Thank you for sharing your personal data with us. At Dott we care about the
safety of your data and we are committed to providing you with clear and
transparent information on how we collect, use and share your data when you
visit our website at https://ridedott.com/ (“Website”), use our mobile
application (“App”) and our electric vehicles (“Vehicles”) and when you
otherwise interact with us. We process your data in accordance with the
requirements set out under the General Data Protection Regulation (“GDPR”), as
well as the Data Protection Act 2018 for the United Kingdom and other applicable
data protection legislation.
This policy explains what personal data we collect from you, for what reason, in
what way, how we keep it safe, with whom we share it with and your rights
regarding this data. We recommend that you read this along with our
Terms and Conditions, which set out
the terms governing the services provided.
We keep our Privacy Policy under regular review so we encourage you to regularly
review it through the App or through our Website. If we make any changes to this
Privacy Policy, the updated version will be made available through our App and
our Website and if we make any material changes to this Privacy Policy, we will
provide a prominent notice and may also contact you directly by email or another
method.
Our services are not intended for children under the age of 18 years or any
other age limit applicable in your jurisdiction and we do not knowingly collect
data relating to children.
-
Who we are
This Privacy Policy is issued on behalf of the emTransit corporate group,
which is made up of several different legal entities spread around Europe.
While the different entities may, from time to time, act as Joint
Controllers of your personal data, all the companies in the emTransit
corporate group have decided that emTransit B.V. , a private limited
liability company incorporated under Dutch law, with registered office at
Burgerweeshuispad 101 TQ South, 1076ER, Amsterdam, the Netherlands,
registered under number 72795921, is the primary data controller and
responsible entity for all personal data processing described in this
policy. Our Data Protection Officer oversees the entire corporate group's
compliance. For any questions about this policy, including questions about
your rights under data protection law, please contact our Officer at:
privacy@ridedott.com.
When we mention " Dott", " we ," "
us" or " our" in this privacy policy, we are
referring to our entire corporate group.
-
The data we collect about you
We may collect, use, store and transfer different kinds of personal data
about you, meaning any information that can either directly or indirectly
(together with other information) identify you, which we have separated in
the following groups:
- Identity Data and Contact Data includes first name, last name,
username and password, date of birth and gender (where required by law),
proof of identity such as identity card, passport or drivers licence
(where required by law), a live selfie (where required by the city),
billing address, delivery address, email address, telephone numbers and
other similar identifiers.
- Financial and Transactional Data includes some of your bank account
and payment card details and details about payments from you and other
details of services you have purchased from us and other similar details.
Please note we do not store your full payment card details. This
information is stored by our trusted third-party payment processor.
- Technical and Usage Data includes information about how you use our
Website, App and Vehicles, internet protocol (IP) address, your login
data, browser type and version, time zone settings, browser plug-in types
and versions, operating system and platform, and other similar technology
identifiers on the devices you use to access the Website, the App and our
Vehicles.
- Geolocation and Telemetry Data includes information about how you use
our Vehicles, including your ride and geolocation history and other
telemetry information, including braking, swerving, collisions, road
surface conditions, speed, path chosen and weight fluctuations.
- Profile Data includes purchases made by you, your interests, marketing
and communication preferences, feedback and survey responses and other
similar data you provide us with.
- User and potential user content includes information submitted by you
when contacting our customer support, or collected by us with your consent
when you participate in our User Research programme or in any events
organised by us. This may include feedback, photographs, video or audio
recordings.
- Social inclusive program data includes, for the United Kingdom,
information on one of the following: valid HC2 certificate, DID card or
Disabled Persons Rail Card; your status as an NHS or Emergency Service
Worker or as a higher education student.
We also process Aggregated Data such as statistical or demographic data
for any purpose. Aggregated Data could be derived from your personal data
but is not considered personal data in law as this data will not directly or
indirectly reveal your identity. For example, we may aggregate your
Technical and Usage Data to calculate the percentage of users accessing a
specific Website feature or App functionality, or to understand how our
Vehicles are used. As such data is not regulated, its processing is not
subject to this privacy policy.
If you fail to provide personal data
Where we need to collect personal data under our Terms and Conditions, and
you fail to provide that data when requested, we may not be able to perform
the contract we have or are trying to enter into with you. In this case, we
may not be able to allow you to use the App and/or our Vehicles as this
information is necessary in order to be able to provide our services.
-
How is your personal data collected?
