RideBuddy GDPR Compliance and Data Protection Policy

  1. Introduction:
    a. Purpose: This policy outlines RideBuddy’s commitment to GDPR compliance and data protection, ensuring the privacy and security of our users’ data.
    b. Scope: This policy applies to all data processing activities conducted by RideBuddy.
  2. Data Collected and Processed:
    a. Types of Data: RideBuddy collects data necessary for efficient carpooling and enhancing user experience, prioritizing minimal and relevant data collection.
    b. Legal Basis: Data is processed based on user consent and for the performance of the contract with the user.
    c. Purpose: Data is processed for enabling shared rides, ensuring safety, and improving user experience.
  3. Data Subject Rights:
    a. Access and Rectification: Users can access and rectify their data through their RideBuddy account.
    b. Erasure: Users can request data erasure, subject to legal and operational requirements.
    c. Portability: Users can request their data in a structured, commonly used, and machine-readable format.
    d. Objection and Restriction: Users can object to processing and request restriction under certain circumstances.
  4. Data Security Measures:
    a. Encryption: Data is encrypted in transit and at rest to ensure security.
    b. Access Controls: Access to personal data is restricted based on roles and responsibilities.
    c. Data Minimization: RideBuddy minimizes data collected to what is necessary for its services, adhering to privacy by design principles.
  5. Data Transfers:
    a. International Transfers: RideBuddy ensures legal mechanisms for international data transfers as required.
  6. Third Party Data Processors:
    a. Evaluation: RideBuddy carefully selects and evaluates third-party processors for GDPR compliance and data protection standards.
    b. Contracts: Agreements with third parties mandate GDPR compliance and data protection standards.
  7. Consent and Withdrawal:
    a. Clear Consent: Users are informed and provide clear consent for data processing.
    b. Withdrawal: Users can easily withdraw consent through the RideBuddy platform.
  8. Data Retention:
    a. Data Retention Policy: RideBuddy follows a defined data retention policy in compliance with legal requirements and ensuring data is only retained for necessary durations.
  9. Data Breach Notification:
    a. Procedure: RideBuddy has a clear procedure for detecting, reporting, and managing data breaches.
  10. Privacy by Design:
    a. DPIA: Data Protection Impact Assessments are conducted for new processes to ensure privacy by design.
  11. Compliance Monitoring:
    a. Regular Audits: RideBuddy conducts regular audits to ensure GDPR compliance and adherence to this policy.
  12. GDPR Contact Information:
    a. For any query related to GDPR you can reach out to us at [email protected]