ROLZO Limited (the “Company,” “ROLZO,” “we,” “our” or “us”) is committed to protecting our visitors’ and members’ privacy. When you use our website, our mobile application or our other digital services (the “Services”), or communicate with us through email, text or other electronic services, we collect, use and process your personal data. The protection and confidentiality of these personal data is important to us, and we are determined to protect it.
This Policy applies to our collection, use, and processing of your personal data. We collect, use and process your personal information when you use our Services. This includes when you use our website or mobile application, book cars through our Services, or communicate with us in any format.
This Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website or the Application. You are entitled to contact a relevant third party so as to receive information about the collection, use, processing and protection of your personal data by that third party.
If you do not agree with our policies, your choice is to not use our Services, or not to provide information to us, but, in general, some information about you is required in order for you to register on the Application, utilize our Services, participate in a survey or contest, ask us a question, or initiate other transactions with us. We will explain more about this in this Policy.
ROLZO is the “controller” under this Policy. This means ROLZO is responsible for defining the purposes for processing your personal data and also for compliance with data protection legislation.
If you have questions about this Policy, please contact us at firstname.lastname@example.org.
This Policy explains how we collect, use and disclose your personal data when you use our Services and otherwise interact with us. It explains our data processing activities, their purpose, what category of personal data these activities involve and the legal basis for these processing activities.
3.2 Creating and identifying your account
Upon registration with ROLZO, we welcome you to develop a user account to improve and simplify your use of our Services and to customize your experience and enable us to provide you with more relevant information and communications. We collect several types of information from you to create and identify your account, including your name, telephone number, email address, your mobile device push token identifier, and other information that you may provide. You may then manage your account at any time by logging into our Services with your credentials.
3.3 Utilising and personalising the services
In addition to the information collected from or provided by you to create and identify your account, we also ask you to provide information when you book a car or utilize other products or services offered by ROLZO.
This may include your credit card and other payment information (such as bank account information), date of birth, weight, and government-issued identification number (e.g., social security number, national identification number, driver’s license number, and/or passport number.), and information about your internet connection, the equipment you use to access our Services, and your usage details.
When you seek support or services from us, or seek to change your booking details, we will process the above-mentioned personal information we have collected from you. Your name as well as your contact information, weight, and mobile device push token identifier will be used by us to keep you informed of your bookings and requests. This includes sending you reminders via in-app messaging, SMS and/or email regarding your booking, e.g. change information, notification of any disruption if your booking is delayed or cancelled, or other services requested by you. In addition, your booking with us usually involves services provided by third parties, and we will disclose your name, contact details and other relevant information, where necessary, to that third party, as discussed in greater detail in Section 4 below.
When you utilise the Services, we may also ask you to provide data such as information relating to your geolocation. We use this data to determine relevant cars, products, services, and promotions to notify you about (for example, this data allows us to use your location to send you push notifications about what’s going on around you), and for purposes of analytics.
Depending on your specific booking details or requests, additional and sometimes sensitive information may be requested, such as medical or health information.
The purpose of these processing activities is to provide you with the products and services you have requested from us. For example, we may collect your passport details and images of your passport and share this data with fleet partners to ensure that you are able to successfully book a vehicle.
You also have to provide your payment details (e.g. card number and expiry date) in addition to other personal data to complete your payment. These data, in particular your name, address, e-mail address and IP address will be disclosed to our payment services providers, for the purpose of processing your membership fee and completing your bookings and requests for other services. If you request for refund of your payment, these data will also be processed.
We may also use your information to investigate and respond to and resolve complaints concerning our Services, or to provide you with customer support in order to assist you. In order to provide you with customer support, we will process your information in order to identify you and help you to the best of our ability. Depending on your inquiry, question or feedback, you may be asked to provide additional personal data, such as your credit card number or your contact information.
