Privacy Policy

Privacy Policy

PRIVACY POLICY

Effective date: 9^th January 2025
 

This Privacy Policy explains how FHD Technology W.l.l. (referred to as “we,” “our,” or “the Company”) collects, uses, discloses, and protects your personal data when you use the YaY-Ride Mobile App (the “App”). We are committed to protecting your privacy and handling your data in compliance with the Personal Data Protection Law of Bahrain and any other applicable to our jurisdiction.

By accessing or using the YaY-Ride Mobile App, you consent to the terms of this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use the App or its services.

1. Introduction

1.1 Purpose of this Privacy Policy
This Privacy Policy outlines:

• The types of personal data we collect from you.
• How we use and process your personal data.
• Your rights under Bahrain’s PDPL.
• The security measures we have in place to protect your data.
   

1.2 Legal Compliance
We comply with applicable data protection laws in the regions where we operate, including:

• Bahrain's Personal Data Protection Law (PDPL).
• The Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (KSA).
• Oman’s Electronic Transactions Law (Royal Decree 69/2008) and any relevant provisions under its Penal Code for privacy protection.
• The UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).
• Kuwait’s Law No. 20 of 2014 on Electronic Transactions and related regulations on data privacy.

We ensure your personal data is processed lawfully, fairly, and transparently in compliance with these legal frameworks.
 

1.3 Scope of Policy
This Privacy Policy applies to:

• All users of the YaY-Ride Mobile App, including passengers, drivers, and operators.
• Data collected via the app, website, or any other interaction with our services.
   

1.4 Acceptance of Terms
By using the YaY-Ride Mobile App, you confirm that you have read and understood this Privacy Policy and agree to the collection, use, and processing of your data as described herein.
 

2. Data Controller Information

2.1 Who We Are
The data controller responsible for your personal data is FHD Technology W.l.l., a company registered in the Kingdom of Bahrain.

 

2.2 Contact Information
For any data protection concerns, inquiries, or complaints, you can contact us via:

• Email: operations@fhd-tech.com
• Phone: +973 1723 4445
• Mailing Address: operations@fhd-tech.com

2.3 Data Protection Officer (DPO)
As required by Bahrain’s PDPL, we have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws.

• DPO Contact: [Insert DPO Contact Information]

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Personal Identification Information

• Full name, date of birth, and gender.
• CPR number or other government-issued identification numbers (e.g., driver’s license, car registration for operators).

3.2 Contact Information

• Phone number, email address, and residential address.

3.3 Payment and Financial Information

• Credit/debit card details.
• Transaction history and payment confirmations.

3.4 Location Data

• Real-time GPS location for ride tracking.
• Pickup and drop-off locations.

3.5 Profile and Account Data

• User profile photos, username, and preferences.
• Driver/operator documentation, including car insurance details.

3.6 Technical Data

• IP address, device type, operating system, and app usage statistics.
   

4. How We Collect Data

We collect data from you in the following ways:

4.1 Directly from You

• When you register for an account on the App.
• When you update your profile or provide documentation (e.g., uploading a driver’s license).
• When you book a ride or contact customer support.

4.2 Automatically Through the App

• GPS data for ride navigation and tracking.
• Device identifiers, IP addresses, and usage logs collected through cookies and other tracking technologies.

4.3 From Third Parties

• Payment processors (e.g., transaction confirmations).
• Publicly accessible sources (for identity verification and fraud prevention).
   

5. Purpose of Data Collection

We process your personal data for the following purposes:

5.1 Service Delivery

• To facilitate ride bookings and manage the user experience.
• To enable passenger-driver communication.

5.2 Account Creation and Verification

• To verify user identity during registration.
• To authenticate drivers and operators using government-issued documentation.

5.3 Payment Processing

• To process payments for rides, cancellations, or refunds securely.

5.4 Location-Based Services

• To provide real-time navigation and route optimization.
• To calculate ride fares based on pickup and drop-off locations.

5.5 Customer Support

• To respond to your inquiries and resolve disputes.

5.6 Service Improvement and Analytics

• To analyze app usage patterns and improve features.
• To conduct surveys and collect feedback.

5.7 Legal and Regulatory Compliance

• To comply with Bahrain’s data protection and transportation regulations.
• To cooperate with law enforcement or regulatory authorities when required.
   

6. Legal Basis for Processing

We rely on the following legal bases for processing your personal data in accordance with Bahrain’s PDPL:

6.1 Consent

• We obtain your explicit consent before collecting and processing certain categories of data (e.g., location tracking, marketing).

6.2 Performance of a Contract

• Processing your data is necessary to provide you with the services you requested (e.g., ride bookings).

6.3 Compliance with Legal Obligations

• We process data to meet legal and regulatory requirements, such as identity verification for drivers.

6.4 Legitimate Interests

• We may process data for legitimate purposes, such as fraud prevention or service improvement, provided these do not override your fundamental rights.
   

