Terms

Terms
Terms & Conditions
Privacy Policy
Rydoo's GDPR Commitment

Terms & Conditions

These terms and conditions of sales (the “Terms and Conditions”) are entered into between iAlbatros Poland Spółka Akcyjna with registered office in Warsaw at Aleje Jerozolimskie 180, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000507829, NIP 1070029274, REGON 147141554, share capital: 416 415,00 PLN (“Rydoo”) and the client which is a legal entity or an organizational unit of a legal entity that subscribes to Rydoo’s services under the Terms and Conditions (the “Client”), hereunder referred to as the Parties (a Party).

Contract between the Parties is entered into by registering to the T&E Services and accepting the present Terms and Conditions either manually or electronically, both manners having full legal force. By accepting these Terms and Conditions, and/or by accessing and using T&E Services Client shall represent and acknowledge to have read, understood, and agreed to be bound by these Terms and Conditions. The person entering into the Contract on behalf of a company or another (legal) entity shall warrant to have the authority to bind such entity and its representatives to the Contract.

 

1.   DEFINITIONS 

All terms defined below beginning with a capital letter are defined as follows:

Data: means any data from the Client database which can be accessed only by Users.

T&E Solution: means the software solution in SaaS mode (including updates, upgrades and corrections delivered by Rydoo as part of the Services) made available to the Client which includes the OBT and the Expense Solution modules.

OBT: means T&E Solution module - the self-booking tool or online booking tool.

Personal Data: means any information which directly or indirectly identifies any individual, including by reference to an identifier, such as, without limitation, the name, address, email address, phone number, identification number or an identifier.

Services: refers to the hosting, maintenance and support services provided by Rydoo to the Client in relation with the T&E Solution.

User: means a natural person authorized by the Client to use the T&E Solution and the Services.

Expense Solution: means T&E Solution module allowing individuals and businesses to capture, track and store their business expenditure receipts, as well as to generate and submit for approval expense reports derived from those receipts.

Supplier: third party providing accommodation (eg hotels, motels, apartments, bed & breakfasts), flights, vehicle rental services and any other travel related products and services made available for reservation via T&E Solution.

 

2. PURPOSE

The purpose of these Terms and Conditions supplemented if necessary by Appendices and invoices (the “Contract”) is to define the conditions under which the Client is authorized to use the T&E Solution and the Services. Any order by the Client is governed by this Contract. These Terms and Conditions supersede any terms and conditions of purchase of the Client and any prior agreements between the Parties on provision of the same Services; any specific clauses in the Contract supersede its general provisions on the same subject.

 

3. DURATION – TERMINATION

Unless otherwise agreed between the parties, this Contract comes into force at the date of acceptance of these Terms and Conditions by the Client, for indefinite period. The Contracts that are paid monthly can be terminated upon 1 (one) month prior notice. The Contracts that are pre-paid for 12 (twelve) months can be terminated upon prior notice given at least 1 (one) month before the end of the pre-paid period.

The Contract may be terminated or suspended by Rydoo immediately upon notification if the Client fails to pay its due invoices, in the event of apparent insolvency, or if the Client violates the terms of the Contract.

Upon termination of this Contract, for whatever reason, Rydoo shall revoke any access to the T&E Solution offered to the Client and the Client shall immediately cease any access and use of the T&E Solution and the Services. In addition, Rydoo agrees to provide the Client with a copy of its Data in defined format within a period of one (1) month of the Client’s request.

Termination of this Contract does not affect completion of performance of any bookings made via the T&E Solution and pre-paid by the Client to the Suppliers prior to the termination.

 

4. FINANCIAL CONDITIONS

Access and use of the T&E Solution and the Services are authorized in consideration for the payment of the fees mentioned on the invoices and/or in the Contract. The fees are exclusive of VAT (and other indirect taxes) and payable via payment card. For Contracts that are paid monthly price revisions can be applicable monthly. For Contracts that are pre-paid for 12 (twelve) months price revisions can be applicable upon expiry of the pre-paid period. The Client expressly renounces from any repayment of amounts pre-paid in advance. In the event of non-payment by the due date, any amount due to Rydoo, and not contested by the Client, shall bear interest at a rate equal to three (3) times the legal interest rate, from the first business day of delay. Rydoo may likewise request the payment of a lump sum of forty (40) Euros for recovery costs, without prejudice to its right to seek greater compensation if costs actually incurred in this regard exceed the lump sum amount. Without prejudice to the preceding and without any prejudice to the payment obligation of the Client(s), each protest must be communicated within a period of 8 (eight) calendar days as of the invoice date by a motivated registered letter. After this period, the Client shall be deemed to have definitively accepted the invoiced amount.

