Privacy Policy for the Simdle Driver App

This privacy policy describes how personal data is processed when the Driver App and its functionalities are used.

1. What is Personal Data?

Personal Data includes any information relating to an identified or identifiable natural person, for example your name, address, e-mail address or user behavior in relation to the Driver App.

2. Responsible Body

The Driver App is used from different customers and it is linked to the backend system of the individual customer via a setup code. The individual customer (your employer or contracting partner) is the data controller.

Therefore, the Responsible Body under Article 4 No. 7 of the General Data Protection Regulation (GDPR) is your employer or contracting partner. Please contact your employer or contracting partner for further details and concerns regarding your personal data in the Driver App.

The Manufacturer and service provider Cube4t8 Sarl of the Driver App and the backend system which the Driver App is connected to, uses state of the art technology and procedures to secure the data in the preceding systems.

Contact details of the Manufacturer and Service Provider:

Losch Digital Lab S.à r.l.
5, rue des Joncs
L-1818 Howald
Luxembourg
DataProtection@losch.lu

3. What personal data is collected? How is the data collected from you used? On what legal principle is the use based?

a) Employment or appointment as a driver for the Service

Prior to, or upon entering into a contract to serve as a driver for the Service, you will have been asked by your employer or contracting partner in a separate document to give your consent to the processing of certain Personal Data. Your employer is permitted to process the personal data related to your contract in accordance with that document.

The legal basis for this is Art. 6 para. 1 (b) (performance of a contract or steps prior to entering into a contract).
An approved data processor at your employer will create a Driver account using your name, email address and phone number.

b) Installation of the App

When you install this Driver App and login to the service which you have been assigned the following information is collected from you.

- Service setup code
- Email address
- Encrypted credentials

This information is processed for the purpose of registration and authentication as well as for verification of the user identity. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).

c) Use of the App

When using the App, the following personal data may be collected:

1. Location-based data

The location and route of your vehicle will be tracked and displayed, live, to the operations control, and are therefore visible to the dispatcher. In addition, following a ride request or booking, the Rider can follow your location and route on the rider app. In addition, historic information relating to previous rides is stored by the operations control.
The purpose of this data collection is to carry out transportation requests, plan the route of the vehicle, monitor performance of the Service and optimize routes and rides between drivers in a service. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).

2. License plate

When a ride is assigned to you, your license plate will be shared with the passenger, in order to enable their identification and verification of the vehicle which is collecting them. After completion of the ride, your license plate remains available to the passenger in their ride history. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).

3. Device information

IP address, device type, operating system, manufacturer, model and version number, and unique device identifiers such as your device ID, but not IMEI. The Manufacturer collect this information automatically when you use the Manufacturers Services in order to diagnose problems and improve the Service. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).

4. Mapbox

The Manufacturer uses the Mapbox Navigation SDK in the app. The Mapbox Navigation SDK provides maps and in app turn by turn navigation in the app. This is a core feature of the Driver App and allows the Manufacturer to provide a service all in a single app instead of relying on external navigation solutions. The Mapbox Navigation SDK collects anonymized device and location information in order to improve their service.

https://www.mapbox.com/legal/privacy/

5. Google Firebase

The Manufacturer uses Firebase within the app. Firebase is a development platform for mobile and web applications, which provides tools and infrastructure via a Software Development Kit (SDK). This enables the Manufacturer to make the app functionalities simpler and more efficient. Firebase is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US. Firebase collects and processes data from you. You can find more information about the handling of user data in Google™ privacy policy:

https://policies.google.com/privacy

The Manufacturer uses Firebase as follows:

- Firebase Analytics

Firebase Analytics enables the operator to carry out independent analysis of user behavior on the basis of anonymized or pseudonymized data. In Firebase Analytics, an app Instance ID is automatically generated and assigned each time you open the Driver App. The ID is used to calculate user metrics. Firebase Analytics also derives demographic and interest data from the following other sources, depending on your device's operating system you use:

- Android Ad ID : The Ad ID is used to track app usage only. In Analytics, an identifier is generated based on the ID. This identifier contains information about demographics and interests based on user app activity.

