Last Updated: Sep 23, 2024
Disclosure
At RideCo Inc. and our affiliated companies (“RideCo,” “we,” “us”), we are dedicated to safeguarding your privacy. This Privacy Policy outlines how we collect, store, use, and share personally identifiable information (“Personal Information”) through our website (the “Website”), the RideCo mobile applications (the “App”), and while providing our services as described in our Terms of Use (collectively, the “Services”).
We prioritize your privacy and do not collect Personal Information for the purpose of selling or marketing it to third parties. Personal Information may be gathered from users and visitors of our Website, App users, and our customers along with their end users who interact with our Services. By visiting our website at www.rideco.com, including its subpages, or using our Services, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to the collection, use, and disclosure of your Personal Information as described herein.
Scope
This Privacy Policy pertains specifically to RideCo's activities and does not extend to the practices of companies we do not own or control, including our customers and third parties that may resell RideCo products and services, as well as services offered by other companies or sites linked to our Services.
It is your responsibility to ensure you have obtained the necessary authorizations and consents for any Personal Information you provide to us in line with this Privacy Policy. If you use the website or services of a third party partnered with RideCo to deliver on-demand transit technology solutions, please note that the collection, use, and disclosure of your Personal Information will be governed by that third party’s privacy policy. RideCo will handle such data in compliance with applicable laws and in accordance with our agreements with that third party.
International Users
If you are using our Services from outside the U.S. or Canada, by visiting our Website, downloading our App, or utilizing our Services, you acknowledge and agree that your Personal Information may be processed as described in this Privacy Policy. Your Personal Information may be processed in the country of collection and in other countries, including the United States and Canada, where data protection laws may be less stringent than those in your home country. By providing your data, you consent to this transfer. If you are in certain jurisdictions (e.g., California), please refer to the specific terms that apply to you below.
Lawful Processing
We process your Personal Information solely to the extent necessary for the purposes outlined in this Privacy Policy. Below, we detail the types of Personal Information we collect and how we use it. Except as described herein, your Personal Information will not be used for any other purpose without your explicit consent. You may withdraw your consent for our processing of your Personal Information at any time, but please note that this may affect your ability to continue using our Services.
Ridesharing
RideCo facilitates ridesharing, which means that other riders may see your pick-up and/or drop-off locations, including your personal home or office if you choose to share that information. Additionally, RideCo allows vehicle location tracking for riders prior to pick-up, which may reveal your location to other riders if it occurs before their own pick-up. Other riders may also learn your screen name if a driver addresses you by it. Please be aware that this Privacy Policy does not cover location or screen name information visible to other riders during ridesharing. You acknowledge that RideCo is not liable for any such information shared with other riders in this context.
COLLECTION AND USE OF PERSONAL INFORMATION
What We Collect
Below are the ways in which we may collect Personal Information:
- Personal Information from Customers. We collect business contact information from individuals employed by our customers (e.g., transit authority employees) to facilitate communication regarding their relationship with RideCo. We may also gather payment credentials to process payments for services provided or to remit transaction fees to our customers.
- Personal Information from End Users. We collect Personal Information from end users through web forms and other communication methods used by our Services, as well as when users download our mobile app. This information typically includes names, phone numbers, and email addresses. In some cases, end user data may be collected by our customers and shared with RideCo. If our customers have their own privacy policies, those will take precedence over this policy, and we will comply with them in accordance with applicable laws and our agreements.
- Device Information. We gather information about the devices used to access our Services, including your IP address and details about your usage, such as the websites you visited prior to accessing our Services.
- Logs. Our servers, along with those of our third-party service providers, automatically record information generated by your use of our Services to help diagnose and resolve technical issues and improve overall user experience. Logs may include your IP address, browser type, operating system, usage details, diagnostic information (such as crash reports), referring pages, pages visited, location data, mobile carrier information, device and application IDs, search terms, and cookie data.
- Cookies. We (and our third-party service providers) utilize technologies such as cookies and pixel tags to gather information about your interactions with our Services, which may include identifying your IP address, browser type, and referring page.