 

5. T&E SOLUTION

5.1 Conditions of use

The T&E Solution, as well as all its components (such as trademarks, logos, computer programs, graphics, images, texts) are the exclusive property of Rydoo or have been granted to it. This Contract does not imply any assignment of intellectual property rights of any kind on any elements belonging to Rydoo.

Rydoo grants the Client a personal, non-exclusive, non-assignable, non-transferable right to use the T&E Solution for the duration of this Contract for the travel on a worldwide basis and the sole purpose of the Client’s internal needs. The Client shall use the T&E Solution and shall authorize access to it by the Users in accordance with its requirements, any documentation provided and the present Terms and Conditions.

The Client may not in any case transfer, delegate or allow a third party to make use of its right to use the T&E Solution and is strictly prohibited from any other use. In particular, the Client is not permitted to make any copy, correction, adaptation, modification, translation, arrangement, distribution, decompilation, alteration, and more generally, any change to all or part of the T&E Solution. Nor may it permanently or temporarily reproduce all or part of the T&E Solution by any means and in any form.

5.2 Conditions of access

The Client may access the T&E Solution 24 hours a day, 7 days a week, subject to maintenance periods.

The T&E Solution can be accessed from (i) any compatible devices of the Client (computers, mobiles or tablets) and (ii) using the identifiers provided to the Client by Rydoo. The identifiers are intended to restrict access to the T&E Solution by the Client and the Users, to protect the integrity and availability of the T&E Solution, as well as the integrity, availability and confidentiality of any Data. The identifiers are personal and confidential. The Client agrees to take any necessary measures to keep its identifiers confidential and not to disclose them in any form whatsoever.

Rydoo shall not be held responsible for any damages resulting from any loss or breach of confidentiality with regard to the identifiers assigned to the Client and its Users.

 

6. SERVICES

The Client shall provide Rydoo with any information required for the performance of the Services.

Rydoo provides the following Services to the Client:

- Provision and maintenance of the T&E Solution: Rydoo shall implement from time to time upgrades, updates and new versions of the T&E Solution. Any new versions might include any modifications or deletions of existing features and/or new features or capacities.

- Technical support for T&E Solution: Technical issues and requests can be reported by the in-app chat tool from Monday to Friday from 09.00 to 18.00 Central European Time (excluding public holidays).

- Traveller support services: Support is available in French and English from Monday to Friday from 09.00 to 18.00 CET time (excluding public holidays). Outside of those hours or during weekends and public holidays the emergency support is provided in English. Provision of those services shall be invoiced in accordance with the applicable pricing.

- Training and configuration services: at the Client’s request, Rydoo may, during the term of the Contract, provide additional services, which shall be invoiced in accordance with the applicable pricing.

 

The Client acknowledges that T&E Solution is an ancillary SaaS platform and Rydoo is not engaged in provision of any accounting, accommodation or transportation services that may be enabled by and/or available to the Client through his own use of T&E Solution modules..

 

7. CONFIDENTIALITY

For the purposes of this Contract, “Confidential Information” means all confidential and proprietary information of a Party disclosed to the other Party, whether orally or in writing, that is clearly identified in writing or verbally at the time of disclosure as confidential. It includes Rydoo's documentation, the Data and information related to T&E Solution, whether or not marked as confidential or proprietary.

Each Party agrees not to use or reproduce the Confidential Information of the other Party for purposes other than for the requirements of the Contract and not to disclose or transfer the Confidential Information of the other Party to any third parties without its prior written consent.

Notwithstanding the foregoing, Confidential Information can be disclosed by the other Party to its employees, officers and consultants as well as to employees, officers and consultants of its subsidiaries or authorised subcontractors solely for the purposes of performance of the Contract, and provided that such individuals are duly informed of the confidential nature of the information, and that they are bound by confidentiality undertakings similar to those set forth in this clause.

These confidentiality obligations do not apply to Confidential Information that is:

- entered into the public domain prior to disclosure or thereafter without being in breach of this clause;

- known prior to its disclosure by the disclosing party;

- received from a third party lawfully;

- developed independently by the recipient Party.