7. Consent Management

7.1 Obtaining Consent

• We obtain your explicit consent when you register for the app, provide sensitive data (e.g., IDs), or enable certain features (e.g., GPS location tracking).
• You will be presented with clear options to accept or decline data collection for specific purposes.

7.2 Withdrawing Consent

• You have the right to withdraw your consent at any time by:
  • Changing your preferences in the app settings.
  • Contacting our DPO via the contact information provided.

7.3 Consequences of Withdrawing Consent

• Withdrawing consent may limit your ability to access certain features of the App, such as location-based services or payment functionality.

7.4 Record-Keeping

• We maintain records of your consent for auditing and compliance purposes.
   

8. Data Sharing

We may share your personal data with third parties only as necessary and in compliance with Bahrain's PDPL.

8.1 Categories of Third Parties
We may share your data with the following types of third parties:

• Cloud Hosting Providers: To store and manage data securely (e.g., AWS).
• Payment Gateways: To process payments securely (e.g., Tap Payments).
• Regulatory Authorities: For compliance with legal and regulatory obligations.
• Analytics and Marketing Partners: To analyze app usage patterns and improve services (only anonymized data is shared, if applicable).
• Drivers and Operators: Limited personal data (e.g., name and location) is shared with drivers and operators to fulfill ride bookings.

8.2 Purpose of Sharing
Data is shared only for legitimate purposes such as:

• Payment processing.
• Service delivery (e.g., ride bookings).
• Fraud prevention and security.
• Compliance with laws and regulations.

8.3 Safeguards for Data Sharing

• We ensure that all third parties handle your data securely and in compliance with Bahrain’s PDPL.
• Contracts with third-party service providers include data protection obligations.
   

9. Cross-Border Data Transfers

9.1 When Transfers Occur

Your personal data may be transferred outside the jurisdictions where we operate, including Bahrain, the KSA, Oman, the UAE, and Kuwait, for service delivery, technical support, or hosting on cloud platforms.

9.2 Adequacy of Protections

Cross-border data transfers are conducted only to countries that offer an adequate level of data protection as determined by the applicable data protection laws in the KSA, Oman, the UAE, Kuwait, and Bahrain.

9.3 Safeguards for Transfers

Where an adequate level of protection is not guaranteed, we implement additional safeguards, such as:

• Standard contractual clauses approved under the respective data protection laws of Bahrain, the KSA, the UAE, Oman, and Kuwait.
• Data encryption during transit and storage to ensure confidentiality and security.

9.4 User Rights

• You have the right to inquire about the cross-border transfer of your data and the measures in place to protect it.
   

10. Data Retention Policy

10.1 Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Examples include:

• Account Data: Retained for the duration of your account and up to 10 years after account closure for regulatory and legal purposes.
• Transactional Data: Retained for up to 10 years in compliance with financial and tax regulations.
• GPS Location Data: Retained for up to 1 year for analytics and dispute resolution purposes.

10.2 Deletion of Data

• After the retention period expires, we delete or anonymize your data securely, ensuring it cannot be reconstructed or linked back to you.

10.3 User Requests for Deletion

• You may request deletion of your data at any time (subject to Section 13, “User Rights”).
• However, certain data may be retained to comply with legal obligations or for legitimate business interests.
   

11. Data Security Measures

11.1 Security Practices
We implement robust security measures to protect your personal data from unauthorized access, loss, misuse, or alteration. These include:

• Encryption: Data is encrypted during transit (e.g., SSL/TLS) and at rest.
• Role-Based Access Control (RBAC): Only authorized personnel can access sensitive data.
• Two-Factor Authentication (2FA): Ensures secure access to accounts.

11.2 Regular Audits and Monitoring

• We conduct regular security audits and vulnerability assessments to identify and address risks.
• Intrusion detection systems monitor unauthorized access attempts.

11.3 User Responsibilities

• Users are responsible for maintaining the confidentiality of their account credentials (e.g., passwords).
• Avoid sharing personal information with unauthorized individuals.

11.4 Breach Notification

• In the unlikely event of a data breach, we will notify affected users and Bahrain’s Personal Data Protection Authority (PDPA) within 72 hours, as required under PDPL.
   

12. Cookies and Tracking Technologies

12.1 Use of Cookies

• The App uses cookies and similar technologies to enhance user experience, analyze traffic, and support functionality.

12.2 Types of Cookies

• Essential Cookies: Necessary for core app functions such as login and ride booking.
• Analytical Cookies: Collect information about app usage to improve services.
• Marketing Cookies: Track user activity for personalized promotions (optional).

12.3 User Consent

• We seek user consent for non-essential cookies, in compliance with Bahrain’s PDPL.

12.4 Managing Cookie Preferences

• Users can manage or disable cookies via their device or browser settings. Disabling certain cookies may affect app functionality.
   

