Privacy statement

Privacy statement Dumoco

Processing personal data

Your privacy is important to us. This statement forms the basis on which all personal data that we collect from you or that you provide to us is processed by Dumoco (hereinafter “Dumoco”, “we”, “us” or “our”). Please read the following carefully to learn how Dumoco handles your personal data. The term “Personal Data” refers to information about you personally (name, registration number, telephone number, email, etc.). Please note that due to both changes in the law and the ever-changing nature of technology, our privacy policy is subject to change. Whenever a change occurs, we update our Privacy Statement without notifying you. The most recent version of our Privacy Statement applies. We therefore recommend that you check this statement regularly. Personal data is processed by us with the greatest possible care in accordance with the General Data Protection Regulation (GDPR). The starting point for processing is that data that are processed are sufficient, not excessive and relevant.

Who is responsible for the data?

Dumoco, with its registered office in Amersfoort, is the Data Controller for the Processing of your data. This statement applies to the collection and more generally the processing of personal data by Dumoco, the main purposes of which are the processing of payments and the provision of mobility services from Dumoco.

Retention period

We do not store the personal data collected by us for longer than is necessary for the purposes for which this personal data was collected and for a maximum of 18 months after its expiry, unless stated otherwise in this Privacy Statement. After the retention period stated here, all your personal data will be deleted, unless the data must be kept longer due to legal obligations. Deletion implies anonymising, destroying or editing in such a way that it is no longer possible to identify you.

What data is collected and for what purpose?

You may provide us with information by filling out forms on our website(s) or through your employer, by using our website, by contacting us by phone or email, by using third party services or otherwise. This includes information you provide when you register on our websites, use third-party mobility services, send us a request, contact our customer service, contract for the provision of services, participate in promotions or surveys and when you report a problem with our site. The personal information you provide, which is necessary to enable us to provide you with our services and/or to provide us with an answer, may include your name, address, email address, telephone number, ride information (location, time, supplier, customer number ), and contain bank details. We do not use your personal data for purposes other than those described in this Privacy Statement. We will never sell your personal data. More specifically, in order to provide, change or update your request to provide one or more (mobility) services, we need to collect information from you in the following cases.

Registration via website

Dumoco carries out projects on behalf of various clients. In order to give you the opportunity to participate in our projects, we ask you to fill in a registration form. During this registration you also agree to the Privacy Statement of Dumoco. This data is used on a legal basis, namely to implement the agreement. We keep your data on our website for up to 18 months after termination of the agreement.

Entering into an invoice relationship

If we enter into an invoice relationship with you, Dumoco needs your account details such as personal details, name and address details and bank account number. This data is used on a legal basis, namely to carry out our administration obligation. We will keep this data for 10 years after the invoice date.

Activating and using third party transportation services

Within the project you can use services from third parties. These third parties are, for example, Greenwheels (car sharing), OV-Fiets (bicycle sharing), RCBKA (public transport), Transvison (taxi) and Yellowbrick (parking). For the proper functioning of these third-party services within Dumoco, we must in some cases exchange your data with these third parties, in other cases you do this yourself. When you use third-party services via Dumoco, we exchange data with these third party(ies).

Dumoco receives journey data from transport services to monitor and settle consumption and for data analysis and research. We take safeguards to prevent an invasion of your privacy. For example, we only pass on data to third parties that these parties need for the performance of their services. In some cases this is just your customer number, in other cases your name and contact details will be provided. We receive travel information and journey data from third parties. This includes the location, date, supplier and price of a travel transaction.

These third parties act as independent Controllers for you. By using the services of these third party(ies) through Dumoco, you agree to the terms and conditions and the privacy statement of these party(ies). We only do business with parties selected by us that meet high privacy requirements. Nevertheless, after receipt of your data, the relevant party is the Responsible Party. We are not responsible for the content, privacy and security practices and policies of these third parties with whom we share information. We encourage you to review the privacy and security practices and policies of the third party before submitting any information to them. You can find these on the website of the third party, if necessary you can request the third party to provide them to you.

The basis for the exchange of data with third parties is the execution of the agreement. We process your data from third parties for up to 18 months after the termination of your user account. The retention period with the third parties can be found in the privacy policy of the relevant party.

Customer contact and (electronic) messages

In order to answer your questions or to help you with something, it is sometimes necessary for us to use your data. This information has been provided to us by you. This concerns, for example, your contact details, your ride data or your device data. We may need to use your bank details to handle complaints or requests.

We will send you, without permission, messages that are not advertising in nature, for example messages about the purchase, management, modification or termination of Services or about the use of Services from third parties, such as in the event of changes or calamities.

The basis for the processing of this data is the execution of an agreement. We keep your customer contact information and electronic messages for up to 18 months after the termination of your user account.

Report

We use as much as possible aggregated data, for example travel data, to prepare reports and carry out statistical research. We do not use names, email addresses or other directly identifying information for reports to Dumoco’s management. Names and contact details are used for reports to your employer.