These confidentiality obligations shall continue to have effect for a period of three (3) years following the expiry or termination of the Contract.

 

8. PERSONAL DATA

Each Party shall comply with any applicable law related to Personal Data. Rydoo collects and processes Personal Data in accordance with its privacy policy.

For the purpose of this Contract, Rydoo will access to the Users’ Personal Data and will process them on behalf of the Client, in its quality of Data Processor, in accordance with the Data Protection Laws.

 

9. LIABILITY

The Client shall be solely responsible for the use of the T&E Solution by the Users.

The liability of each Party shall be limited to direct damages caused to the other Party. Neither Party shall be held liable for any indirect damages or any loss of data, loss of income, loss of profits, loss of opportunity or loss of customers or damage to the image arising from or relating from this Contract regardless of whether such persons were advised of the possibility of such losses or damages or such losses or damages were otherwise foreseeable. Under no circumstances shall Rydoo be liable for any loss or damage caused by the reliance of the Client on any information, statements or reports obtained using the T&E Solution. Rydoo shall not be liable for any damages caused by the failure of the Client to provide information, documents or files required to implement the T&E Solution, as well as any data errors provided by any third party or by the Client.

In any event, Rydoo's liability shall not exceed an amount equivalent to the total fees received by Rydoo during the twelve (12) months preceding the occurrence of the damage invoked by the Client, except in case of wilful misconduct or gross negligence.

In any event, Rydoo may be exempted from all or part of its liability insofar as the non-performance or improper performance of the Contract is attributable to the unforeseeable and insurmountable act of a third party unconnected with the provision of services under the Contract, or to a force majeure event. Events of force majeure include strikes or social conflicts, the freezing of all means of transport or supply, earthquakes, fires, storms, floods, power outages, wars, attacks, riots, political instabilities, breakdowns of telecommunications as well as all other events of force majeure.

 

10. APPLICABLE LAW AND COMPETENT JURISDICTION

This Contract is governed and interpreted in accordance with French law. Any dispute which may arise with regard to the validity, interpretation, performance, termination, as well as the consequences of this Contract, must be submitted to the Paris Commercial Court, regardless of the place of performance of the Contract or of the domicile of the defendant, notwithstanding plurality of defendants or impleading of third parties, even for emergency proceedings or protective proceedings.

 

11. MISCELLANEOUS

Changes to the Terms and Conditions will be made by Rydoo by publishing the updated version of Terms and Conditions on its website www.rydoo.com. The amended Terms and Conditions will come into force five (5) days after their publication on this site and binding upon the Client, if he continues using T&E Services after this  5-day period. Amendments done pursuant to an evolution of applicable law or regulation will come into force as from the publication date on the site.

The Contract is entered into intuitu personae. Neither party shall be entitled to assign, transfer or relinquish in any way its rights and obligations arising from the Contract in favour of a third party without the prior written consent of the other party which should not be unreasonably withheld. Nevertheless, Rydoo, upon 30 days written notice to the Client, shall be entitled to assign this Contract to its affiliates or group companies. The Client acknowledges that the Rydoo brand is represented and T&E Solution is operated by sister companies - Xpenditure NV, having its registered address at Hendrik Consciencestraat 40/42, 2800 Mechelen, Belgium, and iAlbatros Poland Spółka Akcyjna with registered office in Warsaw at Aleje Jerozolimskie 180, Poland – whereas both these entities can provide and/or bill the Services to the Client at discretion of Rydoo, which is agreed by the Client.

The fact that one of the Parties did not exercise any of its rights in a timely manner, or did not exercise them at all, shall not be presumed to operate as a waiver of such rights, whether in relation to a past or future fact.

 

 

Privacy Policy

Introduction

At Rydoo, a combined Sodexo, Xpenditure and iAlbatros Poland brand, we understand the needs of privacy and safety. We consider our travelers’ trust as one of our most valuable assets. Therefore, we want to do the utmost for your data to ensure it's safe with us.

This document describes how we collect and use the data concerning the use of our services. We keep it simple and easy to understand, as our company has been built on openness and our services on trust. Here you will also find our contact information in case you would need any further assistance.

Xpenditure N.V. and iAlbatros Poland S.A. and their local subsidiaries provide business process outsourcing services in the areas of travel and expense management using modern technology solutions.

Our expense management services allow the client to capture, track and store his business expenditure receipts, as well as to generate and submit for approval the expense reports derived from those receipts, which are uploaded via either web, e-mail and/or mobile applications.

