Privacy Policy for the Simdle Rider App
This privacy policy describes how personal data is processed when the Rider App and its functionalities are used.
1. What is Personal Data?
Personal Data includes any information relating to an identified or identifiable natural person, for example your name, address, e-mail address or user behavior in relation to the Rider App.2. Responsible Body
The Rider App is used by different customers and it is linked to the backend system of the individual customer via a setup code. The individual customer (your employer or contracting partner) is the data controller.
Therefore, the Responsible Body under Article 4 No. 7 of the General Data Protection Regulation (GDPR) is your employer or contracting partner. Please contact your employer or contracting partner for further details and concerns regarding your personal data in the Rider App.
The Manufacturer and service provider Cube4t8 Sarl of the Rider App and the backend system which the Rider App is connected to, uses state of the art technology and procedures to secure the data in the preceding systems.
Contact details of the Manufacturer and Service Provider:
Losch Digital Lab S.à r.l.5, rue des Joncs
L-1818 Howald
Luxembourg
DataProtection@losch.lu
3. What personal data is collected? How is the data collected from you used? On what legal principle is the use based?
a) Employment or appointment as a driver for the Service
Prior to, or upon entering into a contract to serve as a driver for the Service, you will have been asked by your employer or contracting partner in a separate document to give your consent to the processing of certain Personal Data. Your employer is permitted to process the personal data related to your contract in accordance with that document.
The legal basis for this is Art. 6 para. 1 (b) (performance of a contract or steps prior to entering into a contract). An approved data processor at your employer will create a Rider account using your name, email address and phone number.
b) Installation of the App
When you install this Rider App and register to the service the following information is collected from you :
- Email address (used for verification)
- Mobile Phone Number (used for verification)
- First Name
- Name (optional)
This information is processed for the purpose of registration and authentication as well as for verification of the user identity. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).
c) Use of the App
When using the App, the following personal data may be collected:
1. Location-based data
The location is optional and will only be used to auto-fill the origin location
2. Device information
IP address, device type, operating system, manufacturer, model and version number, and unique device identifiers such as your device ID, but not IMEI. The Manufacturer collect this information automatically when you use the Manufacturers Services in order to diagnose problems and improve the Service. The legal basis for this is Art. 6 para. 1 (b) GDPR (performance of a contract).
3. Google Firebase
The Manufacturer uses Firebase within the app. Firebase is a development platform for mobile and web applications, which provides tools and infrastructure via a Software Development Kit (SDK). This enables the Manufacturer to make the app functionalities simpler and more efficient. Firebase is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US. Firebase collects and processes data from you. You can find more information about the handling of user data in Google™ privacy policy:
https://policies.google.com/privacy
The Manufacturer uses Firebase as follows:
- Firebase Analytics
Firebase Analytics enables the operator to carry out independent analysis of user behavior on the basis of anonymized or pseudonymized data. In Firebase Analytics, an app Instance ID is automatically generated and assigned each time you open the Driver App. The ID is used to calculate user metrics. Firebase Analytics also derives demographic and interest data from the following other sources, depending on your device's operating system you use:
- Android Ad ID : The Ad ID is used to track app usage only. In Analytics, an identifier is generated based on the ID. This identifier contains information about demographics and interests based on user app activity.
Location data is derived from the IP addresses of users. The Manufacturer have configured Firebase Analytics to anonymize IP addresses within the European Union and the European Economic Area before they are submitted to Google LLC. Neither from the collection of the IP address nor from the other data can the Manufacturer or Google LLC (to the best of our knowledge) draw conclusions about your identity.
Google LLC uses the data to provide the Manufacturer with anonymous information and statistics on the use of our app in real-time reports. The Manufacturer use this information to further improve the stability and security of the App, to increase the attractiveness of the App and to adapt the App's content to the needs of the target group.
Firebase Cloud Messaging
Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). The end device is assigned a pseudonymized push reference, which serves as the target for the push messages or in-app messages. Information about the functionality of Firebase Cloud Messaging can be found here:
https://firebase.google.com/products/cloud-messaging
The Manufacturer use Firebase cloud messaging to provide you with information about a new booking or cancellation via push notification. This enables the Manufacturer to match passengers with drivers and ensure the performance of the app.
The legal basis for the processing and transmission of personal data (insofar as personal data is involved) mentioned in this item 3 c) 3) is the Manufacturer legitimate interest according to Art. 6 para. 1 f) GDPR or necessity for the performance of a contract under Art. 6 para. 1 b) GDPR.
4. Payment Provider
Depending on the Rider App client instance and the system settings of your contracting partner either Stripe or Wordline can be used to process the payment during the booking process.
No payment related data is collected by Losch Digital Lab
For any Payment Data Collection outside of Losch Digital Lab, please refer to the Privacy Policy of the payment provider
For Stripe: https://stripe.com/en-lu/privacy.
For Wordline: https://worldline.com/en/compliancy/privacy.html.
5. Anonymous usage logs
Depending on the system settings and data privacy conditions of your contracting partner, anomymised usage data might be collected to allow us to improve our product and services. Please refer to the specific terms & conditions as well as the privacy conditions of your contracting partner in the App for more details.
6. Will the data and information about me be shared with others?
Your personal data will not be passed on, sold or otherwise transferred to third parties, except in the cases described in paragraph 3 above, unless this is necessary for the purpose of processing the contract or you have expressly consented to this.
If the transfer of personal data to an external service provider is necessary for the provision of a service or a response to an inquiry, your employer or contracting partner shall take technical and organizational measures to ensure that the statutory provisions on data protection under Art. 28 GDPR are complied with and shall also oblige the external service provider to comply with the relevant statutory data protection provisions, to treat the data confidentially and to delete the personal data without delay as soon as it is no longer required.
7. Are data also transmitted to recipients outside the European Union or outside the European Economic Area (EEA)?
The Manufacturer shares personal information in anonymized or pseudonymized form with contract processors located in non-EEA countries, in particular, the data shared via Google Firebase with Google LLC and with Mapbox, both in the USA. In this case, the Manufacturer and your employer or contracting partner ensure that the recipient either has an adequate level of data protection (e.g. based on an EU Commission Adequacy Decision for the respective country, a self-certification of the recipient for the EU-US Privacy Shield or an agreement between the recipient and the European Union on EU Standard Contractual Clauses).
The Manufacturer and your employer or contracting partner can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. Please use the information in the contact section for this purpose.
8. How long will my data be stored?
Your data will generally be deleted after the purpose for which they were stored has been fulfilled, unless the deletion is contrary to statutory retention periods. After the expiration of a statutory retention obligation, the data will be deleted.
7. What rights do I have?
According to the GDPR, you have the right to information, rectification, portability and deletion of your data.
If the data processing is justified by the Manufacturers legitimate interests, you have the right to object to the data processing for the future, unless the data is absolutely necessary for the fulfillment of your contract or the operation of the App.
Your right to Appeal to a supervisory authority: Without prejudice to the rights set out above, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you reside, work or in the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority where the complaint was lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
9. Contact
For information and suggestions on the subject of data protection, please contact the data protection officer either at the Manufacturer or your employer or contracting partner.
Version of: 25 January 2021