13. User Rights

Under the data protection laws of Bahrain, the KSA, Oman, the UAE, and Kuwait, you have the following rights regarding your personal data:

13.1 Right to Access

You may request a copy of your personal data and information about how it is processed under Bahrain's PDPL, the KSA’s PDPL, the UAE PDPL, Oman’s Electronic Transactions Law, and Kuwait's Law No. 20 of 2014.

13.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data in accordance with the laws of these jurisdictions.

13.3 Right to Deletion

You may request deletion of your personal data, subject to legal or contractual obligations under the respective laws of Bahrain, the KSA, Oman, the UAE, and Kuwait.

13.4 Right to Object

You may object to the processing of your data for certain purposes, such as direct marketing, in compliance with regional laws.

13.5 Right to Data Portability

Where applicable, you may request the transfer of your personal data to another service provider in a structured, machine-readable format.

13.6 Exercising Your Rights

To exercise these rights, contact our Data Protection Officer (DPO) using the contact details provided in Section 2.3.
 

14. Managing Your Data

14.1 Accessing or Updating Data

• Users can access and update their personal data directly through the App’s account settings.

14.2 Data Deletion Requests

• Requests for data deletion can be submitted via email to [Insert DPO Contact Information].
• Upon verification of your identity, we will process your request unless retention is required by law.

14.3 Restrictions on Deletion

• Certain data, such as transaction history or compliance-related records, may be exempt from deletion due to legal obligations.
   

15. Data Breach Notification

15.1 Breach Notification Obligations

• In the event of a data breach that affects your personal data, we will notify:
  • The Personal Data Protection Authority (PDPA) in Bahrain within 72 hours of becoming aware of the breach.
  • Affected users without undue delay, detailing the nature of the breach, data affected, and any recommended steps users should take.

15.2 Steps in Case of a Breach

• Immediate containment and assessment of the breach.
• Restoration of secure access to personal data.
• Review and improvement of data protection measures to prevent future breaches.

15.3 User Support

• Affected users can contact us for further guidance and support via [Insert DPO Contact Information].
   

16. Children’s Privacy

16.1 Minimum Age Requirement

• The App is not intended for use by individuals under the age of 15 years.

16.2 Parental Consent

• If we become aware that we have collected personal data from a child under the age of 15 without parental consent, we will take steps to delete such data promptly.

16.3 Special Considerations for Minors

• If a user under the age of 18 is using the platform with parental consent, parents/guardians assume responsibility for supervising the child’s activity on the App.
   

17. Third-Party Services

17.1 Use of Third-Party Services

• The App integrates with third-party services such as:
  • Payment Gateways: For secure payment processing (e.g., Tap Payments).
  • Cloud Hosting: For storing user data (e.g., AWS).
  • Marketing and Analytics Tools: For enhancing user experience and services.

17.2 Responsibility for Third-Party Policies

• While we select reputable third-party providers, we are not responsible for their privacy practices. We encourage you to review their privacy policies to understand how they handle your data.

17.3 Data Sharing with Third Parties

• Personal data shared with third parties is limited to the extent necessary for providing services and is protected under contractual agreements that comply with Bahrain’s PDPL.
   

18. Changes to the Privacy Policy

18.1 Right to Update

• We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, services, or legal obligations.

18.2 Notification of Changes

• Material changes to the Privacy Policy will be communicated to users via:
  • In-app notifications.
  • Email notifications to registered users.

18.3 Effective Date of Changes

• Updates to the Privacy Policy will become effective on the date specified in the notification. Continued use of the App after the effective date constitutes acceptance of the updated Privacy Policy.

18.4 User Responsibility

• Users are encouraged to review the Privacy Policy periodically to stay informed about how we protect their data.
   

19. Governing Law and Disputes

19.1 Compliance with Bahrain Law

• This Privacy Policy is governed by the laws of the Kingdom of Bahrain, including the Personal Data Protection Law (PDPL).

19.2 Jurisdiction

• Any disputes related to this Privacy Policy or data processing practices will be subject to the exclusive jurisdiction of the courts in the Kingdom of Bahrain.

19.3 Resolution of Disputes

• Users are encouraged to contact our Data Protection Officer (DPO) at [Insert DPO Contact Information] to resolve any disputes or concerns amicably before pursuing legal action.
   

20. Contact Information

20.1 Questions or Concerns

• If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
  • Email:  operations@fhd-tech.com
  • Phone: +973 1723 4445
  • Mailing Address: operations@fhd-tech.com

20.2 Data Protection Officer (DPO)

• For privacy-related concerns, you may contact our Data Protection Officer (DPO):
  • Name: FHD Technology W.L.L
  • Email: operations@fhd-tech.com
  • Phone: +973 1723 4445

Final Acknowledgment

By using the YaY-Ride Mobile App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and processing of your personal data as described herein.