Our travel management services allow the client to use our web pages, mobile applications, call center, integrated partner applications, instant messaging and social media platforms. This policy applies to all the platforms you can use to get access to our services and all the data we collect using those platforms.

This policy may change when the applicable legislation changes or if we decide to extend our services. Please visit this page regularly to be kept up-to-date.

If you do not agree with this Privacy Policy, we kindly advise you to stop using our services.

What kind of information we collect

Information provided by you or your employer

Depending on the services you or your employer has selected, we collect some specific information about you.

To provide you with the best available accommodation, flight or rail ticket we need to know certain things about you, like your first name, last name, ID document number, contact details, other travelers’ data; sometimes also your date of birth can be asked, in order to process the booking.

In order to perform our expense management services, we may also receive and store the following information about you: your bank account number, scanned expense receipts and credit card statements, which may include personal data such as name, address and bank account information.

Use of our services does not always require users to fill in or upload sensitive personal data. In order to avoid unnecessary exposure, we ask you to make sure that sensitive personal data are not filled in or uploaded to your account (intentionally or accidentally) in any form as photos, notes or other if it is not necessary.

Information we collect automatically when you use our services

When you use our services we also collect certain information automatically like your IP address, browser type and version or mobile device data and local settings, e.g. language; activity on our website, including the pages you visited and searches you made.

Information from other sources

If you use a third party payment provider, if you link your profile with social media or instant messaging profile or if you use our platform via third party integrated software we can collect information from those sources.

All our accommodation and transport services providers may also share with us information about you and your trip.

Refer a friend

In case we would enable a refer-a-friend functionality, you must always seek your friend’s consent to our use of your friend’s name and e-mail address to contact them about our services. By providing us with your friend's name and email address, you warrant that your friend consents to such contact.

Read more...

What is the purpose of data collection

We need our users and travelers’ data to provide our services to them: searching for hotels and rates available, booking rooms or tickets, managing expenses, creating and transmitting expense reports or any other service we provide and to improve our services for our clients.

We also use your contact information to inform you about any changes to trip itineraries, any actions waiting for you in the system or any new features and services available.

Read more...

How long do we store your data

Personal data is gathered for a specific purpose and stored also for a specific purpose. The overall rule we apply is that we will delete all the data within 6 months after the end of the year when the data is no longer needed for any purpose.

Please be aware that there are various purposes for which we gather and later process your personal data. We take into consideration all those purposes and have defined a data retention period for each category of the personal data.

Why do we put the deadline on 6 months after the end of the year of termination of the purpose? Because, even though we regularly delete the data that is not needed anymore from our system, this deleted data may stay in the system or the infrastructure logs and backups. These logs and backups are deleted within a period of 6 months.

Read more...

With whom do we share your data

Rydoo provides users with the platform that gives you access to multiple different service providers e.g. hotels, airlines, rail companies, financial institutions. We need to share your data with them for the purpose of managing your expenses or your trip bookings.

We may share your information with any other company within our group for the purposes stated in this privacy policy. We may also share it with hired consultants or vendors working on our behalf, in line with all EU regulations.

Of course, we might have to share the information with the competent authorities if the applicable legislation so requires.

Our website(s) and/or web and mobile application include links to third party sites. Rydoo does not control these third-party sites, and we encourage you to read the privacy policy of every site you visit.

Read more...

Where is your personal data processed

We mainly process your personal data within the European Economic Area (EEA). Being the data processor, Rydoo relies on a limited number of sub-processors to perform well-defined elements of its services. Some of these sub-processors may be located outside of the EEA. They have been selected carefully and all have adequate privacy guarantees in place.

Read more...

How we secure the data

We use appropriate technical and operational measures (e.g. data encryption, security audits,, hashing, etc.) to secure information collected by Rydoo to be compliant with all applicable regulations regarding personal data protection and our contractual obligations. We built our information security based on the ISO 27001 standard.

When providing our services, we only engage subcontractors, parent or subsidiary companies which adhere to equivalent rules on the protection of personal data in line with EU regulations.

Personal data of a child

Rydoo services are meant to be used by adult users. Underage persons’ data will be collected only with parents / legal guardians’ permission.

Your rights

You have a right to review the information we collect about you. It is available in your profile and you can always ask for a proper data record by emailing us.

You can always contact us if you believe that we are no longer entitled to use your personal data, or if you have any other questions about how your personal information is used. Please email or write to us using the contact details below. We will handle your request in accordance with all applicable  EU & national data protection laws.

