Privacy Policy for Hent
This is what we register
- First name: Shown to the driver, so they can ensure the correct person is picked up.
- Address: If you use an address or 'favorite places' in your travel search.
- Email: Used to contact you about your customer relationship and, with your consent, for customer surveys.
In addition, we process this information in connection with booking and carrying out a trip:
- Space for necessary aids, such as a wheelchair: Necessary to ensure we have capacity on the vehicle.
- GPS location for pickup and drop-off points: The driver needs to know where you are to be picked up and dropped off.
- Pick-up and drop-off times: The driver needs to know when you will be picked up and dropped off.
- Times for the journey's start and end points: To be able to show the entire journey to you.
- Departure and destination from travel search. This depends on what you as a customer used in the search. These places can be:
- The device's GPS position if 'my position' is used.
- Address if this has been used.
- Stop identifier if this is used.
- GPS location of the vehicle, to show the customer where the vehicle is during a booked trip.
We use information about your purchases and travel searches etc. to create statistics on the use of the app, without linking this to you.
Legal basis and purpose of processing personal data
The legal basis for processing personal data is consent.
Personal data is processed in order to plan and provide ordered transportation for you and to follow up on the service, for example in case of deviations.
You can also consent to receive a customer survey, which will be used to further develop the service.
We use legitimate interest to improve our services as a basis for processing to create anonymous statistics. If you have any objections to the use of your personal data for this purpose, you can raise the objection by using the privacy contact form.
Storage period for personal data
We only process your information if you have consented to it. You can withdraw this consent at any time, unless you are on an active trip. In that case, the trip must be completed or cancelled first. More information on how to withdraw your consent can be found below.
Your customer information will be stored as long as you choose to give consent.
Sales information is stored for up to 410 days after the completed journey, or alternatively 410 days after the complainant has submitted a written complaint to Ruter about an aspect of the journey. This is to manage the customer's right to complain to the Transport Complaints Board. See the regulation on the transport complaints board § 5-2, and the guide on the processing of personal data in Public Transport.
Customer information and travel details are stored in separate databases.
Your rights
You have the right to access, correct, delete, or restrict processing of personal data, to object to the processing (cf. the right to object) and to data portability. Below you will find information on how to exercise your rights.
Access and correction
You can access, modify, or delete some of your personal information in the app. If you want access to all your personal data, you must request this in writing, either by mail or through a contact form.
Request access through the contact form
Withdrawal of consent and deletion of personal data
We only process your information if you have consented to it. You can withdraw this consent at any time in the app, or by contacting us. If you have an active trip, you must cancel or wait until the trip is completed before withdrawing consent.
After you have withdrawn consent, we will delete personal data associated with "Pickup" within 14 days. This is to be able to process any complaints you may have. After that, sales and travel information will not be able to be linked to you as an individual.
Information related to the booking of the trip will be deleted after 7 days regardless of the draw.
Tour details stored with third parties will be anonymized and cannot be linked to you as an individual.
However, Ruter cannot delete personal data if other legislation, such as accounting laws, requires Ruter to continue processing the information. In such cases, we will further restrict access and log any access to such information.
If you only delete the app, without withdrawing consent, your information will still be stored with us.
Protesting and complaining to the Data Protection Authority
You have the right to complain about what you believe is incorrect processing of personal data to the Data Protection Authority, but please feel free to contact us first through our data protection officer.
Send an email to Ruter's Data Protection Officer
Can I still use Ruter's services without being logged in?
You cannot use the "Fetch" service without being logged in. You can travel anonymously with Ruter's other public transport services.
What access does Ruter have to your information, and is it shared with others?
Access to information about you is restricted. Permissions are granted only based on what is necessary.
We use a third party for planning and executing trips with "Hent". This third party processes booking and travel information, and in that context, they handle your first name so that the driver can ensure that the right person is picked up and dropped off.
We do not disclose your personal information to other third parties unless we are legally obligated to do so to public authorities
We will share anonymized data with our partners within public transport/mobility services.
Cloud solutions
Ruter uses AWS cloud services for storage and accessing personal information related to the services you use, and VIA for planning the trips. Although Ruter uses suppliers outside the EU, where possible, Ruter has chosen to use services that are approved according to the EU's code of conduct CISPE, and in such a way that the supplier commits to not transferring personal data out of the EEA.
For services that are not CISPE-certified and where processing in the USA cannot be excluded in certain cases, Ruter has implemented a number of contractual, organizational, and technical measures, such as isolation of information and encryption, to prevent the provider from accessing the information. For VIA's part, a pseudonymous customer ID is also used, so that the provider cannot link information to you. For all such services, Ruter requires that the recipient commits to comply with data protection regulations and we use the European Commission's revised standard contractual clauses.
The USA and the EU have also entered into an agreement to ensure an adequate level of data protection as specified in the GDPR. You can read more about the agreement on the Norwegian Data Protection Authority's website.
As part of our ongoing work with information security, Ruter is always working on improving our services.
Privacy Impact Assessment
Apart from any information that you need to bring a wheelchair or other aids on board, no special categories of personal data are processed. Nor is any information processed that could in itself lead to an increased risk of financial loss. Only GPS related to the customer's position is processed to the extent that the customer wishes to disclose. Such information is only processed for a limited period of time. Procedures have been implemented to ensure that customer data is not linked to the vehicle's location data in cases other than those described above.