App Privacy Policy

Contact Us

The Scope of This Policy

This policy (the “Privacy Policy”) applies to all Blaise Transit Riders, and to all Blaise Transit platforms and services, including our apps, websites, features, and other services (collectively, the “Blaise Transit Platform”).

This Privacy Policy is incorporated as part of the Blaise Transit Terms of Service. Your use of the Blaise Transit Platform is subject to the Terms of Service and this Privacy Policy and indicates your consent to them.

The Information We Collect

When you use the Blaise Transit Platform, we collect the information you provide, usage information, and information about your device. We also collect information about you from other sources like third party services, and optional programs in which you participate, which we may combine with other information we have about you. Here are the types of information we collect about you:

Information You Provide to Us

Account Registration. When you create an account with Blaise Transit, we collect the information you provide us, such as your name, email address, phone number, birth date, and payment information. You may choose to share additional info with us for your Rider profile, like your photo or saved addresses (e.g., home or work), and set up other preferences (such as your preferred pronouns).

Ratings and Feedback. When you rate and provide feedback about Drivers or your Transit Authority, we collect all of the information you provide in your feedback. This rating is optional.

Communications. When you contact us or we contact you, we collect any information that you provide, including the contents of the messages or attachments you send us.

Information We Collect When You Use the Blaise Transit Platform

1.     Location Information. Great rides start with an easy and accurate pickup. The Blaise Transit Platform collects location information (including GPS and WiFi data) differently depending on your Blaise Transit app settings and device permissions. We collect your device’s precise location when you open and use the Blaise Transit app, including while the app is running in the background from the time you request a ride until it ends.

2.     Usage Information. We collect information about your use of the Blaise Transit Platform, including ride information like the date, time, origin, destination, distance, route, payment if applicable, and whether you used a promotional or referral code. We also collect information about your interactions with the Blaise Transit Platform like our apps and websites, including the pages and content you view and the dates and times of your use.

3.     Device Information. We may collect information about the devices you use to access the Blaise Transit Platform, including device model, IP address, type of browser, version of operating system, identity of carrier and manufacturer, radio type (such as LTE), preferences and settings (such as preferred language), application installations, device identifiers, advertising identifiers, and push notification tokens.

4.     Communications Between Riders and Transit Authorities. We work with a third party to facilitate phone calls and text messages between Riders and your Transit Authority without sharing either party’s actual phone number with the other. But while we use a third party to provide the communication service, we collect information about these communications, including the participants’ phone numbers, the date and time, and the contents of SMS messages.

5.     Address Book Contacts. You may set your device permissions to grant Blaise Transit access to your contact lists and direct Blaise Transit to access your contact list, for example to help you refer friends to Blaise Transit. If you do this, we will access and store the names and contact information of the people in your address book.

6.     Cookies, Analytics, and Third-Party Technologies. We collect information through the use of “cookies”, tracking pixels, data analytics tools like Google Analytics, SDKs, and other third party technologies to understand how you navigate through the Blaise Transit Platform and interact with Blaise Transit advertisements, to make your Blaise Transit experience safer, to learn what content is popular, to improve your site experience, to serve you better ads on other sites, and to save your preferences.

a.     Cookies.  A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

b.     Cookies in Use.

                                  i.     Authentication - We use authentication tokens to identify you when you visit our website and as you navigate our website;

                                   ii.     Cookies - We also use cookies to verify your session and verify that you are still using the service;

                                  iii.     Status - We use cookies to help us to determine if you are logged into our website;

                                  iv.     Personalisation - We use cookies to store information about your preferences and to personalize our website for you;

                                   v.     Security - We use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;

                                  vi.     Analysis - We use cookies to help us to analyze the use and performance of our website and services; and,

                                vii.     Cookie Consent - We use cookies to store your preferences in relation to the use of cookies more generally.

7.     Referral Programs. Friends help friends use the Blaise Transit Platform. If someone refers you to Blaise Transit, we will collect information about you from that referral including your name and contact information.

8.     Other Users and Sources. Other users or public or third-party sources such as law enforcement, insurers, media, or pedestrians may provide us information about you, for example as part of an investigation into an incident or to provide you support.