Contact: privacy@rydoo.com

Read more...

Who is responsible for data processing

As part of the business unit Sodexo Travel & Expense:

1. iAlbatros Poland S.A., al. Jerozolimskie 180, 02-486 Warsaw, Poland

2. Xpenditure NV, Hendrik Consciencestraat, 40/42 2800 Mechelen, Belgium

Data Protection Officer

We have appointed a Data Protection Officer: Anne-Cécile Colas

in case of any request related to data privacy you might reach our DPO or local point of contact by e-mail: privacy@rydoo.com.

What we will do if there is an update to this policy

From time to time we may change our privacy practices. We will notify you of any changes to this Policy as required by law. We will also post an updated copy on our website. It will have a different date and version number from the one set out below. Please check our site periodically for updates.

Cookies Notice

In common with many online businesses, we use cookies. Cookies and other tracking technologies can be used on our websites and apps in various ways, such as to analyse traffic or to offer a better personal experience. Those technologies are either used by us directly, or by our business partners, including third party service providers and advertisers we work with. If you want to learn more about what a cookie is and how they are used, click on the read more link below.

Read more...

Collected information

Information you provide us or your employer provides us

Rydoo needs a set of data to perform their services for you i.e. your first name, last name, e-mail address, sometimes date of birth, and payment methods. We also encourage you to provide us with contact details, document details, loyalty cards and the information about your special rates and benefit programs you want to use, as well as your trip preferences.

According to the contract between Rydoo and your employer or travel management company (TMC) that serves you, your employer or a TMC can provide part or all of this information.

Information collected automatically

All contacts with Rydoo’s platform or with its Customer Service via phone, e-mail, chat, messaging platform or any other channel will be a source of information about you and your preferences. We collect all the communication between you and Rydoo as well as automatically registered data about your contacts with the Rydoo platform and services like IP address, web browser used, device used, and localisation or language settings, third party applications you use to contact us.

For the purpose of administration and maintenance works, we collect logs of operations on the  Rydoo platform especially all incidents and technical errors that might occur. We might also use collected user operations data to prevent fraud and misuse of our services.

We might also ask you for an opinion about our services or your trip to help us understand your needs and provide better services for you and other our clients.

Information collected from other sources

We receive personal data about you from business partners that distribute our services by way of a co-branded or private-labeled website, business partners that offer their products and/or services via our services, or business partners that provide services in connection with our services (e.g. payment processing services).

Rydoo services are available through our own platforms and applications and through integrated third party software web pages, online booking tools, instant messaging systems, social media platforms. We will collect information about travellers and users provided by integrated third party software to perform and improve our services.

Rydoo is also integrated with multiple services providers, with hotels, airlines, travel management companies, rail operators, financial institutions, security services etc. Those third parties take part in whole trip management service and share the data about the trip with the Rydoo platform, which manages it all.

Purpose of data processing

We use the information collected about users and travellers for providing and improving the travel management services we offer. We can use it for:

1. Booking trips: this is the most important reason for collecting your data when you are using the travel module. It is necessary to properly search for, book and later on manage your trip (book hotel, issue air or rail ticket). This is our core business and purpose. Additionally we offer other services of our partners connected with travelling i.e. fulfilling payments, providing additional support, monitoring your safety.

2. Managing expenses: this is the main reason for the collection of your data when you are using our expense management module. It is necessary to recognize your expenses, letting you report them and allow the system to reimburse them.

3. Customer service: we offer you 24/7 support in multiple languages. Availability of your data is necessary to help you if you need it. We can provide various support services such as helping you with the booking, resolving issues with the Rydoo platform, supporting you in communication with hotel etc.

4. Providing user access: the Rydoo platform and applications requires proper authentication and authorization. Your data is used to manage the user account on our platform. Using the account, you can manage your reservations, set up your profile, manage your company or TMC and use all other features of the system.

5. Marketing: we use your data for marketing and training purposes:

a. We use contact data to send information about products and services.

b. We use collected data to personalise search results in the Rydoo platform and applications and to recognize you when you visit or return to our website, so we can show you ads or other content tailored to your preferences;

c. In case of participations in any promotion events and loyalty programs, we use your data to manage those events.

