Confidentiality

At Heetch, the protection of your personal data is a priority.

When you use the site https://www.heetch.com (the “Site”) and/or the Heetch application (the “Application”) and as part of the management of our contractual relationships with our customers, we are required to collect personal data about you.

The purpose of this policy is to inform you about the methods by which we process this data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “RGPD”) and Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms (together the “Applicable Regulation”).

Capitalized terms used in this privacy policy will have the meaning given to them in the GDPR or in Heetch's terms and conditions of use.

When you use the “Heetch” mobile application (hereinafter: the “Application”) and/or the website accessible at https://www.heetch.com/ (hereinafter, the “Site”) as a passenger (hereinafter the “Passenger”) or as a driver (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to together as the “Users”), we may ask you to provide us with personal data concerning you in order to use our services (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to together as the “Users”), we may ask you to provide us with personal data concerning you in order to use our services (hereinafter the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to as the “Driver”), (hereinafter referred to “Services”). We ”).

As part of our activity, we are required to collect a certain amount of information about you, and in particular:

For Passengers:‍
- Identification data: your first name, last name, email address, email address, telephone number, user ID, your identity card when necessary. If you choose to log in using a third-party authentication service (including Facebook Connect), certain data, such as your name, first name, email address, and photograph, may be retrieved from that service. By choosing this method, you agree that said service may communicate this data to us. We don't connect your third party account password.
- Economic and financial data: the last 4 (four) digits of the payment card if this payment method is selected and if you are located in the territory of the European Union.
- Location Data: your geolocation data is collected when the Application is open and you view the geographic map around you, as well as the history of the races completed (hereinafter the “Rides”) and the geolocation data aggregated over a radius of several hundred meters.
- Connection and internet data: your OS version, the version of the application, your IP address, your client device name, your device ID, mobile phone operating system, your advertising ID.
Other data: your city ID, your stripe customer ID, referral code, comments left by our customer service or by you as part of your use of our Services and telephone records with our customer service.
‍
We may also collect data mentioning incidents (unpaid, bad behavior, etc.) encountered while using our Services.
‍
For Drivers:
- Identification data: your first name, last name, email address, email address, date of birth, date of birth, telephone number, home address, driver's license, identity document, residence permit if applicable, profile photograph. If you choose to log in using a third-party authentication service (including Facebook Connect), certain data, such as your name, first name, email address, and photograph, may be retrieved from that service. By choosing this method, you agree that said service may communicate this data to us. We don't connect your third party account password.
- Data relating to your professional life: legal name and form of your company or employer, intra-community VAT number, registered office, vehicle photograph, make and model of the vehicle, registration number and date of first registration, vehicle registration document, vehicle registration certificate, VTC registration certificate, VTC registration certificate, VTC registration certificate, VTC license card and date of obtaining, variation and motorization, green card, digital badge with QR code, proof of insurance professional, employer code, cities or regions in which you Go perform Rides.
- Economic and financial data: IBAN, BIC, turnover achieved through our Services.
- Location Data: your geolocation data is collected when the Application is open and you view the geographic map around you, as well as the history of Rides performed and aggregated geolocation data over a radius of several hundred meters.
Connection and internet data: your OS version, the version of the application, your IP address.
‍
Other data: Comments left by our customer service or by you as part of your use of our Services, telephone conversations with our customer service, conversations with other Drivers, your acceptance rate of Rides, your supporting documents in case of suspected fraud, as well as your status related to the use of our Services (active, suspended or dormant).
‍
We may also collect data mentioning the incidents encountered during the use of our Services (unpaid, bad behavior, etc.).
‍
For Fleet Managers:
- Identification data: your first name, last name, email address, telephone number, photograph.
- Data relating to your professional life: legal name and form of your company, intra-community VAT number, registered office, information relating to the vehicle fleet (vehicle photography, vehicle brand and model, vehicle registration number, vehicle registration number, vehicle registration certificate, driving license, driver's license, driver's license, VTC registration certificates, VTC registration certificates, VTC license card and date of obtaining, declination and motorization, green cards, digital buttons with QR code), proof of professional insurance, cities or regions in which the corresponding fleet performs Rides.
- Economic and financial data: IBAN, BIC, turnover achieved through our Services.

