Door2Door Driver App - Privacy Policy
1. Introduction
This privacy policy describes how we process personal data when you use the door2door GmbH, hereinafter referred to as door2door, mobile Android driver application (the “Driver App”) and its functionalities. door2door is committed to protecting all personal data which we collect from drivers before, during and after the shifts. Personal Data is all information relating to an identified or identifiable natural person. For example, your name, address, and location. There are also special categories of more sensitive information which require a higher level of protection. We collect personal data from drivers in order to keep records of employment as required by employment law, and to facilitate the administration of the employment relationship.
The responsible body under Article 4 No. 7 of the General Data Protection Regulation (GDPR) is door2door GmbH, Torstraße 109, 10119 Berlin, privacy@door2door.io.
We have appointed a Data Protection Officer (DPO). Our Data Protection Officer can be contacted at privacy@door2door.io.
2. Responsible Body and Data Protection Officer
The Responsible Body under Article 4 No. 7 of the General Data Protection Regulation (GDPR) is Door2Door GmbH, Torstraße 109, 10119 Berlin, hello@door2door.io.
We have appointed a Data Protection Officer. You can reach our data protection officer at the above postal address – c/o "data protection officer" - and by e-mail at datenschutzbeauftragter@door2door.io.
How Do We Collect This Data?
This data is collected from you when you initially get onboarded. Most of your personal data will be collected directly from you, your manager, or passively by the app itself.
3. How Do We Use Your Personal Data?
We use your personal information so that we can provide you with pickup and dropoff instructions and navigation services. However, more specifically, we may use the personal data we gather for any or all the following purposes:
| Process | Description | Type of Data Processed | Lawful Basis for Processing | |
|---|---|---|---|---|
| Employment or Appointment as a Driver for the Service | Prior to, or upon entering into a contract to serve as a driver for the Service, you will have been asked by your employer or contracting partner in a separate document to give your consent to the processing of certain Personal Data. Your employer is permitted to process the personal data related to your contract in accordance with that document. | First name and Surname Date of Birth Nationality Address Copy of Driver’s License Telephone Number Social Security Number Tax ID Number Bank Account Details Copy of valid work visa email address Health Insurance Provider Emergency contact information | For the Performance of a Contract Compliance with a Legal Obligation | |
| Installation of the Driver App | This information is processed for the purpose of registration and authentication as well as for verification of the user identity. | First name and surname Organisation Email address Encrypted password IP address of the last login Date of last registration Date of account creation | For the Performance of a Contract | |
| Passenger Feedback | The purpose of collecting and using this data is to improve product and Service functionality. Passengers have the option of providing feedback about their ride. An additional text field offers the passenger the opportunity to give feedback to the operator. This text field is blank. It is possible that a passenger might enter feedback relating to the driver. | Booking process Waiting time Pick-up by the vehicle The ride itself Diversions to pick up or drop off other passengers Ways to improve the service. | Legitimate Interest | |
| Location Based Data | The purpose of this data collection is to carry out transportation requests, plan the route of the vehicle and monitor performance of the Service. The location and route of your vehicle will be tracked and displayed, live, to the operations control, and are therefore visible to the dispatcher. In addition, following a ride request or booking, the Passenger can follow your location and route on the passenger app. In addition, historic information relating to previous rides is stored by the operations control. | Location Data | For the Performance of a Contract | |
| Name and Driver Display | When a ride is assigned to you, your first name and registration plate will be shared with the passenger, in order to enable their identification and verification of the shuttle which is collecting them. Your name will also be visible to the dispatcher. After completion of the ride, this information is no longer available to the passenger. | First Name Registration Plate | For the Performance of a Contract | |
| Driver App Analytics | We use the data collected in this context to increase the attractiveness of our Driver App and to minimise future failures and malfunctions of the Driver App. In the event of a technical error or crash, we extract data from the Driver App about a specific event and thereby identify the cause of the error. The data investigated in this context includes: operating system version, app version, time of the error etc. | Operating System and Version App Version Time and Metadata of Errors | ||
| Push Notifications | The purpose of this data collection is to provide you with important operational information in connection with a ride, such as a new booking or cancellation, via push notification. This enables us to match passengers with drivers and ensure the performance of the Driver App. A software is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). The end device is assigned a pseudonymized push reference, which serves as the target for the push messages or in-app messages. | The end device is assigned a pseudonymized push reference, which serves as the target for the push messages or in-app messages. | Legitimate Interest | |
| Driver App Experience | We use the data collected in this context to increase the attractiveness of our Driver App and to minimise future failures and malfunctions of the Driver App. | The data which would be investigated in this instance could include the operating system version, app version, time of the crash etc. | Legitimate Interest Performance of a Contract | |
| Communication Signals | Our application (App) uses communication signals like Voice (VoIP) that are integrated into the Driver App, to enable drivers to establish contact with the passenger. To enable this contact, a pseudonymised identifier is used. This allows the Passenger App and the Driver App to establish a connection. | Voice data Device Identifier | Performance of a Contract |
5. Who Do We Share Your Personal Data With?
Your personal data will not be passed on, sold or otherwise transferred to third parties, unless this is necessary for the purpose of processing the contract or you have expressly consented to this.