Sometimes we collect information to fulfill other purposes for which you provide it. For example, if you choose to use our referral service to tell a friend about the Application or Services, we will ask you for your friend’s name and email address and we will automatically send your friend a one-time email inviting him or her to download the Application.
3.4 Automatic Data Collection
As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
Device IDs. A device ID (device identification) is a unique device identification associated with a mobile device. It may be possible to limit device ID tracking by adjusting the settings on your mobile device. However, if you limit device ID tracking you may be unable to access the Application or certain features in the Application.
Geolocation Tracking. Mobile devices contain a GPS (global positioning system) chip that uses satellite data to calculate your geolocation. It may be possible to disable geolocation tracking by turning off the location feature in the settings on your mobile device. However, if you disable location tracking you may be unable to access the Application or certain features in the Application.
Cookies. A cookie is a small file placed on your computer or mobile device. It may be possible to refuse to accept cookies by adjusting the settings on your browser or mobile device. However, if you select this setting you may be unable to access the Application or the Website or certain features in the Application or the Website.
Web Beacons. Pages of the Website, the Application and electronic communications may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened a message and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). Some web beacons may be disabled by adjusting the settings in your browser or email settings or by installing browser add-ons. However, if you disable web beacons, you may be unable to access the Application or the Website or certain features in the Application or the Website.
Server Logs. A server log is a log file (or several files) that are automatically created and maintained by a server that track activities performed. Server logs cannot be disabled by users.
We use this information to troubleshoot application errors and to provide you with the most up to date application and features. We also may use these technologies to collect information about your activities over time and across third-party websites or other online services (behavioral tracking). Additionally, this data helps us to improve the Application and the Website and to deliver better and more personalized Services.
We will retain your information indefinitely from the time that the information is provided by you or collected by us.
3.5 Your user contributions
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Application or the Website, or to be transmitted to other users of the Application or the Website or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Application or the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
When you visit our website or use our mobile applications we collect certain information by automated means using cookies. Cookies are small text files stored on your device when you visit a website. When you first visit a website, a cookie file is sent to your device that identifies your browser.
By using cookies you help us improve the functionality of our website. They are important to reduce download time and improve your user experience. The cookie will collect information about how visitors use our websites and thus provide us useful information about how we can provide a better customer experience and improve our services.
Note that you can manage how your mobile device can share location information with us, as well as how your browser handles cookies and related technologies by adjusting your device' privacy and security settings. Please refer to the instructions provided by your browser provider or the manufacturer of your device to learn how to adjust your settings.
We may change the cookies we use at any time. While we will try to update this list within a reasonable time frame, this list may not always be totally up-to-date.
First party cookies
Session ID and signature (session, session.sig): Used to authenticate your identity to ROLZO.
Cross-site request forgery defense cookie (csrftoken): Used to prevent сross-site request forgery attack. CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
Third party cookies
rolzo.com (_ga, _gid): Used by Google Analytics to distinguish users and sessions. More info here – https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
HotJar cookie (_hjIncludedInSample): This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. More info here – https://www.hotjar.com/legal/policies/cookie-information
We may disclose your information that we collect or that you provide to our subsidiaries and affiliates and to providers of professional services (for example, outside legal counsel or accountants), or to contractors and third parties who we use to support our business.
We may disclose your information, including your name, email address and membership status, to our business partners or other trusted entities such as Twitter, Facebook, Mailchimp, and Google Adwords, for the purpose of targeting our ad campaigns and providing you with information on goods or services we believe may be of interest to you. We may also share aggregated information that includes non-identifying information and log data for purposes of research and industry analysis.
We also share your information with third party companies and individuals who perform or facilitate Services (e.g., fleet partners, services contracted on your behalf through our concierge team, etc.), to process your payments, to collect, store and retrieve your personal information, to perform public records searches, to host our job application process, and to perform hosting and maintenance services, database management, analytics and improvement of application features.