6. Communication with users and travellers: we might contact you using phone, e-mail, SMS or an instant messaging platform. We collect the communication between you and us and we will use your data to:

a. Recognize you when you contact us or enter the Rydoo platform or application

b. Solve all the issues raised by you or services providers

c. Notify and remind you about all the tasks and actions you might be interested on the platform.

d. Ask you for an opinion.

e. Send you vouchers, trip itineraries, summaries of your trips.

f. Send you important alert.

7. Market analysis: We can use anonymized data for the analysis of the market. Non-anonymized data or opinions can be collected only if you will agree.

8. Misuse detection: Data collected allows us to monitor user behaviour and detect misuse of our services or applications, frauds and other potentially dangerous actions.

9. Service improvement: Data analysis is used to improve our services, to understand our client needs, negotiating with our providers, improving usability of our applications and eliminating problems and issues.

10. Service monitoring: All technical components of the Rydoo platform and integrated applications collect user operations logs, errors and technical alerts for the purpose of system administration and maintenance.

11. Legal needs: if some cases your data can be used to solve any legal dispute or administrative proceeding.

We collect and process your personal data based on:

1. Contractual obligations: using your data is necessary to fulfil contract between you and us or between your employer and us.

2. Legitimate interest: we can use your data to provide you with the best available travel and expense services: personalised application, messages and search results, providing you proper help and product and training information, for administrations and maintenance purposes, fraud detection and for legal reasons.

3. Your permission: we can ask you for a permission to use your data for special marketing purposes. You can revoke such a permission any time by contacting us.

With whom we can share your data

We share the information we collect about you according to the purpose of data collection.

Solely for purposes of service level assurance we may use third party providers (e.g. our hotel, airline, railway providers, financial institutions, etc.) - who supply us with their specialized service.

In the framework of their service provision, our partners may process application and personal data, but they can never get or link it to any customer details which are not included in those items. We may cooperate with our partners based within or outside the EU, however, all of them without any exception have appropriate technical and organizational measures in place to protect your personal data and they have provided us with adequate contractual guarantees in this regard.

Data shared to manage business travel

For managing your business travel, we may share your data with:

1. Travel services providers we use to organize your trip that can include hotels, airlines, global distribution systems where we book your trip, travel management companies issuing your tickets, but also security agencies that cares about yours safety.

2. Payment operators and other financial services providers to organize all the payments for the services ordered by you. We will share with them only the set of data required to fulfil the service. We can also share additional data in case it is necessary to prevent or detect a fraud or theft.

3. Your employer or an organization that organizes your trip using our services. We report your business trips to your employer, or if you are a guest of a company or client of the travel agency, we will report the data back to them.

4. Other Rydoo entities that provide services or process the data on our behalf, as we centralize our operations.

Data shared to manage expenses

For managing your expenses, we may share your data with:

1. Our Optical Character Recognition (OCR) service provider we use to process electronic images of the receipts and other documents you might upload, and only those images.

2. Your employer or an organization that manages your expenses using our services. We report your expenses to your employer, or if you are a guest to your host our client, we will report the data back to them.

3. Other Rydoo entities that provide services or process the data on our behalf, as we centralize our operations.

We can also share your data with:

1. Vendors, consultants and business partners who help us to carry out work on our behalf.

2. Competent authorities, we may disclose personal data so far as reasonably necessary: if we think you have or may have breached our general terms and conditions or to enforce our rights or protect the public or where we have reasonable grounds for believing that a criminal act has been committed or if we are required to do so by law or appropriate authority.

3 With involved parties in the case of an actual or proposed (including negotiations) sale or merger or business combination involving of all or the relevant part of our business.

4 Other services users (or groups of users) or public, but only the content you provide on such a forum.

5. In aggregated and anonymized form, which cannot be used to identify person.

Where we process your personal data

Your personal data may be stored, used and otherwise processed within Poland and Belgium, and/or any other countries of the European Economic Area (EEA).

We may also store, use or otherwise process personal data outside the EEA. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests.

Personal data will not be transferred to a country outside the EEA unless:

1. the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection

2. or the personal data is transferred to a United States company which has signed up to the Safe Harbour scheme

3. or service providers and other third parties to whom data is transferred undertake contractually to process data in accordance with our instructions and to maintain appropriate security to protect the personal data or we are obliged to provide the personal data to a government or public authority.

Social media

Rydoo uses social media and instant messaging platforms in several ways. We promote our services and products or services and products of our partners. We share information about our work and we gather feedback and marketing data. We also use social media and instant messaging platforms to support online usage of our services.

