Privacy Statement
for FluidLife App user

[16 .12.2022] english

Fluidtime Data Services GmbH collects and uses your personal data exclusively within the framework of the Austrian data protection regulations. These are in particular the provisions of the Data Protection Act (DSG 2000) and the Telecommunications Act (TKG 2003). The DSG 2000 supplements the Data Protection Regulation (GPDR). We see it as our obligation to administer your data with the utmost care and to do everything to protect your information from misuse. Our employees and representatives are obliged to comply with data protection regulations in accordance with legal requirements.

The following information explains in detail what data is collected during your visit to our apps and how we use it. You can access this data protection declaration at any time in our app and on our website.

Individual pages may contain links to other providers outside Fluidtime Data Services GmbH to which this privacy policy does not apply, i.e.we cannot assume any liability for these contents.

1. Who is the data controller?

The data controller is Fluidtime Data Service GmbH, Neubaugasse 12-14/25, 1070 Vienna.

2. Which data is processed and from which sources?

The following information is collected by or on behalf of Fluidtime:

2.1 Information you provide

• User profile: We collect data when you create or update your account. This may include your name, email address, phone number and password. Furthermore, if you accept an invitation to connect to a corporate customer, the information about this connection will be stored as well. Besides the data itself we store the creation date as well as dates of any changes you make to this data.
• Manual expenses: We store all files you upload in the manual expenses section as well as the upload date.
• Mobility account: Trips stored in the mobility account are stored with origin, destination, time, duration, modality and length.
• Feedback form: We store the contact data provided by the user in the contact form as well as any additional content provided.

2.2 Information created when you use our services

This information is collected while using our services:

• Location data: The position is determined using the mobile device using mobile, Wi-Fi or other network related identifiers to show the position on the map and use the location for search requests.
• Profile data and history: We store user profile data such as favorites, history of searches and user inputs.
• Booking information: For any booking transaction (transport services, shared resources) we store all relevant transaction data.
• Usage data during operation of the app: Data about the usage of the app (e.g. login) is processed to enhance our service and protect our system against malicious usage.
• App usage statistics: Statistic data of the usage of the app is captured e.g application crashes.
• Other data: The policy does not cover information that does not personally identify you, such as summaries of anonymous data, route searches, IP addresses, operating systems, personal preferences and the like. For data that does not identify you as an individual, we have the right to use them at our discretion.

We only process personal information about you that is necessary with regard to our predetermined objectives. All our personal data processing has so-called legal basis according to law.

3. For which purposes is data processed?

We use the information provided for the following purposes:

3.1 Providing the services

For providing the services, the above-mentioned personal data have to be processed. This allows us to:

• Inform you about available services and routes options
• Enable features to personalize your account, such as creating favorites and to enable quick access to previous destinations
• Document your trips in the mobility account
• Show news and information from corporate customers
• Get in contact with you when requested via the contact form
• Perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems, testing, and to monitor.

3.2 Legal obligations

We may use the information we collect to investigate or address claims or disputes relating to your use of our services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.

3.3 Research and development

We may use the information we collect for testing, research, analysis and product development. This allows us to improve and enhance the safety and security of our services, develop new features and products, and facilitate insurance and finance solutions in connection with our services.

4. Who receives your data?

In order for us to provide our services and the services of third-party service providers to you, we share some of your personal information with trusted third-party service providers or with public authorities. These service providers are contractually obliged to treat your data confidentially and to process it only to the extent necessary for the provision of services. The entities listed below may receive your data as they have justified reasons.

We also may share non-personal data or anonymized statistical data with selected third parties.

4.1 Hosting providers

We store and process your personal data on third party servers. Those providers are chosen carefully by us to be compliant to all requirements regarding data protection and security.

4.2 Transport service providers

We transfer personal data to transport service providers with whom we have agreements, and which are necessary to use their services. This includes your personal information and data that is required for bookings.

