At Ubirider, S.A. we are committed to optimizing your mobility by providing a service that seeks turning urban mobility more intelligent. However, protection of the privacy and personal data of the users of our digital platforms it's also our concern.
The treatment of data described in this Policy covers all our digital platforms, including our website and mobile application Pick Hub. By accessing these platforms, some personal information may be solicited, always that data is needed to provide a service, when you give express and clear authorisation to do so or when legal obligation required.
Who is responsible for the collection and treatment of your personal data?
Ubirder S.A., NIPC 514908688, with address at Rua Alfredo Allen, nº 455/461, room 1.03, Paranhos, 4200-135, Porto, Portugal is the entity responsible for the treatment of your personal data collected by your activity as a user. As such, the personal data that you make available will always be managed by this company, which acts as the Controller of data treatment, according to the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 of April 2016 - hereby referred to as only GDPR.
However, in order to provide its services, Ubirider, S.A. may share your personal data with diverse mobility operators or with partners providing payment services, which, in certain situations, may act, as a controller, a Joint Controller or as a Processor. In light of such joint responsibility, data protection agreements are concluded between the parties, which transparently define the responsibilities for compliance with applicable law.
2. What personal data is going to be asked from you?
When using our digital platforms, we request that you share personal data needed to provide our service and other data that allow us to enhance your user experience, namely at our APP. This last personal data is only collected when you give us your express and clear consent.
In any given case, no more than the necessary information to meet our announced goals and information that allows us to offer the best travel options is required, allying your needs to the ones from the operators.
Depending on the means, form and ends for what they are used, when you visit and use our platforms or register, we may request the following data:
1. Key data, such as name, gender, birth date and Tax ID Number;
2. Contact information, such as address, email address and phone number;
3. Travel and reservation information, such as number of passengers, booking references and data, trip itinerary, scheduled trips and history of trips;
4. Geo localization data, to which our access depends on your previous consent;
5. Navigation data and preferences, such as navigation data, visited contents, time spent in each content, date and time of access and way of access (mobile, desktop, etc.);
6. Information collected through the social network from where you started your session, that may include name, gender and profile picture.
7. Payment data, such as the payment method used and the necessary data to carry out the operation in question, depending on the payment method you choose, whenever the ticket is purchased directly from Ubirider through its payment service provider partners.
Ubirider S.A. will also use your personal data, without identification and in an aggregated way, to transmit to our partners information related to the user's commercial preferences.
Finally, when Ubirider, S.A. is responsible for issuing the transportation title, we may share all payment data with our mobility partners.
3. For what purpose do we ask and process that data?
The personal data that are collected, independently of the platform through which it was made available, will be used, exclusively, for us to provide our service and to pursue the following objectives:
1. For the performance of a contract or prior to entering into a contract” (article 6º, nº1, al. b) of GDPR):
a) To provide our services, namely to present the best travel option from the mobility operators, according to the criteria selected by the user (fastest, cheapest, etc.);
b) To issue tickets, manage payments and to issue and send invoices;
c) Management of complaints and suggestions that may arise from eventual flaws in the provided service;
2 For the prosecution of Ubirider, S.A.’s legitimate interests (article 6º, nº1, al. f) of the GDPR):
a) Fraud prevention;
b) Managing relationship with the user, in order for us to understand how our platforms are used, achieving improvement of quality and optimization of the service provided;
c) Sending of communications of direct marketing actions, only to our usual clients that Ubirider, S.A. knows well enough to offer to each one of them the most tailored services that meet their needs, with the purpose of creating an even more personalized relationship with those clients.
3. Processing is also done under your consent (article 6º, nº1, al. a) of the GDPR), for us to provide and pursue the following objectives:
a) Geo localization data;
b) Contact information for sending marketing communications to our non-clients;
c) Contact information for sending our newsletters;
4. When do we ask for that data?
Ubirider, S.A. collects your personal data only when it is absolutely necessary and when it has a legitimate reason to do so, always with security and never to different purposes than those stated. Data is collected when users access our platforms, registers at our app or fills questionnaires at our website.
The moment when we collect your personal data will depends of using circumstances, as such the following ones:
4.1. When you create a user's account
To create an user’s account and profile, it is necessary to collect some personal data, whether you do it directly at our mobile platform or through a third party social network which you registered with.
4.2. When you use our services
We may collect data about the user when our services are used, regarding what you do with them, such as your location, your search and trip history, your IP and your future booked trips. When Ubirider, S.A. is responsible for issuing the transportation title, we will also ask payment data such as payment method and all Data required to finish the purchasing process depending on the payment platform chosen by the user.
All data the user makes available at this moment will not be treated to any other end besides the stated one or any compatible with it; Ubirider, S.A. commits itself to the privacy and security at processing and maintenance of each user’s data.
4.3. Suggestions and Complaints
If you contact us to send suggestions or complaints, it will be necessary to collect some of your personal data so we can communicate with you and solve the issue.
Regardless of the subject, we will have to keep your identification information and contact information in our database, so we can answer your complaint/suggestion.
However, when addressing your complaint/suggestion, is it necessary to obtain clarification with a mobility operator partner, your data related to said complaint/suggestion will be communicated with this third party entity, in an anonymous way whenever possible.
