Privacy Policy

Privacy Policy for the Bliq Driverless App

Last updated: 14 May 2026

This Privacy Policy explains how Bliq GmbH processes personal data when you use the Bliq Driverless App to interact with Bliq’s driverless vehicle service, including booking vehicles, managing reservations, opening doors, receiving trip-related notifications, navigating to or with the vehicle, and contacting support.

This Privacy Policy supplements Bliq’s broader privacy policy for its website and driverless vehicle services.

1. Controller and Contact Details

The controller responsible for processing your personal data is:

Bliq GmbH

Lohmühlenstraße 65

12435 Berlin

Germany

Email: hello@bliq.ai

Data Protection Officer:

Email: dpo@bliq.ai

2. Scope of This Privacy Policy

This Privacy Policy applies to the Bliq Driverless App and the personal data processed through it.

The app is used to interact with the Bliq driverless car service, including:

creating and managing reservations;
locating a booked vehicle;
navigating to pickup points or destinations;
opening or accessing the vehicle where supported;
receiving service and arrival notifications;
contacting customer support through app-based support functions.

Bliq’s public materials describe the app as the interface for booking a car, setting a pickup point and first destination, and managing driverless travel.

3. Personal Data We Process

Depending on how you use the app, we may process the following categories of personal data.

3.1 Account and Identification Data

Where account creation or login is required, we may process:

name;
email address;
account identifier;
authentication data;
user profile information;
reservation history linked to your account.

3.2 Reservation and Service Data

To provide the driverless vehicle service, we may process:

reservation date and time;
pickup point;
destination or planned destination;
reservation status;
vehicle assignment;
access actions, such as vehicle unlock requests;
trip-related interaction history in the app.

Bliq’s existing privacy policy confirms that trip metadata such as start and end location, timestamps, and route data may be processed in connection with driverless vehicle services.

3.3 Location Data

If you grant location permission, the app may process your device location for purposes such as:

showing your position in relation to the vehicle;
helping you find the pickup point or vehicle;
enabling navigation features;
improving booking and trip coordination;
supporting route and pickup workflows where relevant.

Location data is processed only to the extent necessary for app functionality and service delivery. Depending on your device settings, location access may be limited to app use or may be disabled entirely.

3.4 Notification Data

If you enable notifications, the app may process notification-related data to inform you about:

booking confirmations;
vehicle arrival or readiness;
reservation changes;
trip reminders;
important service updates;
support-related messages.

This may include technical push notification tokens or identifiers necessary to deliver notifications to your device.

3.5 Microphone and Support Interaction Data

If you use a support feature that requires audio interaction, and you grant microphone access, the app may process:

microphone input during the support interaction;
voice communication content;
related support metadata, such as time of interaction and support case context.

Microphone access is used only when you actively use a relevant support feature and where the feature requires it. It is not used for general background listening.

3.6 Device, Technical, and Security Data

When you use the app, we may process technical data such as:

device type;
operating system;
app version;
language settings;
IP address;
log files;
crash and diagnostic data;
session and usage information;
security-related access events.

Bliq’s broader privacy policy states that it processes device information, log files, and technical data for website and service operation and security; similar categories may also be relevant in the app context where technically necessary.

3.7 Communication Data

When you contact Bliq, including through app-based support, we may process:

your name;
email address;
message content;
support request details;
communication history.

Bliq’s existing privacy policy already identifies communication data such as name, email address, and message content as categories it processes.

4. Purposes of Processing

We process personal data for the following purposes:

4.1 Provision of the App and Driverless Service

To:

create and manage reservations;
connect users with booked vehicles;
enable access and interaction with the vehicle;
coordinate pickup, destination, and ride workflows;
provide core app functions.

4.2 Navigation and Vehicle Coordination

To:

display user and vehicle position;
support navigation to a pickup point;
assist with route or destination handling;
improve operational coordination of the driverless service.

4.3 Notifications and Service Communication

To:

inform users about vehicle arrival;
send reservation-related updates;
provide time-sensitive operational messages;
communicate support updates.

4.4 Customer Support

ToȘ

respond to questions;
handle support requests;
enable microphone-based or other app-based assistance;
document and resolve support interactions.

4.5 Security, Fraud Prevention, and Misuse Detection

To:

secure user accounts and app sessions;
investigate suspicious access or misuse;
protect Bliq’s systems, users, and vehicles;
maintain reliable service operations.

4.6 Compliance, Claims, and Legal Obligations

To:

comply with applicable laws;
respond to lawful requests by authorities;
defend, establish, or enforce legal claims;
investigate incidents where necessary.

Bliq’s broader privacy policy identifies operation and safety of driverless vehicles, navigation and ride execution, system monitoring, legal compliance, accident investigation, and customer support as processing purposes.

5. Legal Bases for Processing

We process personal data under the following legal bases:

5.1 Performance of a Contract — Article 6(1)(b) GDPR

This applies where processing is necessary to:

provide the app and related service features;
create and manage reservations;
coordinate vehicle pickup and app-based service interactions;
provide agreed support services.