For example, we may share your name and contact information with event partners that organize or provide services at an event. We may also share your information with third-party service providers (sometimes known as data processors) who provide IT infrastructure on which some of our products and systems operate. We also pass your encrypted credit card details to Stripe to process your booking fees, deposit payments, and refund requests. There are several other scenarios where we may disclose your information, including:
. To a buyer or other successor to our business in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information about visitors and members who use the Application, the Website or Services is among the assets transferred.
. For any other purpose disclosed by us when you provide the information.
. To comply with any court order, law or legal process, including to respond to any government or regulatory subpoena or other request.
. To enforce or apply our Terms of Service, or other agreements, including for billing and collection purposes. . If we believe disclosure is necessary or appropriate to protect the rights, property or safety of the Company, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
You should not provide us your information if you do not want your information collected, used or disclosed by us as described in this Policy.
Transfer of personal data to a third country outside of the EEA that does not provide adequate protection will only take place if appropriate safeguards are provided, e.g., by Binding Corporate Rules, entering into EU Standard Contractual Clauses or if the receiving party is certified under the EU Privacy Shield. If you have any questions relating to this, please contact us at email@example.com. We may transfer aggregated data to third parties (domestic and/or foreign) for the purposes of improving or developing our website and mobile application or any equipment related to specific services and for the proper functioning of our website and mobile application and of the equipment.
Most of the information we collect from you or that you provide to us we will retain indefinitely. This excludes AppSee data, which are stored only for two months. It also excludes Google Analytics data, which is retained for a period of 26 months. We will retain your data for the periods mentioned above, unless you ask us to delete it.
To request access to or deletion of your data (“Data Access Request”), or for more information about your right to access your data or to be forgotten, simply contact us at firstname.lastname@example.org.
Please note that we will process your personal information in order to verify your identity and comply with your Data Access Request, including your name, telephone number, and email address, as well as any communications you make to or receive from us concerning your Data Access Request.
8.1 Your choices
Where you have given us your consent, you can withdraw it by doing the following:
. To change your marketing preferences or to stop receiving marketing, contact us at email@example.com.
To disable location tracking and push notifications, you can change the settings on your device. To stop push notifications, you will need to use your browser settings.
You can also choose not to provide us with any information, although it may be needed to utilise the Services.
8.2 Your rights
You also have rights over how your personal information is used, including:
. The right to object to our processing of your data; The right to request that your information be erased or restricted from further use; . The right to request a copy of the information we hold about you; . The right to correct, amend, or update information you havegiven us (where you have an account with us, you can also do this by logging in and updating your information);
Please note that while we will carefully assess every request we receive, your rights may differ according to your place of residence and we may not always have to comply. When this happens, we will explain why.
8.3 Correcting and deleting your information
You may send us an email at firstname.lastname@example.org to request corrections to or deletion of personal information that you have provided to us. However, we cannot delete your personal information except by also deleting your user account (which may result in cancellation of your membership). We may not accommodate a request to change or delete information if we believe it would violate any law or legal requirement. We also may not accommodate a request to change information if we believe the change would cause the information to be incorrect.
If you delete your User Contributions from the Application or the Website, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users of the Application or the Website.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas like message boards as the information you share in public areas may be viewed by other users.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Application or the Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g., to deliver the Services you have requested) and other legitimate interests.
The legal basis for the processing of your data as described in this section is your acceptance of the Terms of Service under which you book from us, the consent you have provided to us in connection with your profile registration, and our legitimate interests to operate our business, or otherwise that it is necessary to fulfill our legal obligations.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at email@example.com.
We may update this Policy to reflect changes to our information practices. Such changes will be effective upon posting on the Application and the Website. We encourage you to periodically review this page for the latest information on our information practices. If you have any questions about this Policy, or our approach to privacy, please contact us by mail at ROLZO Limited, Michelin House, 81 Fulham Road, London SW3 6RD, UK or via email at firstname.lastname@example.org.
If you consider our use of your personal information to be unlawful, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK (please see further information on their website: www.ico.org.uk).