-
Who we are
This privacy policy is issued on behalf of the emTransit corporate group
which consists of emTransit B.V., a private limited liability company
incorporated under Dutch law, with registered office at Burgerweeshuispad 101
TQ South, 1076ER, Amsterdam, the Netherlands, registered under number
72795921 and all of its subsidiaries outside the Netherlands. When we mention
“Dott”, "we," "us" or "our" in this privacy policy, we are
referring to our entire corporate group.
While different entities in our corporate group may from time act as
(co-)controllers in respect of your personal data, emTransit B.V. acts as the
primary controller and responsible entity for all personal data processing
described in this policy. Our Data Protection Officer oversees the entire
corporate group's compliance. For any questions about this policy, including
questions about your rights under data protection law, please contact our
Officer at: privacy@ridedott.com.
Dott respects your privacy and is committed to protecting your personal data.
This privacy policy will inform you as to how we look after your personal
data when you (i) visit our website at
https://ridedott.com/ (“Website”), or (ii) use
our mobile application (“App”), or (iii) use our electric vehicles
(“Vehicles”) and tell you about your privacy rights and how the law
protects you.
Our services are not intended for children under the age of 16 years or any
other age limit applicable in your jurisdiction and we do not knowingly
collect data relating to children.
We keep our privacy policy under regular review and we therefore invite you
to regularly review this webpage. It is important that the personal data we
hold about you is accurate and current. Please keep us informed if your
personal data changes during your relationship with us.
-
The data we collect about you
We may collect, use, store and transfer different kinds of personal data
about you, meaning any information that can either directly or indirectly
identify you, which we have grouped together as follows:
- Identity Data and Contact Data includes first name, last name, username
and password, date of birth and gender (where required by law), proof of
identity such as identity card, passport or photos (where required by law),
drivers licence (where required by law), billing address, delivery address,
email address, telephone numbers and other similar identifiers.
- Financial and Transactional Data includes some of your bank account and
payment card details and details about payments from you and other details
of services you have purchased from us and other similar details. Please
note we do not store your full payment card details. This information is
stored by our trusted third-party payment processor.
- Technical and Usage Data includes information about how you use our
Website, App and Vehicles (including your ride and location history) such
as internet protocol (IP) address, your login data, browser type and
version, time zone settings, browser plug-in types and versions, operating
system and platform, and other similar technology identifiers on the
devices you use to access the Website, the App and our Vehicles.
- Profile Data includes purchases made by you, your interests, marketing
and communication preferences, feedback and survey responses and other
similar data you provide us with.
We also process Aggregated Data such as statistical or demographic data
for any purpose. Aggregated Data could be derived from your personal data but
is not considered personal data in law as this data will not directly or
indirectly reveal your identity. For example, we may aggregate your Technical
and Usage Data to calculate the percentage of users accessing a specific
Website feature or App functionality, or to understand how our Vehicles are
used. As such data is not regulated, its processing is not subject to this
privacy policy.
If you fail to provide personal data
Where we need to collect personal data under our Terms and Conditions, and
you fail to provide that data when requested, we may not be able to perform
the contract we have or are trying to enter into with you. In this case, we
may not be able to allow you to use the App.
-
How is your personal data collected?
Direct interactions. You may give us your Identity and Contact and
Financial and Transactional Data by filling in forms or by corresponding with
us. This includes personal data you provide when you:
- browse our Website;
- use our Vehicles;
- use our App;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our Website
and App and use our Vehicles, we will automatically collect Technical and
Usage Data about your browsing, your device and your Vehicle ride. We collect
this personal data by using cookies, local storage and other technologies,
both proprietary and third-party-sourced. Please see our cookie policy
https://ridedott.com/cookies for further
details on automated data collection via our Website.
