TIETOSUOJAKÄYTTÖ

Last Updated: 9 Aug 2024

At Dott, we are deeply committed to the protection of privacy rights, asserting that such rights should remain consistent, irrespective of one’s geographic location. Therefore, we categorize any information associated with an identifiable person, or that can be connected to an individual through Dott, as “personal data,” regardless of where the person resides. This encompasses information that explicitly identifies an individual — for example, their name — as personal data, as well as information that might not directly reveal an individual’s identity but can reasonably be used for this purpose — such as the IP address of their device. In the context of our Privacy Policy, aggregated information, which does not permit the identification of any individual, is defined as non-personal data.

This is the Privacy Statement of emTransit BV, encompassing all its entities, subsidiaries, branches, representative offices, affiliates, and other emTransit BV group companies (“hereinafter referred to as Dott”), and it governs our practices as long as we are engaged in the processing of personal data pertaining to individuals (‘you’).

Your Privacy Rights at Dott

At Dott, we are dedicated to safeguarding your privacy and ensuring you have full control over your personal data. Your trust and security are paramount, and we are committed to protecting your personal data and ensuring your rights are respected.

Our commitment to your privacy includes granting you the following rights concerning your personal data:

Right to Access Information: You are entitled to request an overview of your personal data processed by us, along with a copy of this data, ensuring you’re fully informed about the information we hold about you.

Right to Rectification: Should you find your personal data in our possession to be inaccurate or incomplete, you have the right to request that we correct or update it. In cases where your data has been shared with third parties, we will also inform them of any necessary amendments to ensure the accuracy of your information across all platforms.

Right to Object to Processing: You may object to the processing of your personal data if you believe our use of it is for our legitimate interests yet unjustifiably impacts you. Upon receiving an objection, we will assess the situation to determine if your rights override our processing activities. However, this right does not apply where the processing is a legal requirement or necessary for fulfilling a contract with you.

Rights Regarding Automated Decisions: Dott occasionally employs automated decision-making processes essential for entering into or performing a contract with you. You will be informed if such processes affect you, with the option to request a manual review of automated decisions, thereby ensuring fairness and accuracy.

Right to Restrict Processing: You can request that we limit the processing of your personal data under specific conditions, such as when the accuracy of the data is contested, its processing is unlawful, the data is no longer needed for processing, or while objections to processing based on legitimate interests are being evaluated.

Right to Data Portability: This right allows you to obtain your personal data in a structured, commonly used, and machine-readable format and to transfer that data to another entity, where technically feasible, ensuring ease of access and the ability to move your data as needed.

Right to Erasure: Also known as the ‘right to be forgotten,’ this enables you to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary, its processing is objected to, it has been unlawfully processed, or when required by law.

Right to Complain: If you are dissatisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the relevant data protection authority, ensuring your concerns are addressed appropriately.

Exercising Your Rights: Requests may be denied if they do not meet specific criteria. In such cases, or if there is a delay in processing your request due to legal requirements or complexities, we will inform you of the reasons for denial or delay, ensuring transparency and communication throughout the process. 

There are circumstances under which we may not be able to fulfill your request regarding your personal data. For instance, if you request the deletion of transaction data but Dott is under a legal obligation to retain records of that transaction to comply with laws, we must deny such requests. Similarly, requests that could compromise our legitimate use of data for anti-fraud and security purposes may also be declined. This could occur if, for example, you ask for the deletion of an account currently under investigation for security reasons.

Other grounds for denying a privacy request include situations where complying with the request would infringe on the privacy rights of others, if the request is deemed frivolous or vexatious, or if fulfilling the request would pose an extreme impracticality. Our commitment to protecting the privacy and security of our users’ data means we must carefully balance individual rights with legal obligations and the collective security of all users’ information.

Personal Data Dott Collects from You

At Dott, we uphold the principle that exceptional products and robust privacy can coexist harmoniously. This philosophy motivates us to be judicious in our data collection practices, ensuring that we gather only the personal data necessary to adhere to data minimization principles while simultaneously delivering our services effectively and enhancing your experience.

Identity Data and Contact Data: This encompasses your first and last name, username and password, date of birth, and gender (only where required by law), as well as proof of identity like an identity card, passport, or driver’s license (also where required by law). In some jurisdictions, a live selfie may be required. Additionally, we collect your billing and delivery addresses, email address, telephone numbers, and other similar identifiers.

Financial and Transactional Data: We gather information related to your bank account and payment card details (note that we do not retain your full payment card details, which are stored by our trusted third-party payment processor), along with details of transactions and services you have purchased from us.