5.2 Legitimate Interests — Article 6(1)(f) GDPR

This applies where processing is necessary for legitimate interests such as:

maintaining app security;
preventing misuse or fraud;
troubleshooting technical issues;
improving service reliability;
documenting operational events;
protecting Bliq’s legal and business interests.

These interests are balanced against your rights and freedoms.

5.3 Compliance with Legal Obligations — Article 6(1)(c) GDPR

This applies where processing is required by law, for example:

compliance with statutory retention duties;
responding to binding requests by authorities;
handling legally required documentation.

5.4 Consent — Article 6(1)(a) GDPR

Consent may be the legal basis where required, especially for:

certain optional device permissions;
optional marketing communications, where used;
optional analytics or similar technologies where consent is legally required.

You may withdraw consent at any time with effect for the future.

The GDPR requires controllers to clearly inform data subjects about the purposes and legal bases of processing.

6. App Permissions

The app may request the following device permissions.

6.1 Location Permission

Purpose:

To enable navigation, display your location relative to the vehicle, support pickup workflows, and improve trip coordination.

Effect of refusal:

Some location-based features may not function or may be less accurate.

6.2 Notification Permission

Purpose:

To notify you about reservation updates, vehicle arrival, service changes, and other app-related alerts.

Effect of refusal:

You may not receive time-sensitive app notifications.

6.3 Microphone Permission

Purpose:

To enable support interactions requiring voice input or live audio communication.

Effect of refusal:

Voice-based support functionality may not be available.

You can manage permissions at any time in your mobile device settings.

7. Recipients of Personal Data

We may share personal data with:

IT and cloud service providers;
hosting providers;
communication and notification infrastructure providers;
customer support service providers;
analytics or diagnostics providers, where lawfully used;
mobility or operational partners where needed to provide the service;
insurance providers where relevant to incidents or claims;
public authorities where legally required.

Where processors act on our behalf, we conclude data processing agreements as required by the GDPR. Bliq’s existing privacy policy identifies technical service providers, mobility partners, insurance providers, and authorities as possible recipients.

8. International Data Transfers

If personal data is transferred outside the European Union or European Economic Area, we ensure an appropriate level of protection in accordance with the GDPR.

This may include:

adequacy decisions by the European Commission;
Standard Contractual Clauses;
supplementary protective measures where required.

Bliq’s existing privacy policy states that transfers outside the EU/EEA are protected through appropriate safeguards such as EU Standard Contractual Clauses.

9. Retention Periods

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention periods may vary depending on the data category:

account and reservation data: for the duration of the user relationship and thereafter as necessary for contractual, legal, or evidentiary purposes;
location data: only as long as necessary for navigation, operational coordination, or related service purposes, unless longer retention is justified by legal or operational requirements;
notification tokens: until no longer needed for notification delivery or until revoked or refreshed;
support communication data: as long as required to handle the request and document support interactions;
technical logs and security data: for a limited period necessary for security, troubleshooting, and misuse prevention;
data subject request records: as necessary to document compliance.

Bliq’s broader policy specifies retention criteria and examples such as communication data retention of up to three years and website logs of up to 30 days.

10. Your Rights Under the GDPR

You have the following rights, subject to legal requirements and limitations:

Right of access under Article 15 GDPR;
Right to rectification under Article 16 GDPR;
Right to erasure under Article 17 GDPR;
Right to restriction of processing under Article 18 GDPR;
Right to data portability under Article 20 GDPR;
Right to object under Article 21 GDPR;
Right to withdraw consent at any time where processing is based on consent;
Right to lodge a complaint with a competent supervisory authority.

Requests may be sent to:

dpo@bliq.ai

11. Right to Object

Where we process your personal data on the basis of legitimate interests under Article 6(1)(f) GDPR, you may object to such processing at any time on grounds relating to your particular situation.

We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for legal claims.

12. Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.

This may include:

revoking app permissions in device settings;
disabling optional notification or communication functions;
contacting us directly where consent was collected separately.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

13. Automated Processing and Driverless Service Functions

The Bliq driverless mobility service may involve automated processing in connection with vehicle operation, routing, operational coordination, and safety systems.

Bliq’s existing privacy policy states that automated processing may be used for driverless vehicle operation and safety, but that no decisions producing legal effects concerning individuals are made without human oversight.

14. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

Measures may include:

encryption in transit and, where appropriate, at rest;
access controls;
authentication and authorization mechanisms;
logging and monitoring;
secure infrastructure practices;
role-based access restrictions;
internal confidentiality obligations.

Bliq’s existing policy confirms the use of measures such as encryption, access controls, and secure infrastructure.

15. Children

The app is not intended for use by children unless explicitly permitted as part of the applicable Bliq service terms. We do not knowingly collect personal data from children in violation of applicable law.