- Employee and Contractor Candidate Information. When we seek candidates for employment or contracting positions, we collect information they provide during the application process, including contact details, educational background, employment history, and relevant credentials. For those who become our employees or contractors, we retain this information along with additional data necessary for managing their employment or contractual relationships.
- Marketing Information. We may communicate with you about our Services, including surveys, newsletters, promotions, and events. We may also use your Personal Information to analyze trends and improve our marketing efforts. This could involve collecting details like your name, email address, telephone number, and company information, as well as utilizing third-party services to gather business-related data about your employer.
- Supplier and Partner Information. We collect business contact details from individuals at our suppliers and partners to maintain communication regarding their relationships with RideCo.
- Account Information. You may choose to provide additional account details, such as your favorite locations or routes, which we will use to enhance your experience with our Services.
- Rider Location Information. If you enable location services, we will collect and use location data to deliver specific features, such as auto-filling your location when searching for a ride. During your ride, we will also collect vehicle location data to track the route taken.
- Driver Information. Drivers must provide personal details, including their full name, vehicle information, and proof of insurance. This data is used for verification purposes and may be shared with riders (e.g., driver’s first name, photo, vehicle type).
- Driver Location Information. We collect location data from drivers’ mobile applications. By being a driver, you consent to RideCo’s use of this data for various business purposes, including communicating location to riders and assessing performance.
- Statistics. We collect aggregated usage statistics to analyze trends, such as ride frequency and typical routes. This data is anonymized and may be shared publicly or with third parties.
Use of Personal Information
RideCo uses the Personal Information described above to:
● Provide your first name, pick-up, and drop-off locations to drivers.
● Verify user identities in compliance with know-your-customer regulations.
● Operate, maintain, and improve our Services.
● Send technical updates, security alerts, and administrative messages.
● Complete transactions and send confirmations and invoices.
● Respond to inquiries and provide customer support.
● Communicate news and information about RideCo.
● Investigate and prevent fraudulent activities and unauthorized access.
● Monitor and analyze usage trends, generating aggregated statistics.
● Send notifications related to your use of our Services, regardless of your email preferences (e.g., ride confirmations).
● Allow drivers to contact you regarding your upcoming ride.
● Manage business relationships with customers, suppliers, partners, and employees.
● Notify you about other purposes for which we seek your consent.
STORAGE LOCATION AND TRANSFER OF PERSONAL INFORMATION
RideCo processes and stores Personal Information on servers located in Canada, the United States, or the European Economic Community (EEC). In addition, RideCo may transfer Personal Information to third-party service providers, as outlined on our Sub-Processors webpage (link to the Sub-Processors webpage: https://www.rideco.com/sub-processors) ("Sub-Processors"). By using our services, you consent to the transfer, storage, and processing of your Personal Information in these regions.
You acknowledge that your Personal Information may be subject to the laws and regulations of the respective jurisdictions, including potential access by law enforcement and government authorities under lawful processes or court orders in Canada, the United States, and the EEC. RideCo remains committed to safeguarding your data and ensuring compliance with applicable privacy laws.
Service Providers and Business Partners
We may engage third-party companies or individuals to perform services on our behalf, and we may need to share Personal Information (including account details) with them to facilitate their tasks. Unless explicitly stated otherwise, these third parties are only authorized to use your Personal Information for the specific tasks they've been contracted to perform. Currently, our third-party service providers include companies responsible for database management, payment processing, customer relationship management tools, and other essential business functions, including Sub-Processors listed on our Sub-Processors webpage.
Business Transfers
In the event that our business, or a significant portion of our assets, is acquired by a third party, or in the case of a merger, bankruptcy, or other changes in control, Personal Information may be disclosed or transferred to the acquiring entity, as allowed by law. This may also occur during due diligence processes related to such transactions. Regardless of the outcome, your Personal Information will continue to be governed by the terms and protections outlined in this Privacy Policy.
With Your Consent
If we need to use or share your Personal Information in a manner not described in this Privacy Policy, we will first notify you and obtain your consent, where required by applicable privacy laws.
Incidents and Insurance Claims
In the event of incidents or insurance claims involving the transportation of paying passengers, we may collect and share your information with insurance companies or relevant parties involved in the claim. This information may include your name, contact details, and other information relevant to the claim, such as your location and app usage in the 12-hour period before and after the incident.
