Privacy Policy

This Privacy Policy outlines how GCT Solution and registered merchants (“we,” “our,” or “us”) handle the collection, use, sharing, or processing of personal information in line with the Personal Data Protection Act (“PDPA”). It covers personal information that we control or manage, including any data handled by third-party organizations working on our behalf for the same purposes.

Personal Information

In this document:

  • A “customer” refers to an individual who either (a) reaches out to us through various channels to inquire about our products or services or (b) enters or has entered into a contract with us for the provision of goods or services.
  • “Personal information” means any details, whether accurate or not, that can identify a customer either (a) directly from that information or (b) by combining it with other data to which we have, or may gain, access.

The specific personal information we collect may vary depending on your interaction with us but could include your name, email address, and phone number. Any other terms in this document will carry the definitions set forth in the PDPA, as applicable.

 

Data Collection and Usage

A. Types of Data Collected:

  • Data provided by users: This includes information shared with us during account setup or when using our apps.
  • Data generated through service usage: Information such as location, app activity, and device details collected while users engage with our services.
  • Data from third-party sources: Information from other users, account holders, business partners, vendors, insurance/financial providers, and government entities.

Personal data collected via our app includes:

  • User-provided data:
    • Profile Information: We collect details when users create or update their accounts, such as name, email, phone number, username, password, address, profile image, and payment/banking information. This may include payment verification details.
    • Identity Verification: Photos submitted for identity confirmation, which may include facial recognition technology. For more details, refer to the section on “How we use personal data.”
  • Location Data:
    • Approximate Location: General physical location (e.g., city or larger area, typically within 3 square kilometers) using permissions like ACCESS_COARSE_LOCATION for Android.
    • Precise Location: Exact location (within 3 square kilometers or less) using permissions like ACCESS_FINE_LOCATION for Android.
  • Messages:
    • SMS Data: We collect text message details, including senders, recipients, and message content.
  • Verification of Alcohol Delivery Recipients: To ensure legal compliance, we collect photos of government-issued IDs to verify the identities of customers requesting alcohol deliveries or service recipients.
  • Demographic Information:
    • Collected Demographic Data: We may collect user demographics through surveys or from third-party sources in some regions.
    • Inferred Demographics: We may infer user demographics from collected data. For instance, we might use a first name to infer gender when necessary for services like those provided by women to other women. Users can modify these details through in-app settings if needed.
  • User-generated Content: Information provided by users when contacting customer support (via phone, chat, or videoconferencing), leaving ratings or compliments, or submitting other feedback. This may include images, audio, or video files like dashcam recordings, as well as communication metadata (e.g., methods used to reach us through the app).
  • Files and Documents:
    • File and Document Data: Any user-uploaded files or related information, such as file names or details of documents stored on the app.
  • Device Identifiers:
    • Device IDs: Information linked to a specific device.
  • Financial Information:
    • Payment Data: User payment information, including credit card numbers and purchase history.
    • Transaction History: Details about past purchases or transactions made by users.
    • Credit Scores: Credit-related data, such as scores, salary, or debts.
  • Voice or Sound Data: Audio recordings provided by users, such as voice searches or product inquiries.
  • Health and Fitness Data: Information related to users' health and fitness, such as medical records or fitness tracking details.
  • In-App Messages: Text messages sent through the app, including sender, recipient, and message content.
  1. Data Generated During Use of Our Services:
  • Location Data:
    • Drivers, Service Providers, and Delivery Personnel: We collect precise or approximate location data from drivers, service providers, and delivery personnel to enable services and deliveries, track service progress, ensure safety, detect fraud, and meet legal obligations. This data is collected when our app is running in the foreground (open and on-screen) or background (open but not on-screen) of their device.
    • Customers and Delivery Recipients: We collect precise or approximate location data from customers and delivery recipients to enhance the app experience, improve service pick-ups, facilitate deliveries, ensure safety, and detect fraud. This data is collected if users have enabled location sharing on their devices and is gathered from the time a service or delivery is requested until completion. Location data collection may be indicated by an icon or notification, depending on the device’s operating system.
    • Users can choose not to share precise location data, but this may affect app features, such as requiring manual entry of pick-up addresses. However, the location data collected from drivers during trips is linked to the customer’s account, even if the customer has not enabled location sharing.
  • Transaction Information: We collect details related to service transactions, such as the type of service requested or provided, order information, vendor or merchant details, payment amounts, delivery information, service time, and distance traveled. If someone uses your promo code, we may associate your name with that person.
  • Usage Data: We track user interactions with our services, including access times, pages viewed, app features used, crashes, and system activity. We may also collect data about third-party services used before interacting with our app, helping us enhance marketing efforts. This data is often gathered using cookies, pixels, and similar tracking tools.
  • Device Data: We collect information about the devices used to access our services, such as hardware models, IP addresses, unique device identifiers, operating systems, software versions, languages, advertising identifiers, device motion data, and mobile network details.
  • Communications Data: Our app allows users to communicate via calls, texts, or file exchanges without sharing phone numbers. We collect communication details, including call or text dates, times, and content, to resolve disputes, provide customer support, ensure safety, improve our services, and conduct analytics.
  1. Data From Other Sources:
  • Referral Programs: If users refer someone to our service, we receive the referred person’s data from the referring user.
  • Claims or Disputes: Users or others may provide data related to claims or disputes.
  • Business Partners: We receive user information from business partners, such as payment providers, social media platforms, or services that use our APIs. We may also collect data from partners who issue debit or credit cards in collaboration with us, as per the card’s terms and conditions.
  • Vendors: Vendors help us verify identity, background checks, and work eligibility. They also assist in compliance with anti-money laundering, sanctions, and know-your-customer regulations.
  • Publicly Available Sources: We may gather data from publicly available information.
  • Marketing Service Providers: We may collect data from marketing services or data resellers for marketing and research purposes.
  • Government Authorities: Law enforcement, public health, or other governmental bodies may provide us with data.