How We Use Your Information

We use your personal information to:

1.     Provide the Blaise Transit Platform;

2.     Maintain the security and safety of the Blaise Transit Platform and its users;

3.     Build and maintain the Blaise Transit community;

4.     Provide customer support;

5.     Improve the Blaise Transit Platform; and,

6.     Respond to legal proceedings and obligations.

1.     Providing the Blaise Transit Platform. We use your personal information to provide an intuitive, useful, efficient, and worthwhile experience on our platform. To do this, we use your personal information to:

a.     Verify your identity and maintain your account, settings, and preferences;

b.     Connect you to the Blaise Transit Platform in order to track rides and track their progress;

c.     Calculate prices and process payments;

d.     Allow Riders and your Transit Authority to connect regarding their ride and to choose to share their location with others;

e.     Communicate with you about your rides and experience;

f.      Collect feedback regarding your experience;

g.     Facilitate additional services and programs with third parties; and

h.     Operate contests, sweepstakes, and other promotions.

2.     Maintaining the Security and Safety of the Blaise Transit Platform and its Users. Providing you a secure and safe experience drives our platform, both on the road and on our apps. To do this, we use your personal information to:

a.     Authenticate users;

b.     Investigate and resolve incidents, accidents, and insurance claims;

c.     Encourage safe driving behavior and avoid unsafe activities;

d.     Find and prevent fraud; and,

e.     Block and remove unsafe or fraudulent users from the Blaise Transit Platform.

3.     Building and Maintaining the Blaise Transit Community. Blaise Transit works to be a positive part of the community. We use your personal information to:

a.     Communicate with you about events, promotions, elections, and campaigns;

b.     Personalize and provide content, experiences, communications, and advertising to promote and grow the Blaise Transit Platform; and,

c.     Providing Customer Support. We work hard to provide the best experience possible, including supporting you when you need it. To do this, we use your personal information to:

a.     Investigate and assist you in resolving questions or issues you have regarding the Blaise Transit Platform; and

b.     Provide you support or respond to you.

4.     Improving the Blaise Transit Platform. We are always working to improve your experience and provide you with new and helpful features. To do this, we use your personal information to:

a.     Perform research, testing, and analysis;

b.     Develop new products, features, partnerships, and services;

c.     Prevent, find, and resolve software or hardware bugs and issues; and

d.     Monitor and improve our operations and processes, including security practices, algorithms, and other modeling.

5.     Responding to Legal Proceedings and Requirements. Sometimes the law, government entities, or other regulatory bodies impose demands and obligations on us with respect to the services we seek to provide. In such a circumstance, we may use your personal information to respond to those demands or obligations.

How We Share Your Information

We do not sell your personal information. To make the Blaise Transit Platform work, we may need to share your personal information with other users, third parties, and service providers. This section explains when and why we share your information.

Sharing Between Blaise Transit Users

1.     Riders and your Transit Authority.

a.     Rider information shared with your Transit Authority: Upon receiving a ride request, we share with your Transit Authority and/or the Driver the Rider’s pickup location, name, profile photo, Rider statistics (like approximate number of rides and amount of time as a Rider), and information the Rider includes in their Rider profile (like preferred pronouns). Once the ride is finished, we will send  feedback with the Transit Authority. This survey is only related to client experience and will not be connected to any individual driver. We remove the Rider’s identity associated with ratings and feedback when we share it with your Transit Authority.

2.     Rides Requested or Paid For by Others. Some rides you take may be requested or paid for by others. If you take one of those rides using your Blaise Transit Business Profile account, a code or coupon, a corporate credit card linked to another account, or another user otherwise requests a ride for you, we may share some or all of your ride details with that other party, including the date, time, charge, rating given, region of trip, and pick up and drop off location of your ride.

3.     Referral Programs. If you refer someone to the Blaise Transit Platform, we will let them know that you generated the referral. If another user referred you, we may share information about your use of the Blaise Transit Platform with that user. For example, a referral source may receive a bonus when you join the Blaise Transit Platform or complete a certain number of rides and would receive such information.

Sharing With Third-Party Service Providers for Business Purposes

1.     Blaise Transit may share the following categories of your personal information for a business purpose to provide you with a variety of the Blaise Transit Platform’s features and services:

a.     Personal identifiers, such as your name, address, email address, and date of birth;

b.     Financial information, such as credit card information, and any other payment information you provide us;

c.     Internet or other electronic network activity information, such as your IP address, type of browser, version of operating system, carrier and/or manufacturer, device identifiers, and mobile advertising identifiers; and

d.     Location data.

