Privacy Policy

At Ubirider we are committed to optimising your mobility by providing a service that seeks turning urban mobility more intelligent. However, protection of the privacy and personal data of the users of our digital platforms it's also our concern.

In this context, in agreement with the principle of transparency, we created this Privacy Policy, that is part and should be read together with the terms and conditions of use (available here). We hope to help you understand how your data is treated, to what ends, for how long, to whom it is transmitted to and under which security measures.

The treatment of data described in this Policy covers all our digital platforms, including our website and mobile application Pick Hub. By accessing these platforms, some personal information may be requested whenever the processing of your personal data is required to allow the provision of a service, whenever you give us your consent to do so or whenever Ubirider is required by law to do so.

1. Who is responsible for the collection and treatment of your personal data?

Ubirder S.A., VAT number 514908688, with headquarters at Rua Alfredo Allen, no. 455/461, room 1.03, Paranhos, 4200-135, Porto, Portugal is the Controller of your personal data. This means that the personal data collected will always be managed by this company, acting as the Controller of data treatment, according to the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 of April 2016 - hereby referred to as GDPR.

However, the provision of our services may entail, at times, the transfer of your personal data to multiple mobility operators or to payment service providers, which, in certain situations, may act as controllers, Joint Controllers or as Processors. Whenever the case is of joint responsibility, data protection agreements are concluded between the parties, which transparently define the responsibilities for compliance with the applicable law.​

‍

2. What personal data is going to be asked from you?

When using our digital platforms, we will request access to your personal data required to the provision of our services and your personal data necessary to enhance your user experience, namely at our APP. The latter will only be collected on the basis of your clear consent.

In any given case, the information or data requested will not exceed the necessary for the purposes announced or the necessary to enable the provision of the best travel options, according to your needs and the routes established by the operators.

Depending on the means and purposes of each treatment, the following data may be requested when you visit us, use our platforms or register with us:

1. Key data, such as name, gender, birth date and Tax ID Number;
2. Contact information, such as address, email address and phone number;
3. Travel and reservation information, such as number of passengers, booking references and dates, trip itinerary, scheduled trips and history of trips;
4. Geolocation data, depending on your previous consent;
5. Preferences and data collected from your device, such as the type of device you have, the pages you visited, the time you spent on each content, the date and time of your access, the browser you are using;
6. Information collected through the social network from where you started your session, that may include name, gender and profile picture;
7. Payment data, such as the payment method used and the necessary data to conclude the payment operation according to the method you choose, whenever the ticket is purchased directly from Ubirider through its payment service provider partners.

Ubirider may also use your personal data in an aggregated manner, without identification, in order to transmit your commercial preferences to our partners.

Finally, when Ubirider is responsible for issuing the transportation title, we may have to share all payment data with the mobility provider.

‍

3. For what purpose do we ask and process that data?

The personal data collected, regardless of the platform, will exclusively be used to provide our services and to the following purposes:

1. 1. For the performance of the contract or prior to entering into the contract (article 6, no. 1, paragraph b) of GDPR):
   • To provide our services, namely to present the best travel option made available by the mobility operators, according to your criteria (fastest, cheapest, etc.);
   • To issue tickets, manage payments and for invoicing purposes;
   • Management of complaints and suggestions that may arise from eventual flaws in the service provided.
   2. With your consent (article 6, no. 1, paragraph a) of the GDPR):
   • Geolocation data;
   • Contact information for marketing purposes to non-customers;
   • Contact information for sending our newsletters.
   3. For the prosecution of Ubirider, S.A.’s legitimate interests (article 6, no. 1, paragraph f) of the GDPR):
   • Fraud prevention and detection;
   • Customer relationship management, in order to understand how our platforms are used by our visitors and therefore optimizing the service provided;
   • Direct marketing actions, to our well-known customers, offering each one bespoke services and meeting their needs in order to refine the relationship with those clients.

‍

4. When do we request access to your data?

Ubirider collects your personal data only when absolutely necessary for the exclusive compliance of the legitimate purposes herein laid down, with all security measures required for the data processed. Ubirider will not use the data collected for other purposes than those aforementioned. Ubirider will request access to your data when you access our platforms, when you register at our app, when you fill questionnaires at our website or app and, finally, when you purchase our services.

The moment when we collect your personal data will vary according to several circumstances. We may collect your data:

​4.1 When you create a user's account

To create a user’s account and profile, it is necessary to collect some personal data, whether you do it directly at our mobile platform or through a third party social network which you registered with.

