Effective date: 21 October 2025
This privacy notice explains how Grine Technologies Ltd (also referred to as we, us or our) collects, uses and protects personal data in connection with our power‑bank rental service and any associated websites or mobile applications (the Service). It describes your rights and how to exercise them. We comply with the retained EU law version of the General Data Protection Regulation (UK GDPR), the Data Protection Act 2018. This notice applies to anyone who uses or intends to use the Service. It supplements, and does not replace, our internal data protection policies.
We process personal data in accordance with the following principles derived from the UK GDPR:
We must have at least one legal basis for processing your personal data. Depending on the context, we rely on:
We may collect the following categories of data:
Full name, email address, telephone number and any other details you provide.
Passwords or authentication tokens used to access your account.
Partial card details (last four digits and expiry date), card token generated by our payment processor, deposit amount and transaction history. We do not store full card numbers.
Unique account or device identifiers, the date, time and location of each rental and return, the duration and fees, information about the power bank (e.g. battery charge level), and any credits or penalties applied.
IP address, device type, operating system, app version, device settings, log files and crash reports, mobile advertising identifiers (for example, IDFA on IOS, AAID on Android), in-app analytics and messaging SDK identifiers, and device diagnostics (for example, crash logs).
Approximate location data to show nearby charging stations. We do not collect precise GPS location without your permission. Where enabled, the app may use precise location to show nearby stations and to support lost-device investigations.
Emails, messages, enquiries, support requests and our responses.
Records of your consent to receive marketing and promotional materials.
Date of birth (to ensure legal eligibility to contract). We do not knowingly collect data from anyone under 13.
We obtain personal data:
We use personal data for the following purposes:
Marketing Communications: We use promotional emails and in-app messages only with your consent or, where permitted, under the soft-opt in for existing customers about similar products or services. You can opt out at any time via unsubscribe links or the app settings.
When we rely on consent to process your data, we will ask for it separately and clearly. Consent must be freely given, specific, informed and unambiguous. We do not use pre‑ticked boxes or silence to imply consent. You may withdraw your consent at any time by contacting us using the details in section 20. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We are committed to being open and transparent about how we use your personal data. We provide this privacy notice when you first provide personal data or soon afterwards if we obtain it from a third party. If we want to use your data for a new purpose that is incompatible with this notice, we will explain the new purpose and, if necessary, request your consent.
We only use personal data for the purposes described in this notice or for compatible purposes. If we intend to use data for a new or different purpose, we will update this notice and, where required, ask for your consent.
We collect only the personal data necessary for our purposes and no more. We take reasonable steps to ensure that the data we hold is accurate and up to date. Please contact us if your details change so that we can update our records.
We retain personal data for as long as necessary to fulfil the purposes described in this notice and to comply with legal, accounting and reporting requirements. Typically:
We may retain data for longer if required by law or necessary to resolve disputes. When the retention period ends, we securely delete or anonymise the data.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss or destruction, including:
We require our service providers to implement similar protections.
Where we use reputable cloud providers, we configure services to apply encryption at rest and in transit and role-based access controls.
A personal data breach is any incident that compromises the availability, confidentiality or integrity of personal data. We have procedures to detect, investigate and notify relevant authorities of a breach in accordance with UK GDPR requirements. If a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
We currently host and process personal data in the UK and/or EEA regions (including on Google Cloud in the region we specify). If we need to transfer personal data outside the UK: (a) we will rely on a UK adequacy regulation where available; or (b) we will implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with transfer risk assessments. Details are available on request.
You have the following rights under data protection law:
We will normally respond within one month but may extend the period if the request is complex. We have an internal complaint‑handling mechanism and will acknowledge complaints within 30 days.
To exercise any of these rights, please contact us using the details below. You will not have to pay a fee, but we may refuse or charge a fee if your request is unfounded, repetitive or excessive. We may require proof of your identity.
We do not currently make decisions based solely on automated processing or profile individuals in a way that has legal or similarly significant effects. If we introduce such functionality in the future, we will provide notice and a mechanism for you to object or request human intervention. We may use non-significant profiling to tailor promotions and messages. You can object at any time.
Website (cookies). Our informational website (hosted by GoDaddy) uses essential cookies needed for core functionality. We do not set analytics or marketing cookies unless we tell you and, where required, obtain your consent. See our Cookie Policy for details.
App (SDKs). Our mobile app uses software development kits (SDKs) and similar technologies. We use:
You can change these settings at any time within the app. Withdrawing consent will not affect strictly necessary technologies.
We may share your personal data with:
We require third parties to respect the security of your data and to process it in accordance with the law. We do not allow our service providers to use your data for their own purposes.
To exercise your rights or contact us with queries or complaints, please write to our Data Privacy Manager:
Email: privacy@gt-powerbank.com
Post: Grine Technologies Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.
Although we are not currently required to appoint a Data Protection Officer, we have appointed a Data Privacy Manager responsible for overseeing compliance. For complaints, we will acknowledge receipt within 30 days and aim to resolve them promptly. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with our response.
We may update this privacy notice from time to time to reflect changes in our services or legal requirements. We will post updates on our website and, where appropriate, notify you by email or in‑app notification. The latest version will always be available on our website. Please review it regularly.
Our Service is not intended for children under 13. If you believe a child under 13 has provided personal data, please contact us so we can delete it. Users aged 13-17 may use the Service with the knowledge and permission of a parent or guardian where appropriate.