4.4. Sending of newsletters
You can register to receive our newsletter at our website. In this case, and if you give your consent expressly and unmistakably, it will be necessary to collect your email.
4.5. Invoice issue
Your Tax ID Number may be solicited if the value of your purchase obligates us, by legal reasons, to issue an invoice with the user’s Tax ID Number.
Regarding this Datta, and according to which legal entity is responsible to issue the invoice, Ubirider S.A. and the mobility partner may act as a controller, a Joint Controller or as a Processor, depending on the contract celebrated between Ubirider S.A. and the mobility partner.
In any given case, user will always be entitled to request an invoice with Tax ID Number
5. With whom do we share your personal data?
Your data will be kept by Ubirider, S.A. as Controller.
However, in certain circumstances, and in order to provide our services we have to share your personal data with the mobility operators we work with or with the partners that provides payment
services. These entities, however, as a Processor or joint controllers, guarantee the full compliance of the legal parameters of the Privacy and Data Protection In cases where mobility operators
or payment service provider partners assume themselves as joint controllers, Ubirider, S.A. A. will reach an agreement with them, in a transparent way, about the purpose and means of data treatment,
always complying with the data protection legislation.
Likewise, whenever the ticket is purchased directly from Ubirider S.A. the provision of our services implies data sharing with ourpartners who provide the payment platforms.
Besides this, Ubirider, S.A. may also resort to services provided by third parties, which ambit relates, all or part of, with the treatment of your personal data. However, these entities will be judiciously selected by Ubirider, S.A. and we will only resort to such entities that comply with the requirements imposed by the data protection legislation.
Finally, under the compliance of legal obligations, Ubirider, S.A. may be forced to share your personal data with other entities.
6. Where is my personal data stored?
In order to be aware where your personal Data transmitted by Ubirider S.A. to their partners is stored you must directly consult the privacy police of the partners.
7. For how long is my personal data stored?
Ubirider S.A. will keep your personal data stored as long as it is necessary for the ends stated or, when applicable, for the time demanded by law. The conservation limits are diverse according to the kind of data treated and its finalities, being defined on a case-to-case basis.
When the purpose of the data collection is extinguished, and if data is no longer necessary for legal defense of Ubirider, S.A. or third party entities, and/or when there is no legal obligation to keep data, your data will be deleted in a secure way or anonymized.
8. Is your data treated in a safe way?
Ubirider, S.A. cares about the security of the personal data that process, implementing the adequate safety, technical, organizational and administrative measures needed to protect the stored data against loss, improper use and/or non-authorized access, divulgation, alteration or destruction.
Ubirider, S.A. also demands that its Processor’s and Joint Controllers to adopt security measures equivalent to those in practice, namely through the inclusion of secrecy and confidentiality duties in the celebrated agreements.
Cookies are small files or bits of software that lodge themselves in the user’s equipment through the used browser and collect information about what is done in each digital platform. There are several types of cookies, more or less intrusive in a way that they collect more or less information, they disclose it to more or less recipients and they are more or less persistent, taking into account the time they stay in the user’s terminal.
Summarizing, we use our cookies with the following objectives:
Memorize some data that you provide so you do not have to introduce it again, namely for exchanging communication, for sending our newsletter or to remember your registration data;
Make sure that our digital platforms are working properly, enhancing your navigation experience;
Identifying the type of access;
Identifying the geographic location from where the access is coming;
Retain the navigation preferences of our users so we can, in an aggregated way, learn which contents, services and functionalities arise most interest.
We also use third party cookies, like Google Analytics, which allow us to understand and register our users behaviors. This service made available by Google allows us to obtain information and evaluate the usage of our users in the present platform, improving their experience. Concretely, it is possible to find out information like, for example, the number of times the user visits our platforms, the duration of those visits or the pages from where the access is made.
For more information regarding the configuration of these cookies, we suggest that you consult the following page: https://policies.google.com/technologies/cookies?hl=pt-BR
To improve our services, it is also possible to use third party tools/plug-ins like Facebook, Instagram or Twitter. These plug-ins allow the user’s browser to establish a direct connection with said social networks, providing access to sharing and additional content. However, as Ubirider, S.A. does not control or have any influence on the contents of said social networks’ plug-ins, we recommend that you obtain more information about the extent of the collection and processing of personal data made by these channels, consulting the privacy policies of said third parties.
10. What are your rights?
The user has the right to solicit information about his personal data so he can understand what Ubirider, S.A. keeps or knows about him, at any given moment, reasonably and without costs. The right of access, rectification, erasure, object and to restrict processing and portability of your personal data, according to the General Data Protection Regulation (GDPR), can be exercised by changing your profile in the personal area of our mobile platform or through our email email@example.com
Either way, elimination of your user account as well as withdrawing your consent(s) at our mobile platform only produces effect on it, not being effective concerning other registration or consent´s given at our website, and vice-versa.
All of these requests will be analyzed in a reasonable time period, to which Ubirider, S.A. will promptly respond and, whenever possible, in a maximum of 30 days.
The user also has the right to present a complaint to the National Data Protection Commission to the following contacts:
Address: Rua de São Bento, 148 - 3º, 1200-821 Lisboa
Phone Nº: +351 213 928 400
Fax: +351 213 976 832
Last update: March 2022