Location data is derived from the IP addresses of users. The Manufacturer have configured Firebase Analytics to anonymize IP addresses within the European Union and the European Economic Area before they are submitted to Google LLC. Neither from the collection of the IP address nor from the other data can the Manufacturer or Google LLC (to the best of our knowledge) draw conclusions about your identity.

Google LLC uses the data to provide the Manufacturer with anonymous information and statistics on the use of our app in real-time reports. The Manufacturer use this information to further improve the stability and security of the App, to increase the attractiveness of the App and to adapt the App's content to the needs of the target group.

Firebase Cloud Messaging

Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). The end device is assigned a pseudonymized push reference, which serves as the target for the push messages or in-app messages. Information about the functionality of Firebase Cloud Messaging can be found here:

https://firebase.google.com/products/cloud-messaging

The Manufacturer use Firebase cloud messaging to provide you with information about a new booking or cancellation via push notification. This enables the Manufacturer to match passengers with drivers and ensure the performance of the app.

Firebase Crashlytics

In the event of a technical error or crash, Firebase Crashlytics enables Firebase Crashlytics to extract data from the app about this specific event (e.g. what function the app has, what operating system version and what type of device the user was using at the time the error occurred). Information about the functionality of Firebase Crashlytics can be found here:

https://firebase.google.com/products/crashlytics

The Manufacturer use the data collected in this context to increase the attractiveness of the app and to minimize future failures and malfunctions of the app.

The legal basis for the processing and transmission of personal data (insofar as personal data is involved) mentioned in this item 3 c) 3) is the Manufacturer legitimate interest according to Art. 6 para. 1 f) GDPR or necessity for the performance of a contract under Art. 6 para. 1 b) GDPR.

4. Will the data and information about me be shared with others?

Your personal data will not be passed on, sold or otherwise transferred to third parties, except in the cases described in paragraph 3 above, unless this is necessary for the purpose of processing the contract or you have expressly consented to this.
If the transfer of personal data to an external service provider is necessary for the provision of a service or a response to an inquiry, your employer or contracting partner shall take technical and organizational measures to ensure that the statutory provisions on data protection under Art. 28 GDPR are complied with and shall also oblige the external service provider to comply with the relevant statutory data protection provisions, to treat the data confidentially and to delete the personal data without delay as soon as it is no longer required.

5. Are data also transmitted to recipients outside the European Union or outside the European Economic Area (EEA)?

The Manufacturer shares personal information in anonymized or pseudonymized form with contract processors located in non-EEA countries, in particular, the data shared via Google Firebase with Google LLC and with Mapbox, both in the USA. In this case, the Manufacturer and your employer or contracting partner ensure that the recipient either has an adequate level of data protection (e.g. based on an EU Commission Adequacy Decision for the respective country, a self-certification of the recipient for the EU-US Privacy Shield or an agreement between the recipient and the European Union on EU Standard Contractual Clauses).
The Manufacturer and your employer or contracting partner can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. Please use the information in the contact section for this purpose.

6. How long will my data be stored?

Your data will generally be deleted after the purpose for which they were stored has been fulfilled, unless the deletion is contrary to statutory retention periods. After the expiration of a statutory retention obligation, the data will be deleted.

7. What rights do I have?

According to the GDPR, you have the right to information, rectification, portability and deletion of your data.

If the data processing is justified by the Manufacturers legitimate interests, you have the right to object to the data processing for the future, unless the data is absolutely necessary for the fulfillment of your contract or the operation of the App.

Your right to Appeal to a supervisory authority: Without prejudice to the rights set out above, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you reside, work or in the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the GDPR.

The supervisory authority where the complaint was lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

8. Contact

For information and suggestions on the subject of data protection, please contact the data protection officer either at the Manufacturer or your employer or contracting partner.

Version of: 25 January 2021