Privacy Policy

 

Last updated 12.10.2020

OpenPass Asia is all about giving you the true freedom of mobility. Part of what makes that freedom possible is our commitment to protecting your privacy. We at OpenPass Asia want you to feel safe in knowing that your privacy is protected, and your personal data processed in a transparent manner. This is why we have prepared what our lawyers like to call the “OpenPass Asia Privacy Policy”. Read this carefully, and make sure you understand what it says before accepting it. If you have any questions about this, we are happy to answer. Just send us an email at contact@openpass.asia and we will do our best to get back to you soon.

***

This OpenPass Asia Privacy Policy provides information on how we collect and process personal data, and how we use that data. Please read this Privacy Policy carefully as it’s contained important information about your rights. This Privacy Policy applies to all our services specified in our OpenPass Service Terms located at http://openpass.asia/en/pages/term-of-use.

1. Lawful grounds for data processing

We believe in transparency and acceptance of Privacy Policy before you even start to use the OpenPass app. In addition to acceptance, processing your personal data is necessary for the performance of our contract, based on customer relationship, and in order to provide our services. Sometimes the processing is necessary for the purposes of legitimate interests pursued by the OpenPass Asia or a third-party interest. This includes fraud detection and prevention as well as for various development and analytics purposes. That is why we want to provide you with full visibility to the types of personal data we collect from you directly and through your use of the Services.

The personal information we collect, store and process will depend on the Services and Content you use.

2. The type of information we collect

Information collected directly from you

Basic personal details. When you register as a user, we ask you to provide your telephone number. The telephone number will act as your account ID and can be used for communication with you in accordance with the applicable laws.

Additional personal details. When you subscribe to an automatically renewed periodic Plan or make a purchase using the pay-as-you-go model, we will also ask you for your name, email address and street address. We may also ask information relating to your devices, home country, language, credit card details and other payment details. This information is needed to ensure we can process your payment. We also use third party payment processors who will request, and process details related to your chosen payment method. This payment information will be processed directly by the third party and we will not store that data. Furthermore, there will be a possibility to personalise your profile with your photo.

Verification data. Some parts of the services require us to perform additional verifications, such as verifying your place of residence or that you are licensed to drive, either automatically or manually.  In order to perform these additional verifications, we may request you to provide additional details such as, but not necessarily limited to, your personal identity number, your photo or your driver’s license details.

Information collected through your use of the services

When you use the services, we collect information that helps us better provide the services to you. This information includes the following:

Your transactions with us. We maintain records of your purchases, downloads, the content you have provided us with, your requests, agreements between you and OpenPass Asia, the services provided to you, your delivery details and other interactions with us. We may, in accordance with applicable law, record your communication with our customer care or with other such contact points.

Positioning and location data. Location-based services establish location through the use of satellite, mobile, Wi-Fi or other network based positioning methods. These technologies may involve exchanging your location data and unique device and mobile, Wi-Fi or other network related identifiers with OpenPass app. Our services may operate on multiple device platforms, applications and services which may also collect your location data. We do not use this information to identify you personally without your consent. When you use our location based services and features, for example location based search, navigation and routing, or request for map data, your location data is sent to OpenPass app to serve you with the right content, which may also include and promote location-specific services.

Travel data. We store information about your trips. This includes the start and end points of the trip, the start and end times of the trip, the method of travel, and the cost. This information is associated with your unique user identifier. This information is vital for the functioning of the service, as it allows us to provide the service and to ensure the trip provider is compensated for the trip.

Favourites. Our service allows you to store favourite points on a map. This allows us to customize our service offerings for your use, and make it easier for you to travel to and from your favourite locations regularly.

Calendar data. If you wish, you can grant our service access to your calendar. This allows you to request additional services such as travel reminders, travel plans and other functionality.