We are offering services through social media and instant messaging platforms. You can connect your account in the Rydoo system to your existing account on one of supported social media platforms and take advantage of this channel of communication with us. Our system will be able to send you some notifications and you will be able to perform actions, as you would do in our system. Any time you can disconnect accounts using our or native social media or instant messaging platform functionality.

You can also allow us to use some of the social media platform data, available on your profile like photo, email address or name.

On our pages and in our application we can place social media plugins (i.e. like or share buttons). If you will use it, some of the data will be shared with social media platform and it can be shared with larger audience according to your own social media privacy settings. We advise you to read also privacy policies of your social media platform.

Cookies and other tracking tools

What are cookies and how do they work?

Cookies are small bits of text that are downloaded to your computer or other device when you visit a website. Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you and can then tailor what you see on the screen.

What do we use cookies for?

Cookies are used for different purposes. They allow you to be recognized as the same user across the pages of a website, between websites or when you use an app.

Our website and apps use cookies for different purposes:

Technical cookies

We try to give our visitors an advanced, user-friendly website and apps that adapt automatically to their needs and wishes. To achieve this, we use technical cookies to show you our website, to make them function correctly, to create your user account, to sign you in and to manage your bookings. These technical cookies are absolutely necessary for our website to function properly.

Functional cookies

We also use functional cookies to remember your preferences and to help you to use our website and apps efficiently and effectively. For example, these cookies remember your preferred currency, language, your searches. We may also use cookies to remember your registration information so that you don’t have to retype your login credentials each time you visit our site. Your password will, however, always be encrypted. These functional cookies are not strictly necessary for the functioning of our website, but they add functionality.

Analytics cookies

We use these cookies to gain insight into how our visitors use our website and apps. This means we can find out what works and what doesn't, optimize and improve our websites or apps, understand the effectiveness of advertisements and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages you have viewed, which referring/exit pages you have entered and left from, which platform type you have used, which emails you have opened and acted upon, and date and time stamp information.

It also means we can use details about how you’ve interacted with the site, such as the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you enter into various fields. We make use of analytics cookies as part of our online advertising campaigns to learn how users interact with our website or apps after they have been shown an online advertisement. This may include advertisements on third-party websites.

Commercial cookies

We can use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting,” and it is based on browsing activities.

How you can control cookies.

To learn more about cookies and how to manage or delete them, simply visit allaboutcookies.org and the help section of your browser. In the settings for browsers such as Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the "Help" function in your browser to locate the settings you need.

If you choose not to accept certain technical and/or functional cookies, you may not be able to use some functions on our website. We currently do not support “Do Not Track” browser settings.

How long do we store data

Data retention schedule for our application users

Data Category

Explanation

Retention period

Identification data

PII

Name, login, title, email address, IDs assigned by the controller.

Account deactivation + 10 years

Contact data

Address (work and home), other addresses, telephone number (work and home).

Data deleted, account deactivated or requested to stop processing/delete data

Identification information assigned by government institutions

ID card number, passport number, drivers license number, license plate number, etc.

Data deleted, account deactivated or requested to stop processing/delete data

Electronic identification data

IP addresses, cookies, connection moments, etc.

Account deactivation + 10 years

Electronic localization data

Cell tower data, GPS data, etc.

Account deactivation or consent withdrawn

Special financial data

Financial transactions

Amounts paid and payable by the data subject, awarded credit lines, sureties, payment method, payment overview, deposits and other guarantees.

Moment of transaction related invoice payment recognized + 10 years

Personal characteristics

Personal details

Age, sex, date of birth, place of birth, nationality.

Data deleted, account deactivated or requested to stop processing/delete data

Habits

Travel details

Information regarding business travel habits and preferences

Data deleted, account deactivated or requested to stop processing/delete data

Leisure pursuits and interests

Leisure activities and interests

Hobbies, sports, other interests.

Data deleted, account deactivated or requested to stop processing/delete data

Memberships

Memberships (other than professional, political, or in trade unions) - only if required to manage business travel or expenses

Memberships in loyalty programs, organizations, clubs, partnerships, unions, groups, etc. - if used for business travel management or expense management.

Account deactivation + 10 years

Consumption habits

Travel data

Details regarding the goods and services provided to the data subject.

Moment of transaction related invoice payment recognized + 10 years

Business expense data

Details regarding the goods and services reported as expenses by the data subject.