If the transfer of personal data to an external service provider is necessary for the provision of a service or a response to an enquiry, we shall take technical and organisational measures to ensure that the statutory provisions on data protection under Art. 28 GDPR are complied with and shall also oblige the external service provider to comply with the relevant statutory data protection provisions, to treat the data confidentiality and to delete the personal data without delay as soon as it is no longer required.
6. How Long Do We Retain Your Data For?
When we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws, or the period required to defend ourselves against legal action. The only exceptions to this are where:
- The law requires us to hold your personal information for a longer period, or delete it sooner,
- You exercise your right to have the information erased (where applicable) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we will anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your data will generally be deleted after the purpose for which they were stored has been fulfilled, unless the deletion is contrary to statutory retention periods. These periods are in many cases set by the German Civil Code (BGB), the German Commercial Code (HGB) or the German Fiscal Code (AO) and will normally be 6 - 10 years, or, in exceptional cases, longer. After the expiration of a statutory retention obligation, the data will be deleted.
7. International Data Transfers
We are a global organisation, and your personal information may be stored or processed in any country where we have our facilities or in which we engage service providers and subcontractors.
We have put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your data is adequately protected.
We share personal information with contractors located in non-EEA countries. In this case, we ensure that the recipient offers an adequate level of data protection (e.g. according to an EU Commission decision on suitability for the respective country, or agreement of the EU with the recipient of so-called EU Standard Contract Clauses).
8. What Are Your Rights?
You have certain rights in respect of your personal data, and we have processes to enable you to exercise these rights. We will aim to facilitate your request within one calendar month. We reserve the right to extend this where we have reasonable grounds to do so. We will not charge you a fee for exercising these rights. Your rights are as follows:
Right to Access (also known as a ‘Subject Access Request’): You have the right to obtain confirmation as to whether we process personal data about you, to receive a copy of your personal data held by us and obtain certain other information about how and why we process your personal data.
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Right to Rectification: You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right to Erasure (also known as 'the Right to be Forgotten'): You have the right to deletion of your personal data in the following cases:
The personal data are no longer necessary in relation to the purposes for which they were collected and processed.
Where our lawful basis for processing your information is consent and you then withdraw your consent.
Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us, you object to our processing and we do not have overriding legitimate grounds.
You object to our processing for direct marketing purposes.
Your personal data has been unlawfully processed.
Your personal data must be erased to comply with a legal obligation to which we are subject.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Right to Object: You have the right to object to our processing of your personal data in the following cases:
Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us.
Our processing for direct marketing purposes.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Right to Data Portability: You have the right to request for your personal data to be presented in a format that is easy to disclose and read. This includes ensuring that your data is readily available and is in a structured, commonly used and machine-readable format, enabling you to obtain and reuse your personal data for your own purposes.
Right to Withdraw Consent: Where we process personal data based on consent, you have a right to withdraw your consent at any time. To do so, please use the contact details below in the “How to Contact Us” section.
Right to Lodge a Complaint with a Supervisory Authority: We sincerely hope that you will never need to, but if you do want to complain about our use of your personal data, please send an email with the details of your complaint using the contact details set out below. You may lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection has occurred. You can find the contact details of the German Federal Data Protection Authority (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) who is the national data protection authority for Germany.
Name: Berliner Beauftragte für Datenschutz und Informationsfreiheit
Address: Friedrichstr. 219 - 10969 Berlin
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/
Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where we are required or permitted by law to do so. We will always be clear and communicate this to you if and when these instances arise.
To exercise any of the above rights, please email privacy@door2door.io.
9. How To Make a Complaint?
If you are unsatisfied with the manner in which your information is being processed, please raise a complaint by reaching out to a member of the Data Privacy Team by writing to us at privacy@door2door.io.
We are committed to working with you to obtain a fair resolution to any complaint or concern you may have.
In the event we are unable to address your complaint, you have the right to lodge a complaint with the German Federal Data Protection Authority (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit). We sincerely hope that you will never need to, but if you do want to complain about our use of your personal data, please use the contact details below to raise your complaint.
Name: Berliner Beauftragte für Datenschutz und Informationsfreiheit
Address: Friedrichstr. 219 - 10969 Berlin
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/
10. Security
We make every effort to ensure that your personal data is safe and secure. We have staff dedicated to maintaining our security standards. We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of your personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
11. UPDATE TO THIS NOTICE
This notice was last updated in July 2022. We may occasionally update this notice. If we make significant changes, we will notify you in advance of the changes through different means such as via email. We encourage users to periodically review this notice for the latest information on our privacy practices.
12. HOW TO CONTACT US?
If you have questions or concerns regarding the way in which your personal information is being used, please contact our People Team by emailing privacy@door2door.io.
To raise any complaints or discuss anything in relation to the Passenger App, please raise this with the Customer Success team via email: customer-success@door2door.io.