We respect your privacy and are committed to protecting it by complying with this privacy policy (hereinafter referred to as the "Privacy Policy").
This Privacy Policy describes the types of information we may collect from you or that you may provide ("Personal Information") in the COMIN mobile application ("Mobile Application" or "Service") and one of its related products and services (collectively, "Services"), as well as our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes your choices regarding the use of your Personal Information and how you can access and update it.
The protection of your personal data is a priority for us. We want to provide you with the best VTC experience in strict respect of your privacy. In this context, we need to analyze your travel habits in order to offer you a personalized service. The confidentiality and security of your personal data is at the heart of our concerns.
The purpose of this charter is to inform you about the way in which we process your personal data. We comply, in the collection and management of your data, with the 1978 law known as "Informatique et Libertés", and the European regulation of 27 April 2016 (hereinafter referred to as the "GDPR").
This Privacy Policy is an agreement between you ("User", "you" or "your") and COMIN SAS ("COMIN SAS", "us", "our" or "ours") registered in the Paris Trade and Companies Register, under number Paris B 907 788 335.
COMIN SAS acts as a data controller in the context of this Privacy Policy.
By accessing and using the Mobile Application and the Services, you acknowledge that you have read, understood and agreed to be bound by the terms of this Privacy Policy. This Privacy Policy does not apply to the practices of companies that we do not own or control, or to people that we do not employ or manage.
Access to the Mobile Application and Services is made after an identification requiring personal information (for example, your name, phone number or email address). We also offer registration and login options through third-party authentication tools, such as Apple Connect and Google Connect. By using these methods, you authorize COMIN to access certain information from your Apple or Google account, as the case may be. This information will be processed in accordance with this privacy policy and the terms of use of these third-party providers. We recommend that you review their respective privacy policies to understand how they handle your data.
We receive and store any information that you provide to us voluntarily when you create an account, book a ride or fill out a form in the Mobile Application. When necessary, this information may include the following:
• Identification data: your first and last name, email address, phone number.
• Location data: your geolocation data is collected when the Application is open and you view the map around you, as well as the history of rides taken and saved destinations.
• Connection and internet data: your OS version, the application version, your IP address, your client device name, your device ID, mobile phone operating system, your advertising ID.
• Other data: your city ID, referral code, comments left by our customer service or by you as part of your use of our Services and phone conversations with our customer service.
We may also collect data mentioning incidents (unpaid, bad behavior...) encountered in the use of our Services.
You provide us with your credit card information. This data is processed and stored exclusively by our PCI-DSS certified Payment Service Provider and we do not have access to it.
You can choose not to provide us with your personal information, but you may not be able to enjoy some of the features of the Mobile Application. Users who do not know which information is mandatory are invited to contact us.
We act as a data controller under the GDPR when processing Personal Information.
Our role may also differ depending on the specific situation involving Personal Information. We act as a data controller when we ask you to submit your Personal Information that is necessary to provide you with access to and use of the Mobile Application and Services.
In order to make the Mobile Application and Services available to you, or to fulfill a legal requirement, we may need to collect and use certain Personal Information. If you do not provide the information we request, we may not be able to provide you with the requested products or services. All information we collect from you may be used for the following purposes:
Purpose
Required Data
Create and manage User accounts
First and last name, email, phone number, password
Provide Services
First and last name, email, phone number, pick-up and drop-off addresses
Improve Services
Order history, pick-up and drop-off addresses
Send administrative information (e.g. invoices)
First and last name, email, phone number, order history
Send marketing and promotional communications
First and last name, email, phone number, order history
Send product and service updates
First and last name, email, phone number, order history
Respond to inquiries and provide customer support
First and last name, email, phone number, order history, pick-up and drop-off addresses
Request user feedback
First and last name, email, phone number
Enhance the user experience
First and last name, email, phone number, order history
Publish customer testimonials
First and last name, email, phone number, order history
Manage and operate the Mobile Application and Services
First and last name, email, phone number, order history
The processing of your Personal Information depends on how you interact with the Mobile Application and Services, where you are located in the world and whether one of the following applies: (i) you have given your consent for specific purposes; however, this does not apply where the processing of Personal Information is subject to European data protection legislation; (ii) the provision of information is necessary for the performance of an agreement with you and/or any pre-contractual obligations thereof; (iii) the processing is necessary for compliance with a legal obligation to which you are subject; (iv) the processing is related to a task carried out in the public interest or in the exercise of official authority vested in us; (v) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of Personal Information.
We rely on the following legal bases, as defined in the GDPR, on which we collect and process your Personal Information:
• User consent.
• The contract.
• Compliance with law and legal obligations.
Please note that under certain legislation, we may be authorized to process information until you object to this processing by unsubscribing, without having to rely on consent or any of the above legal bases. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular if the provision of personal information is a legal or contractual requirement, or a requirement necessary to enter into a contract.