Other data. We may also collect so called non-personal data. By non-personal data, we mean all other information we collect that does not enable you to be identified.  We may collect data such as, but not limited to your IP address, access times, browser or application type, what pages you have visited and the sites linked from. However, in some cases non-personal data can be stored together with your personal data in such a way that the non-personal data could be considered to be personal data as well. In such cases we process it in accordance with the provisions of this Privacy Policy.

Our application is in frequent contact with our service, to provide door-to-door travel capabilities, guidance and booking services, for example to check for updates or to send us information relating to service usage. Additionally, we may invite you to join voluntary product and service improvement, campaigns or research programs where detailed information is collected.

OpenPass services are typically intended for general audiences. OpenPass Asia does not knowingly collect personal data of children. Parents can give or cancel their consent to use the Service and process the personal data by contacting OpenPass Customer Care.

Information collected by third-party

We also provide our Services to companies and other partners. In some cases, the employer pays for the Service and the right person needs to be identified so that the employee benefit can be properly targeted. In this case, your employer will tell us, with your permission, your name, phone number, email address, and the name of your employer. We may also obtain the same minimum and relevant personal information from other partners for the purpose of targeting discounts and special services to the right person.

3. The purposes for which we use the information

We mainly use the data you provide to offer you our service. Additionally, we always want to identify the best mobility option for you and we constantly want to improve our services so that you get the most value from them at any given moment. For this purpose, we need to collect personal data. We have noted above the specific purposes for which we collected certain types of personal data. However, as we continue improving and developing the services, we may come up with new innovative features that potentially also rely on your personal data.

In order to ensure that we can continue innovating, we would also like you to know and accept that we can collect personal data for the general purposes of i) providing you with our services, ii) making it possible for you to set up an account with us, iii) enabling us to develop, improve and manage our services by better understanding our customers, iv) keeping you informed about our services v) fraud detection and prevention and vi) contacting you in specific cases related to issues you might be experiencing with our services vii) for historical or scientific research or for statistical purposes. Occasionally, we may assign a scientific or statistical research task to a third party we consider reliable. In these cases, it is possible that the researcher obtains your personal data also from other sources.

It is also possible that we are able to further simplify your life by providing you with personalised marketing or recommendations, unless you let us know that you do not wish to receive such marketing.  If you explicitly agree, by opt-in consent, it is also possible that your data is used for the purpose of providing you with offers from our partners that suit you and your needs.

4. Storing of your personal data

As most other service providers, we store and process your personal data (if any) on third party servers (” Hosting Providers”). The Hosting Providers we have chosen enable us to keep your data mostly in the ASEAN region. If we transfer some personal data outside of ASEAN region, we ensure that such transfer is effected in a manner which is compliant with Data Protection Law. Those third party servers are protected by physical as well as technological security devices. By using our services, you give us consent to store, process and transfer your personal data (if any) outside of your country of residence to the countries where our Hosting Providers are located. Your personal data is stored for no longer than is necessary for the purposes for which the personal data is processed.

Your profile and the related data will be removed immediately when you remove your profile from our service. All other personal data will be anonymised or removed permanently, regularly at least once a year, unless applicable legislation, relating to for example consumer protection, periods for filing suit or accounting, otherwise necessitates. Such data retention obligations typically last for 3-10 years. If we store some of your personal data longer, for example for statistical or research purposes, we always ensure the anonymisation of data.

5. Disclosure of the information to third parties

We utilize third parties to provide payment and related administration services (“Payment Providers”). As noted above, we can share your payment method details with these Payment Providers so that they can process your payment. This processing may take place in the United States, and by sharing your payment details with us you accept the transfer of such details to the United States. These third parties can also collect data from you, which they will process in accordance with their own processes and privacy policies.

Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the ASEAN region. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard contractual clauses for the transfer of personal data of the ASEAN community authority and by requiring the use of other appropriate technical and organisational information security measures.