Technical and Usage Data: This includes details on how you interact with our Website, App, and Vehicles, such as your internet protocol (IP) address, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services.

Geolocation and Telemetry Data: We collect data on how you use our Vehicles, including ride and geolocation history and telemetry information like braking, swerving, collisions, road surface conditions, speed, chosen path, and weight fluctuations.

Profile Data: This covers your purchases, interests, marketing and communication preferences, feedback, survey responses, and other data you provide.

User and Potential User Content: This includes information you submit when contacting customer support, or that we collect with your consent through participation in our User Research programme or events, which might include feedback, photos, videos, or audio recordings.

Online Behavior and Device Information: Dott collects data about your online activities and information related to your devices. This includes the device ID of your mobile device and the details of the pages you visit within the Dott mobile application. This type of data helps us understand how you interact with our app, which in turn allows us to tailor and improve our services to better meet your needs and preferences.

Social Media Interactions: Dott monitors and engages with your interactions related to our brand on various social media platforms, including Meta (Facebook and Instagram), Twitter, LinkedIn, and YouTube. This encompasses tracking public messages, posts, likes, and responses to and about Dott across the internet.

Aggregated Data: We also process aggregated data for various purposes, such as statistical or demographic analysis. Though derived from your personal data, aggregated data does not reveal your identity directly or indirectly and thus is not considered personal data under the law. For instance, we might use aggregated technical and usage data to determine the percentage of users accessing a specific feature of our Website or App, or to understand vehicle usage patterns. The processing of such data falls outside the scope of this privacy policy since it does not regulate personal data.

How Dott Uses Your Personal Data

Processing your personal data is essential for performing agreements to which you are a party, or to take steps at your request before entering into such agreements. We utilize your personal data when you initiate an agreement with us or when it is necessary for us to fulfill our obligations under these agreements.

Customer Registration and Service Delivery: We collect your data to register you as a new customer, deliver our services, and manage payments, fees, and charges. This fundamental use of data ensures we can provide you with the services you request and maintain the financial aspects of our customer relationship.

Collaboration with Insurers and Brokers: Your personal data is used to verify your identity, the identity of the vehicle used, and your usage of the vehicle. This information is then provided to our insurers and brokers as part of our commitment to ensuring a secure and accountable service environment.

Customer Feedback: We engage in customer satisfaction surveys and other activities to gather your views on our services. These are conducted via the App or email, helping us to continually improve and tailor our offerings to meet your needs.

Business, App, and Vehicle Administration: To maintain the integrity of our business, we use your data for troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting. This also includes responding to law enforcement requests, addressing the needs of our professional advisers, and collecting/recovering money owed to us.

Data Analytics: Your personal data supports our efforts to enhance our Website, App, Vehicles, marketing, and advertising efforts. Through data analytics, we aim to improve customer relationships and experiences, sharing data with third-party analytics service providers as necessary.

Maintaining Safety and Integrity: We utilize personal data to maintain the safety, security, and integrity of our services and users, ensuring a trusted environment for all.

Legal Proceedings and Requirements: We process personal data for legal proceedings and to fulfill legal requirements, including investigating and addressing claims and disputes.

Comply with Law:To comply with applicable law — for example, to satisfy tax or reporting obligations, or to comply with a lawful law enforcement body’s request.

Content and Advertising Personalization: We strive to deliver relevant content and advertisements on our Website and App, including personalized product or service recommendations. This involves measuring the effectiveness of our advertising and may include sharing data with our advertising partners.

Participation in Promotions: Your information enables participation in product promotions and access to discounts, supporting our efforts to promote our services more broadly. This may involve sharing personal data with our marketing partners.

Blacklisting: Dott may blacklist an account or a payment method when it determines that there has been fraudulent activity linked to it. Accounts and payment methods that have been blacklisted are kept on file to avoid any future fraudulent transactions. This list is not shared with any third parties and is only for internal use. The goal of this activity is to prevent fraudulent transactions and to protect our users. If you would like to know more about this, please contact privacy@ridedott.com

Who We Your Transfer Your Personal Data

Within the Dott Corporate Group: Dott may share your personal data internally within our corporate group to streamline services, support business operations, and enhance customer experiences. This collaboration across our entities ensures consistency in service delivery and policy adherence.