2.     We disclose those categories of personal information to service providers to fulfill the following business purposes:

a.     Maintaining and servicing your Blaise Transit account;

b.     Processing or fulfilling rides;

c.     Providing you customer service;

d.     Processing Rider transactions;

e.     Verifying the identity of users;

f.      Detecting and preventing fraud;

g.     Processing insurance claims;

h.     Providing marketing and advertising services to Blaise Transit;

i.      Providing financing;

j.      Providing requested emergency services;

k.     Providing analytics services to Blaise Transit; and,

l.      Undertaking internal research to develop the Blaise Transit Platform.

3.     We use third-party service providers to operate, provide and maintain some aspects of our app and/or website, and we may request and permit these service providers to process your user data under the terms of a written agreement with us. Under such agreements, the service provider is only permitted to obtain the user data it needs to deliver the service, must keep all user data confidential, and may process, use and retain user data only for the purpose of delivering the service in compliance with our agreement, instructions and policies, including this Privacy Policy. The service provider’s principal third-party data processors are located in the United States, so user data is collected, stored and processed in the U.S.

For Legal Reasons and to Protect the Blaise Transit Platform

We may share your personal information in response to a legal obligation, or if we have determined that sharing your personal information is reasonably necessary or appropriate to:

1.     Comply with any applicable federal, state, provincial, or local law or regulation, civil, criminal or regulatory inquiry, investigation or legal process, or enforceable governmental request;

2.     Respond to legal process (such as a search warrant, subpoena, summons, or court order);

3.     Enforce our Terms of Service;

4.     Cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, provincal, or local law; or

5.     Exercise or defend legal claims, protect against harm to our rights, property, interests, or safety or the rights, property, interests, or safety of you, third-parties, or the public as required or permitted by law.

In Connection with Sale or Merger

We may share your personal information while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.

Upon Your Further Direction

With your permission or upon your direction, we may disclose your personal information to interact with a third party or for other purposes.

How We Store and Protect Your Information

1.     We retain your information for as long as necessary to provide you and our other users the Blaise Transit Platform. This means we keep your profile information for as long as you maintain an account. We retain transactional information such as rides and payments for at least seven years to ensure we can perform legitimate business functions, such as accounting for tax obligations. If you request account deletion, we will delete your information as set forth in the “Deleting Your Account” section below.

2.     We take reasonable and appropriate measures designed to protect your personal information. But no security measures can be 100% effective, and we cannot guarantee the security of your information, including against unauthorized intrusions or acts by third parties.

Your Rights And Choices Regarding Your Data

Blaise Transit provides ways for you to access and delete your personal information as well as exercise other data rights that give you certain control over your personal information.

All Users

1.     Email Subscriptions. You can always unsubscribe from our commercial or promotional emails by clicking unsubscribe in those messages. We will still send you transactional and relational emails about your use of the Blaise Transit Platform.

2.     Text Messages. You can opt out of receiving commercial or promotional text messages by texting the word texting the word END to the Blaise phone number that texted you, from the mobile device receiving the messages. You may also opt out of receiving all texts from Blaise Transit (including transactional or relational messages) by texting the word STOPALL to the Blaise phone number that texted you, from the mobile device receiving the messages. Note that opting out of receiving all texts may impact your use of the Blaise Transit Platform.

3.     Push Notifications. You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Blaise Transit Platform (such as receiving a notification that your ride has arrived).

4.     Profile Information. You can review and edit certain account information you have chosen to add to your profile by logging in to your account settings and profile.

5.     Location Information. You can prevent your device from sharing location information through your device’s system settings. But if you do, this may impact Blaise Transit’s ability to provide you our full range of features and services.

6.     Cookie Tracking. You can modify your cookie settings on your browser, but if you delete or choose not to accept our cookies, you may be missing out on certain features of the Blaise Transit Platform.

7.     Do Not Track. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not want them to track your online activities. The Blaise Transit Platform does not currently support Do Not Track requests at this time.

8.     Deleting Your Account. If you would like to delete your Blaise Transit account, please visit our website or our app. In some cases, we will be unable to delete your account, such as if there is an issue with your account related to trust, safety, or fraud. When we delete your account, we may retain certain information for legitimate business purposes or to comply with legal or regulatory obligations. For example, we may retain your information to resolve open insurance claims, or we may be obligated to retain your information as part of an open legal claim. When we retain such data, we do so in ways designed to prevent its use for other purposes.

