Confidentiality
What is the purpose of the charter?
At Heetch, the protection of your personal data is a priority.
The purpose of this charter is to inform you about how we process your personal data.
Rest assured, we comply, in the collection and management of your data, with the law of 1978 known as “Informatique et Libertés”, and with the European regulation of April 27, 2016 (hereinafter: the “RGPD”).
What is personal data?
When you use the “Heetch” mobile application (hereinafter: the “Application”) and/or the website accessible at https://www.heetch.com/ (hereinafter, the “Site”) as a passenger (hereinafter the “Passenger”) or as a driver (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to together as the “Users”), we may ask you to provide us with personal data concerning you in order to use our services (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to together as the “Users”), we may ask you to provide us with personal data concerning you in order to use our services (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to “Services”).
The term “personal data” refers to any data that can identify you as an individual.
What personal data does Heetch collect?
As part of our activity, we are required to collect a certain amount of information about you, and in particular:
FOR PASSENGERS:
- Identification data : your first name, last name, email address, user ID telephone number, your identity card when necessary.
Some data, such as your name, first name, email address and photograph, can be retrieved from Facebook, via Facebook Connect if you choose this method when registering. By choosing this method, you agree that Facebook will communicate this data to us.
- Economic and financial data : the last 4 (four) digits of the payment card if this payment method is selected and if you are located in the European Union.
- Location data : your geolocation data is collected when the Application is open and you visualize the geographical map around you, as well as the history of the trips made (hereinafter the” Rides ”) and geolocation data aggregated over a radius of several hundred meters.
- Connection and internet data : your OS version, the version of the application, your IP address, your IP address, your client device name, your device ID, mobile phone operating system, your advertising ID.
- Other data: your city ID, your stripe customer ID, referral code, comments left by our customer service or by you as part of your use of our Services and telephone records with our customer service.
We may also collect data mentioning incidents (unpaid, bad behavior, etc.) encountered while using our Services.
FOR DRIVERS:
- Identification data: your first name, last name, email address, email address, date of birth, date of birth, telephone number, home address, driver's license, identity document, residence permit if applicable, profile photograph.
Some data, such as your name, first name, email address and photograph, can be retrieved from Facebook, via Facebook Connect if you choose this method when registering. By choosing this method, you agree that Facebook will communicate this data to us.
- Data relating to your professional life : legal name and form of your company or employer, intra-community VAT number, registered office, vehicle photograph, make and model of the vehicle, registration number and date of first registration, vehicle registration certificate, VTC registration certificate, VTC registration certificate, VTC registration certificate, VTC license card and date of obtaining, VTC license card and date of obtaining, variation and motorization, green card, digital badge with QR code, proof of professional insurance, employer code, cities or regions in which you will perform Rides.
- Economic and financial data : IBAN, BIC, turnover achieved through our Services.
- Location data : The Heetch Pro app for drivers needs access to your location even when the app is not actively used (i.e. when it's running in the background). This is essential for the following reasons:
1/ Race requests and notifications: To ensure you receive important trip requests and notifications quickly, even when the app is minimized or your device is locked.
2/ Real-time location updates: To monitor your position accurately in real time, allowing for effective distribution and networking with passengers.
3/ Navigation and trip optimization: To provide detailed instructions and optimize routes to ensure a smooth driving experience.
Consent and location data management
You will be explicitly asked to allow the Heetch Pro app to access your location data. You can manage these permissions in your device settings at any time. We keep your location data only for as long as necessary to fulfill the purposes described above as outlined in our Privacy Policy. Your location data will never be sold or shared with third parties for purposes other than those directly related to providing and improving the Heetch Pro service.
- Connection and internet data : your OS version, the version of the application, your IP address.
- Other data : Comments left by our customer service or by you in connection with your use of our Services, telephone conversations with our customer service, conversations with other Drivers, your acceptance rate of Rides as well as your status related to the use of our Services (active, suspended or dormant).
We may also collect data mentioning the incidents encountered during the use of our Services (unpaid, bad behavior, etc.).
This data may be collected when you download the Application, when you use our Site, or when you use our Services.
Who is responsible for the treatment?
HEETCH
SAS - RCS Paris: 794 693 960
6 bis rue Jean Macé — 75011 Paris
contact@heetch.com
TEL: +33 1 82 88 25 26
We have appointed a Data Protection Officer (DPO): BOLD Law Firm
Email: dpo@heetch.com
1. Use of your personal data
Who is responsible for the treatment?
contract
This collection is necessary in order to perform the contract concluded when you use our Services on our Application and/or our Site.