Service Providers: We engage third-party service providers to perform various tasks on behalf of Dott, such as processing or storing data, including your personal data, and delivering products. These providers are bound by our Data Processing Agreements to handle your information in line with this Privacy Policy and our specific instructions. Services they offer include:

  • Service execution and operational tasks
  • Development and maintenance of internet-based tools and applications
  • IT services, including cloud-based infrastructure and applications
  • Production of reports and statistics, printing services, and product design 

Payment Processors and Facilitators: Our engagement with payment processors and facilitators ensures secure and efficient transaction processing. These partners are critical for handling payments, fees, and charges associated with our services.

Customer Support Platforms: We utilize customer support platforms and service providers to offer timely and effective assistance to our users, ensuring high-quality customer service and support.

Marketing Partners: Dott collaborates with marketing partners and platform providers, including social media platforms and advertising networks, to enhance our marketing efforts, better understand our user base, and measure the effectiveness of our advertising campaigns.

Google Maps: For integrating Google Maps with our apps, we share necessary data with Google. This integration is crucial for providing location-based services and enhancing user experience.

Insurance and Financing Partners : We share relevant data with insurance companies for the purposes of managing insurance claims related to Dott’s services. This includes adjusting and handling claims efficiently, ensuring both compliance and support for our users in case of incidents.

By sharing data with these parties, Dott aims to enhance service delivery, maintain the safety and security of our operations, and comply with legal obligations, all while upholding our commitment to protecting your personal data.

We consistently store your personal data within the European Union (EU) to ensure its protection under the rigorous standards of the GDPR. However, in exceptional cases where it becomes necessary to transfer your personal data outside of the European Economic Area (EEA), we take stringent measures to safeguard your information.

To ensure the protection of your personal data when it is shared outside of the EEA—whether among Dott entities or with third-party service providers—we adhere to several key safeguards:

  • Applicable Local Laws and Regulations: We evaluate the local legal and regulatory frameworks of the country receiving the data to ensure they provide adequate protection for your personal data.
  • EU Model Clauses: For transfers to countries where the legal framework may not offer equivalent protection, we incorporate EU Model Clauses into our agreements with service providers. These clauses are designed to ensure that any personal data leaving the EEA will be handled in compliance with the EU’s General Data Protection Regulation (GDPR), providing a consistent level of protection.
  • Adequacy Decisions by the European Commission: We also rely on adequacy decisions made by the European Commission, which determine whether a non-EEA country offers an adequate level of data protection comparable to that within the EU. These decisions allow for the free transfer of data to countries deemed to have equivalent protective measures in place.

By employing these mechanisms, we strive to maintain the integrity and confidentiality of your personal data, ensuring it receives the highest level of protection, regardless of where it is processed.

Data Retention at Dott

At Dott, we are committed to handling your personal data responsibly and in compliance with applicable laws and regulations. We retain your personal data only as long as necessary for the purposes outlined in the section “How Dott Uses Your Personal Data.” The specific retention periods for your personal data are detailed in the applicable local privacy statement, which may vary depending on the nature of the data and the reasons for its processing.

Retention Periods

The duration for which we keep your data depends on several factors, including:

For the Duration of User Accounts: We retain personal data essential for delivering our services for as long as your account remains active. This includes data like your account information, which is crucial for maintaining your access to our services.

Compliance with Legal Requirements: Certain types of data, such as trip information or records relevant for tax purposes, are retained for a period of 7 years to comply with legal obligations.

After an Account Deletion Request

Upon receiving a request to delete an account, we proceed to remove the user’s account and associated data from our systems. However, there are exceptions where we may need to retain specific data:

  • Safety, Security, and Fraud Prevention: Some data may be retained to protect the safety and security of our services and our users, or for fraud prevention purposes.
  • Compliance with Legal Obligations: We may also retain data as required by law or to comply with legal requirements, ensuring we adhere to our legal responsibilities.
  • Outstanding Issues: If there are unresolved issues related to your account, such as outstanding balances or disputes, we may retain necessary data until these issues are resolved.

Dott takes data privacy and protection seriously, ensuring that our data retention practices are transparent and designed to respect your privacy while fulfilling our legal and operational obligations.

