In the following we would like to inform you about the types of personal data processed by GROUNDLINK Worldwide and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.
CONTROLLER
With the exception in Section 1. Registration – Groundlink Worldwide Account, the party responsible for processing your data (controller) in regard to any content and customer’s bookings and arrangement of transportation services on the following websites: www.groundlinkworldwide.com is Groundlink Worldwide and for all other technical solutions, such as the website and cookies, it’s GROUNDLINK Worldwide (hereinafter both referred to as Groundlink).
If you have any questions regarding data protection, please address your query to the following e-mail Groundlink@groundlinkworldwide.com You can also contact our data protection officer by writing to the above-stated address (reference: data protection officer)
Categories of Personal Data
The following categories of personal data may be processed by us in connection with our services:
- Master data: These include, for example, a person’s first name, surname, address (private and/or business), date of birth.
- Communication data: These include, for example, a person’s telephone number, email address (private and/or business) fax number if applicable, as well as the content of communications (e.g., emails, letters, faxes).
- Contract data: These include, for example, Location and time of pick-up, destination, payment details, and information on loyalty and affiliate programs.
- Voluntary data: This includes data that you provide to us on a voluntary basis that we do not expressly request from you, such as your preference for a vehicle category, for example.
The legal basis for data processing at GROUNDLINK Worldwide
- Art. 6 (1) sentence 1 point a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.
- Art. 6 (1) sentence 1 point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract (e.g., transportation service agreement) to which you are a party, or in order to take steps at your request prior to entering into a contract (e.g., when booking a vehicle).
- Art. 6 (1) sentence 1 point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which GROUNDLINK is subject.
- Art. 6 (1) sentence 1 point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., GROUNDLINK Worldwide, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.
The purposes of data processing at GROUNDLINK Worldwide
Registration – GROUNDLINK Worldwide Account
- Purposes of data processing We process master data, communication data, contract data and financial data in a joint database with Groundlink Worldwide, in particular for the purposes of registering and managing Groundlink customer accounts, of providing customer relations services and of processing and handling invoices. The respective responsibilities have been determined in an arrangement concerning joint responsibility as joint controllers. In the scope of their joint responsibility under data protection laws, Groundlink / Groundlink Worldwide have made an arrangement determining who is responsible for the compliance with the respective obligations under the GDPR. This refers, in particular, to the rights of data subjects and the ful-filment of the duties to provide information pursuant to Articles 13 and 14 GDPR.
- Legal basis for the above processing
- Art. 6 (1) sentence 1 point a) GDPR applies to the processing of data based on your consent; Art. 6 (1) sentence 1 point f) GDPR applies to the processing that is based on the legitimate interest of GROUNDLINK Worldwide.
- Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned
- Our legitimate interest in processing your personal data for the purpose of a single Sixt account is that we are thus able to provide our customers with all GROUNDLINK services under one single interface and to offer our customers the best possible services, thereby enhancing customer satisfaction.
- Categories of recipients of your data GROUNDLINK Worldwide transmits your personal data to GROUNDLINK as the joint controller within the meaning of Art. 26 GDPR.
BOOKING / RESERVATION
- Purposes of data processing Personal data are collected and processed via websites, the app, the telephone, or an intermediary, for example, if you provide such data, e.g., especially for the purpose of arranging transportation service agreements with third parties transportation service providers for the booking of vehicles, for the purpose of using the platform with a registered account, for the purpose of identification by logging in or for the purpose of communicating with us, e.g., through the forms that you submit to us or by sending e-mails to us. The personal data that we collect include:
- Master data
- Communication data
- Contract data
- Geolocation data
- Data about user preferences
- We use these data for the purposes described above or for purposes that arise from the respective request, for example, to process specific booking requests or to process your preferences.
- The GROUNDLINK Worldwide booking process provides you with the option of storing a credit card and paying for your ride by credit card. (The card will only be charged after the ride has been completed).
- GROUNDLINK Worldwide uses a PCI-DSS certified payment service provider (PSP) for credit card payments. This service is required to protect your credit card information.
- GROUNDLINK Worldwide itself does not store any of your credit card information. In order to allow you to reuse an already-registered card for future bookings, we simply store a reference number that uniquely identifies your credit card.
- For your security and ours, we also use your information to prevent fraud and payment default. For this purpose, we work together with the service provider GROUNDLINK Worldwide Inc USA. The service provider analyses your master and contract data to ensure its authenticity and to prevent fraud risks.
Legal basis for the above processing
- Art. 6 (1) sentence 1 point b) GDPR applies to data processing for the fulfilment of transportation service agreements concluded between you and third party transportation service providers (booking vehicles), as well as for the fulfilment of the platform usage contract that was concluded with you. Art. 6 (1) sentence 1 point f) GDPR applies to the processing of data to the extent required to settle accounts vis-à-vis third parties, to assert our own claims, and to mitigate risks.
- Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned
- Our legitimate interest in processing your personal data for purposes of risk prevention is to avoid fraudulent bookings and payment defaults.
Categories of recipients of your data
- We will disclose your data to the following recipients for the purposes named above (in particular to inform the driver company about the booking or to process a payment): financial service providers, risk prevention service providers, GROUNDLINK / GROUNDLINK Worldwide Group companies, and cooperation partners.
Legal basis for processing
- Art. 6 (1) sentence 1 point a) GDPR applies to data processing for purposes of implementing direct marketing measures that require explicit advance consent.
- Art. 6 (1) sentence 1 point f) GDPR applies to data processing for purposes of implementing direct marketing measures that do not require explicit advance consent, and of implementing the marketing measures mentioned (→ Purposes of data processing).
- Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned
- Our legitimate interests in using your personal data for purposes of implementing direct marketing measures and the marketing measures mentioned lie in the fact that we want to convince you of our services and promote a lasting customer relationship with you.
- Categories of recipients of your data For the purposes described in the foregoing, we disclose your data to IT service providers, call centres, advertising partners and providers of customer loyalty programs.
GPS Tracking
- Purposes of data processing In order to ensure that customers can conveniently book to be picked-up from their current location by using the GROUNDLINK Worldwide mobile applications (Android and iOS apps), our apps are able to determine your location, provided that you have consented that your GPS data be transmitted in the app. These location data are not stored and are used only to determine the pick-up point. Further, we are able to determine the coordinates of drivers via mobile phones, even while you are in the vehicle. This helps us to arrange additional bookings and to conduct booked rides and to provide customers with information about their upcoming ride (for instance what time the driver will arrive).
- Legal basis for the above processing Art. 6 (1) sentence 1 point a) GDPR applies to the processing of data based on your consent; Art. 6 (1) sentence 1 point b) or f)GDPR applies to the collecting of driver location data.
- Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned Our legitimate interest in collecting the location data of drivers lies in offering location-related services and features.
Business customers/payment by third parties
- If you book a ride through your employer, we also process your data for the purposes described in this Data Privacy Policy. This also applies mutatis mutandi if a third party is to pay the invoice.
- Categories of recipients of your data We transmit personal data collected during the booking flow (in particular invoice data, including possibly also in the form of monthly statements) to your employer or the third party who is to pay your invoice.
- Legal basis for the above processing Art. 6 (1) sentence 1 point b) GDPR provides for data processing for the purposes of booking and customer relations, otherwise Art. 6 (1) sentence 1 point f) GDPR.
- Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned Insofar as the processing of data for the purpose of settling the account with your employer or third parties is concerned, our legitimate interest is in being able to assert invoice amounts and other claims or to determine the party against which the damage claim is asserted.
Right to withdraw consent at any time
If data processing at GROUNDLINK Worldwide is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.