For California Residents

1.     The California Consumer Privacy Act provides some California residents with the additional rights listed below. To exercise these rights, visit our website.

a.     Right to Know. You have the right to know and see what data we have collected about you over the past 12 months, including:

                                     i.     The categories of personal information we have collected about you;

                                   ii.     The categories of sources from which the personal information is collected;

                                  iii.     The business or commercial purpose for collecting your personal information;

                                  iv.     The categories of third parties with whom we have shared your personal information; and

                                   v.     The specific pieces of personal information we have collected about you.

b.     Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:

                                     i.     Complete your transaction;

                                   ii.     Provide you a good or service;

                                  iii.     Perform a contract between us and you;

                                  iv.     Protect your security and prosecute those responsible for breaching it;

                                   v.     Fix our system in the case of a bug;

                                  vi.     Protect the free speech rights of you or other users;

                                vii.     Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);

                               viii.     Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;

                                  ix.     Comply with a legal obligation; or

                                   x.     Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

2.     Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.

3.     Exercising Your California Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under California law, please contact us using one of the following methods:

a.     Website: You may visit the Blaise Transit website to authenticate and exercise rights via our website.

b.     Email Webform: You may write to Blaise Transit to exercise rights. Please include your full name, email address, and phone number associated with your use of the Blaise Transit Platform, along with why you are writing, so that we can process your request in an efficient manner.

4.     Response Timing and Format. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

European Union GDPR Data Processing Addendum

The Provider requires the Customer to accept the provisions of this Data Processing Addendum ("DPA") which is intended to meet the data protection adequacy and security requirements of the GDPR-Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Therefore, if the GDPR applies to the Customer's activity (for instance because the Customer is established in the European Union or established outside the European Union but the Customer offers good or services to data subjects who are in the European Union) — the Customer needs to accept these Data Processing Addendum terms to be compliant with GDPR so that the Customer can process such GDPR-eligible personal data with the Provider. Unless the Customer accepts the Agreement involving this DPA the Customer's contract with the Provider will lack those terms therefore if GDPR applies to the Customer's activity the Customer must refrain from using the Provider's Service unless the Customer accepts this DPA.

1.     The terms "personal data", "data subject", "processing", "controller", "processor" and "supervisory authority" as used in this DPA have the meanings given in the GDPR.

2.     For the reasons mentioned above, if the Customer with any connection to the EEA, as stated  above, chooses to accept Terms and Conditions and enter the Agreement, the Customer enters this Data Protection Agreement which reflects the conditions governing processing and security of the personal data the Customer submits to the Provider's system or which may be processed by the Customer when connect the Customer's e-mail account thereto, i.e. submitted, stored, sent or received via the our Platform and App, hereinafter referred to as the "Customer Data". Please note that whenever the word "the Customer" is used in this DPA, it means any persons who use the Services on the Customer's behalf, including the Customer's employees, subcontractors and other personnel members.

3. In accordance with the GDPR regulations, this DPA shall be governed and construed in accordance with the laws of Ireland as a European Union's member state. The DPA is concluded for the whole period from the acceptance of the Agreement and this DPA until the end of the Provider's provision of the Services under the Agreement, which shall include periods of suspension of Services' provision or other post-termination periods when the Provider may refrain from deleting the Customer's data.

4. The Customer Data will be processed via the Provider's Services and for the purpose to provide the Customer with full functionalities of the Provider's Services and Website and related operational and technical support related to the Customer's usage of the services so the duration of the processing will last until the expiry of this DPA or until deletion of all the Customer Data. The Provider will process the Customer Data in accordance with our Privacy Policy.

5. The Provider shall not be the controller of the Customer Data the Customer may submit to the Provider's Services and will process such information within the Services solely in the processor's role and – depending on the scope of the Customer's activity – the Customer may be the controller or processor of this data. If the GDPR applies to the processing of Customer Data and the Customer is the processor, the Customer explicitly warrants the Provider that the Customer's instructions and actions with respect to that Customer Data processing, including hereby appointment of the Provider as another processor, have been authorized by the relevant controller.

6. The personal data which may be processed (i.e. submitted, stored, sent or received) by the Customer when the Customer uses the Services may include the following categories of data: names, e-mail address, telephone, profession, company's name and address, city and country of the company, user IDs, presentations, images, calendar entries and other data which may be relevant for the Customer's purposes of permitted usage of the Provider's Services.

7.     The Customer Data which the Customer may process might concern the following categories of data subjects: users of the Services who may include the Customer's employees and contractors, the personnel of the Customer's customers, suppliers and subcontractors or any other person who transmits data via the Services, including any individuals collaborating and communicating with users of the Services.

