Privacy Notice for the Movemar Platform

Last updated: 20 April 2026

Promotino Ltd. (“Promotino”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data processed through the Movemar platform.

This Privacy Notice explains how personal data is processed when individuals use the Movemar platform, including account administration, field work management, visit execution, route and mileage tracking, forms, tasks, photos, analytics, diagnostics, and related security and support functions.

This Privacy Notice applies to the Movemar platform, including its web app, iOS app, and Android app, used by customer companies and their authorized users.

1. Who This Notice Applies To

This Privacy Notice applies to individual users of the Movemar platform, including:

  • customer company administrators
  • managers and supervisors
  • field representatives and other end users
  • the initial administrator account created for a customer company during onboarding

2. Roles of the Customer Company and Promotino

When a customer company uses Movemar to manage its workforce, field activities, visits, routes, tasks, forms, photos, notes, and operational records, that customer company generally acts as the controller of that operational data.

In that context, Promotino generally processes such operational data on behalf of the customer company in order to provide the Movemar platform.

Where Promotino processes personal data on behalf of a customer company as a processor, that processing is governed by a separate Data Processing Agreement or other binding contractual arrangement with the customer company.

Promotino may also act as a controller for certain limited categories of data that it processes for its own legitimate business purposes, such as platform security, authentication, fraud prevention, diagnostics, error monitoring, service reliability, analytics, and product improvement.

If you use Movemar through your employer or another customer company, that company is generally the first point of contact for questions about operational data processed in the platform.

3. Controller Details

For processing activities where Promotino acts as controller, the controller is:

Promotino Ltd.
Mladost 1A 537
Sofia 1729
Bulgaria
Email: [email protected]

Promotino Ltd. has not appointed a Data Protection Officer.

4. Personal Data Processed Through the Platform

Depending on how the customer company configures and uses Movemar, the platform may process the following categories of personal data:

Account and identity data

  • name
  • email address
  • account role and permissions
  • archived account status

Platform usage and operational data

  • workday records
  • routes and mileage records
  • visit records
  • visit timestamps
  • tasks and task completion history
  • forms, surveys, audit answers, and other structured inputs created by the customer company
  • notes and comments
  • uploaded files and visit photos

Location data

  • precise location data used to verify whether a user is present at a specific visit location
  • precise location and route data used to calculate travel distance and mileage during an active workday
  • background location data collected while workday tracking is active, including when the app is not in use, where permitted by the user’s device permissions and applicable law
  • pause and resume status during breaks

Device, technical, and security data

  • IP address at login
  • device type
  • user agent
  • login-related logs
  • service and security logs
  • push notification tokens

Diagnostics and analytics data

  • crash and error data
  • usage and performance data
  • analytics and debugging information collected through tools used to improve platform reliability, stability, and performance

5. How Data Is Collected

Personal data may be collected:

  • when a customer company administrator creates user accounts
  • when users log in and use the platform
  • when users start and end their workday tracking
  • when users create visits, fill in forms, complete tasks, upload files, add notes, or take photos
  • when the platform records technical, analytics, crash, or security events
  • when customer company administrators manage users and review platform activity

6. Location Tracking

Movemar may access and process precise location data, including background location data, in order to support field operations and visit verification.

Location data may be used for the following purposes:

  • to calculate travel distance and mileage during a workday
  • to verify whether a user is present at a specific location when carrying out a visit
  • to support customer company reporting and operational oversight

Location tracking is not always active. It is started by the user when the user starts the workday tracking feature. While that feature is active, location may be collected in the foreground and in the background, including when the app is not in use, in order to support mileage tracking and visit verification. Users may pause tracking during breaks and may stop tracking when their working day ends.

Location data collected through these features may be visible to the relevant customer company administrators and managers, depending on the customer company’s configuration and use of the platform.

7. Purposes of Processing and Legal Bases

A. Processing carried out on behalf of customer companies

Customer companies use Movemar to manage field operations and related workforce activities. In that context, personal data may be processed for purposes such as:

  • user and team administration
  • workday management
  • mileage and route tracking
  • visit verification
  • task assignment and completion
  • form, survey, and audit collection
  • photo and file capture
  • operational reporting and review

For these processing activities, the relevant customer company is generally responsible for determining the legal basis and overall lawfulness of processing.

B. Processing for Promotino’s own purposes

To provide, maintain, and secure the platform

We process technical and account-related data to operate the platform, manage access, maintain reliability, and protect the platform against misuse.

Legal basis: our legitimate interests in operating a secure and effective service and, where applicable, performance of a contract.

To authenticate users and protect accounts

We process login-related data such as IP address, device type, user agent, and security logs to detect suspicious activity, investigate incidents, and help protect user accounts and the platform.

