Privacy Policy

Mubea U-Mobility: Privacy policy and data protection

Muhr und Bender KG

We care about the protection of your personal data

1. Introduction

This Privacy Notice explains how Muhr und Bender KG, including its business units and affiliated brands within the Mubea Group, processes the personal data of individuals located in the United Kingdom.

Customer support and technical service are provided by our central Customer Support Team located in Germany. This involves an international transfer of personal data from the UK to Germany, which is safeguarded in compliance with the GDPR and the UK GDPR, as well as other relevant legal standards as well as using the UK Addendum to the EU Standard Contractual Clauses or the International Data Transfer Agreement (IDTA) where applicable.

We are committed to protecting your privacy and ensuring that your personal data is handled in compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (DPA 2018)
  • Privacy and Electronic Communications Regulations (PECR)

This Privacy Notice applies to all UK‑facing online services, including:

  • the Mubea U‑Mobility website
  • Cargo website and configurator
  • all related digital content, communication channels, and service forms

By using these services, you acknowledge that you have read and understood this Privacy Notice.

This Privacy Notice applies exclusively to individuals acting on behalf of a business or professional entity (B2B). It does not apply to consumers.

2. Controller

The party responsible (“Controller”) for your personal data is:

Muhr und Bender KG
Mubea‑Platz 1
57439 Attendorn
Germany
Phone: +49 2722 620
Email: dataprotection@mubea.com
 

Muhr und Bender KG has no establishment in the United Kingdom; therefore, a UK Representative has been appointed.

 

3. UK GDPR Representative (Article 27 UK GDPR)

For all UK‑based data subjects, the following Representative may be contacted for any matters relating to this Notice or your rights under UK data protection law:

UK Representative: Chris Temple
Unit 19, Space Business Centre, Plato Close Tachbrook Park Drive, Royal Leamington Spa
D - CV34 6YA Warwickshire, United Kingdom
Email: chris.temple@mubea.com
 

You may contact the UK Representative in addition to, or instead of, contacting the Controller directly.

 

4. Categories of Personal Data We Process

We process the following categories of personal data depending on how you interact with our services:

4.1 Identity Data

  • Title, first name, surname
  • Company name (for business users)
  • Postal address
  • Date of birth (only where strictly required by law for transactions or identity verification)

4.2 Contact Data

  • Email address
  • Telephone number
  • Delivery addresses
  • Communication preferences

4.3 Account Data

  • Username
  • Password
  • Profile information
  • Login activity and audit logs

4.4 Customer Service and Support Data

Customer support and warranty cases are handled by the Mubea Customer Support Team located in Germany. This constitutes an international transfer from the UK to Germany (a third country under UK GDPR). Transfers are safeguarded using the UK Addendum to the EU SCCs or the IDTA. Legal basis: Art. 6(1)(b) UK GDPR (contract) and Art. 6(1)(f) UK GDPR (legitimate interests).

  • Product identification numbers (e.g., chassis number, serial number)
  • Fault descriptions, error codes, photos/videos
  • Service communication history

4.5 Transaction and Payment Data

  • Purchase details, order numbers
  • Payment confirmations and refunds
  • Billing details

4.6 Technical and Device Data

  • IP address
  • Browser type, operating system
  • Device identifiers
  • Cookie and tracking identifiers
  • Log files (server logs, security logs)
  • Phone call data

4.7 Usage Data

  • Page visits, navigation paths
  • Interaction events

4.8 Marketing & Communication Data

  • Newsletter registrations
  • Marketing consent status
  • Engagement metrics (open rates, click data)

 

5. How We Collect Personal Data

We collect data from:

5.1 Direct Interactions

  • Forms (contact forms, service forms, configuration requests)
  • Email enquiries: Customer Support Email accounts
  • Customer service interactions

5.2 Automated Technologies

  • Cookies and tracking technologies
  • Device telemetry 
  • Server logs

5.3 Third‑Party Sources

  • Payment providers
  • Delivery and logistics partners
  • Agencies operating our services
  • Mubea Group companies (if relevant to your request)
  • Publicly available sources

 

6. Purposes and Legal Bases for Processing

We process personal data only when legally permitted. The table below summarizes our purposes and legal bases under Article 6 UK GDPR.