Direct interactions. You may give us your Identity and Contact and
Financial and Transactional Data by filling in forms or by corresponding
with us. This includes personal data you provide when you:
- browse our Website;
- use our Vehicles;
- use our App;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our Website
and App and use our Vehicles, we will automatically collect Technical and
Usage Data about your browsing, your device and your Vehicle ride. We
collect this personal data by using telemetry sensors, cookies, local
storage and other technologies, both proprietary and third-party-sourced.
Please see our cookie
policyhttps://ridedott.com/cookies for
further details on automated data collection via our Website.
Data from other sources. We may obtain identity and contact data and/or
financial and transactional data from other sources, including our insurance
providers, vendors and law enforcement.
-
How we use your personal data
We have set out below a description of all the ways we plan to use your
personal data, and which of the legal bases we rely on to do so. We have
also identified what our legitimate interests are where appropriate.
|
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
OPERATIONS |
To register you as a new customer, to deliver our services to you and to manage payments, fees and charges. |
Identity and Contact Financial and Transactional Technical and Usage Geolocation and Telemetry Social and Inclusive Program Data |
Necessary for the performance of a contract with you (deliver our services). Necessary to comply with a legal obligation (for example, verify that you are over 18 or hold a valid drivers license). |
|
To manage our relationship with you which includes notifying you about changes or updates to our services, user terms or privacy policy, responding to any queries raised by you and other similar activities. |
Identity and Contact User Content User and potential user content Geolocation and Telemetry Depending on your query we may need to process any other relevant personal data |
Necessary for the performance of a contract with you (deliver our services). or Necessary for our legitimate interests (to maintain a positive client relationship with our customers). |
|
To cooperate with our insurers and brokers, which includes verifying your identity, verifying the identity of the Vehicle you used, verifying your use of the Vehicle, and then providing them with this data. |
Identity and Contact Financial and Transactional Technical and Usage Geolocation and Telemetry |
Necessary for the performance of a contract with you (keeping you insured whilst on a ride) and Necessary for our legitimate interests (to provide information to our insurer in order to process a claim, ie administer our business) and Necessary to comply with a legal obligation (the law may require us to cover our service with insurance). |
|
To seek your views on our services via customer satisfaction surveys and other similar activities, delivered via the App or via email. |
Identity and Contact User and potential user content |
Necessary for our legitimate interests (to improve our services on the basis of your feedback). |
ADMINISTRATION |
To administer and protect our business, App, Vehicles and Website which includes troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, responding to law enforcement requests, responding to the needs of our professional advisers and other similar activities. This includes collecting and recovering money owed to us. |
Identity and Contact Financial and Transactional Technical and Usage Geolocation and Telemetry Profile |
Necessary for our legitimate interests (running our business, maintaining our Vehicles, ensuring reliability of IT services and network security, preventing fraud, debt recovery, business reorganisation or group restructuring) and Necessary to comply with a legal obligation (for example, record keeping obligations). |
ANALYTICS |
To use data analytics to improve our Website, App, Vehicles, marketing and advertising efforts, customer relationships and experiences and other similar activities. This includes sharing personal data with third parties who provide analytics services. |
Technical and Usage Profile |
Necessary for our legitimate interests (to study how customers use our Vehicles, App and Website, to develop, keep up to date, to improve our offering and to ensure it is lawful, safe and reliable). Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for analytics purposes. |
ADVERTISING |
To deliver relevant Website and App content and advertisements to you, including making suggestions and recommendations to you about products or services that may be of interest to you, measure or understand the effectiveness of the advertising we serve to you and other similar activities. This includes sharing personal data with our advertising partners. |
Identity and Contact Technical and Usage Profile |
Necessary for our legitimate interests (to define and identify types of current and future customers for our offering, to inform our marketing strategy and to grow our business)br>Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for advertising purposes. |
DIRECT MARKETING |
To enable you to partake in product promotions and to take advantage of various discounts, to promote our services more generally and for other similar activities. This includes sharing personal data with our marketing partners. |
Identity and Contact Technical and Usage Profile |
Necessary for our legitimate interests (to promote our services) Where the law requires us to rely on your consent for this type of processing we will ask you to opt in to processing for direct marketing purposes. |
-
Disclosures of your personal data
Our suppliers
We use a few different suppliers in order to deliver, develop and promote
our services. Some of your personal data may be shared with them for the
purposes set out in the table above. We use suppliers to process payments,
to store data in the cloud, to insure our services, to run analytics and
data analysis, to provide customer support and to do advertising and
marketing.
