Processing of data when using the uRyde app
1. General information about the collection of your personal data
CONNECT Mobility GmbH (hereinafter referred to as "uRyde", "we", "our" or "us") provides you with the mobile application in the form of the carpooling platform uRyde (hereinafter referred to as "app" or "platform"), which you can download to your mobile device (hereinafter referred to as “smartphone”). In the following we inform you about the collection of your personal data when using our app. Personal data is all data that can be related to you personally (e.g. name, address, e-mail addresses, user behavior, etc.).
Responsible in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR).
Customs yard 7
You can reach our data protection officer at info@uRyde.de or at our postal address with the addition "data protection officer" (see imprint).
If you contact us by e-mail or via a contact form, your e-mail address and, if provided by you, your name and telephone number will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or - in the case of statutory storage obligations - restrict the processing.
If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We also state the specified criteria for the storage period.
Your personal data is protected within the framework of technical and organizational measures based on the current state of the art at uRyde.
2. Data Collected
In addition to data collection in relation to the use of the website, we also process data as part of your use of the app provided by us.
We can collect and process the following information and data:
2.1 Information You Provide
You may provide us with information, including Personal Data, when you use our app and fill out these forms, when you participate in any of our promotions or surveys, when you email or otherwise contact us, or when You report a problem with our app. Your data will be transmitted in accordance with SSL standards for secure transmission.
Examples of personal data that you have provided are listed below.
2.1.1 Mandatory Data
Required, mandatory information for registering for the service provided via our app is:
- Name first Name
- Mobile phone number
- Employer/university email address or private email address
In addition, the following vehicle information is required to use our app as a driver:
- car brand
- car model
According to Article 6 Paragraph 1 Letter b GDPR, this processing is required to fulfill our mutual contractual obligations or to carry out pre-contractual measures.
2.1.2 Voluntary Data
The following data can be viewed to arrange trips between the driver and passengers:
2.1.3 Data recorded or exchanged to use the App
The following data can be viewed to arrange trips between the driver and passengers:
- Name first Name
Data that you can view on both sides after booking an offered ride or a shared ride is:
- Vehicle details (of the driver)
- Mobile phone number
Data visible to other users on the profile you have created are:
- Name first Name
Since uRyde, as an intermediary, provides the platform for exchanging the above-mentioned data, Article 6 (1) (f) GDPR applies to the protection of our legitimate interest in forwarding this personal data. Our legitimate interest is to make the app technically available and to improve the brokerage service by allowing members to get in touch with each other and allowing members to better assess who they want to share a ride with.
Data recorded by us are:
- All correspondence between you and us
- All bookings made and advertisements for trips that were advertised to you via our app
- Data you may need when reporting a problem with our app or a support request you make
- Responses you make to surveys or questionnaires
- Your ratings of journeys shared in the community, which are used for the purpose of analysis and for a better understanding of our users. This processing is necessary in accordance with Art use the app and generate user content to rate rides or engage with users or us.
2.1.4 Payment Details
The payments of the travel cost contributions to the driver via credit card, Google Pay and Apple Pay are processed by the payment service provider VR Payment, Saonestraße 3a, 60528 Frankfurt am Main. During the payment process, you transmit your payment data to the VR Payment server via a secure https connection. You will be redirected to the VR Payment homepage for the payment process. A transmission takes place exclusively for the smooth processing of your payment.
You can find the data protection agreement of VR Payment here .
According to Article 6 Paragraph 1 Letter b, this processing is necessary to fulfill a contract or to carry out pre-contractual measures, to collect payments from you or to forward the payments collected on your behalf to you.
2.1.5 Verification Data
For the security of our members, your data, such as your mobile phone number, may be checked. An ID card, driver's license or other documents proving identity will only be checked and requested in exceptional cases (e.g. in the case of conspicuous payment transactions in a user account) with a message addressed to you.
This processing takes place to safeguard our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR or on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a GDPR. Our legitimate interest is to ensure or increase security for the other members.
2.1.6 Location Data
Various functions related to location data, such as navigation, are made available to you in our app. In order to use our app and these applications, it is necessary to collect this location data and transmit it to the integrated service provider Here Global BV.
You can manually change the collection of location data at any time via a button and configuration in your smartphone. However, if the location determination on your smartphone is switched off, the navigation and some elementary functions of the app, such as the search or the advertising of journeys, cannot be used.
Information on the scope and purpose of collecting location data and its further processing, your rights and setting options for protecting your privacy can be found in the data protection declarations of Here Global BV at https://legal.here.com/de-de/privacy/policy . Your anonymous data about the map, the device location or some sensors are used to continuously update and improve the maps.