-
How we use your personal data
We have set out below a description of all the ways we plan to use your
personal data, and which of the legal bases we rely on to do so. We have also
identified what our legitimate interests are where appropriate.
|
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
OPERATIONS |
To register you as a new customer, to deliver our services to you and to manage payments, fees and charges. |
Identity and Contact Financial and Transactional Technical and Usage |
Necessary for the performance of a contract with you (deliver our services). Necessary to comply with a legal obligation (for example, verify that you are over 18 or hold a valid drivers license). |
|
To manage our relationship with you which includes notifying you about changes or updates to our services, user terms or privacy policy, responding to any queries raised by you and other similar activities. |
Identity and Contact Depending on your query we may need to process any other relevant personal data |
Necessary for the performance of a contract with you (deliver our services). or Necessary for our legitimate interests (to maintain a positive client relationship with our customers). |
|
To cooperate with our insurers and brokers, which includes verifying your identity, verifying the identity of the Vehicle you used, verifying your use of the Vehicle, and then providing them with this data. |
Identity and Contact Financial and Transactional Technical and Usage |
Necessary for the performance of a contract with you (keeping you insured whilst on a ride) and Necessary for our legitimate interests (to provide information to our insurer in order to process a claim, ie administer our business) and Necessary to comply with a legal obligation (the law may require us to cover our service with insurance). |
|
To seek your views on our services via customer satisfaction surveys and other similar activities, delivered via the App or via email. |
Identity and Contact |
Necessary for our legitimate interests (to improve our services on the basis of your feedback). |
ADMINISTRATION |
To administer and protect our business, App, Vehicles and Website which includes troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, responding to law enforcement requests, responding to the needs of our professional advisers and other similar activities. This includes collecting and recovering money owed to us. |
Identity and Contact Financial and Transactional Technical and Usage Profile |
Necessary for our legitimate interests (running our business, maintaining our Vehicles, ensuring reliability of IT services and network security, preventing fraud, debt recovery, business reorganisation or group restructuring) and Necessary to comply with a legal obligation (for example, record keeping obligations). |
ANALYTICS |
To use data analytics to improve our Website, App, Vehicles, marketing and advertising efforts, customer relationships and experiences and other similar activities. This includes sharing personal data with third parties who provide analytics services. |
Technical and Usage Profile |
Necessary for our legitimate interests (to study how customers use our Vehicles, App and Website, to develop, keep up to date, to improve our offering and to ensure it is lawful, safe and reliable). Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for analytics purposes. |
ADVERTISING |
To deliver relevant Website and App content and advertisements to you, including making suggestions and recommendations to you about products or services that may be of interest to you, measure or understand the effectiveness of the advertising we serve to you and other similar activities. This includes sharing personal data with our advertising partners. |
Identity and Contact Technical and Usage Profile |
Necessary for our legitimate interests (to define and identify types of current and future customers for our offering, to inform our marketing strategy and to grow our business)br>Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for advertising purposes. |
DIRECT MARKETING |
To enable you to partake in product promotions and to take advantage of various discounts, to promote our services more generally and for other similar activities. This includes sharing personal data with our marketing partners. |
Identity and Contact Technical and Usage Profile |
Necessary for our legitimate interests (to promote our services) Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for direct marketing purposes. |
-
Disclosures of your personal data
Our suppliers
We use a few different suppliers in order to deliver, develop and promote our
services. Some of your personal data may be shared with them for the purposes
set out in the table above. We use suppliers to process payments, to store
data in the cloud, to insure our services, to run analytics and data
analysis, to provide customer support and to do advertising and marketing.
All our suppliers have guaranteed that they comply with the General Data
Protection Regulation (EU) 2016/679 and have signed data processing
agreements with us. We require all third parties to respect the security of
your personal data and to treat it in accordance with the law. We do not
allow our third-party service providers to use your personal data for their
own purposes (unless this is necessary for them to provide their services to
us, in which case you will be explicitly informed) and only permit them to
process your personal data for specified purposes and in accordance with our
instructions.
Corporate transactions
We will share your personal data across our corporate group.
We may also share your personal data with third parties to whom we may choose
to sell, transfer or merge parts of our business or our assets.
Alternatively, we may seek to acquire other businesses or merge with them. If
a change happens to our business, then the new owners may use your personal
data.
Professional advisers and law enforcement
We may disclose your personal information to the court service or regulators
or law enforcement agencies in connection with proceedings or investigations
where compelled to do so. We may disclose your personal information to our
professional advisors that are usually regulated by a competent authority
(legal representatives, accountants, etc.) where that proves necessary.
Local authorities
Local authorities require us to share certain information about our Vehicles
as a condition to us operating on the territory of the cities they govern.