Payments
Payment processing is managed by third-party services, specifically Braintree (a division of PayPal, Inc.) and/or Stripe. We reserve the right to change payment processors in accordance with our agreements with them. Any updates will be reflected on our list of Sub-Processors.
As Required by Law
We may disclose your Personal Information without your consent if we believe it is necessary to identify, contact, or take legal action against individuals who may be violating our rights, causing harm to our property, or threatening the safety of others. Additionally, we may disclose Personal Information if we believe in good faith that it is required to comply with legal obligations, such as responding to subpoenas, court orders, or regulatory demands.
We also reserve the right to access, read, preserve, and disclose any information as we reasonably deem necessary to:
● Comply with applicable laws, regulations, legal processes, or governmental requests
● Enforce our agreements and investigate potential violations
● Detect, prevent, or address fraud, security, or technical issues
This may include sharing information with other companies or organizations for fraud protection, spam/malware prevention, and know-your-customer purposes. Additionally, disclosure of Personal Information may occur outside the scope of this Privacy Policy as permitted or required by law or court orders (e.g., depositions, subpoenas, civil investigative demands).
We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws, which may extend beyond the termination of our relationship with you. For example, Personal Information related to financial transactions is retained for a minimum of five years to comply with financial and regulatory requirements.
We may also retain certain data to prevent fraud, ensure future security, or for legitimate business purposes such as analyzing aggregated, non-personally identifiable data or recovering accounts. Additionally, we will retain data when required by law. Throughout this retention period, your Personal Information will continue to be governed by the terms and protections outlined in this Privacy Policy.
RESIDENTS OF THE EUROPEAN ECONOMIC COMMUNITY (“EEC”) AND THE UK
If you are a resident of the EEC or the UK, you have certain data protection rights under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. RideCo is committed to taking reasonable steps to enable you to access, correct, amend, delete, or limit the use of your Personal Information (referred to as “Personal Data” under the relevant legislation).
If you wish to know what Personal Data we hold about you or request its removal from our systems, please contact us using the information provided below. In cases where we act as a data processor on behalf of our customers, you will need to contact the data controller directly to exercise your rights.
When RideCo acts as a data controller, you may exercise the following rights:
- Access to Your Personal Data: You have the right to request access to the Personal Data we hold about you (commonly referred to as a “data subject access request”). This allows you to receive a copy of the Personal Data we process and verify its lawful use.
- Correction of Your Personal Data: You can request that any incomplete or inaccurate Personal Data we hold be corrected. We may need to verify the accuracy of the new information before making the changes.
- Erasure of Your Personal Data: You may request the deletion or removal of Personal Data where there is no valid reason for us to continue processing it. You may also request erasure where you have exercised your right to object to processing (see below), where we have unlawfully processed your data, or where the law requires us to erase your data. Note that we may not always be able to comply with your request due to specific legal requirements, which we will notify you of, if applicable, at the time of your request.
- Objection to Processing: You can object to the processing of your Personal Data if you believe our reliance on legitimate interest impacts your rights and freedoms. You can also object to processing for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds for processing that override your objections.
- Restriction of Processing: You have the right to request a temporary suspension of processing your Personal Data in the following situations: (a) while we verify the data’s accuracy; (b) if our processing is unlawful and you do not wish to erase the data; (c) if you need us to retain the data beyond our retention period for legal purposes; or (d) you have objected to processing, and we need to verify if overriding legitimate grounds exist.
- Data Portability: You can request that we transfer your Personal Data to you or a third party. We will provide your data in a structured, commonly used, and machine-readable format, where applicable. This right applies only to automated data processing carried out with your consent or as part of a contract.
- Withdrawal of Consent: Where we rely on consent for processing your Personal Data, you may withdraw it at any time. However, this will not affect the lawfulness of any processing that occurred before your consent was withdrawn. If you withdraw consent, some services may become unavailable, and we will inform you if this is the case.
You may be required to verify your identity before we respond to any requests.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority.
