Privacy Policy

Privacy & Cookies Policy

Version No. 1
Valid from 15.03.2019

Introduction

We (Ridango AS with contact information as stated here: https://www.ridango.com/contacts) are a Data Processor and we provide means to (Service): (a) acquire and use a public transportation ticket or a right to travel (Tickets), and (b) to manage funds on an account accessible with card media (Cards).

We provide the Service under contract with and on behalf of public transportation companies or local authorities, listed here (Tallinna Transpordiamet, Tallinna Ettevõtlusamet, Tallinna Linnatranspordi Aktsiaselts, Hiiumaa Vallavalitsus, MTÜ Ida-Virumaa Ühistranspordikeskus, MTÜ Jõgevamaa Ühistranspordikeskus, MTÜ Järvamaa Ühistranspordikeskus, MTÜ Kagu Ühistranspordikeskus, MTÜ Põhja-Eesti Ühistranspordikeskus, MTÜ Pärnumaa Ühistranspordikeskus, MTÜ Tartumaa Ühistranspordikeskus, Tartu Linnavalitsus, MTÜ Valgamaa Ühistranspordikeskus, MTÜ Viljandimaa Ühistranspordikeskus, Saaremaa Vallavalitsus), each of whom is a Data Controller.

You are a Service user, and this is our personal data processing and cookie policy (Policy) which describes what personal data we collect, and how we process such personal data collected during the provision of the Service on behalf of the Data Controller.

By expressing your intention to use the Service you acknowledge having read and accepted this Policy and you agree to fully comply with the Policy.

General

You can use the Service via website or mobile application (Application). The Service can also be available to you via point of sales, the driver of a public transport vehicle, on-board of a public transport via the validator.

We handle your personal data in accordance with this Policy and within the framework of applicable legislation. We ensure the confidentiality of your personal data and we implement appropriate measures to safeguard it from unauthorized and unlawful processing or disclosure.

We may use (sub-)processors for processing data. In such cases, we take the necessary steps to ensure that such data (sub-)processors process data in compliance with applicable law and implement adequate security measures.

The Policy is available on our Applications. We reserve the right to alter or supplement this Policy unilaterally at any time without prior notification to you. All alterations or supplementations will enter into effect and become binding to you from the date of their publication by their publication via the Application.

Your personal data

We may collect your personal data (a) from you directly; or (b) when you are using the Services; or (c) from external sources such as public internet sources, public and private registers or other third parties. Personal data categories which we primarily, but not only, collect and process are:

  • Identification data such as your name, your identification code, your date of birth, data regarding your identification documents (such as copy of the passport, ID card);
  • Contact data such as your address, your telephone number, your email address, your accounts, your language of communication;
  • Data obtained from public registers such as place of residency from Population Register, Education Information System;
  • Data obtained and/or created while performing an obligation arising from law such as data resulting from enquiries made by bodies, agencies, or other public persons.

Purposes and basis of processing your personal data

We process your personal data primarily to:

  • manage relations with you in general and provide and administrate your access to the Service, such as (a) to conclude and execute Service-related transactions with you; or (b) keeping your personal data updated and correct by verifying your personal data through external sources; or (c) in order to take steps at your request;
  • to examine the quality of Services in order to understand how useful the Service is and how to improve it, and for the purpose of providing proof of the Service related transactions or of other business communication (recorded conversations) for the purpose of performance of the Service or in order to take steps prior to offering the Service;
  • comply with any other legal rights, such as to establish, exercise, assignments and defend legal claims based, and obligations, such as legally binding enquiries made by bodies, agencies, or other public persons, we may have.

Browsing statistics, logs and cookies

Our Applications use: (a) automated tool by Google Analytics; (b) recording of the requests you make to the Application’s server, and (c) cookies (a small text file that Applications save on your computer or mobile device when you visit Applications) to track Applications traffic and users’ interaction with the Applications, including to collect your IP address and browsing information.

Tools, recording and cookies described in current paragraph allow the Applications to: (a) remember your system; (b) analyse your behaviour and preferences; (c) improve your user experience and ensuring proper functioning and security of the Applications; and (d) investigate possible security incidents’ technical functionality of the Applications.

You may at any time disable collection of the data by Google Analytics, as described here: https://tools.google.com/dlpage/gaoptout/.

You can control or delete cookies by deleting all cookies that are already on your computer and you can set most browsers to prevent cookies from being placed on your computer. By controlling or deleting cookies, you acknowledge that you may have to manually adjust some preferences every time you visit the Application, while some services and functionalities may not work.

Disclosure of your personal data

Your personal data may be disclosed:

  • to our employees who are responsible for (a) contacting you; or (b) analysing your personal data; or (c) improving our Applications; or (d) other activities directly related to Services;
  • to our third-party service providers, including information technology service providers, auditing firms and others, as far as necessary to manage our Services.

Preservation of your personal data

Your personal data will be processed no longer than necessary. The preservation period may be based on agreements with you, the legitimate interest to us or applicable law such as laws related to bookkeeping, statute of limitations, civil law, etc.

Cookies are usually valid for a short term (a day, a week or a month), though in some cases they may remain valid for up to a year.

Your rights

You may exercise your rights listed below by contacting our appointed data protection offices via e-mail at :

  • to obtain information on whether we are processing your personal data and to require access to your personal data in written or commonly used electronical format and, were feasible, transmit such data to another service provider (data portability). You acknowledge that we may demand reasonable fees for such data access and transmission;
  • to require rectification of your personal data if this is inadequate, incomplete or incorrect;
  • to require erasure of your personal data. By exercising this right you acknowledge that we are no longer able to offer Services after the erasure of your personal data. If your personal data is erased at your request, we will only retain such copies of the information as are necessary to protect ours or third-party legitimate interests, comply with applicable legislation or governmental orders, resolve disputes and problems, or enforce any agreement you have entered into with us;
  • to object, restrict or withdraw consent to processing of your personal data, where applicable. By exercising this right you acknowledge that we are no longer able to offer Services after the erasure of your personal data.

Complaints

In case of breach of privacy rights, you may lodge a complaint with an authority of the EU country of your habitual residence. Contact information for these authorities can be accessed at  http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.