What we process
- First name: Shown to the driver, to make sure the right person is being picked up.
- Address: If you use your address or "favourite places" in trip searches.
- E-mail: Used to contact you about customer issues and, if applicable,consenting to participate in the customer survey.
We also process the following data in connection with booking and completing trips:
- Space for necessary aids, such as wheelchairs: This is necessary to ensurethat the vehicle has adequate space.
- GPS location for departure and arrival points: The driver needs to know where topick you up and drop you off.
- Departure and arrival times: The driver needs to know when to pick you upand when to drop you off.
- The starting time and end time for your trip: To be able to show you the trip in itsentirety on screen.
- Start and arrival locations from your trip search. This depends on what youused in the search. These locations can be:
- The device's GPS location if "my location" is used.
- An address, if used.
- Final destination location identifier, if used.
- GPS location of the vehicle, to show the customer where the vehicle is locatedwhen you order your trip.
We use information about your purchases and trip searches, etc. to create statistics about the use of the app, without linking this to your identity.
Legal basis and purpose of processing personal data
Your consent is our legal basis for processing personal data.
The personal data is processed to be able to plan and deliver ordered transport and follow up on the service, e.g. in the event of service disruptions.
You can also consent to receive a customer survey, which will be used to further improve this service.
We use legitimate interest as a basis for processing anonymous statistics.
Storage period of the personal data
We will only process your data if you have consented to it. You can withdraw this consent at any time, unless your current trip is active. This must be completed or cancelled first. There is more information about withdrawing your consent below.
Your customer details will be stored as long as you choose to consent.
Sales information is stored up to 410 days after the trip has been completed, or 410 days after you submitted a written complaint to Ruter about something that happened on the trip. This is done to process the customer's right to complain to the Transport Complaints Board. See the Transport Complaints Board Regulations (only in Norwegian), Section 5-2, and the Guidelines on Processing Personal Data for Public Transport.
The customer data and travel information are stored in separate databases.
Your rights
You have the right to access, correct, delete or restrict personal data, submit an objection to processing (cf. the right to object) and data portability. Below you will find information on how you can exercise these rights.
Access and corrections
Some of your personal information can be accessed, corrected or deleted in the app. If you want access to all the personal data Ruter has on file about you, you must send a request in writing, either by mail or via the contact form.
Request access via our Contact Form
Withdrawal of consent and deletion of personal data
We will only process your data if you have consented to it. You can withdraw this consent at any time in the app, or by contacting us. If you are in the midst of a trip, you must cancel prior to the trip or wait until the trip has ended to withdraw your consent.
After you withdraw your consent, we will delete personal data related to "Hent" within 14 days. This is done in order to process any complaints you may have made. After that, sales and travel information will not be able to be linked to you as a person.
Information related to booking the trip will be deleted after 7 days, regardless of a decision to withdraw consent. Trip details stored with third parties will be anonymised and cannot be linked to you as a person.
However, Ruter cannot delete personal data if other legislation, such as accounting legislation, requires Ruter to process the data further. In such cases, we will further restrict access and log access to such information.
If you simply delete the app, without withdrawing consent, the information will still be stored with us.
Protesting and complaining to the Norwegian Data Protection Authority
If you feel we have processed your personal data correctly in any way, you can complain to the Norwegian Data Protection Authority, but feel free to contact us first via our data protection officer.
Send an e-mail to Ruter's Data Protection Officer
Can I still use Ruter's services without being logged in?
You cannot use "Hent" without being logged in. You can travel anonymously on Ruter's other public transport services.
What access does Ruter have to your information, and is it shared with others?
Access to information about you is restricted. Access is only granted when this is absolutely necessary.
We use a third party to plan and carry out trips with "Hent". This third party processes booking and travel information, and in this context they process your first name so that the driver can ensure that the right person has been picked up and dropped off.
We do not disclose your personal data to other third parties as long as we are not legally obligated to do so to public authorities.
We will share anonymised data with our partners in public transport/mobility services.
Cloud solutions
Ruter uses AWS cloud services for storing and accessing personal data related to the services you use, and VIA for planning the trips. Although Ruter uses suppliers outside the EU, Ruter has chosen, where possible, to use services that are approved in accordance with the EU CISPE code of conduct, and in such a way that the supplier undertakes not to transfer personal data out of the EEA.
For services that are not CISPE-approved and where processing in the USA cannot be excluded in certain cases, Ruter has taken a number of contractual, organizational and technical measures, such as isolation of information and encryption, to prevent the supplier from having access to the data. For VIA's part, a pseudonymous customer ID is also used, making it impossible for the supplier to link information to you. For all such services, Ruter requires the recipient to commit to comply with the data protection regulations, and we use the European Commission's revised Standard Contractual Clauses.
In addition, the United States and the European Union have entered into an agreement to ensure an adequate level of data protection as set out in the GDPR. You can read more about the agreement on The Norwegian Data Protection Authority's website (only in Norwegian).
As part of our continuous work on information security, Ruter is always working on improvements to the services.
Privacy assessment
Apart from informing us that you need to bring a wheelchair or other assistive devices on the trip, no special categories of personal data are processed. Nor is any information processed that in itself may entail an increased risk of financial loss. GPS related to the customer's location is only processed to the extent that the customer wishes to provide it. Such data is only processed for a limited period of time. Procedures have been implemented to ensure that customer data should not be linked to the vehicle's location data in cases other than those described above.