Contract end

Application usage

Details regarding usage of the application by the data subject.

Account deactivation

Requests, complaints, incidents or accidents

Information regarding a request, accident, incident, or complaint in which the data subject is involved, the nature of the request, damage, involved persons, witnesses.

Closing the case + 10 years

Profession and employment

Current employment

Employer, title and role description, seniority, work location, specialization or company type, work modes and conditions.

Account deactivation + 10 years

Photographs recordings

Images

Camera recording, photographic recording, digital photos or scans of receipts uploaded, etc.

Data deleted, Contract end, Request to delete data / stop processing

Sound recordings

Sound recordings

Phone recordings regarding requests or issues, etc.

Closing the case + 10 years

Electronic activity logs

Application and infrastructure logs

Logs of user actions and technical requests registered

Account deactivation

Users login logs

Recorded user login attempts

Account deactivation + 10 years

Your rights

Right of access

You can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.

You can request any available information as to the source of the Personal data, and you may also request a copy of your Personal data being processed by us.

Right to be forgotten

Your right to be forgotten entitles you to request the erasure of your Personal data in cases where:

1. the data is no longer necessary;

2. you choose to withdraw your consent;

3. you object to the processing of your Personal data by automated means using technical specifications;

4. your Personal data has been unlawfully processed;

5. there is a legal obligation to erase your Personal data;

6. erasure is required to ensure compliance with applicable laws.

Right to restriction of processing

You may request that processing of your Personal data be restricted in the cases where:

1. you contest the accuracy of the Personal data;

2. we no longer need the Personal data, for the purposes of the processing;

3. you have objected to processing for legitimate reasons.

Right to data portability

You can request, where applicable, the portability of your Personal data that you have provided to us, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from us where:

1. the processing of your Personal data is based on consent or on a contract; and

2. the processing is carried out by automated means.

You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).

Right to object to processing for the purposes of direct marketing

You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.

Right not to be subject to automated decisions

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect upon you or significantly affects you.

Right to lodge a complaint to the competent Supervisory Authority

If you have a privacy-related complaint against us, you should complete and submit the Complaint/Data Subjects’ Request Form or make your complaint by email or by letter in accordance with our Global Complaints/Requests Handling Policy. If you are dissatisfied with our response, you may then seek further recourse by contacting the relevant local Supervisory Authority or the local competent court. You may also contact our lead Supervisory Authority, the French Supervisory Authority (the “CNIL”, www.cnil.fr).

Rydoo's GDPR Commitment

The European Union’s General Data Protection Regulation (also called the GDPR), the EU’s legal instrument to strengthen and unify data protection laws for all individuals within the European Union, has come into full effect on May 25th, 2018.

How is Rydoo dealing with GDPR?

Since GDPR was adopted back in April 2016, we haven’t stood still really. Only a couple of weeks later, a gap analysis was performed and a roadmap towards full compliance was drafted. This journey has now come to an end.   

Here is a brief overview what we have been occupied within the past months and years:

  • Thorough researching the areas of our business impacted by GDPR
  • Updating our internal policies and procedures to reflect the GPDR requirements and implementing them step by step
  • Reassessing our partnerships with third parties
  • Creating awareness among our employees through training sessions
  • Drafting and rewriting our Data Processing Agreement
  • Updating our Privacy Policy
  • Appointing a Data Protection Officer
  • Thoroughly testing all of our changes to verify and validate compliance with GDPR

Rydoo does not require the end user to fill in or upload any high security personal data, such as credit card number or pin code, social security, health insurance or driver license numbers on the platform. Even so, we want to do the utmost for your data to be sure it's safe with us. Therefore, Rydoo is also working closely with different external attorneys and IT security experts on its approach, because we want to make sure every aspect is covered.

What is GDPR actually?   

The General Data Protection Regulation, which replaces the 1995 Data Protection Directive, regulates the processing of personal data of individuals within the EU. Under GDPR, “personal data” is interpreted broadly and covers any information relating to an identified or identifiable individual (the so-called “data subject”).

The GDPR gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect from them. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. 

To give you an idea of some important changes that will come into effect when GDPR enters into force:

- More rights for individuals: The GDPR extends the rights for individuals in the European Union by granting them, amongst other things, the right to access their personal information and the right to be forgotten.

- Compliance obligations: The GDPR also requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on their processing activities and enter into written agreements with vendors.

- Data breach notification and security: The GDPR creates new obligations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.