How Dott Protects Your Personal Data

At Dott, safeguarding your personal data is a top priority. We implement a comprehensive blend of technical and organizational measures designed to ensure the confidentiality, integrity, and secure processing of your personal data. Our approach includes:

  • Robust IT Security Measures: We employ state-of-the-art IT security solutions, including encryption, firewalls, and secure server configurations, to protect your data against unauthorized access, disclosure, alteration, and destruction.
  • Policies and Procedures: Dott has established a thorough set of policies and procedures that govern how personal data is handled within our organization. These guidelines ensure that all employees understand their roles and responsibilities in protecting user data.
  • Internal Framework of Policies and Minimum Standards: We maintain an internal framework that sets out policies and minimum standards for data protection across all our operations. This framework is designed to provide a consistent level of security for your personal data, regardless of where in our organization it is being processed.
  • Regular Updates and Compliance: Our data protection policies and standards are not static; they are regularly reviewed and updated to keep pace with regulatory changes and advancements in technology and security practices. This proactive approach ensures that our data protection measures remain effective and fully compliant with current regulations.
  • Training and Awareness: We also invest in training and awareness programs for our employees to ensure they are knowledgeable about the importance of data protection and the specific practices we follow to secure your information.

By integrating these measures into our daily operations, Dott is committed to protecting your personal data against any form of misuse, ensuring it is processed in a secure and lawful manner.

Exercising Your Rights and Point Of Contact

Should you have any inquiries regarding Dott’s Privacy Policy or our practices related to privacy, including instances where a third-party service provider acts on our behalf, or if you wish to reach out to our Data Protection Officer, we invite you to email us at privacy@ridedott.com or utilize our mobile application specific to your country or region for contact. Furthermore, we are available to address your queries on how to lodge a privacy complaint, committing ourselves to assist you in this process.

Dott earnestly considers your privacy concerns. Each query is meticulously evaluated by our dedicated team to ascertain the most appropriate course of action, including those arising from requests for access. Generally, we aim to respond to thorough inquiries within a thirty-day timeframe. However, certain situations may necessitate further information from you or an extension of our response time.

Should your feedback suggest that our handling of privacy matters could benefit from enhancements, we pledge to implement necessary improvements at the earliest suitable opportunity. Moreover, if a privacy issue has adversely affected you or another individual, we are committed to working towards a resolution with the impacted parties.

At any juncture — particularly if you are dissatisfied with the response provided by Dott — you are entitled to escalate your complaint to the relevant regulatory body. Upon request, we are prepared to guide you towards appropriate complaint mechanisms that may be relevant to your situation.

In the case of significant amendments to this Privacy Policy, we will announce such changes on our website with a minimum one-week notice before implementation, and directly communicate the update to you if your information is registered with us.

Transition from Tier Services to Dott Services in the Cities of Bristol, Bath, Chelmsford, Colchester, Braintree, Basildon, Milton Keynes
Change of Services 

This section is dedicated to users affected by the transition from Tier services to Dott services in the cities of Bristol, Bath, Chelmsford, Colchester, Braintree, Basildon, and Milton Keynes. Tier and Dott are pleased to announce a strategic merger. During the merger process, Tier and Dott will act as joint data controllers pursuant to Article 26 of the GDPR. This partnership marks a turning point in our commitment to improving urban mobility across Europe and beyond. Our joint efforts aim to enhance the quality of our services, expand our coverage, and improve the overall user experience. This section of the privacy policy contains important information about the management of your personal data and privacy during the transition from Tier services to Dott services.

Your Privacy Rights 

During the integration of services from Tier to Dott, our primary goal is to ensure a smooth and user-friendly experience for you while exercising your privacy rights. We are committed to a seamless transition and focus on the simplicity of managing your privacy rights. We respect your data rights in accordance with the GDPR. The personal data you have provided to Tier for rides in Bristol, Bath, Chelmsford, Colchester, Braintree, Basildon, and Milton Keynes will be retained by Tier. Users who wish to exercise their privacy rights related to their Tier account in the aforementioned cities (including access, rectification, transfer, restriction of processing, rights to data erasure, and data portability) can contact support@tier.app or dpo@tier.app.

Right to Data Portability

It is important for users who wish to exercise their right to data portability to understand that this right is only available to those who have registered with Tier using their phone number, due to technical limitations. If you have any questions about your privacy rights or other privacy-related questions regarding the creation of your account and your experience as a Dott user, you can contact us at privacy@ridedott.com. We are here to ensure that your experience with Dott is secure and that we respect your privacy at every stage.

Personal Data Linked to Your Tier Account for Bristol, Bath, Chelmsford, Colchester, Braintree, Basildon, Milton Keynes 

Tier may retain your personal data for a limited period to fulfil legal obligations, facilitate the merger process, or as required by law. At the end of this period, your data will be securely deleted. However, if you decide to exercise your right to data erasure or delete your account from the Tier mobile application, your data will be immediately removed from the system.