Privacy Policy

Last updated 18.11.2017 

Our services, including Whim, are all about giving you the true freedom of mobility. Part of what makes that freedom possible is our commitment to protecting your privacy. We at MaaS Global want you to feel safe in knowing that your privacy is protected and your personal data processed in a transparent manner. This is why we have prepared what our lawyers like to call the “MaaS Global Privacy Policy”. Read this carefully, and make sure you understand what it says before accepting it. If you have any questions about this, we are happy to answer. Just send us an email at privacy@maas.global and we will do our best to get back to you soon.

***

This Maas Global Privacy Policy provides information on how we collect and process personal data, and how we use that data. This Privacy Policy applies to all our services specified in our Terms of Service located at www.whimapp.com/terms, as well as our website where this Privacy Policy is presented.

  1. The type of information we collect

We believe in transparency and informed consent. That is why we want to provide you with full visibility to the types of personal data we collect from you directly and through your use of the services. Information collected directly from you

Basic personal details. When you register as a user, we ask you to provide your telephone number. The telephone number will act as your account ID and can be used for communication with you in accordance with the applicable laws.

Additional personal details. When you subscribe to a paid account or make a purchase using the pay-as-you-go model, we will also ask you for your name, email address and street address. We may also ask information relating to your devices, home country, language, credit card details and other payment details. This information is needed to ensure we can process your payment. We also use third party payment processors who will request, and process details related to your chosen payment method. This information will be processed directly by the third party and we will not store that data. We can also implement various third-party log-in systems, such as Facebook login, that allow you to provide some of your personal details directly from the third-party service. Furthermore, there will be a possibility to personalise your profile with your photo.

Verification data. Some parts of the services require us to perform additional verifications, such as verifying your place of residence or that you are licensed to drive. In order to perform these additional verifications, we may request you to provide additional details such as, but not necessarily limited to, your personal identity number or your driver’s license details.

Information collected through your use of the services

When you use the services, we collect information that helps us provide the services to you. This information includes the following:

Your transactions with us. We maintain records of your purchases, downloads, the content you have provided us with, your requests, agreements between you and MaaS Global, the services provided to you, your delivery details and other interactions with us. We may, in accordance with applicable law, record your communication with our customer care or with other such contact points.

Positioning and location data. Location-based services establish location through the use of satellite, mobile, Wi-Fi or other network based positioning methods. These technologies may involve exchanging your location data and unique device and mobile, Wi-Fi or other network related identifiers with MaaS Global. Our services may operate on multiple device platforms, applications and services which may also collect your location data. We do not use this information to identify you personally without your consent. When you use our location based services and features, for example location based search, navigation and routing, or request for map data, your location data is sent to MaaS Global to serve you with the right content, which may also include and promote location-specific services.

Travel data. We store information about your trips. This includes the start and end points of the trip, the start and end times of the trip, the method of travel, and the cost. This information is associated with your unique user identifier. This information is vital for the functioning of the service, as it allows us to provide the service and to ensure the trip provider is compensated for the trip.

Favourites. Our service allows you to store favourite points on a map. This allows us to customize our service offerings for your use, and make it easier for you to travel to and from your favourite locations regularly.

Calendar data. If you wish, you can grant our service access to your calendar. This allows you to request additional services such as travel reminders, travel plans and other functionality.

Other data. We may also collect so called non-personal data. By non-personal data, we mean all other information we collect that does not enable you to be identified. We may collect data such as, but not limited to your IP address, access times, browser or application type, what pages you have visited and the sites linked from. However, in some cases non-personal data can be stored together with your personal data in such a way that the non-personal data could be considered to be personal data as well. In such cases we process it in accordance with the provisions of this Privacy Policy.

Our applications are in frequent contact with our service, to provide door-to-door travel capabilities, guidance and booking services, for example to check for updates or to send us information relating to service usage. Additionally, we may invite you to join voluntary product and service improvement, campaigns or research programs where detailed information is collected.

MaaS Global services are typically intended for general audiences. MaaS Global does not knowingly collect personal data of children.

  1. The purposes for which we use the information

We always want to identify the best mobility option for you and we constantly want to improve our services so that you get the most value from them at any given moment. For this purpose, we need to collect personal data. We have noted above the specific purposes for which we collected certain types of personal data. However, as we continue improving and developing the services, we can come up with new innovative features that potentially also rely on your personal data.

In order to ensure that we can continue innovating, we would also like you to know and accept that we can collect personal data for the general purposes of i) providing you with our services, ii) making it possible for you to set up an account with us, iii) enabling us to develop, improve and manage our services by better understanding our customers, iv) keeping you informed about our services and v) contacting you in specific cases related to issues you might be experiencing with our services vi) for historical or scientific research or for statistical purposes.

