RideBuddy GDPR Compliance and Data Protection Policy
Introduction: a. Purpose: This policy outlines RideBuddy’s commitment to GDPR compliance and data protection, ensuring the privacy and security of our users’ data. b. Scope: This policy applies to all data processing activities conducted by RideBuddy.
Data Collected and Processed: a. Types of Data: RideBuddy collects data necessary for efficient carpooling and enhancing user experience, prioritizing minimal and relevant data collection. b. Legal Basis: Data is processed based on user consent and for the performance of the contract with the user. c. Purpose: Data is processed for enabling shared rides, ensuring safety, and improving user experience.
Data Subject Rights: a. Access and Rectification: Users can access and rectify their data through their RideBuddy account. b. Erasure: Users can request data erasure, subject to legal and operational requirements. c. Portability: Users can request their data in a structured, commonly used, and machine-readable format. d. Objection and Restriction: Users can object to processing and request restriction under certain circumstances.
Data Security Measures: a. Encryption: Data is encrypted in transit and at rest to ensure security. b. Access Controls: Access to personal data is restricted based on roles and responsibilities. c. Data Minimization: RideBuddy minimizes data collected to what is necessary for its services, adhering to privacy by design principles.
Data Transfers: a. International Transfers: RideBuddy ensures legal mechanisms for international data transfers as required.
Third Party Data Processors: a. Evaluation: RideBuddy carefully selects and evaluates third-party processors for GDPR compliance and data protection standards. b. Contracts: Agreements with third parties mandate GDPR compliance and data protection standards.
Consent and Withdrawal: a. Clear Consent: Users are informed and provide clear consent for data processing. b. Withdrawal: Users can easily withdraw consent through the RideBuddy platform.
Data Retention: a. Data Retention Policy: RideBuddy follows a defined data retention policy in compliance with legal requirements and ensuring data is only retained for necessary durations.
Data Breach Notification: a. Procedure: RideBuddy has a clear procedure for detecting, reporting, and managing data breaches.
Privacy by Design: a. DPIA: Data Protection Impact Assessments are conducted for new processes to ensure privacy by design.
Compliance Monitoring: a. Regular Audits: RideBuddy conducts regular audits to ensure GDPR compliance and adherence to this policy.
GDPR Contact Information: a. For any query related to GDPR you can reach out to us at [email protected]