4.2 When you use our services

We may collect personal data on your access and your use of our services, such as location, search history, travel information, IP address and future booked trips. Whenever Ubirider is responsible for issuing the transportation title, we will also collect payment data, namely, the payment method and all connected data required to conclude the purchase according to the payment method chosen.

Your data thus collected will not be processed for other purposes than those mentioned or, to purposes not compatible with the purposes for which the personal data are initially collected. Ubirider commits to the safety of the processing activities and to the privacy of each user’s data.

4.3 Suggestions and Complaints

If you contact us to send suggestions or complaints, it will be necessary to collect some of your personal data so we can communicate with you and solve the issue.

Regardless of the subject, we will have to keep your identification information and contact information in our database, so we can answer your complaint/suggestion.

However, if for the purpose of addressing your complaint/suggestion, a clarification with a mobility operator provider is deemed necessary, your data will be transferred to this third party.

4.4 Sending of newsletters

You can register to receive our newsletter at our website. In this case, and if you give your specific and unambiguous consent, your email will be processed for this purpose.

4.5 Issuance of invoice or of other fiscal document

Your Tax ID Number may be required to comply with legal requirements (e.g., invoicing) and will be processed by Ubirider or the mobility service provider according to the agreement between the parties and the responsibility for invoicing.

​Whatever the case is, the user will always be entitled to request an invoice with Tax ID Number.

‍

5. With whom do we share your personal data?

Your data will be kept by Ubirider, acting as a Controller.

However, in certain circumstances, and in order to provide our services, we have to share your personal data with the mobility services providers we work with or with the payment services providers.

Mobility services providers act as Controllers themselves so you should visit and read their own privacy policies. If Ubirider and one of these providers become Joint Controllers for any or some of the processing activities, a written agreement will be concluded between the parties reflecting, in a transparent manner, the purposes and means of the processing of your data, as well as the responsibilities of each party in the conservation of the data processed, always in compliance with data protection legislation in place.

The payment services providers act as Processors and guarantee full compliance with the laws and regulations related to Data Protection and Privacy.

You can confer all mobility operators to which Ubirider, S.A. may transmit your personal data and access the privacy policy of each one of them here (Fertagus, Trevo, Próximo).

Likewise, whenever the ticket is purchased directly from Ubirider the provision of our services implies transferring your data to the payment services providers.

You may consult the list of payment services providers Ubirider may transfer your personal data and access their own privacy policies here: Viva Wallet.

Besides the above mentioned cases, Ubirider may also resort to services provided by other companies, which may entail, at least partially, the treatment of your personal data. However, these entities will be judiciously selected by Ubirider. Ubirider commits to only work with entities that comply with the data protection laws and that offer, at least, the same level of protection that Ubirider does.

Finally, Ubirider may be required to share your personal data with other entities in order to comply with legal obligations.

​

6. Where is my personal data stored?

The personal data that you provide Ubirider with will be stored at servers located within the European Union. If necessary, and according to the terms of the services agreed upon, the processors may transfer your data to servers located in third countries, that offer the same level of protection, as that in force in EU member-state entities or that demonstrate an adequate level of protection.

Ubirider uses Amazon Web Services EMEA SARL (AWS) services, based at 38 Avenue John F. Kennedy, L-1855, Luxembourg and Google Cloud EMEA Limited services, based at Clanwilliam Place, Dublin 2, Ireland, specifically Firebase services.

The data transferred to these processors, taking into account Ubirider's headquarters, will be, by default, stored on servers located in the European Economic Area. Such data shall be subject to adequate security measures, under the terms of the agreements for the processing of personal data proposed by these services providers which, by contracting the services, Ubirider has accepted.

Furthermore, if necessary, AWS may occasionally and temporarily transfer this data to a third country. Google Firebase services reserves the right to carry out such transfers without justification. The selection of the recipient countries, in accordance with the commitments made in their respective policies, terms and agreements, will always be carefully considered and will fall upon countries that offer adequate guarantees for the processing of this personal data.

