DOTT PRIVACY POLICY

Last Updated: 20 November 2019

Thank you for deciding to share your personal data with us!

1.              Who we are

This privacy policy is issued on behalf of emTransit B.V., a private limited liability company incorporated under Dutch law, with registered office at Nieuwezijds Voorburgwal 162, 1012 SJ, Amsterdam, the Netherlands, registered under number 72795921 and its subsidiaries so when we mention “Dott”, "we,'' "us" or "our" in this privacy policy, we are referring to the relevant company in the Dott Group responsible for processing your data which would vary depending on your country of residence.

Dott respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you (i) visit our website at https://ridedott.com/ (“Website”), or (ii) use our mobile application (“App”) (regardless of where you visit it from), or (iii) use our electric vehicles (“Vehicles”) and tell you about your privacy rights and how the law protects you.

We will let you know which entity will be the controller for your data when you use our App and Vehicles when you download our App. emTransit B.V. is the controller and responsible for this Website.

Our services are not intended for children under the age of 16 years or any other age limit applicable in your jurisdiction and we do not knowingly collect data relating to children.

We keep our privacy policy under regular review and we therefore invite you to regularly review this webpage. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2.              The data we collect about you

We may collect, use, store and transfer different kinds of personal data about you, meaning any information that can either directly or indirectly identify you, which we have grouped together as follows:

We also process Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Technical and Usage Data to calculate the percentage of users accessing a specific Website feature or App functionality, or to understand how our Vehicles are used. As such data is not regulated, its processing is not subject to this privacy policy.  

If you fail to provide personal data

Where we need to collect personal data under our Terms and Conditions, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to allow you to use the App.

3.              How is your personal data collected?

Direct interactions. You may give us your Identity and Contact and Financial and Transactional Data by filling in forms or by corresponding with us. This includes personal data you provide when you:

Automated technologies or interactions. As you interact with our Website and App and use our Vehicles, we will automatically collect Technical and Usage Data about your  browsing your device and your Vehicle ride. We collect this personal data by using cookies, local storage and other technologies, both proprietary and third-party-sourced. Please see our cookie policy https://ridedott.com/cookie-notice for further details on automated data collection via our Website.

4.              How we use your personal data

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

OPERATIONS

To register you as a new customer, to deliver our services to you and to manage payments, fees and charges.

Identity and Contact

Financial and Transactional

Technical and Usage

Necessary for the performance of a contract with you (deliver our services).

To manage our relationship with you which includes notifying you about changes or updates to our services, user terms or privacy policy, responding to any queries raised by you and other similar activities.

Identity and Contact

Depending on your query we may need to process any other relevant personal data

Necessary for the performance of a contract with you (deliver our services).

or

Necessary for our legitimate interests (to maintain a positive client relationship with our customers).

To cooperate with our insurers and brokers, which includes verifying your identity, verifying the identity of the Vehicle you used, verifying your use of the Vehicle, and then providing them with this data.

Identity and Contact

Financial and Transactional

Technical and Usage

Necessary for the performance of a contract with you (keeping you insured whilst on a ride)

and

Necessary for our legitimate interests (to provide information to our insurer in order to process a claim, ie administer our business)

and

Necessary to comply with a legal obligation (the law may require us to cover our service with insurance).

ADMINISTRATION

To administer and protect our business, App, Vehicles and Website which includes troubleshooting, data analysis, testing, system maintenance, support, reporting , hosting of data, responding to law enforcement requests, responding to the needs of our professional advisers and other similar activities. This includes collecting and recovering money owed to us.

 

Identity and Contact

Financial and Transactional

Technical and Usage

Profile

Necessary for our legitimate interests (running our business, maintaining our Vehicles, ensuring reliability of IT services and  network security, preventing fraud, debt recovery, business reorganisation or group restructuring)

and

Necessary to comply with a legal obligation (for example, record keeping obligations).

ANALYTICS

To use data analytics to improve our Website, App, Vehicles, marketing and advertising efforts, customer relationships and experiences and other similar activities. This includes sharing personal data with third parties who provide analytics services.

Technical and Usage

Profile

Necessary for our legitimate interests (to study how customers use our Vehicles, App and Website, to develop, keep up to date, to improve our offering and to ensure it is lawful, safe and reliable).

Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for analytics purposes.

ADVERTISING

To deliver relevant Website and App content and advertisements to you, including making suggestions and recommendations to you about products or services that may be of interest to you, measure or understand the effectiveness of the advertising we serve to you and other similar activities. This includes sharing personal data with our advertising partners.

Identity and Contact

Technical and Usage

Profile

Necessary for our legitimate interests (to define and identify types of current and future customers for our offering, to inform our marketing strategy and to grow our business)

Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for advertising purposes.

DIRECT MARKETING

To ask you to complete feedback surveys, to enable you to partake in product promotions, and for other similar activities. This includes sharing personal data with our marketing partners.

 

Identity and Contact

Technical and Usage

Profile

Necessary for our legitimate interests (to ask for customer feedback on  our offering in view of improving it and to grow our business by promoting it)

Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for direct marketing purposes.

5.              Disclosures of your personal data

Our suppliers

We use a few different suppliers in order to deliver, develop and promote our services. Some of your personal data may be shared with them for the purposes set out in the table above.  We use suppliers to process payments, to store data in the cloud, to insure our services, to run analytics and data analysis, to provide customer support and to do advertising and marketing.

All  our suppliers have guaranteed that they comply with the General Data Protection Regulation (EU) 2016/679 and have signed data processing agreements with us. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes (unless this is necessary for them to provide their services to us, in which case you will be explicitly informed) and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Cookies

Cookies are most often served by third parties and this usually involves disclosure of Technical and Usage data that is often anonymised. Please use our cookies banner to accept or reject non-essential cookies. For more information about the cookies we use, please see https://ridedott.com/cookie-notice.

Corporate transactions

We will share your personal data across our corporate group.

We may also share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data.

Professional advisers and law enforcement

We may disclose your personal information to the court service or regulators or law enforcement agencies in connection with proceedings or investigations where compelled to do so. We may disclose your personal information to our professional advisors that are usually regulated by a competent authority (legal representatives, accountants, etc.) where that proves necessary.

6.              International transfers

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7.              Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8.              Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will irreversibly anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case this policy would no longer apply and we may use this information indefinitely without further notice to you.

Please note that by law we have to keep basic information about our customers for seven years after they cease being customers for tax purposes.

9.              Your legal rights

Dott is committed to fulfilling the statutory data protection rights of customers. If you send us a request regarding your rights under data protection law, we will respond within one month from the day of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further two months in complex cases. Please use privacy@ridedott.com.to exercise the following rights in respect of the personal information Dott processes about you:

to be informed

to access (such information)

to rectification

to erasure

to restrict processing

to object to profiling

to data portability

to complain to the regulatory authority

to withdraw consent

For full information on your statuary rights, please visit the Dutch Data Protection Authority's (“DDPA”) website (https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten). You also have the right to make a complaint to DDPA. We would, however, appreciate the chance to deal with your concerns before you approach the DDPA so please contact us in the first instance by emailing us at privacy@ridedott.com.