4.4 Corporate customers users

Corporate customers can invite FluidLife Users by e-mail to get connected with them to share information, accounts and resources. We transfer personal data to corporate customers you are connected with which are necessary to use their services (e.g. send feedback, charge used transport services to their shared account, book shared resources offered by them). We transfer your name and user account status and all relevant transaction data for any booking (transport services, shared resources) connected to the corporate customer. Furthermore corporate customer users have access to data you upload and/or send to corporate customers (manual expenses, mobility account).

4.5 Enabling service providers

We transfer personal data to enabling service providers. Those can be the following:

• Authentication Provider: External provider to handle authentication processes.
• E-Mail Gateway: External provider to send e-mail verification as well as informative e-mails.
• Invoicing Provider:External providers necessary to handle the invoicing process
• Transport Service Provider: External provider needed to provide certain transportation services (includes for example ride sharing platform, dispatching systems, car sharing).
• Routing Provider and Geolocation Services: External provider to handle routing requests and geolocation services (e.g. geo-resolving, autocomplete).
• Push Notification Provider: External provider to enable push notifications to client.

4.6 For legal reasons or in the event of a dispute

We may share your information if it is required by applicable law, regulation, operating agreement, legal process or governmental request or where the disclosure is otherwise appropriate due to safety or similar concerns.

This includes sharing your information with law enforcement officials, government authorities or other third parties as necessary to enforce our Terms of Service, user agreements or other policies, to protect our rights or property or the rights, safety or property of others, or in the event of a claim or dispute relating to your use of our services.

This also includes sharing your information with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing or acquisition of all or a portion of our business by or into another company.

5. How long is data stored?

We require user profile information to provide our services and retain such information for as long as you maintain your account.

We retain certain information, including transaction, location, device and usage information, for a minimum of 7 years, if required by regulatory, tax and other requirements in the places in which we operate.

You may request deletion of your account at any time through an email to privacy@fluidtime.com .

Following such request, we delete the information that is not required to retain. In certain circumstances, we may be unable to delete your account, e.g. if there is an outstanding credit on your account or an unresolved claim or dispute. Upon resolution of the issue preventing deletion, we will delete your account as described above.

6. What data protection rights do you have according to the General Data Protection Regulation (GDPR)?

Right of revocation
You have the right to revoke your consent to the collection and use of personal data with effect for the future at any time.

Right to information
You have the right to request information about the data stored about you or your pseudonym. Upon your request, the information can also be provided electronically.

Right of deletion or correction
You have the right to request the deletion or correction of your stored personal data. In certain circumstances, we may be unable to delete your account, e.g. if there is an outstanding credit on your account or an unresolved claim or dispute. Upon resolution of the issue preventing deletion, we will delete your account as described above.

Liaison office
To exercise your rights of revocation, information, deletion or correction of your data, please contact Fluidtime Data Services GmbH, Neubaugasse 12-14-/25, 1070 Vienna, or send an e-mail to privacy@fluidtime.com. The use of your above rights is free of charge for you.

7. Data security

The security of your data is our highest priority. Our declared aim is to take all necessary technical and organisational measures to ensure the security of data processing and to process your personal data in such a way that they are protected from access by unauthorized third parties.

By using the latest security software, coding and encryption methods, our IT infrastructure meets the highest international security standards. In addition, we promote the security of your data through the use of risk-minimizing measures and preventive precautions.

Our website and the associated IT systems are protected by technical and organizational measures against unauthorized access and modification of your data as well as against loss and destruction.

Our mobile apps communicate exclusively in encrypted form so that the transmission of personal data is always protected.

Should you nevertheless identify potential security gaps, please let us know as soon as possible! And send us a detailed description of the vulnerability toprivacy@fluidtime.com. If possible please also send us the exact URL and a description of how the vulnerability was found – ideally together with a screenshot or additional information which helps us to reproduce the issue.

​

8. Changes to this privacy statement

As we want to ensure that this privacy statement properly reflects the way we handle your data, we need to reserve the right to make changes to it at our sole discretion whenever it is necessary. Although we will use reasonable efforts to notify you of all substantial changes to this privacy statement, you should also do your best to review this document on a regular basis.