This data may be collected when you download the Application, when you use our Site, or when you use our Services. Mandatory data is indicated when you provide us with your data. They are reported by all means.

Will have access to your personal data:

1. Our team,
2. The services in charge of control (auditor in particular),
3. Our subcontractors: tools for carrying out statistical and marketing studies; audience measurement and analysis providers; audience measurement and analysis providers; hosting providers; online communication providers; administration, collaboration and management tools; back office management tools; online payment service provider; online payment service provider; online payment service provider; online payment service provider; online payment service provider; online payment service provider; online payment service provider; identity verification and fraud prevention tools; cookie management provider; IP voice telephony tool.
4. Our partners (VTC training centers in particular) or your employer (for employed Drivers) with whom we are likely to work to perform our Services, with your agreement,
5. Our partners provided that you have accepted the partnership with them and/or that you are registered with them, in order to facilitate the provision of their Services.
Not to mention (less fun) public organizations, court officials (bailiffs, notaries, etc.), ministerial officers and organizations responsible for debt collection.
Your personal data may be transferred, rented or exchanged for the benefit of third parties, only if you give us your prior and express consent for this purpose.

Your personal data may be transferred, rented or exchanged for the benefit of third parties, only if you give us your prior and express consent for this purpose.

Your data is retained and stored for the duration of processing on the servers of the company Amazon Web Services, located in the European Union.

As part of the tools we use (see article on recipients concerning our subcontractors), your data is likely to be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:
- or the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with article 45 of the RGPD: in this case, this country ensures a level of protection considered sufficient and adequate to the provisions of the RGPD;
- or the data is transferred to a country whose level of data protection has not been recognized as adequate under the RGPD: in this case these transfers are based on appropriate guarantees indicated in article 46 of the RGPD, adapted to each service provider, in particular in particular in a non-exhaustive manner, the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
- or the data is transferred on the basis of one of the appropriate guarantees described in Chapter V of the GDPR.
‍
You can obtain a copy of the tools allowing the transfer of your data outside the European Union by contacting us at the following address: dpo@heetch.com.

You have the following rights with respect to your personal data:
‍
Right to information : that's exactly why we wrote this policy. This right is provided for in articles 13 and 14 of the GDPR.
‍
Right of access : you have the right to access all of your personal data at any time, under article 15 of the RGPD.
‍
Right to rectification : you have the right to rectify your inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR
‍
Right to limitation : you have the right to obtain the limitation of the processing of your personal data in certain cases defined in article 18 of the RGPD.
‍
Right to erasure : you have the right to demand that your personal data be erased, and to prohibit any future collection of it for the reasons set out in article 17 of the GDPR.
‍
Right to file a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of applicable texts, in accordance with article 77 of the RGPD.
‍
Right to define guidelines for the storage, deletion and communication of your personal data after your death.
‍
Right to withdraw your consent at any time : for purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out prior to the withdrawal.
‍
Right to portability : under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
‍
Right to object : under article 21 of the GDPR, you have the right to object to the processing of your personal data.

You can exercise these rights by writing to us using the contact details below. On this occasion, we may ask you to provide us with additional information or documents to justify your identity.

To find out more about the management of cookies we invite you to consult our Cookies Policy.

Contact email: dpo@heetch.com
Contact address: 198 bis rue Lafayette, 75010, Paris

We may modify this policy at any time, in particular in order to comply with any regulatory, jurisprudential, editorial or technical changes. These changes will apply as of the effective date of the amended version. You are therefore invited to regularly consult the latest version of this policy. However, we will keep you informed of any significant changes to this privacy policy.

Entry into force: November 20, 2024