8.    If the explicit consent of data subject is the legal basis to process the Customer Data via the Provider's Systems, the Customer represents and warrants the Provider that each such consent is freely given and taken in accordance with applicable laws. In this context the Customer indemnify the Provider of all claims and actions of third parties related to the processing of Customer Data via Services without explicit consent or other legal basis under the respective laws.

9.    By entering this DPA the Customer instructs the Provider to process Customer Data only in accordance with applicable laws and only to:

10.  Provide the Services', App's and Website's functionalities and related customer and technical support;

11.     To provide you with our actions, services and support specified by your usage of the Services and demanded when you use the Services (such as sending e-mail messages, campaign settings, etc.); or,

12.  As further documented in herein DPA, Terms of Services, Privacy Policy or otherwise documented in any instructions you may give us in writing, via e-mail or other written electronic communication and that we acknowledge as constituting instructions for the Customer Data processing.

13.  We will comply with your instructions (including with regard to international personal data transfers) unless any European Union or European Union member states' law we could be potentially subject to requires us to otherwise process the Customer Data. If this is the case, we will inform you on this obligation (unless law prohibits us to do so on important grounds of public interest). We will also inform you if your instruction for data processing if we believe it may infringe regulations of the GDPR.

14.  We enable you to delete Customer Data during this DPA by using functionalities within Services – including moving data to archive for limited period or by instant permanent deletion. If the term indicated above expires or you choose to delete data permanently, the Customer Data may not be recovered. Each of such actions will be acknowledged as your instruction to delete relevant Customer Data you submitted or keep within our systems. When the Agreement is terminated or otherwise expires, we shall delete your data, including Customer Data, and/or give you their copy (return them) subject the terms of Agreement.

15.  Under this DPA the Customer authorities the Provider to engage any other third parties as other processors and therefore –the Provider will inform the Customer about such planned engagement and the Customer is authorized to object to such appointment terminating the Agreement within 90 days written notice. If the Provider engages another processor for carrying out specific processing activities on the Customer's behalf (which is unlikely), the same data protection obligations as set out in the DPA will be imposed on that other processor, including in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.

16.  The Provider has implemented and will maintain all the appropriate technical and organizational measures to protect Customer Data to ensure a level of security against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Customer Data, including encryption of personal data, introducing and maintaining systems ensuring the ongoing confidentiality, integrity, availability and resilience of processing, systems ensuring ability to restore the availability and access to Customer Data in the event of a physical or technical incident.

17.  The Customer shall acknowledge that the above-mentioned technical and organizational measures to protect Customer Data involve i.a.: physical security, logical security, separation of databases, policy regarding the removal of magnetic and optical data (including hard drives, portable storage media, backup platforms, etc.), procedures regarding database management, provisions regarding the collection, marking, verification, processing, and distribution of the data, management of access to personnel, including determination of the methodology for providing access to data, restrictions upon access, and keeping an updated list of persons with access rights, confidentiality undertakings for those persons with access rights, encryption of personal data, provisions regarding operations of the systems and maintaining ongoing data integrity, confidentiality, availability and resilience of processing systems and services, monitoring for the discovery of breaches of data integrity and methodology for reparation of such breaches, provisions regarding employee reliability and record of data misuse in accordance with the level of data sensitivity. We shall also regularly test, assess and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Customer Data processing.

18.  If the Customer has further questions on the Provider's technical and organizational means for personal data protection the Customer shall inquire the Provider to provide the Customer with additional information prior to submitting Customer Data to the Provider's systems or it shall be otherwise considered that the Customer agreed that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.

19.  The Provider also ensures that their employees, contractors and sub-processors have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality to the extent applicable to their scope of performance.

20.  If the Provider becomes aware of a data incident – meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by the Provider, excluding unsuccessful attempts or activities that do not compromise the security of Customer Data, unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems – we will notify the Customer of the Data Incident promptly and without undue delay and promptly take reasonable steps to minimize harm and secure Customer Data. Such Data Incident notification will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps the Provider may recommend to address the Data Incident. The Provider will deliver such notification to the Customer's e-mail address or, at the Provider's discretion, by phone call or other direct communication. It is the Customer's sole responsibility to provide the Provider with and update the Customer's current and valid contact information. Neither of the Provider's notifications or communications regarding Data Incidents shall be construed as an acknowledgement of fault or liability with respect to the Data Incident.