According to Art. 6 (1) (b) GDPR, this processing is necessary to fulfill our mutual contractual obligations or to carry out pre-contractual measures in order to be able to provide you with the functions of the app to the agreed extent.
2.2 Information We Collect Automatically
2.2.1 Technically Required Data
When you use the mobile app, we collect data about the devices you use, the networks you are connected to, or your activities on the app, in accordance with applicable law and, where necessary, with your consent. This data is technically necessary for us to offer you the functions of our app and to ensure stability and security and can include the following information:
• Login data
• Operating system and platform
When you use the app, they collect data using various technologies, including cookies.
This processing is carried out to protect our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR, in order to make our app technically available to you and to ensure the security and stability of the app.
2.2.2 Analytics Cookies
If you access our website through our app, we will not use any analysis or tracking cookies or tools. Unless you expressly give us your consent. In the event of this forwarding, we will only use the technically necessary cookies described in our website data protection declaration.
The following data processing takes place as part of the use of the app:
The app uses A/B testing, analytics, cloud messaging, crashlytics, dynamic links, in-app messaging, performance, predictions or remote config, analysis services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Firebase”), used to analyze app usage. When you install the app, Firebase records when and how long the app is used, which pages of the app are accessed, which functions are clicked and what content is displayed. This allows us to understand how you interact with our app. Furthermore, based on your user behavior, we can constantly improve the app and minimize possible risks. In addition, we can carry out several app tests in parallel and carry out further app developments based on data. As part of the use of the app, part of the aforementioned usage data is also transmitted to the Google servers in the USA to enable the service.
The basis of data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there are so-called standard contractual clauses (= Art. 46. Para. 2 and 3 DSGVO) used. Further information on data transfer to third countries can be found under point 3.
The Google Ads Data Processing Terms, which correspond to the standard contractual clauses and also apply to Google Firebase, can be found at https://business.safety.google/adsprocessorterms/ . Additionally, you can view the Google Standard Contractual Clauses here .
Further information on data protection in connection with Google Firebase can be found on the Google Firebase website.
We process your data on the basis of your consent Article 6 Paragraph 1 Clause 1 Letter a GDPR.
You can revoke this consent at any time in the app settings or by sending us a short message via the contact address provided in this data protection declaration.
2.2.3 Aggregated Data
We collect aggregated data about your activities on our platform. These include, for example:
- The number of rides offered
- Errors encountered, problems with bookings
- The frequency of requests answered
- The number of kilometers driven or shared This processing is carried out to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR in order to eliminate errors and faults, ensure the security of the app and improve features.
2.3 Other grounds for processing your personal data
2.3.1 Personalized Marketing
In accordance with applicable law and, where required, with your consent, we use the data you provide to us via our app for electronic direct marketing purposes (e.g. to send you news about promotions, invitations to our events and other communications where we think they interest you).
We process your data on the basis of your consent (Art. 6 Para. 1 lit. a GDPR) or the protection of legitimate interests (Art. 6 Para. 1 lit. f GDPR). You can revoke this consent at any time via an unsubscribe link or the stored contact address firstname.lastname@example.org .
We use the following providers for personalized marketing communication and for sending e-mail newsletters:
We use Hubspot CRM in the app. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Hubspot CRM enables us, among other things, to manage existing and potential customers (users) as well as customer contacts. With the help of Hubspot CRM we are able to capture and analyze customer interactions. The personal data recorded in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings).
Hubspot CRM is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in customer management and customer communication that is as efficient as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
Details can be found in Hubspot's data protection declaration: https://legal.hubspot.com/de/privacy-policy .
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield .
We have concluded an order processing contract with Hubspot CRM. This is a contract required by data protection law, which ensures that Hubspot CRM only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.
2.3.2 Legal Compliance
We process your personal data in order to fulfill other legal obligations, especially commercial, commercial or tax retention periods.
This processing of the data is necessary to fulfill legal obligations in accordance with Article 6 Paragraph 1 lit. c GDPR and is carried out in connection with commercial, industrial or tax law, insofar as we are obliged to record and store your data.
2.4 Retention Periods
2.4.1 General Deadlines
We store your personal data, with the exception of the data categories from sections 2.4.2 and 2.4.3, for the duration of your relationship with us and will block or delete them as follows:
- 5 years after you last used our platform, if you have not deactivated your account
- 1 year after deactivating your account, unless you received a negative review; in this case, we will keep your personal data for a period of either two years after the most recent negative review or one year after your account has been deactivated. The longer of the two periods mentioned above applies. After the general limitation period has expired, we will delete blocked personal data.