Without prejudice, both offer alternative mechanisms to provide adequate safeguards, namely the standard contractual clauses applicable to the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council, adopted as an annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

If you want to know more, please consult the following documents:

About Google Firebase Services:

• https://cloud.google.com/terms/google-entity
• https://firebase.google.com/terms/
• https://firebase.google.com/terms/billing
• https://firebase.google.com/support/privacy
• https://firebase.google.com/terms/data-processing-terms
• https://cloud.google.com/terms/data-processing-addendum
• https://firebase.google.com/terms/firebase-sccs-eu-c2p

About Amazon's AWS services:

• https://d1.awsstatic.com/legal/aws-customer-agreement/AWS_Customer_Agreement_Portuguese_Translation.pdf
• https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
• https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf

​

7. For how long will my personal data be kept?

Ubirider will keep your personal data stored as long as it is necessary for the purposes stated or, when applicable, for the period established by law. The retention periods are diverse according to the data and the purposes the data are processed for, so they are defined on a case-to-case basis.

As soon as the reason for collecting the data ceases, if the data is no longer necessary for the establishment, exercise or the defense of legal claims and there is no legal obligation to keep the data, the data will be anonymised or deleted in a secure manner.

​​

8. Is your information kept secure?

Ubirider cares about the security of your personal data and implements appropriate technical and organisational measures to protect the data processed against loss, improper use and/or unauthorised access, disclosure, alteration or destruction.

Ubirider also requires its Processors and Joint Controllers to adopt security measures equivalent to those applied by Ubirider, namely by including confidentiality obligations in the agreements entered into with those entities.

‍

9. Do we use cookies? What are they and how do we use them?

Cookies are small pieces of software that are sent to the user’s device via the user’s browser to collect information that, in some cases, may identify or help to identify the user. There are different types of cookies that can be more or less intrusive. In other words, the cookies may collect more or less information and disclose it to more or fewer recipients, during different periods of time that cookies remain on the user’s device.

We use cookies to improve the performance of our website and the user’s navigation experience, by speeding up our response to your interactions and by storing your information so that you do not have to re-enter it - for example, the user’s details.

We use the following cookies:

‍

The Google Analytics service allows us to understand and record the behaviour of our users. This service provided by Google enables us to obtain information and evaluate the interactions of the users on our platform, improving their experience. Notably, it is possible to gather information such as, for example, the number of times each user visits our platforms, the duration of the visits or the pages from which the access is made.

For more information on how to manage these cookies, please access google’s terms and conditions of use and privacy policy, available on https://policies.google.com/technologies/cookies?hl=pt-PT

In compliance with the applicable legislation, and in addition to that provided in the initial access to our website, we provide information on how you can manage your cookies in your browser. Please visit the official support pages of the main browsers or click on the following links, where you can change your browser preferences:

Chrome:https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en

Firefox:https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website

Internet Explorer:https://support.microsoft.com/pt-pt/help/17442/windows-internet-explorer-delete-manage-cookies

Safari:https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website

Some browsers also offer "DNT" (DO NOT TRACK) tools, and you can always manage your cookies preferences via the following link: https://www.youronlinechoices.com/pt/your-ad-choices

Finally, it is possible that third-party tools/plug-ins such as Facebook, Instagram or Twitter are used on our website to improve the user’s experience. These plug-ins allow the your browser to directly establish a connection to those social networks. However, since Ubirider does not control, nor has any influence on the content of the plug-ins of these or any other social networks, for more information on the processing activities of personal data by these third parties, you should read their privacy policies.

‍

10. What are your rights?

You have the right to ask for information about your personal data to understand what data Ubirider keeps, at any given moment, reasonably and without costs. The right of access, rectification, erasure, object, to restrict processing and to ask for the portability of your personal data, according to the General Data Protection Regulation (GDPR), can be exercised on your profile in the personal area of our app or through the email dpo@ubirider.com.

The rights to erasure or to revoke your previously given consent exercised directly on the app have their effects limited to the app, not affecting the data on our website and vice-versa.

All of these requests will be analysed without undue delay by Ubirider, who will reply, whenever possible, within 30 days from the reception of the request.

The user also has the right to present a complaint to the National Data Protection Commission - Comissão Nacional de Proteção de Dados - to the following contacts:

Address: Rua de São Bento, 148 - 3º, 1200-821 Lisboa

Phone Nº: +351 213 928 400

Fax: +351 213 976 832

Email: geral@cnpd.pt

Website: https://www.cnpd.pt/.

​

11. Changes to the Privacy Policy

The present Privacy Policy is subject to modifications, from time to time and whenever deemed necessary. Therefore, even though they are public, we recommend that you visit this page regularly to be updated with its most recent version.

​Last update: April 2024

© Ubirider, all rights reserved 2024