Payment processing
In the case of Services requiring payment, you may be required to provide your credit card or other payment account information, which will be used solely for payment processing. We use third-party payment service providers ("Payment Service Providers") to help us securely process your payment information.
Payment Service Providers adhere to the latest security standards managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard. The exchange of sensitive and private data is done through a secure SSL communication channel and is encrypted and protected by digital signatures. The Mobile Application and services are also compliant with strict standards in terms of vulnerability to create as secure an environment as possible for Users. We will share payment data with Payment Service Providers only to the extent necessary for the purposes of processing your payments, refunding such payments and processing complaints and requests related to such payments and refunds.
Please note that Payment Service Providers may collect some of your Personal Information, which enables them to process your payments (e.g. your email address, your address, your credit card details, and your bank account number) and manage all aspects of the payment process through their systems, including the collection and processing of data. The use of your Personal Information by Payment Service Providers is governed by their respective privacy policies, which may or may not contain privacy protections as protective as this Privacy Policy.
We will retain and use your personal information for the period necessary to comply with our legal obligations, as long as your user account is active, to enforce our agreements, resolve disputes, and unless a longer retention period is required or permitted by law.
For example:
We retain identification data for the duration of the use of our Services for up to three (3) years from the deletion of your account or your last use in terms of using the data for prospecting purposes. After this three (3) year period, we may contact you again to see if you want to continue receiving marketing solicitations.
Users can request the deletion of their account at any time. We may retain user data after a deletion request in accordance with legal or regulatory requirements, or for reasons indicated in this statement.
Will have access to your personal data:
(i) Our team,
(ii) The services in charge of control (auditor in particular),
(iii) The Service Providers with whom we may work to perform our Services,
(iv) Our subcontractors: tools for carrying out statistical and marketing studies; audience measurement and analysis providers; hosting providers; online communication providers; administration, collaboration, and management tools; back office management tools; online payment service provider; identity verification and anti-fraud tools.
Service Providers
To meet the needs of the requested services or when it's necessary to provide a service you've requested, we may share your information with our independent transport providers (referred to as "Service Providers") who assist us in delivering the proposed Services. These Service Providers adhere to privacy policies aligned with ours or commit to upholding our standards regarding personal information. It's essential to emphasize that these Service Providers only have access to your first name and profile picture, ensuring they recognize you during pick-up and that the correct passenger boards the appropriate vehicle.
We will not share any personally identifiable information with unaffiliated third parties.
Service Providers are not permitted to use or disclose your information unless it's crucial to provide services on our behalf or to meet legal obligations. They only receive the necessary information to carry out their designated functions, and we don't allow them to use or disclose this information for their marketing purposes or any other reasons.
6.1 Your rights
In accordance with applicable regulations, including the provisions of the GDPR and the French "Informatique et Libertés" law of January 6, 1978, as amended, you may contact us (see section 6.4 below) to exercise your rights (a) to access, (b) to rectify, (c) to erase, (d) to limit the processing of data as well as your rights to (e) data portability and (f) opposition. In addition, you have the legal right to define directives regarding the fate of your personal data after your death.
A. The right of access
You have the right to request confirmation that we are processing personal data concerning you, and, if this is the case, to receive a copy. When we respond to a request to exercise the right of access, we also provide you with additional information such as the purposes of the processing concerned, the categories of personal data and any other information relating to these processes.
B. The right of rectification
You have the right to request the rectification of your personal data if you find that they are incorrect. You can also, taking into account the purposes of the processing concerned, request that they be completed, which may involve the provision of additional data.
C. The right to erasure
You have the right to request the erasure of your personal data. This right can only be exercised in certain cases when one of the grounds provided for in Article 17 of the GDPR applies. This may include personal data that is no longer necessary in view of the purposes for which we have collected them, or that has been processed unlawfully. If you exercise this right and if one of the grounds is applicable to your request, we will proceed to the erasure of your personal data as soon as possible.
D. The right to data portability
You have the right to request the provision of personal data that you have directly communicated to us in a structured, commonly used and machine-readable format, if their processing is automated and based on the collection of your consent or the performance of a contract to which you would have subscribed. This right does not apply to other legal bases for processing. Where appropriate and when technically possible, you also have the possibility to request directly the transfer of these data to another data controller.
E. The right to limit the processing of data
You have the right to obtain the limitation of the processing of your personal data. This means that we mark these data, if we actually retain them, in order to temporarily suspend their processing. This right can be exercised for the reasons provided for in Article 18 of the GDPR, including when you contest the accuracy of your personal data. This right does not result in their erasure and we are required to inform you before the corresponding processing limitation is lifted.
F. The right of opposition
You have the right to oppose the processing of your personal data. This means that you can ask us to stop processing your personal data. For our business, this right only applies in cases where our legitimate interests (including profiling resulting from them) constitute the legal basis for the processing. For example, you can at any time and free of charge object to the processing of your personal data for direct marketing purposes, including for profiling to the extent that they are related to this direct marketing. If you assert this right, we no longer process your personal data for these purposes. You can also, when you are in contact with our customer service, object to the recording of your telephone call for the purposes of improving service quality, preventing disputes and malicious calls by directly signaling it to the advisor.