We may combine information from these sources with data already in our possession.

 

B. How We Use Personal Data

Service Provision
We use personal data to provide, personalize, and improve services such as transportation and delivery, enable key features (location data, payments, ride sharing, etc.), and maintain user accounts and services.

Safety and Security
Personal data is used to verify user identities, prevent fraud, ensure compliance with guidelines, and share serious incident reports with third parties.

Customer Support
Data collected is used to resolve disputes, improve customer support, and monitor interactions between users for assistance.

Research & Development
Personal data helps enhance existing services and develop new features through research and machine learning.

User Communications
Enables communication between users, such as drivers and customers, for coordination and service details.

Marketing
Personal data may be used to send users promotional materials, targeted ads, and partner recommendations. However, data is not shared with third parties for their direct marketing unless user consent is given.

Non-marketing Communications
Data may be used to send receipts or inform users about policy or service changes.

Legal Proceedings
Personal data may be used to comply with legal processes or to resolve claims/disputes.

Automated Decision-making
Personal data is used to make automated decisions, including dynamic pricing, service matching, fraud detection, and user deactivation based on low ratings or unsafe behavior.
 

C. Cookies and Third-party Technologies

Cookies and tracking technologies help us authenticate users, personalize content, measure ad effectiveness, and analyze trends. Third parties may use these technologies to deliver advertisements and perform analytics. See our Cookie Notice for more details.

 

D. Data Sharing and Disclosure

We share personal data to provide our services and in compliance with legal requirements. This includes:

With Other Users
Data shared between users, such as:

    • Riders' first name, rating, pickup/dropoff locations with drivers.
    • Order recipients’ first name, delivery address, and order details with merchants and delivery persons.
    • Drivers' details such as name, vehicle information, ratings, and trip details with riders and merchants.

At the User’s Request

    • Sharing ETA or trip information with friends or others as requested.
    • Data shared with business partners when users access services through partnerships or promotions.
    • Emergency services data sharing in case of incidents.

With the General Public
Comments or questions shared in public forums, like blogs or social media, may be viewed publicly.

With App Account Owners
If a user is using a shared account (e.g., business or family profile), data may be shared with the account owner.

With Subsidiaries and Affiliates
We share data with subsidiaries and affiliates for processing and providing services globally.

With Service Providers and Business Partners
These partners include: Payment processors, background check providers, cloud storage, advertising partners, social media companies, and research partners.

For Legal Reasons or in Disputes
Data may be shared to comply with legal requirements or to address claims, disputes, or enforce agreements.

With Consent
We may share data in other ways if users provide explicit consent.

 

E. Data Retention and Deletion

We retain user data for as long as necessary to fulfill the purposes outlined above, including providing services and complying with legal obligations. The retention period is determined by the type of data, user category, and collection purposes, while also considering legal and regulatory requirements and account-related issues.

Retention Examples:

  • User Profiles: Data of riders and order recipients is retained for the lifetime of the user’s account.
  • Location Data: Retained for up to 7 years for compliance with tax regulations.
  • Fraud Prevention: Certain user data, such as incomplete driver applications (retained for 1 year) and rejected applications or safety incident communications (retained for 7 years), is maintained regardless of account status.
  • Post-Account Deletion: Certain categories of data may be retained for 7 years after account deletion for legal or regulatory compliance, safety, and fraud prevention.

Users can request account deletion at any time through the app settings or our website. Following a deletion request, we delete user accounts and data unless retention is necessary for legal or regulatory purposes.

F. Choice and Transparency

We provide users with access and control over their collected data through various means, including:

Privacy Settings

  • Users can adjust preferences for location data sharing, emergency data sharing, and notifications in the Settings > Privacy menu.

Device Permissions

  • Users must grant permission for the app to access certain types of device data, which can be managed through device settings.

In-App Ratings

  • Users can rate each other after trips, with averages displayed to promote accountability and a respectful environment.

User Data Requests

Users can manage their data through the following options:

  • Accessing Data: Users can view their profile data and trip/order history via the app or website.
  • Data Portability: Users may request a copy of their data through the Download Your Data tool.
  • Updating Data: Users can modify personal information via the app settings.
  • Account Deletion: Users can delete their accounts through the Privacy Center or app settings.

Users in certain regions, such as the EU or South America, have the right to file complaints with data protection authorities regarding data handling.

 

 

 

)