Legitimate interest
When you voluntarily provide us with personal data, we collect it in order to better respond to your requests for information on our Application and/or our Site.
To follow up on your requests to exercise your rights under the GDPR.
When the processing of your data is necessary to combat fraud and contractual violations as well as to maintain the quality of our Services.
Our legitimate interest in facilitating the transmission of your data (drivers) as part of the partnership with Jump to transmit your data to them, provided that you have accepted the partnership with them and that you are registered with them
Legal obligation
When the processing of your data is necessary for compliance with a legal obligation to which we are subject.
Consent
With regard to the collection and storage of your personal data through the cookies used on our Application and/or our Site.
With regard to the transfer of drivers' personal data to third party partners (VTC training centers, etc.).
For what purpose (s) is your data collected and used?
contract
Create a Users and Prospects file.
Manage your access and use of our Services accessible on the Application and/or the Site.
Connecting the Passenger and the Driver to provide passenger transport services.
Manage the operation of our Services.
Legitimate interest
Develop commercial and traffic statistics for our Application and/or our Site in order to improve and optimize our Services.
Personalize responses to your requests for information.
Manage User opinions on the Services or the content of the Application and/or the Site.
Manage the loyalty program.
Manage unpaid bills.
Manage objects forgotten by Passengers.
Send information or inquiries.
Respond to your requests to exercise your rights under the GDPR.
Fight against fraud, contractual breaches and the usurpation of payment methods.
Detect excessive or abusive cancellations by Users.
Legal obligation
Compliance with our legal and regulatory obligations.
Consent
Prevent unpaid bills by keeping data relating to Passengers' bank cards.
Allow Drivers who do not meet the conditions of access to the Services to be put in contact with VTC training centers.
The purposes of the cookies we use are described in the Cookie Policy appendix.
NB/ You can always refuse to send us your data, we will then inform you of the possible consequences of this refusal when this data is mandatory.
*Mandatory data is: First name, Last name, Last name, Email, Phone number, photograph or video of the face.
2. Recipients of the data collected
Will have access to your personal data:
1 - Our team,
2 - The services in charge of control (auditor in particular),
3 - Our subcontractors: tools for carrying out statistical and marketing studies; audience measurement and analysis providers; hosting providers; online communication providers; administration, collaboration and management tools; back office management tools; back office management tools; online payment service provider; online payment service provider; identity verification and anti-fraud tools,
4 - Partners (VTC training centers in particular) or your employer (for employed Drivers) with whom we are likely to work to perform our Services, with your agreement,
5 - Our partner Jump, provided that you have accepted the partnership with them and that you are registered with them, in order to facilitate the provision of their Services.
Not to mention (less fun) public organizations, court officials (bailiffs, notaries, etc.), ministerial officers and organizations responsible for debt collection.
Your personal data may be transferred, rented or exchanged for the benefit of third parties, only if you give us your prior and express consent for this purpose.
3. Retention period of personal data
Nature of the data
Passengers
Drivers
Identification data
For the duration of the use of our Services up to 3 years from the date of the deletion of your account or your last use in terms of the use of data for prospecting purposes. At the end of this 3-year period, we will be able to contact you again to find out if you wish to continue to receive commercial solicitations.
ID card
Up to 6 years in an archived database for evidence purposes when the collection is necessary for identity verification and for the period strictly necessary in case of exercising the right of access or correction.
Face photography or video
1 month from when the photo or video was taken
Professional life
/
For the duration of your use of our Services and up to 3 years from when your account was deleted or last used.
Economic and financial data
Throughout the duration of the use of our Services and within the limit of the validity of your bank card, only if you have consented to the storage of your bank data in order to facilitate your subsequent Rides by checking the dedicated box, or until the end of the Ride when you have chosen to pay in cash.
For the duration of the use of our Services up to 3 years from the date of the deletion of your account or your last use.
Location data
For 1 year from the collection of geolocation data or the Ride and up to 3 years from when your account was deleted or last used for aggregated location data.
Connection data and internet data
See the Cookies Policy in the Appendix on this subject.
Telephone calls between Drivers
/
For 1 year from data collection.
Comments left by Passengers about a Driver
For the duration of the use of our Services by you or by the Driver.
The entire duration of the use of our Services by you or by the Passenger.