All our suppliers have guaranteed that they comply with the General Data
Protection Regulation (EU) 2016/679 and have signed data processing
agreements with us. We require all third parties to respect the security of
your personal data and to treat it in accordance with the law. We do not
allow our third-party service providers to use your personal data for their
own purposes (unless this is necessary for them to provide their services to
us, in which case you will be explicitly informed) and only permit them to
process your personal data for specified purposes and in accordance with our
instructions.
Corporate transactions
We will share your personal data across our corporate group.
We may also share your personal data with third parties to whom we may
choose to sell, transfer or merge parts of our business or our assets.
Alternatively, we may seek to acquire other businesses or merge with them.
If a change happens to our business, then the new owners may use your
personal data.
Professional advisers and law enforcement
We may disclose your personal information to the court service or regulators
or law enforcement agencies in connection with proceedings or investigations
where compelled to do so. We may disclose your personal information to our
professional advisors that are usually regulated by a competent authority
(legal representatives, accountants, etc.) where that proves necessary. We
may also disclose your personal information to our Insurance Providers where
it proves necessary to process any insurance claim linked to your use of our
Vehicles.
Local authorities
Local authorities require us to share certain information about our Vehicles
as a condition to us operating on the territory of the cities they govern.
This exchange is automatic and in accordance with the
Open Mobility Foundation's
data exchange protocols. All local authorities have guaranteed that they
comply with the General Data Protection Regulation (EU) 2016/679 and have
signed data sharing agreements with us. Pursuant to these agreements local
authorities are required not to combine Vehicle information with any other
information that can potentially identify you. The authorities use Vehicle
information for the purposes of urban planning, public engagement and
compliance.
Other transport app operators
We may disclose certain information about our Vehicles to other transport
app operators so that they can provide services to you, such as allowing you
to see and book our Vehicles in their apps. This information does not
usually include any personal data but when it does the exchange is automatic
and in accordance with the
Open Mobility Foundation's
data exchange protocols. All transport app operators have guaranteed that
they comply with the General Data Protection Regulation (EU) 2016/679 and
have signed data sharing agreements with us. Pursuant to these agreements
transport app operators are required not to combine Vehicle information with
any other information that can potentially identify you. Transport app
operators use Vehicle information solely for the purposes of allowing the
seamless integration of our systems with their systems.
FOR USERS IN THE UNITED KINGDOM:
Department for Transport for London
Some data pertaining to your use of e-scooters with any participating
Operator of rental e-scooters in the UK, including Dott will be shared
securely with the UK Department for Transport (DfT) and a third party
research contractor for the purpose of the e-scooter trials.
This data will enable DfT to understand the effects of e-scooters and to
allow ministers to take an informed decision in the future about how they
should be regulated to promote safe and sustainable travel.
The data that will be shared includes:
-
Pseudonymised data: Details of the length, duration and location of
trips. Please note neither DfT nor its research contractor will be able
to attribute this data to any personally identifiable data.
-
Personal data, some of which DfT's research contractor will be able
to attribute to a user's contact details (for the sole purpose of
follow-up research): Month and day of the week, and a time band (i.e. a
Wednesday in March, between 7-12am) for the trip; the duration and
distance of the trip; and the area (the ONS Lower Super Output Area that
corresponds to a trip's start point). Operators, including Dott, will
also share responses you may provide to questions asked after each trip.
DfT and Dott take data protection extremely seriously and are ensuring the
collection of this data is compliant with Data Protection Legislation.
For more information about the standards you can expect when DfT asks for,
or holds, your personal information, read
DfT's Personal information charter.
DfT is also preparing a separate survey that you may be asked to respond to
as a participant in these rental e-scooter trials. The survey will ask for
information about your gender, ethnicity, age and first-part postcode to
enable the DfT’s research contractor to assess the impact of e-scooter use
on equality and opportunity, and to compare different experiences of
e-scooter use according to those characteristics.
Further details of this will be provided with the survey.
-
Cookies
Cookies are most often served by third parties and this usually involves
disclosure of Technical and Usage data that is often anonymised. Please use
our cookies banner to accept or reject non-essential cookies. For more
information about the cookies we use, please see
https://ridedott.com/cookies.
-
International transfers
Many of our external third parties are based outside the European Economic
Area (EEA) so their processing of your personal data will involve a transfer
of data outside the EEA. Whenever we transfer your personal data out of the
EEA, we ensure a similar degree of protection is afforded to it by ensuring
at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism
used by us when transferring your personal data out of the EEA.
-
Data security
We have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used or accessed in an unauthorised way,
altered or disclosed. In addition, we limit access to your personal data to
those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where we
are legally required to do so.