It is also possible that we are able to further simplify your life by providing you with personalised marketing or recommendations, unless you let us know that you do not wish to receive such marketing. If you explicitly agree, by opt-in consent, it is also possible that your data is used for the purpose of providing you with offers from our partners that suit you and your needs.

  1. Storing of your personal data

As most other service providers, we store and process your personal data (if any) on third party servers (” Hosting Providers”). The Hosting Providers we have chosen enable us to keep your data in the European Economic Area. Those third party servers are protected by physical as well as technological security devices. By using our services, you give us consent to store, process and transfer your personal data (if any) outside of your country of residence to the countries where our Hosting Providers are located. Your personal data is stored for no longer than is necessary for the purposes for which the personal data is processed.

  1. Disclosure of the information to third parties

We utilize third parties to provide payment and related administration services (“Payment Providers”). As noted above, we can share your payment method details with these Payment Providers so that they can process your payment. This processing can take place in the United States, and by sharing your payment details with us you consent to the transfer of such details to the United States. These third parties can also collect data from you, which they will process in accordance with their own processes and privacy policies.

Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) .In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organisational information security measures.

Apart from Hosting Providers and Payment Providers, we may disclose your personal data to third parties provided:

  • you have given us your express consent for doing so;

  • the disclosure is reasonably necessary to provide you with the services. We could, for example, share your name with a service provider that you want to use so that the service provider knows you will be using their services;

  • the disclosure is reasonably necessary for the purpose of development and maintenance of our services. We may, for example, use third party consultants to help us develop our services. Whenever we use third party consultants, we will impose contractual commitments on them to comply with this Privacy Policy;

  • the disclosure is reasonably necessary for us to be able to enforce our Terms of Service;

  • the disclosure is reasonably necessary for the purposes of detecting and preventing fraud or security breaches; or

  • the disclosure is made in accordance with applicable law.

If we decide to sell, buy, merge or otherwise reorganise our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers.

We may share non-personal data to select third parties. Your rights

When you are providing personal data to us you have certain rights. You have the right to know what information we have collected about you. You also have the right to have incorrect, incomplete, unnecessary or outdated data removed. We want to make this process as simple as possible. Therefore, some of the information you provide will be accessible via the services themselves and you can view, edit or delete that information at any time.

Some of the information is not available via the services. In case of such information, you can request to review, amend or delete it by sending a written request to our address stated below, together with documentation that enables us to verify your identity. We will handle your request with all respect and without undue delay.

MaaS Global Oy

c/o Privacy Policy

Lönnrotinkatu 18

00120 HELSINKI

Finland

Please note that in certain situations, in particular if you request that we delete and no longer process your personal data, we may be unable to continue the provision of our services to you.

  1. Cookies

We use cookies, web beacons and other similar technologies to operate and improve our website and offering. Cookies are used in order to facilitate your use of our website. They are small text files that are stored on your computer or mobile device that register how you use the website and our services, as well as your preferences. It carries information from one session to the next so that you do not have to start over each time you come back to the site.

Our domains may also include third party elements that set cookies on behalf of a third party, for example relating to third party social network.

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our site and some services and functionalities may not work.

  1. Data Security

Privacy and security are key considerations in the creation and delivery of our services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We have the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing our services. Also, we limit access to our data bases containing personal data to authorised persons having a justified need to access such information.

As of the Effective Date of this Privacy Policy, we have the following data security measures in place.

  • We use industry standard security mechanisms to protect the collected personal data. All collected personal data is stored in protected databases located behind a firewall and with both physical and software-based access controls provided by our Hosting Provider.

  • Our payment providers are PCI-DSS Level 1 certified.

  • We pseudonymise and encrypt the personal data;

  • We have a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.As we innovate and develop our services, we can introduce new or alternative data security measures to protect your data.

In the event of a physical or technical incident, MaaS Global have the ability to restore the availability and access to the personal data.

  1. General information

The name of the data controller is MaaS Global Ltd, business id: 2685777-4, with a registered address at

Lönnrotinkatu 18

00120 HELSINKI

Finland

Contact person: c/o Privacy Officer

The name of the personal data register is the MaaS Global User Registry.

This Privacy Policy includes the Records of processing activities according to The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

 

  1. Changes to this Privacy Policy

 

Note also that as we want to ensure that this Privacy Policy properly reflects the way we handle your data, we need to reserve the right to make changes to it in our sole discretion whenever it is necessary. Although we will use reasonable efforts to notify you of all substantial changes to this Privacy Policy, you should also do your best to review this document on a regular basis.***