This Privacy Policy is a document related to the Dash Terms of Service (“Terms of Service”). Definitions of the terms used in this Privacy Policy have been included in the Terms of Service. The provisions of the Terms of Service are applied accordingly.

The Policy is for information purposes and serves satisfaction of the information obligations imposed on the data controller under GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1. PERSONAL DATA CONTROLLER

1.1. The Controller of personal data, in particular Users’ personal data, is the Service Provider, i.e. MyRyde sp. z o. o. with its registered office in Warsaw, ul. Piwna 39/41/1A, entered in the register of entrepreneurs of the National Court Register (KRS) maintained by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register (KRS), under number KRS: 0000749803, Tax Identification Number NIP: 5252764001, share capital: PLN 5,000.

1.2. You may contact Dash in particular via e-mail at info@dash.city.

1.3. Dash has also appointed a Data Protection Officer whom you may contact via gdpr@dash.city.

2. DATA PROCESSING METHOD

2.1. The purpose and scope of the processed personal data are determined by the scope of consents and provided data sent by means of relevant form.

2.2. Processing personal data may pertain to first and last name, e-mail address, phone number, geolocation data, Tax Identification Number NIP and principal place of business (in the case of business activity).

2.3. Due to the nature of services provided by Dash, they cannot be provided anonymously.

2.4. Personal data of Users are processed for the following purposes:

2.4.1. implementation of legal provisions—the legal basis is the statutory authorisation to process data necessary to act in line with the law (Article 6.1(c) of the GDPR);

2.4.2. performance of Agreements and Rentals and provision of services by electronic means through the Application—the legal basis is the statutory authorization to process data which are necessary to perform an agreement if the data subject is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of an agreement upon request of the data subject (Article 6.1(b) of the GDPR);

2.4.3. consideration of filed claims and complaints and optimisation of performances of Dash—the legal basis for processing is a legally legitimate interest executed by Dash (Article 6.1.(f) of the GDPR) which consists in due conduct of business activity;

2.4.4. promotional and commercial actions carried out by Dash—the legal basis is a legitimate interest executed by us Dash (Article 6.1.(f) of the GDPR) or voluntary consent of the Customer (Article 6.1(a) of the GDPR);

2.5. Personal data of persons other than the Users are processed for the following purposes:

2.5.1. responses to queries or acceptance of complaints—the legal basis for processing is a legally legitimate interest executed by Dash (Article 6.1.(f) of the GDPR) which consists in due conduct of business activity;

2.5.2. co-operation with business counterparties—the legal basis is the statutory authorization to process data which are necessary to perform an agreement if the data subject is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of an agreement upon request of the data subject (Article 6.1(b) of the GDPR);

2.6. Providing the personal data is voluntary, but the lack of consent to process personal data marked in the form as obligatory will prevent Dash from performing Services or providing responses.

2.7. If Dash is advised that the User uses the Services in violation of the Terms of Service or applicable provisions of the law (unauthorized use), then the Service Provider may process User’s personal data in a scope required for establishing the liability of the User.

2.8. Personal data, in particular Users’ personal data, are processed for the following periods:

2.8.1. a period sufficient for Dash to prove the appropriate performance of its obligations, whereby such term corresponds to the period of limitation of claims;

2.8.2. in the case of Services provided against charge—for the time resulting from accounting provisions;

2.8.3. and in the case of marketing actions, personal data are processed until the concerned person objects to further processing of his/her personal data for marketing purposes or until he/she revokes the consent to be sent messages with such content.

2.9. Upon the lapse of the above mentioned period, personal data are deleted, unless their processing is necessary under another legal basis.

2.10. The Service Provider does not transfer personal data beyond the European Union.

3. RECIPIENTS OF DATA

3.1. The Service Provider may transfer personal data to third parties for processing for the purpose of execution of the activities indicated in the Terms of Service and service of the User and co-operation with other entities. In such a case, data recipients may include: the hosting provider, the CRM service provider, the CDI service provider, e-mail operator, the provider of a system for invoice management, payment operator, accounting firm, insurer, tax firm and legal firm.

3.2. Personal data collected by Dash may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of the law or other persons and entities—in the cases prescribed in the provisions of the law.