Apart from Hosting Providers and Payment Providers, we may disclose your personal data to third parties provided:

  • the disclosure is reasonably necessary to provide you with the services. We could, for example, share your name and contact details with a service provider that you want to use so that the service provider knows you will be using their services and will be able to contact you directly, for example in case there is a problem in the service;
  • the disclosure is reasonably necessary for the purpose of development and maintenance of our services. We may, for example, use third party consultants to help us develop our services. Whenever we use third party consultants, we will impose contractual commitments on them to comply with this Privacy Policy and the data used for analytical and personalisation purposes is, as far as possible, anonymised and pseudonymised;;
  • the disclosure is reasonably necessary for us to be able to enforce our Terms of Service;
  • the disclosure is reasonably necessary for the purposes of detecting and preventing fraud or security breaches; or
  • the disclosure is made at the request of a public authority;
  • the disclosure is made in accordance with applicable law.

If we decide to sell, buy, merge or otherwise reorganise our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers.

We may share non-personal data or anonymised statistical data to selected third parties.

6. Your rights

When you are providing personal data to us you have certain rights. You have the right to obtain a confirmation that we are processing your personal data and the right to know what information we have collected about you. You also have the right to have incorrect, incomplete, inaccurate, unnecessary or outdated data removed or rectified and, under certain conditions, to restrict or object the use of personal data according to applicable legislation. You may also make a request to have your data moved to another system if it is technically feasible and, under certain conditions, to withdraw your previously given consent to processing your personal data. We want to make this process as simple as possible. Therefore, some of the information you provide will be accessible via the services themselves and you can view, edit or delete that information at any time.

Some of the information is not available via the services. In case of such information, you can request to review, amend or delete it by sending a written request to our address stated below, together with documentation that enables us to verify your identity. We will handle your request with all respect and without undue delay.

OpenPass Asia Jsc.

c/o Data Protection Officer

20th Floor, CharmVit Tower, 117 Tran Duy Hung, Cau Giay District, 

Hanoi

Vietnam.

contact@openpass.asia

Please note that in certain situations, in particular if you request that we delete and no longer process your personal data or restrict their processing in an essential way, we may be unable to continue the provision of our services to you. However, we cannot delete permanently the personal data we are required to store longer by law.

If you consider that the rights given to you under the data protection regulation have been infringed and we have not corrected our actions despite your request, you may contact the supervisory authority in the country of your habitual residence.

7. Cookies

We use cookies, web beacons and other similar technologies to operate and improve our website and offering. Cookies are used in order to facilitate your use of our website. They are small text files that are stored on your computer or mobile device that register how you use the website and our services, and your preferences. It carries information from one session to the next so that you do not have to start over each time you come back to the site.

Our domains may also include third party elements that set cookies on behalf of a third party, for example relating to third party social network and web analytics providers.

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our site and some services and functionalities may not work.

8. Data Security

Privacy and security are key considerations in the creation and delivery of our services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We have the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing our services. Also, we limit access to our databases containing personal data to authorised persons having a justified need to access such information.

As of the Effective Date of this Privacy Policy, we have the following data security measures in place.

  • We use industry standard security mechanisms to protect the collected personal data. All collected personal data is stored in protected databases located behind a firewall and with both physical and software-based access controls provided by our Hosting Provider.
  • Our payment providers are PCI-DSS Level 1 certified.
  • We pseudonymised and encrypt the personal data;
  • We have a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

As we innovate and develop our services, we can introduce new or alternative data security measures to protect your data.

In the event of a physical or technical incident, OpenPass Asia has the ability to restore the availability and access to the personal data.

9. General information

The name of the data controller is OpenPass Asia Jsc, business id: 0109371588, with a registered address at

20th Floor, CharmVit Tower, 117 Tran Duy Hung, Cau Giay District, 

Hanoi

Vietnam

Contact person: c/o Data Protection Officer

10. Changes to this Privacy Policy

Note also that as we want to ensure that this Privacy Policy properly reflects the way we handle your data, we need to reserve the right to make changes to it at our sole discretion whenever it is necessary. Although we will use reasonable efforts to notify you of all substantial changes to this Privacy Policy, you should also do your best to review this document on a regular basis.