Exclusion data
- 48 hours from the date of the regularization of the incident;
- 3 years from the occurrence of the incident if it has not been regularized;
And as an exception, 2 additional years for data relating to the following incidents:
- Physical assault on a driver or passenger
- Creation of a driver account
- Behaviors of a driver considered inappropriate or serious
- Poor passenger feedback
- Loan or rental of a driver driver to another individual
- Driving with an unregistered vehicle
- Verification of driver documents required
- Unpaid driver debt
- Suspension of the driver at the request of his manager
- Suspension of a passenger for not complying with platform rules
Data allowing the management of requests to exercise rights
2 years from the date of your request to exercise your rights.
Data allowing your right to object to be taken into account.
Minimum 3 years from the exercise of the right of opposition.
Accounting data (invoices)
10 years concerning invoices, to comply with our accounting obligations, in accordance with article L. 123-22 of the Commercial Code.
Data required for evidentiary purposes
Duration of the legal prescription (generally 5 years)
Other categories
For the duration of your use of our Services and up to 3 years from when your account was deleted or last used.
4. security
Don't worry! We (and our subcontractors) have taken all necessary precautions, as well as appropriate organizational and technical measures to maintain the security, integrity and confidentiality of your personal data.
5. Lodging
Your data is kept and stored for the duration of their processing on the servers of the company Amazon Web Services located in Ireland, in the European Union.
6. Transfer outside the European Union
As part of the tools we use (see article “Recipients of collected data” concerning our subcontractors), your data is likely to be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:
- Or this data is transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission;
- Or we have concluded a specific contract with our subcontractors governing the transfers of your data outside the European Union, on the basis of standard contractual clauses between a data controller and a subcontractor approved by the European Commission.
7. Cookies
For more information on cookies, we refer you to our Cookies Policy.
8. YOUR RIGHTS
What are your rights to your data?
Right to information
That is exactly why we have written this charter.
Right of access
You have the right to access all of your personal data at any time
Right to rectification
You have the right to rectify your inaccurate, incomplete or outdated personal data at any time
Right to limitation
You have the right to obtain the limitation of the processing of your personal data in certain cases defined in art.18 of the GDPR
Right to portability
You have the right to receive your personal data in a legible format and to request their transfer to the recipient of your choice.
Right to erasure
You have the right to demand that your personal data be erased, and to prohibit future collection
Right to file a complaint
with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of applicable texts
Right to object
You have the right to object to the processing of your personal data. However, note that we will be able to maintain their treatment despite this opposition, for legitimate reasons or the defense of legal rights.
With regard to prospecting, you can oppose it at any time via the unsubscribe link located at the bottom of each of our prospecting emails.
Right to set guidelines after your death
relating to the storage, deletion and communication of your personal data, and designating a person in charge of their execution if necessary.
You can transmit them to a trusted digital third party certified by the CNIL when it comes to general guidelines, or to the contact details below for your specific instructions.
You can change or revoke your instructions at any time.
How can you exercise your rights?
You can exercise the above rights by writing to us at dpo@heetch.com
Or at the following address, for fans of the pen: Heetch, 6 bis rue Jean Macé — 75011 Paris
On this occasion, you must prove your identity by any means. If we have doubts about your identity, we may ask you for additional information that appears necessary including, if applicable, a copy of a signed identity document.
In the event of a request to erase your data, Heetch undertakes to delete your data immediately upon receipt of your request for deletion.
For any other request relating to your rights, Heetch undertakes to respond to you as soon as possible and, in any event, within one month of receiving your request. If necessary, this period may be extended by two months taking into account the complexity and number of requests sent to Heetch. In this case, you will be informed of this extension and the reasons for the delay.
If your request is submitted in electronic form, the information will also be provided to you electronically where possible, unless you expressly request otherwise.
9. Entry into force
This charter came into force on January 17, 2023.
10. Changes
We reserve the right, at our sole discretion, to modify this charter at any time, in whole or in part.
You will be informed of this publication by a message that will be displayed the next time you open the Application or when you next use our Site.
These changes will come into force as of the publication of the new charter. Your use of the Application or the Site following the entry into force of these modifications will constitute recognition and acceptance of the new charter. Otherwise and if this new charter does not suit you, you will no longer have to access the Application or the Site.
11. Credits
Credit for the pictograms: created by Gregor Cresnar, Thomas Soto, Thomas Soto, Iyikon, Bezier Master, Alina Oleynik, Jaro Sigrist, Three Six Five, Rflor, Rama, Rama, AOMam, AOMam, Por Suppasit, and Pedro Santos of Noun Project.