The basis for the processing of this data is the performance of an agreement and the representation of Dumoco’s legitimate interests. We keep reports up to 18 months after termination of the agreement.

Improving Dumoco

Dumoco is constantly improving its services and your user experience. In order to improve our services, analyzes are made of your data. For example, travel data, website visits, system and account data are analysed.

The basis for the processing of this data is the representation of Dumoco’s legitimate interests. We keep this data for 18 months after the termination of your user account.

Keeping Dumoco safe

Met het oog op fraudepreventie en -detectie kunnen wij uw contact- en reisgegevens gebruiken. Ook kunnen wij voor beveiligingsdoeleinden gebruik maken van uw account- en systeemgegevens als ook uw IP adressen.

For the purposes of fraud prevention and detection, we may use your contact and travel details. We may also use your account and system information as well as your IP addresses for security purposes.

To whom do we provide personal data?

We may provide you with the personal data relating to you. We provide your data to the following category of recipients:

  • We provide personal data to (the representatives) of the organization (in many cases your employer) or the natural person who has given you the right to use Dumoco. We would like to point out that the use of our services results in a file of personal data on the basis of which decisions can be made about the use of Dumoco by the organization or the natural person. For example, your travel history with location, time and means of transport can be viewed by the organization or the natural person.
  • We are obliged to provide your personal data if we are obliged to do so by law for whatever reason.
  • We exchange data with third parties that act as Data Controller. See 'Activating and using third party transportation services'.
  • We can provide your personal data to Processors within the meaning of the GDPR. These are suppliers who carry out work on our behalf. When we work with partners, we, as Controller, ensure that personal data is processed by these suppliers in a proper and careful manner in accordance with the GDPR. This concerns the following type of Processors.​

1) Hosting parties​

2) Customer service software

3) Phone providers

4) Analysis software

5) Security software to keep our services safe

6) File sharing

7) Research software and services

Storage data

We store your personal data within the European Economic Area.

Links to Third Party Sites

Our Service may contain links or direct you to other third party websites, apps and advertisements that may track information about you. We have no control over such sites or their activities. Any information, including personal information, that you provide to those third parties is provided directly to that third party and is subject to that third party’s privacy policy. We are not responsible for the content, privacy and security practices, and policies of third parties to which we link or refer. We encourage you to review the privacy and security practices and policies of the third party before submitting any information to them. You can find these on the website of the third party, if necessary you can request the third party to provide them to you.

Security

We have taken physical, technical and organizational measures to protect your personal data. We make every effort to maintain the complete reliability, accuracy and completeness of all personal data in our databases and to protect the privacy and security of our applications and databases. In any case, we have taken the following measures:

  • we have put in place physical and technical measures and management procedures designed to minimize unauthorized access, loss or misuse of personal data;
  • sensitive information or personal data, such as account passwords and other payment-related identifiable information, is sent encrypted;
  • sensitive information is stored encrypted and/or hashed where possible (including your password); we limit internal access to personal data to employees who need the information to perform their duties.
  • our employees are bound by a confidentiality clause;
  • our information management systems are set up in such a way that employees who are not authorized to consult certain information or personal data, in principle do not have access to that information;
  • our servers are located in a secure environment in data centers.
  • the personal data are regularly backed up.

Six rights

The personal data that we use are and will of course remain your property. Therefore, you have the right to access, modify, delete, limit or transfer the data we hold about you. This can be done via the application form on the service page. You can submit the following to us:

  • a request for data portability based on your right to transfer personal data to another party;
  • a request for oblivion that allows you to exercise your right to be 'forgotten';
  • a request for access based on your right to view the personal data we process about you;
  • a request for rectification and completion with which you have the right to change personal data that we process;
  • a request to limit the processing with which you can exercise your right to have less data processed; and
  • a request for objection with which you can exercise your right to object to the data processing.

Once we have received your written request, we will ask you to identify yourself further to ensure that we do not disclose your personal data to others. We will then provide you with an overview of all personal data that we hold about you and/or correct, change, export or delete personal data. Your request will be processed within 30 days. Please note that your request may affect your use of our services.

Questions or complaints?

Any person has the right to submit a question or complaint to us about the processing of their personal data by contacting us in the manner set out below. If you want to correct your data, if you have a question or if you object to the processing of your data by us, you can send us a message. We, Dumoco, are located in Amersfoort and have an office at Utrechtseweg 15, 3811 NA. Our service desk can be reached via telephone number (088) 934 34 06 and e-mail address: customer service@dumoco.nl.

For any complaints about the processing of personal data or the handling of complaints regarding the processing of personal data by Dumoco, you can contact the Dutch Data Protection Authority directly, via telephone number (088) 18 52 50, or via: https://autoriteitpersoonsgegevens .nl/nl/zelf-doen/privacyrechten/complaint-submission-de-ap