3.3. Each entity to which Dash transfers personal data for processing on the basis of a personal data transfer agreement (“Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing User’s personal data on the basis of the Transfer Agreement may process User’s personal data through another entity only upon prior written consent of Dash.

3.4. Disclosing personal data to unauthorized entities under this Privacy Policy may take place only upon prior consent of the data subject.

4. RIGHTS OF DATA SUBJECT

4.1. Each User has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to Dash as well as from bases of entities which have co-operated with the Service Provider, (b) restrict the processing of data, (c) portability of the personal data collected by Dash and referring to the User, in this to receive them in a structured form, (d) request Dash to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards Dash at any time without affecting the legality of the processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about Dash to the supervisory authority (President of the Personal Data Protection Office).

5. OTHER DATA

5.1. Dash may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of User’s station—identification through http protocol, if possible, date and system time of registration on the Website and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before if the User has entered the service through a link, information concerning User’s browser, information concerning errors occurred by realization of the http transaction, information on the User’s device, identifiers of mobile devices (i.e. Apple Advertising Identifier). Web server logs may be collected for the purposes of proper administration of the Website. Only persons authorized to administer the IT system have access to data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic on the Website and occurring errors. Summary of such details does not identify the User.

6. SECURITY

6.1. The Service Provider applies technological and organizational means in order to secure the processing of personal data adequate to the threats and category of data to be secured, in particular, through technical and organizational means the Service Provider secures data against being disclosed to unauthorized persons, taken over by an unauthorized person, processed in violation of the law, and changed, lost, damaged or destroyed. Users’ personal data are collected and stored on a secured server, moreover, the data are secured by internal procedures of Dash related to the processing of personal data and information security policy.

6.2. Dash has also implemented appropriate technical and organizational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects. The Service Provider implements all necessary technical measures as specified in Articles 25, 30, 32-34, 35-39 of GDPR, providing for enhanced protection and security of the processing of User’s personal data.

6.3. At the same time, Dash states that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s teleinformatic system and device, as well as any other unauthorized access to the User’s data, including personal details, by third parties. In order to minimize such threats, the User should use appropriate technical security means, e.g. using updated antivirus programs or programs securing identification of the User in the Internet. In order to obtain detailed and professional information related to the security in the Internet, the Service Provider recommends taking advice from entities specializing in such IT services.

7. COOKIES AND USER IDENTIFIERS

7.1. For the purposes of correct operation of the Website, the Service Provider uses the cookie support technology. Cookies are packages of information stored on the User’s device through the Website, usually containing information corresponding to the intended use of a particular file, by means of which the User uses the Website—these are usually: address of the Internet service, date of publishing, lifetime of a cookie, unique number, and additional information corresponding to the intended use of a particular file.

7.2. The Website uses two types of cookies: (a) session cookies, which are permanently deleted upon closing the session of the User’s browser; (b) permanent cookies, which remain on the User’s device after closing the session until they are deleted.

7.3. It is not possible to identify the User on the basis of cookie files, whether session or permanent. The cookie mechanism prevents collection of any personal data.

7.4. Cookies used on the Website are safe for the User’s device, in particular they prevent viruses or other software from breaking into the device.

7.5. Files generated directly by Dash may not be read by other websites. Third-party cookies (i.e. cookies provided by entities co-operating with Dash) may be read by an external server.

7.6. The User may individually change the cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service.

7.7. First of all, the User may disable storing cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Website.

7.8. The User may also individually remove cookies stored on his/her device at any time in accordance with the instructions of the browser producer.

7.9. The Service Provider uses own cookies for the following purposes: configuration of the Dash Website and adjustment of page content to the preferences or conduct of the User; analysis and research of views, click number and path taken on the website to improve the appearance and organisation of content on the website, time spent on the website, number and frequency of visits on the Website.

7.10. The Service Provider uses third-party cookies for the following purposes:

Google Analytics: collecting general or anonymous statistical data by means of analytical tools.

Google Adwords: promotional and marketing actions within the retargeting process.

Apple Search Ads: promotional and marketing actions within the retargeting process in the Apple AppStore.

Facebook Ads: promotional and marketing actions within the retargeting process.

7.11.   Details concerning cookie support are available in the settings of the browser used by the User.

8.    FINAL PROVISIONS

8.1.  This Privacy Policy comes into effect as of 1 May 2019.