This exchange is automatic and in accordance with the Open Mobility
Foundation's data exchange protocols. All local authorities have guaranteed
that they comply with the General Data Protection Regulation (EU) 2016/679
and have signed data sharing agreements with us. Pursuant to these agreements
local authorities are required not to combine Vehicle information with any
other information that can potentially identify you. The authorities use
Vehicle information for the purposes of urban planning, public engagement and
compliance.
Other transport app operators
We may disclose certain information about our Vehicles to other transport app
operators so that they can provide services to you, such as allowing you to
see and book our Vehicles in their apps. This information does not usually
include any personal data but when it does the exchange is automatic and in
accordance with the Open Mobility Foundation's data exchange protocols. All
transport app operators have guaranteed that they comply with the General
Data Protection Regulation (EU) 2016/679 and have signed data sharing
agreements with us. Pursuant to these agreements transport app operators are
required not to combine Vehicle information with any other information that
can potentially identify you. Transport app operators use Vehicle information
solely for the purposes of allowing the seamless integration of our systems
with their systems.
-
Cookies
Cookies are most often served by third parties and this usually involves
disclosure of Technical and Usage data that is often anonymised. Please use
our cookies banner to accept or reject non-essential cookies. For more
information about the cookies we use, please see
https://ridedott.com/cookies
-
International transfers
Many of our external third parties are based outside the European Economic
Area (EEA) so their processing of your personal data will involve a transfer
of data outside the EEA. Whenever we transfer your personal data out of the
EEA, we ensure a similar degree of protection is afforded to it by ensuring
at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to
provide an adequate level of protection for personal data by the European
Commission. For further details, see European Commission:
Adequacy of the protection of personal data in non-EU countries;
or
- We may use specific contracts approved by the European Commission which
give personal data similar protection it has in Europe. For further
details, see European Commission:
Model contracts for the transfer of personal data to third countries.
-Where we use providers based in the US, we may transfer data to them if
(1) standard contractual clauses have been entered into or (2), to the
extent it is considered as valid within the European Union, they are part
of the Privacy Shield self-certification scheme which requires them to
provide similar protection to personal data to the protection afforded in
Europe. For further details, see Privacy Shield Framework:
Privacy Shield Overview.
Please contact us if you want further information on the specific mechanism
used by us when transferring your personal data out of the EEA.
-
Data security
We have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used or accessed in an unauthorised way,
altered or disclosed. In addition, we limit access to your personal data to
those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where we
are legally required to do so.
-
Data retention
How long will you use my personal data for? We will only retain your
personal data for as long as reasonably necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal,
regulatory, tax, accounting or reporting requirements. We may retain your
personal data for a longer period in the event of a complaint or if we
reasonably believe there is a prospect of litigation in respect to our
relationship with you. To determine the appropriate retention period for
personal data, we consider the amount, nature and sensitivity of the personal
data, the potential risk of harm from unauthorised use or disclosure of your
personal data, the purposes for which we process your personal data and
whether we can achieve those purposes through other means, and the applicable
legal, regulatory, tax, accounting or other requirements.
In some circumstances we will irreversibly anonymise your personal data (so
that it can no longer be associated with you) for research or statistical
purposes, in which case this policy would no longer apply and we may use this
information indefinitely without further notice to you.
Please note that by law we have to keep basic information about our customers
for seven years after they cease being customers for tax purposes.
-
Your legal rights
Dott is committed to fulfilling the statutory data protection rights of
customers. If you send us a request regarding your rights under data
protection law, we will respond within one month from the day of receipt
and, where possible, address your request within such time. Where necessary,
this period may be extended by up to a further two months in complex cases.
Please use privacy@ridedott.com to exercise the following rights in respect
of the personal information Dott processes about you:
- to be informed
- to access (such information)
- to rectify
- to erasure
- to restrict processing
- to object to profiling
- to data portability
- to complain to the data protection authority
- to withdraw consent
For full information on your statutory rights, please visit the webpage of
the data protection authority in your country of residence:
We would appreciate the chance to deal with any concerns you may have before you
raise them with your local authority so please contact us in the first instance
by emailing us at privacy@ridedott.com.