with the original purpose for which the personal information was collected, without your explicit consent. Compilation for statistical purposes is considered compatible with the original purpose.
Spiro will keep your data confidential, but we may be disclosed it to the following recipient categories:
Other entities of SPIRO MOBILITY HOLDCO DMCC Group if the legislations require us to share such information. We might also share your data to provide you with better products and services. External data processors acting on Spiro' behalf to whom the personal data can be disclosed while utilising their services, e.g. IT operation(s) or operational support, cloud solution. This includes the following suppliers:
AWS cloud service provider
Relevant supervisory authorities as required by law, court orders or a request from the police or other authorities. External consultants/lawyers to establish, exercise or defend legal claims. Spiro will ensure that the amount of personal data disclosed is limited to the extent necessary for the particular case.
In the event such recipients have access to personal data collected or processed by us, the recipient acts as data processor and acts in accordance with a written agreement and under the instructions from us.
In some cases, we will transfer personal data to countries outside the India and Africa. Such transfers will only take place subject to appropriate safeguards are in place for the transfer including:
The country has been deemed by the Data Protection Board of India or the Commission of the African country to have an adequate level of protection of personal data. Personal data can without further measures be transferred to such third countries
The country has not been deemed by the Data Protection Board of India or the Commission of the African country to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of Standard Contractual Clauses, as published by the Commission of the European Union, EU-US Data Privacy Framework or any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary.
Where no appropriate safeguards are provided, such as the above mentioned, transfer of personal data to unsafe third countries can take place based on specific legal basis for the transfer.
For instance, the transfer can take place based (i) if you have consented hereto, (ii) for the performance of a contract with a company established in such third country and (iii) if necessary in relation to legal claims. The specific legal bases are stated in Article 49(1) of the GDPR.
You can always obtain a copy of the relevant legal basis for the transfer, or information about where it can be accessed by contacting Spiro’s' Data Protection Officer. You will find the contact details under Section 8.
Sipro is dedicated to protecting your personal data.
As part of this dedication, we have adopted internal security policies and instructed our employees accordingly to comply with applicable legislation, e.g. , the GDPR.
We have implemented appropriate procedures and security measures to protect your personal data from being destroyed, lost or altered, publicized unlawfully and against being disclosed to unauthorized persons or otherwise processed contrary to applicable data protection legislation.
As a data subject/data principal you have several rights available to you, which you may exercise by contacting Spiro. You can exercise your rights by submitting your request here:
Data Subject Request Form in Trust Centre
Please note, Spiro may decline disclosure to you if you are in possession of the information already or if disclosing them to you is impossible or would involve a disproportionate effort or would impair the achievement of the objectives of the processing.
If you have any concerns about the manner in which we process your personal data, you can lodge a complaint with the Data Protection Board of India https://pgportal.gov.in/
You can also lodge a complaint with a data protection authority in the African’s country of your habitual residence, place of work or where the alleged infringement has taken place.
Please find links to the African country’s authorities below:
Benin: https://apdp.bj/
Rwanda: https://dpo.gov.rw/
Uganda: https://www.pdpo.go.ug/home
Nigeria: https://ndpc.gov.ng/
Kenya: https://www.odpc.go.ke/
You are welcome to contact Sipro' Data Protection Officer if you have any questions, complaints or other concerns related to data protection and privacy on the following email address: dpo@spironet.com