21.  By entering this DPA the Customer explicitly acknowledges, agrees and confirms that the Provider will never assess the contents of Customer Data the Customer may submit, store, send or receive using the Provider's Services in order to identify information subject to any specific legal requirements or to assess the Customer's compliance with any laws or infringements thereof. Therefore the Customer is solely responsible for complying with applicable incident notification laws and fulfilling any third party notification obligations related to any Data Incident(s).

22.  The Customer agrees that, without prejudice, the Customer shall be solely responsible for their use of the Services, including: making appropriate use of the Services and exercise adequate security controls to ensure a level of security appropriate to the risk in respect of the Customer Data, securing the account authentication credentials, systems and devices which the Customer may use to access the Services and backing up their Customer Data.

23.  As we provide solely online Services we shall have no obligation to protect Customer Data that the Customer may choose to store or transfer outside of the Provider's systems, for instance for physical storage – in any form. If the Customer has further questions on the Provider's technical and organizational means for personal data protection the Customer shall inquire the Provider to provide additional information prior to submitting Customer Data to the Provider's systems or it shall be otherwise considered that the Customer agrees that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.

24.  Notwithstanding the Provider's obligations in respect to this DPA, the Customer shall also take all the reasonable precaution steps in order to ensure appropriate security and to prevent any destruction, loss, alteration, disclosure, unauthorized or illegal access to or acquirement of Customer Data and any other personal data the Customer may process using via the Provider's Services. If the data the Customer processes via Services were accessed or obtained by an unauthorized person or if there occurs a breach of such personal data security, the Customer shall immediately notify the Provider on such Data Incident and shall cooperate with the Provider in order to take any steps deemed required for the mitigation of any loss or damage.

25.  If the Customer breaches any obligations they may have under the GDPR the Customer shall be unconditionally and solely liable and it shall compensate the Provider and any third parties or data subjects against (a) any damage, loss, costs, taxes and expenses (including legal charges related to judicial experts and lawyers), (b) the refund of any fines or penalties paid by us to the supervisory authority, (c) any other damages resulting from the negligence, fault or gross misconduct or from any breach of an obligation related to Customer Data and other personal data processed via the Services as a consequence of non-complying with this DPA and the GDPR.

26.  The Provider will consider any breach of any representation or provision of the DPA and the GDPR by the Customer shall represent a gross breach of the Agreement and it shall entitle the Provider to terminate the Agreement immediately by sending a termination notice, without any grace or remedy period and without any other formality, notification or intervention of any court of law or another jurisdictional body.

27.  To the extent necessary for the reason of this DPA, the Provider will make available for the Customer's review the documents and information to demonstrate our compliance with our obligations under this DPA.

28.  If GDPR applies to the processing of Customer Data, we will also allow the Customer or the Customer's appointed independent auditor to conduct audits (including inspections) to verify the Provider's compliance with obligations under this DPA, including the Provider's documentation and we will contribute to such audits. In any case such audits will be subject to prior arrangements and reasonably agreed terms for such audits and inspections which may involve fees based on our reasonable costs of such reviews. If the Customer wishes to appoint an auditor, the Provider may object to the Customer's choice if in the Provider's reasonable opinion the appointed auditor is not suitably qualified or independent, a competitor of the Provider or otherwise manifestly unsuitable. If this is the case the Provider will require the Customer to appoint another auditor or conduct the audit itself.

29.  If applicable, the Provider will assist the Customer in ensuring compliance with any of the Customer's obligations in respect of data protection impact assessments and prior consultation, including if applicable the Customer's obligations pursuant to Articles 35 and 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider, for instance by providing additional security information or providing the information with regard to performance of the Agreement including this Data Processing Addendum.

30.  During the term of the Agreement, the Provider will enable the Customer to access, rectify and restrict processing of Customer Data, including deletion of this data (subject to the here in above terms) and to export Customer Data – in a manner consistent with the functionalities of the Services.

31.  If the Provider receives any request from a data subject in relation to Customer Data the Provider may process, the Provider will advise the data subject to submit their request to the Customer and the Customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the Services. Nevertheless, taking into account the nature of the processing of Customer Data via the Services, the Provider will assist the Customer in fulfilling any obligation to respond to requests by data subjects, including obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR. Depending on the case, the Provider may provide you Services' functionalities to perform our commitments you assist you or we may help you in other appropriate manner, including serving you with additional information on processing of Customer Data.

32.  Shall the Customer have any questions in respect of this Data Protection Addendum, please contact the Provider at:


Join our growing network of sustainable transit!

Bus Icon