Purpose of ProcessingExamplesLegal Basis
Contract performanceOrders, deliveries, warrantiesArt. 6(1)(b) UK GDPR
Customer service & support in GermanyDiagnostics, repairs, customer serviceArt. 6(1)(b) & (f) safeguarded by Mubea Intra Group Data Transfer Agreement 
Usage & Telemetry Data Customer service & support Art. 6(1)(b) (diagnostics), Art. 6(1)(f) (performance improvement), Art. 6(1)(a) (analytics).
Account managementRegistration, authenticationArt. 6(1)(b)
CommunicationResponding to enquiriesArt. 6(1)(f)
MarketingNewsletters, product updatesArt. 6(1)(a) (consent)
Analytics & optimisationWebsite performanceArt. 6(1)(a) (consent – via cookies) or Art. 6(1)(f)
Legal obligationsTax, compliance, safeguardingArt. 6(1)(c)
Security & fraud preventionLogs, monitoringArt. 6(1)(f)

Where consent is required (marketing, analytics cookies), you may withdraw your consent at any time.

For Usage Data and telemetry, processing is based on Art. 6(1)(b) UK GDPR for contractual diagnostics, Art. 6(1)(f) for legitimate interests in improving technical performance, and Art. 6(1)(a) where analytics cookies or consent-based tracking is used.

 

7. Cookies and Tracking Technologies (PECR Compliance)

Our websites use:

  • Strictly necessary cookies (essential; no consent required)
  • Analytics cookies (consent required)
  • Functional cookies (consent required if not strictly necessary)
  • Marketing/advertising cookies (consent required)

Cookie consent is managed through our Cookiebot Consent Management Platform.

You can change or withdraw your consent at any time using the cookie banner or settings link.

 

8. Sharing and Disclosure of Personal Data

We share personal data only when necessary and only with trusted recipients:

8.1 Service Providers and Processors

  • Mubea Customer Support Team (Germany)
  • Hosting provider: ALL-INKL.COM - Neue Medien Münnich (https://all-inkl.com/en/privacy-policy/).
  • IT service providers
  • Salesforce: CRM systems 
  • Brevo: Newsletter provider 

All processors are bound by UK GDPR‑compliant contracts.

Service providerContract
Hosting Provider (ALL-INKL.COM)DPA + TOMs
IT Service Provider (Drupal)DPA + NDA 
CRM-System (Salesforce)DPA, SCCs (+ Sub‑processor List)
Mubea Customer Support Team (Germany), Callcenter / phone call data (Germany)Mubea Intra Group Data Transfer Agreement
Newsletter‑Provider (Brevo)DPA
Tracking/Analytics (Google, Meta)Joint Controller Agreement (Meta Pixel) + DPA

8.2 Business Partners

  • Logistics and shipping companies
  • Payment service providers
  • Authorised dealers or service partners (if selected by you)

8.3 Mubea Group Companies

Where operationally required (e.g., service cases).

8.4 Legal & Regulatory

Where necessary to comply with:

  • legal obligations
  • court orders
  • investigation agencies

We do not sell or share personal data within the meaning of the UK definition of “sale”.

 

9. International Data Transfers

Because Muhr und Bender KG is based in the EU and uses global service providers:

Your data may be transferred to countries outside the UK, including:

  • EU / EEA
  • Germany: Mubea Customer Support: For transfer of personal data to Customer Support in Germany we use Mubea Intra Group Data Transfer Agreement based on EU SCCs. 

To ensure lawful transfers, we apply:

  • International Data Transfer Agreement (IDTA)
  • to the EU Standard Contractual Clauses

We take all reasonable measures to ensure that adequate safeguards exist.

 

10. Data Retention

We retain your personal data only as long as necessary for:

  • the specific purpose of collection
  • legal retention periods
  • defence of legal claims

Typical retention periods:

  • Contractual data: 6–10 years (legal obligations)
  • Customer service data: up to 3 years after final contact
  • Marketing data: until withdrawal of consent
  • Telemetry data: until no longer required for contractual or legitimate business purposes

 

11. Your Rights Under UK GDPR

You have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object (including marketing)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Requests may be made to:

 

12. Complaints

You may file a complaint with the:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk

 

13. Automated Decision-Making

We do not use personal data to make decisions that have legal or significant effects on you solely through automated processing.

 

14. Children’s Privacy

Services are strictly business‑oriented and not addressed to minors. Our website are not intended for children under 13.
We do not knowingly collect children’s data.
If such data is collected inadvertently, it will be deleted.

 

15. Changes to This Privacy Notice

We may update this Privacy Notice periodically.
Changes will be indicated by the “Last Updated” date.
Material changes will be communicated where appropriate.

April 2026