Legal basis: our legitimate interests in security, fraud prevention, and service integrity.

To monitor errors, crashes, and service performance

We use diagnostic and crash-reporting tools to detect errors, investigate problems, maintain reliability, and improve the performance of the platform.

Legal basis: our legitimate interests in maintaining, troubleshooting, and improving the platform.

To analyze product usage, performance, and errors

We use analytics and diagnostic tools in the Movemar web app and mobile apps, including Google Analytics, Microsoft Clarity, Sentry, Firebase Crash Analytics, and Cloudflare Analytics, to understand how the platform is used, monitor stability and performance, identify technical issues, investigate crashes and errors, and improve functionality and usability.

Legal basis: our legitimate interests in maintaining, securing, troubleshooting, and improving the platform and, where required by applicable law, your consent for analytics or similar technologies.

Where required by applicable law, such technologies are used only after the user has been provided with the relevant notice and, where necessary, consent options through the relevant web or mobile interface.

To comply with legal obligations and protect rights

We may process and retain certain data where necessary to comply with legal obligations, enforce our terms, respond to lawful requests, or protect our rights and the rights of others.

Legal basis: compliance with a legal obligation and our legitimate interests in protecting our business and services.

8. Whether Data Must Be Provided

Some personal data is necessary for the platform to function properly.

For example:

  • account name and email are required to create and use a user account
  • login-related technical data is required for security and authentication
  • location data may be required for customer-configured features such as mileage tracking or visit presence verification
  • certain operational data may be required by the customer company for completion of assigned work

If required data is not provided, some platform functions may not work correctly or may not be available.

9. Recipients of Personal Data

Personal data processed through the platform may be accessible to or shared with:

  • the relevant customer company and its authorized administrators, managers, and users
  • Promotino personnel on a need-to-know basis for support, maintenance, security, and service operations
  • infrastructure and hosting providers, including Time4VPS (time4vps.com) and Microsoft Azure
  • network, DNS, and security service providers, including Cloudflare
  • analytics and diagnostics providers, including Google Analytics, Microsoft Clarity, Sentry, Firebase Crash Analytics, and Cloudflare Analytics
  • email or notification service providers, where used
  • authorities, advisers, or other third parties where disclosure is required by law or necessary to protect rights, security, or service integrity

We do not sell personal data.

10. International Transfers

Some service providers may process personal data outside the European Economic Area.

Where this occurs, appropriate safeguards may be used as required under applicable law, including adequacy decisions, Standard Contractual Clauses, the EU-U.S. Data Privacy Framework where applicable, or other lawful transfer mechanisms used by the relevant provider.

Promotino hosts the platform using Time4VPS (time4vps.com) and Microsoft Azure. Promotino’s primary Microsoft Azure hosting environment for the platform is configured in the EU.

11. Retention

Personal data is retained in accordance with the customer company’s use of the platform, operational needs, contractual requirements, and legal obligations.

Current retention practices include:

  • user accounts may be archived by the customer company rather than immediately deleted
  • operational data, including location, visits, tasks, forms, files, and related records, may be retained while the customer company remains under contract and uses the platform
  • logs are retained for security and operational purposes
  • crash and diagnostic logs are retained for troubleshooting and service improvement
  • analytics data is retained in accordance with the settings and policies of the relevant analytics providers
  • backups are retained for 1 month

Where deletion is requested or required, retention may also depend on contractual obligations, legal requirements, and technical limitations.

12. Your Rights

If your personal data in Movemar is processed by your employer or another customer company for operational purposes, that customer company is generally responsible for handling your requests relating to that data.

Subject to applicable law, you may have the right to:

  • be informed about how your personal data is processed
  • access your personal data
  • request correction of inaccurate or incomplete personal data
  • request erasure of your personal data
  • request restriction of processing
  • object to certain processing
  • withdraw consent where processing is based on consent
  • request portability where applicable
  • lodge a complaint with a competent supervisory authority

If your request concerns operational data controlled by your employer or another customer company, you should contact that organization first. Promotino will assist customer companies with such requests where required.

If your request concerns data for which Promotino acts as controller, you may contact us at [email protected].

13. Complaints

If you believe that personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority.

For Promotino Ltd., the relevant supervisory authority is the:

Commission for Personal Data Protection (CPDP)
Republic of Bulgaria

14. Automated Decision-Making

Promotino does not use personal data processed through the platform to make decisions based solely on automated processing that produce legal effects or similarly significant effects on users.

15. Children

The Movemar platform is intended for business use and is not directed to children under the age of 16.

16. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will publish the updated version and update the “Last updated” date above.