AMAG Corporate Services is responsible for data processing in terms of data protection, unless otherwise stated. Please send data protection enquiries to:

AMAG Corporate Services AG
AMAG Innovation & Venture Lab
Hardturmstrasse 161
8005 Zurich
Switzerland

If you have any data protection concerns, you can send them to the following contact address: privacy@allride.swiss

Collection and processing of personal data

We process personal data that we receive from our users and other business partners as part of our business relationship with them and other persons involved or that we collect from their users when operating the app and other applications.

By using the allride app, you consent to data processing in accordance with this privacy policy.

1.1. User account

When you open an account in the allride app, the following mandatory information is collected:

- Natural persons: Surname, first name, date of birth, telephone number, e-mail address, driving licence details (incl. home town and nationality), ID (identity card), correspondence language;

- IP address, date of registration, date of acceptance of the GTC and any other contractual documents;

- Camera and microphone access to the mobile device is required for checking the driver's licence or identity card and for taking photos for damage recording and scanning QR codes.

A personal account cannot be created without this data.

To verify your identity document and driving licence, you as the user will be asked to create a video of the documents to be verified and to film your face. The photo of the face is compared with the image on the driver's licence/ID document and the documents are also assessed by the service provider on the basis of recognition features.

The verification service provider Veriff OÜ, (Niine 11, 10414 Tallinn, Estonia) is used to verify your identity and driver's licence.

This processing is necessary to identify you and make your future bookings easier.

a. for your reservations and bookings

• to confirm your reservation,
• to change or cancel your reservation,
• to contact you in connection with your reservation / booking (e.g. to send you information about your reservation / booking or a reminder before pick-up / return to answer your questions or comments),
• to manage your bookings (provision and return of the vehicle),
• to manage your invoices,
• to process any outstanding receivables,
• to process possible claims,
• to claim compensation for possible damage to vehicles,
• to manage your insurance cover.

b. for your payment in the context of reservations / bookings

This processing is necessary for the execution of reservations/bookings. For your information: AMAG may only store your credit card details with your express consent in order to simplify future payments.

c. for advertising and marketing activities, namely:

the sending of e-mail and SMS messages about special promotions / competitions / offers, provided you have given your prior consent

d. for the processing of administrative offences, in particular:

the forwarding of the user's personal data to the competent authority, private claimants and, if applicable, the owner of the vehicles, if AMAG is obliged to disclose or forward your personal data (e.g. in the case of administrative offences).

e. to process the collection of processing fees, towing invoices and cost assessments if AMAG, as the owner of the vehicles, is held liable for the costs of the proceedings due to parking and stopping offences and unpaid fees. This processing is required by law.

f. for the compilation of statistics and the performance of statistical analyses

We may compile anonymous statistics about the use and users of the application in order to improve the application and carry out statistical analyses.

1.2 Collection of own location data

In this app, we offer convenience features that allow us to offer you special services tailored to your particular location. To be able to use them, your current location must be transmitted. The app must therefore be able to access your device’s location data for the purposes of providing services. The location can only be accessed after you have granted the app access authorisation.

You can object to the processing of your location at any time as follows:

• With Android, you can switch off access to the location in the operating system settings under the menu item "Apps/AMAG allride/Access rights".
• With iOS, you can switch off access to the location in the operating system settings under the menu item "Privacy/Location services/AMAG allride". 

For the maintenance and protection of the vehicle, electronic devices (geolocation devices) are used to monitor the condition, performance and operation of the vehicle and/or to track the movements of a vehicle. This information may be used during and after the end of the period of use.

In order to provide our services, we rely on the internal and external transfer of personal data. This relates in particular to the following positions:

• Service providers of ours (within the AMAG Group to the extent permitted by law and externally, e.g. banks or insurance companies), including contract processors (e.g. IT providers);
• Dealers, service partners, suppliers, subcontractors and other business partners;

We share data with other business partners (e.g. AMAG is not the keeper of the vehicles) if and insofar as they have entrusted us with tasks under the use agreement. Data will only be shared to the extent necessary for the fulfilment of the assigned tasks. Such tasks may include: booking vehicles, making vehicles available, master data management, billing the participant's journeys and invoicing.

Where necessary for the provision of our services, personal data will be transmitted to the aforementioned bodies in Switzerland and the EU. If we transfer data to a third country, we ensure an appropriate level of protection as required by law by using appropriate contracts and/or measures (namely on the basis of the so-called standard contractual clauses of the European Commission).

An overview of the service providers and processing locations involved in the processing of your personal data is available on request at privacy@allride.swiss.

We use payment service providers to process our customers’ payments securely and reliably. The terms and conditions of the respective payment service providers apply to the processing.

We use Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland.

To process a payment by credit card, we collect your credit card details: surname, first name, credit card details/number, CVC code (card verification number) and expiry date. For the purposes of payment verification, we only store the last four digits of the credit card number. After the data has been entered for the first time during the registration process, the credit card details are checked for validity. If the check reveals that the credit card number is incorrect, the CVC code (card verification code) does not match the credit card number, the expiry date has expired or the credit card has been stolen, these error messages will be sent to us.