-
Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary
to fulfil the purposes we collected it for, including for the purposes of
satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period in the event of a
complaint or if we reasonably believe there is a prospect of litigation in
respect to our relationship with you. To determine the appropriate retention
period for personal data, we consider the amount, nature and sensitivity of
the personal data, the potential risk of harm from unauthorised use or
disclosure of your personal data, the purposes for which we process your
personal data and whether we can achieve those purposes through other means,
and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will irreversibly anonymise your personal data (so
that it can no longer be associated with you) for research or statistical
purposes, in which case this policy would no longer apply and we may use
this information indefinitely without further notice to you.
Your geolocation data will be deleted or anonymized after a period of 12
months, with the exception of those cases where this data may need to be
retained longer for a specific reason, such as being needed for legal
proceedings.
Please note that by law we have to keep basic information about our
customers for seven years after they cease being customers for tax purposes.
-
Automated Decision Making
We make use of automated decision making, including the use of profiling,
when carrying out age verification checks. Age verification checks are only
requested where required by the cities; if this is the case, you will be
prompted in your screen to carry it out. Our system will verify the
information on your ID (may also be a passport or driver's license) to
verify your date of birth and its validity, while comparing the photo on
your ID with the live photo that you submit. Together, they will determine
whether it's the same person in the photo as in the ID.
We also make use of automated decision making for the detection of fraud.
Our systems will identify any transactions or profiles that are deemed
suspicious based on the data that is available to us, and based on this
information will take a specific approach, such as allowing a payment to go
through, requesting verification of certain data, or blocking an account.
If you would like to object to either type of automatic decision making,
please contact privacy@ridedott.com
-
Blacklisting
Dott may blacklist an account or a payment method when it determines that
there has been fraudulent activity linked to it. Accounts and payment
methods that have been blacklisted are kept on file to avoid any future
fraudulent transactions. This list is not shared with any third parties and
is only for internal use. The goal of this activity is to prevent fraudulent
transactions and to protect our users. If you would like to know more about
this, please contact privacy@ridedott.com
-
Your legal rights
Dott is committed to ensuring you can fully exercise your rights as a data
subject. Please send an email to
privacy@ridedott.com to exercise the
following rights in respect of the personal information Dott processes about
you:
To be informed |
To access |
To rectify |
You have the right to be informed about our processing of your personal data. This information can be found on this Privacy Policy. If you have any questions or complaints, please contact us at privacy@ridedott.com. |
You have the right to request a copy of the personal data about you that we have. This request can be about a specific topic (for example, such as your trip history) or general. If you would like to exercise this right, please contact privacy@ridedott.com. |
You have the right to rectify your information and change or update it where the data is incorrect or has changed. It is important that the personal data we hold about you is accurate and up-to-date, so please let us know if your personal data changes during your relationship with us.If you would like to exercise this right, please contact privacy@ridedott.com. |
To erasure |
To restrict processing |
To object to automated decision making, including profiling |
You have the right to request the deletion of your personal information. If you would like to exercise this right, please send an email to privacy@ridedott.com. Keep in mind that in certain circumstances we may be unable to follow your request as we may have legal requirements under which we need to keep your data for a specific amount of time. If such is the case, we will inform you of the reason. |
You have the right to object to our processing of your data. If you would like to exercise this right, please contact privacy@ridedott.com. |
Dott carries out automated decision making when carrying out age verification checks. If you want to object to this type of processing, please contact privacy@ridedott.com. |
To data portability |
To complain to the data protection authority |
To withdraw yourconsent |
You have the right to request that your data be transferred to another organisation or an easy to read copy be provided to you in order to transfer to another organisation. If you would like to exercise this right, please contact privacy@ridedott.com. |
If you would like to lodge a complaint with the relevant Data Protection Authority, you can find the website here https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would appreciate the chance to deal with any concerns you may have before you raise them with your local authority so please contact us in the first instance by emailing us at privacy@ridedott.com. |
In those cases in which we have relied on consent for the processing of your data, you have the right to take this consent back at any time. If you would like to exercise this right, please contact privacy@ridedott.com. |
If you send us a request regarding any of these rights, we will answer
within one month from the day of receipt and, where possible, do our best to
address your request within such time. Where necessary, this period may be
extended by up to a further two months in complex cases (we will let you
know if this is the case).
For full information on your rights as a data subject, please visit the
webpage of the data protection authority in your country of residence:
- For users in the European Economic Area, you can find your DPA
here.
- For users in the United Kingdom, you can contact the Information
Commissioner's Office here.
We would appreciate the chance to deal with any concerns you may have before
you raise them with your local authority so please contact us in the first
instance by emailing us at
privacy@ridedott.com.