There is generally no fee for accessing your Personal Data or exercising your rights. However, we may charge a reasonable fee if your request is repetitive, excessive, or clearly unfounded. Alternatively, we may refuse to comply with such requests in these circumstances.
We may request additional information to verify your identity and ensure your right to access your Personal Data or to exercise any of your other rights. This is a security measure to protect your Personal Data from unauthorized access. We may also contact you to clarify your request to expedite our response.
ACCESS, CORRECTION AND ACCURACY
You have the right to access the Personal Information we hold about you, allowing you to verify the accuracy of the data we’ve collected and to understand how we use it. Upon receiving your written request, we will provide you with a copy of your Personal Information. However, in certain circumstances, as allowed by law, we may not be able to provide all relevant Personal Information, particularly if it relates to another individual. In such cases, we will inform you of the reasons for the denial upon request. We aim to handle all access and modification requests in a timely manner.
We strive to ensure your Personal Information is accurate and up to date. We will provide you with the tools to update, correct, delete, or supplement your Personal Information as needed. Where appropriate, we will also communicate these updates to third parties to whom we’ve disclosed your Personal Information. Keeping your information accurate helps us deliver the best possible service.
DATA PROTECTION OFFICER (DPO)
RideCo has a designated Data Protection Officer (DPO) in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). The DPO is responsible for ensuring that RideCo remains compliant with privacy regulations and oversees our data protection strategy.
The DPO’s responsibilities include:
● Monitoring RideCo’s compliance with data protection laws and internal policies.
● Advising on data protection impact assessments (DPIAs) and ensuring privacy by design and default in our services.
● Serving as the point of contact for data subjects and data protection authorities regarding data privacy inquiries or concerns.
● Providing guidance to staff on their obligations concerning the processing of personal data.
If you have any questions about how your data is handled or wish to contact our DPO, please email privacy@rideco.com.
CALIFORNIA PRIVACY RIGHTS
This section outlines the additional rights California consumers are granted under the California Consumer Privacy Act (CCPA) and provides information about the Personal Information we collect.
For a detailed description of the Personal Information RideCo has collected in the past 12 months, please refer to the "Information You Provide Us" section above. We collect this information for the commercial purposes outlined in this policy. RideCo does not sell Personal Information as defined under the CCPA.
Under the CCPA, California consumers have certain rights, including the ability to:
- Request information about the categories or specific pieces of Personal Information we collect, how we use it, and to whom it is disclosed.
- Request deletion of their Personal Information, subject to certain limitations.
- Opt out of any "sales" of Personal Information, if applicable.
- Exercise these rights without facing discrimination for doing so.
To make a request under the CCPA, California consumers can contact us using the information provided below. We will verify your identity using the information associated with your account, such as your email address. In some cases, government-issued identification may be required. You may also designate an authorized agent to exercise these rights on your behalf.
HIPAA Compliance
RideCo is committed to the privacy rights of all our customers, and as such we are careful to avoid collection of sensitive information wherever possible. In some cases, RideCo or an Agency using RideCo software may request certain Protected Health Information for the purpose verifying eligibility for certain services - ie: Paratransit. In the event that PHI is collected, it is stored exclusively within a HIPAA certified platform which is access controlled to permit only staff with a relevant need to access this information for a business purpose.
These data are further secured and protected with encryption in the dedicated platform where they are stored, access is limited to required accounts with strong passwords and MFA enabled, along with logging, monitoring, and alerting to review access and detect potential anomalies. Please send an e-mail to privacy@rideco.com to address any questions or to exercise your rights.
We may update this Privacy Policy periodically. The processing of Personal Information we collect is governed by the Privacy Policy in effect at the time that information is collected, used, or disclosed, subject to any future updates made in accordance with this section. If we make significant changes to how we handle your Personal Information, we will notify you by posting a notice on our website, through our Services, or by sending you an email, prior to the changes taking effect. By continuing to use our website or services after such changes have been announced, you agree to be bound by the revised Privacy Policy.
ADDITIONAL INFORMATION
Please help us keep your information up to date by informing us of any changes, such as your email address or phone number. If you would like to access your information, have any questions, comments, or suggestions, or notice any inaccuracies in the information we hold, please contact us at: privacy@rideco.com.