The legal basis for the processing of data is the fulfilment of a contract to which you are a party, or if the processing is necessary for the implementation of pre-contractual measures, data transfer that takes place at your request.

Data transfer that takes place at your request. Deletion periods: We delete the credit card details (i.e. your surname and first name, CVC code (card verification number) and expiry date) immediately after checking their validity. We will delete the last four digits of the credit card number when you change your payment method details (i.e. a new credit card) or five years after the end of the contract for the use of our service.

We use the Zendesk CRM system to process user requests. The provider is Zendesk, Inc. 1019 Market Street, San Francisco, CA 94103, USA.

Depending on the contact option you choose, we process the following personal data about you:

• Name, e-mail address, country, telephone number, voice recordings, content of your messages, attachments

Messages sent to us remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions, in particular retention periods, remain unaffected.

To use our online form, you only need to give us your e-mail address so that we can reply to your message.

Calls to our customer centre are recorded for training and quality purposes. Please note that you have the right to withdraw your consent at any time, which will result in the recorded call being deleted. Please contact us via our online form https://allride.zendesk.com/hc/de/requests/new or send an informal letter to the address given in no. 1. Call recordings are automatically deleted after 90 days.

Learn more about Zendesk and its commitment to the protection of personal data at https://www.zendesk.com/company/privacy-and-data-protection.

Our app integrates the map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").

The integration of Google Maps creates a direct connection to the Google servers and to your browser. This makes it possible to display the Google Maps map. By integrating and using the Google Maps map, your IP address and information about the use of the maps by your browser are transmitted to Google for independent data processing. Google also processes the search terms you enter on the Google Maps map (e.g. city, postcode or name of retailer) and your current location, provided you have given your express consent via the Google Maps application.

The Google Maps map also integrates Google Fonts. These are fonts provided by Google. To display the Google fonts on the Google Maps map, a connection is also established from your browser to the Google server and your IP address is transmitted by your browser to Google for independent data processing.

Further information on data processing and possible transfers of personal data to third countries (e.g. USA) by Google can be found in Google's privacy policy (Privacy Policy - Privacy Policy & Terms of Use - Google).

We use Google Firebase, a Google service, to make technical improvements to the allride app. Google Firebase provides various products for the purpose of further developing and optimising an app. When using Google Firebase, data about your use of the app (opening rates, links, features, usability of internal links, etc.) is used by our developers and processed together with an automatically generated pseudonym. This does not allow us to identify you or assign the above-mentioned data to a specific person.

You can find more information on data processing at Google Firebase at https://firebase.google.com/support/privacy

The legal basis for processing your pseudonymised data is our legitimate interest.

We process and store your personal data for as long as it is required to fulfil our contractual and statutory obligations or for the purposes pursued by the processing, meaning, for example, for the entire duration of the business relationship and beyond that in accordance with the statutory obligations regarding retention and documentation. It is possible in this regard that personal data will be retained for the period during which claims may be asserted against our enterprise, or if we are otherwise obliged by law to retain such personal data, or legitimate business interests require that the personal data be retained (e.g. for evidentiary and documentation purposes). In principle, as soon as your personal data are no longer required for the purposes indicated above, they will be deleted to the extent possible or rendered anonymous. Generally, shorter retention periods of 12 months or less apply in respect of operating data (e.g. system protocols, logs).

We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse.

In the course of our business relationship, you must provide us with the personal data required to enter into and conduct a business relationship, and to perform the related contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this data, we will not be able to conclude or process a user contract with you. The service also cannot be used if certain information is not disclosed.

As a data subject, you have the following rights:

Right to information
You have the right to receive information from us about the processing of your personal data.

A request for information is generally free of charge. A fee may be charged where the request entails a particularly extensive amount of work, the request for access to information is excessive or notorious, unless there is a legitimate interest. If you incur any costs, we will inform you in advance.

The exercise of these rights requires that you provide clear proof of your identity (e.g. by means of a copy of an identification card if your identity is otherwise unclear or cannot be verified). To assert your rights, you can contact us at the address given in Section 1.

Right of rectification
You have the right to demand that we correct any incorrect or incomplete personal data concerning you.

Right of erasure
You have the right to request the erasure of your data under certain circumstances. Under this right, you may, for example, request the erasure of your data, provided this data is no longer required for the purposes for which it was collected. You can also request erasure if we process your data on the basis of your consent and you withdraw this consent.  

Please send your requests to:

AMAG Group AG
Legal & Compliance
Data protection allride
Alte Steinhauserstrasse 12
CH-6330 Cham

Or by e-mail to: privacy@allride.swiss

Right of cancellation
You have the right to withdraw your consent at any time with effect for the future. Please send your cancellation to: privacy@allride.swiss

Complaint

Furthermore, every data subject has the right to assert their claims in a court of law or to file a complaint with the responsible data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

In Liechtenstein the data protection authority of the Principality of Liechtenstein (https://www.datenschutzstelle.li) is responsible.

We may amend this Privacy Policy at any time without prior notice. The latest version published on the app and website applies. If the Privacy Policy forms part of an agreement with you, we will notify you of any updates of it by email or in another suitable manner.