2.4.2 Different deadlines
We may store some personal data in the following categories for different periods of time:
- Financial data (payments, refunds, etc.) are stored for as long as required by applicable tax and accounting regulations
- Member-generated content (e.g. reviews) will be anonymized by us after the period specified in Section 2.4.1 and will remain visible on our platform in an anonymized form.
2.4.3 Time Limits for Violation or Suspension
In the event that your account has been temporarily or permanently blocked by us (especially in the event of violations of our terms and conditions), we will store your personal data for a period of 2 to 10 years from the date of blocking in order to circumvent the blocking and the rest regulations of our terms and conditions to prevent.
3. Transfer of your data to third countries
Your personal data collected by us will be stored within the European Union (hereinafter referred to as "EU"). It may happen that personal data collected about you as part of the services offered via the App may be transferred to non-European countries which have less stringent data protection laws than in your home jurisdiction. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.
For example, when providing marketing and support services on our behalf and providing app services, as is the case when using marketing tools, Google tools (e.g. Firebase, see point 2.2.2 ) and Amazon Web Service services (hereinafter "data processor ") is the case, data can be transmitted to third countries, including the USA.
As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there, the data processors use so-called standard contractual clauses (= Art. 46. Para. 2 and 3 DSGVO) . Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, the data processors undertake to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Upon request, we can provide you with the agreed data processing conditions for the data processing services we use, which correspond to the standard contractual clauses. You can also find those of common services here:
- The AWS GDPR DATA PROCESSING APPENDUM applies to Amazon Web Services (AWS) EMEA SARL, Luxembourg (Amazon Europe): https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf All data processed by AWS is stored on servers hosted within the EU.
- The Google Ads Data Processing Terms apply to Google Ireland Limited, Ireland: https://business.safety.google/adsprocessorterms/
4. Categories of recipients of personal data
In addition to our employees, service providers in connection with our app also receive knowledge of your personal data as recipients, insofar as this is legally permitted or required. We limit the transfer of your personal data to what is necessary, specifically to be able to arrange rides. When receiving and handling your personal data, our service providers as processors are strictly bound by our instructions. Some of these act independently with your data, which we transmit to them.
The following categories are recipients of your personal data:
- Other users of our app who participate in the community and view your public profile and/or receive data about you during the booking process if this is necessary for the provision of the service (e.g. sharing your mobile phone number with members with whom you have a Build a driving community).
Third parties we work with:
- Business partners who operate social media platforms and who may provide you with connection services from their social media platform to our platform (such as connecting to the data in your profile).
- Business partners who may advertise their services through our website and app, which you may want to sign up for; these services may be services related to our services, such as insurance or banking services
- Business partners who may advertise our services on their website
- Subcontractors for the provision of technical, payment and delivery services, suppliers of analytics services
In the event of a sale or transfer under corporate law of our company or parts thereof, the sellers are then obliged to maintain secrecy and confidentiality with regard to any personal data
5. Your Rights
You have the following rights towards us with regard to your personal data:
- Right to information: You are entitled at any time within the scope of Art. 15 GDPR to request confirmation from us as to whether we are processing personal data relating to you; if this is the case, you are also entitled under Art. 15 GDPR to obtain information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of an automated decision-making and, in the case of third-country transfers, the appropriate safeguards) and to receive a copy of your data.
- Right to rectification: You have the right under Art. 16 GDPR to request that we correct your personal data if it is inaccurate or incorrect.
- Right to erasure: According to Art. 17 GDPR, you are entitled to demand that we erase your personal data immediately. This claim must only be implemented if further processing is no longer necessary. This right does not exist if the processing of your personal data is still required, in exercising the right to freedom of expression and information, in fulfilling a legal obligation to which we are subject (e.g. statutory retention requirements) or in asserting, exercising or defending legal claims .
- Right to restriction of processing: You are entitled, under the conditions of Art. 18 GDPR, to request that we restrict the processing of your personal data.
- Right to object to processing: You have the right under Art. 21 GDPR to object to the further processing of your personal data by us, so that we must stop processing your personal data. The right to object only exists within the limits provided for in Art. 21 GDPR. If you can provide evidence of compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, we are entitled to process your personal data despite your objection.
- Right to data portability: You have the right under Art. 20 GDPR to request that we transfer your personal data to you in a structured, common and machine-readable format.
- Right to complain to a supervisory authority: You have the right, under the conditions of Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, assuming an alleged violation of the GDPR.
6. Links to other websites and social media
Status of the data protection declaration: April 2022