6.2 Withdrawal of your consent
When the law requires it for certain processing purposes (e.g. electronic prospecting), your data is only used after we have obtained your explicit consent.
You can withdraw your consent at any time by following the specific instructions related to the processing concerned. You can therefore withdraw your consent by clicking on the unsubscribe link contained in the mobile application, by modifying your communication preferences on your account if the option is available, or by modifying the settings of your smartphone for mobile push notifications and location data. For more information on how you can withdraw your consent to cookies and other similar technologies that we use when you visit our websites or use our mobile applications, please refer to paragraph 7. Cookie Management Policy.
6.3 Refusal of certain requests
The rights described above are not applicable in all situations. Indeed, in accordance with applicable regulations, we may be justified in refusing certain requests. For each request, we carefully assess whether such a derogation applies and we inform you accordingly. For example, we may reject your access request if this is necessary to protect the rights and freedoms of other individuals or refuse to erase your personal data if the processing of such data is necessary to meet legal requirements. The right to data portability, for example, does not apply if you are not the one who provided the personal data or if we process the data otherwise than on the basis of your consent or the performance of a contract.
6.4 Contact for exercising rights
When you want to assert your rights, you just need to send a request to the following coordinates:
Email address: hello@comin-app.com
Mailing address: COMIN SAS, 70 rue des saints pères, 75007, Paris, France
We will respond within one month from the date of receipt, to resolve complaints and disputes and will make all reasonable efforts to honor your wish to exercise your rights as quickly as possible and, in any case, within the deadlines set by the laws applicable to data protection.
You can also contact us if you have any questions, comments or complaints regarding this Privacy Policy.
Data analysis
Our Mobile Application and Services may include third-party analytics tools that use cookies, web tags or other similar information-gathering technologies to collect standard information on Internet activity and usage. The information collected is used to compile statistical reports on User activity, such as the frequency with which Users visit our Mobile Application and Services, the pages they visit, and their duration, etc. We use the information obtained from these analytics tools to monitor performance and improve our Mobile Application and Services. We do not use third-party analytics tools to track or collect personally identifiable information from our Users, and we will not associate any information collected in the statistical reports with an individual User.
Advertising
We can display online advertisements and we can share aggregated and non-identifying information about our customers that we or our advertisers collect through your use of the Mobile Application and Services. We do not share personally identifiable information about individual customers with advertisers. In some cases, we may use this aggregated and non-identifiable information to deliver targeted personalized advertising to the targeted public.
We may also allow certain third parties to help us tailor the advertising we believe will be of interest to Users and to collect and use other data about User activities in the Mobile Application. These companies may display advertisements that place cookies and track User behavior.
Email Marketing
We offer electronic newsletters that you can voluntarily subscribe to at any time. We are committed to preserving the confidentiality of your email address and will not disclose it to third parties, except as permitted in the section on use and processing of information. We will keep the information sent by email in accordance with applicable laws and regulations.
All emails we send clearly indicate who they are from and provide clear information on how to contact the sender. You can choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.
Push Notifications
We also offer push notifications that you can voluntarily subscribe to at any time. To ensure that push notifications reach the right devices, we rely on a unique device token for your device, issued by your device's operating system. While it is possible to access a list of device tokens, these will not reveal your identity, the unique identifier of your device, or your contact information. We will keep the information sent by email in accordance with applicable laws and regulations. If at any time you wish to stop receiving push notifications, you can simply adjust your device settings accordingly.
Links to Other Resources
The Mobile Application and Services may contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of these other resources or third parties. We encourage you to be aware when you leave the Mobile Application and Services and to read the privacy statements of each resource that may collect personal information.
Depending on your location, data transfers may involve the transfer and storage of your information in a country other than your own. However, this does not include countries outside the European Union and the European Economic Area. If such a transfer takes place, you can learn more by consulting the relevant sections of this Privacy Policy or by contacting us using the information provided in the contact section.
We secure the information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, alteration, and disclosure of personal information under our control and custody. However, no transmission of data over the internet or wireless network can be guaranteed.
This version is effective as of October 1, 2023. It replaces the January 17, 2023 version.
We reserve the right to modify this Privacy Policy or its conditions regarding the Mobile Application and Services at any time and at our discretion. When we do so, we will revise the update date at the beginning of this paragraph. We may also inform you by other means, at our discretion, including through contact information you have provided.
An updated version of this Privacy Policy will take effect immediately after the revised Privacy Policy is published, unless otherwise indicated. Your continued use of the Mobile Application and Services after the effective date of the revised Privacy Policy (or any other act specified at that time) will constitute your consent to those changes. However, we will not use your personal information in a materially different way than was indicated at the time your personal information was collected without your consent.
