Privacy Policy

Introduction

NOYAXI Cooperative Limited ("we", "us", "our") is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Notice explains how we collect, use, store, and protect your personal data when you use our cooperative ride-sharing services, website, or mobile application.

NOYAXI Cooperative Limited is the data controller for the purposes of data protection law. Our registered office is at 31 St. Georges Walk, Croydon, England, CR0 1YL.

Personal Data We Collect

We collect and process the following categories of personal data in accordance with UK data protection law:

Identity and Contact Data

• Personal Details: Full name, date of birth, email address, telephone number, and postal address
• Identity Verification: Driving licence details, passport information, and other identification documents for driver verification purposes
• Profile Information: Profile photographs, accessibility requirements, and service preferences

Financial Data

• Payment Information: Bank account details, payment card information, and transaction history
• Billing Data: Invoicing details and payment records for services rendered

Location Data

• Journey Information: Pick-up and destination locations for service provision
• Real-time Location: GPS coordinates during active journeys (with your explicit consent)
• Location History: Previous journey locations for service improvement and safety purposes

Usage and Technical Data

• Service History: Details of bookings made, journeys completed, and cancellations
• Platform Interaction: Website and application usage patterns and preferences
• Technical Information: IP address, browser type, device identifiers, and operating system details
• Communication Records: Messages exchanged between passengers and drivers through our platform

Special Category Data

• Accessibility Requirements: Information about disabilities or health conditions that affect your use of our services (processed only with your explicit consent)

Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract Performance: Processing necessary for the performance of our service contract with you
• Legitimate Interests: For service improvement, fraud prevention, and business operations (where not overridden by your interests)
• Legal Obligation: To comply with regulatory requirements and legal obligations
• Consent: Where you have given specific consent for marketing communications or special category data
• Vital Interests: In emergency situations to protect life or prevent serious harm

How We Use Your Personal Data

We process your personal data for the following purposes:

• Service Provision: To provide ride-sharing services, process bookings, and facilitate journeys
• Communication: To send service-related communications, booking confirmations, and important notices
• Safety and Security: To verify identities, ensure passenger and driver safety, and prevent fraudulent activity
• Customer Support: To respond to enquiries, resolve disputes, and provide assistance
• Service Improvement: To analyse usage patterns and improve our platform and services
• Marketing: To send promotional communications (only with your consent, which you may withdraw at any time)
• Legal Compliance: To meet our legal and regulatory obligations
• Business Operations: For accounting, record-keeping, and business administration purposes

Data Sharing and Disclosure

We may share your personal data in the following circumstances, always in accordance with UK data protection law:

Service Providers and Partners

• Payment Processors: Secure payment processing companies to handle financial transactions
• Technology Partners: Cloud hosting providers, mapping services, and communication platforms
• Identity Verification Services: Third-party services for driver background checks and identity verification
• Customer Support: Service providers who assist with customer enquiries and technical support

Legal and Regulatory Requirements

• Law Enforcement: When required by law or to assist in criminal investigations
• Regulatory Bodies: To comply with transport regulations and licensing requirements
• Legal Proceedings: In connection with legal claims, compliance, or regulatory functions
• Emergency Services: In emergency situations to protect life or prevent serious harm

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.

Data Security

We implement robust technical and organisational measures to protect your personal data:

• Encryption: All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols
• Access Controls: Strict access controls ensure only authorised personnel can access personal data on a need-to-know basis
• Secure Infrastructure: Our systems are hosted on secure, regularly audited cloud infrastructure with multiple layers of protection
• Regular Security Assessments: We conduct regular security reviews and penetration testing to identify and address vulnerabilities
• Staff Training: All employees receive regular data protection and security awareness training
• Incident Response: We maintain comprehensive incident response procedures to address any potential data breaches promptly

Whilst we implement appropriate security measures, please note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

Your Rights Under UK Data Protection Law

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request that we limit how we use your personal data
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis
• Right to Lodge a Complaint: Complain to the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached

Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We will respond to your request within one month, though this may be extended by up to two months for complex requests.

Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your preferences in your account settings
• Contacting us directly using the details below

Cookies and Similar Technologies

Our website and mobile application use cookies and similar technologies to enhance your experience and provide our services effectively.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly and provide core services
• Performance Cookies: Help us understand how visitors interact with our website to improve functionality
• Functional Cookies: Remember your preferences and provide enhanced, personalised features
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (with your consent)

Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our services. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes.

Retention Periods

• Account Data: Retained whilst your account is active and for 7 years after account closure for legal and regulatory compliance
• Journey Records: Retained for 6 years for accounting, tax, and regulatory purposes
• Communication Records: Retained for 3 years for customer service and dispute resolution purposes
• Marketing Data: Retained until you withdraw consent or for 3 years from last interaction
• CCTV and Safety Data: Retained for 30 days unless required for ongoing investigations

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention policy and UK data protection requirements.

International Data Transfers

Your personal data is primarily processed within the United Kingdom. However, some of our service providers may be located outside the UK. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with an adequacy decision from the UK Government
• Standard Contractual Clauses: Use of UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses approved by the ICO
• Binding Corporate Rules: Where service providers have approved binding corporate rules
• Certification Schemes: Transfers under approved certification schemes with binding enforcement

We will only transfer your personal data where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being transferred.

Children's Privacy

Our services are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18 years of age. If you are under 18, please do not provide any personal information through our services.

If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 18, please contact us immediately using the details provided below.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this notice
• Notify you via email if you have an account with us
• Post a prominent notice on our website and mobile application
• Obtain your consent where required by law

We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Notice.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Notice or our data protection practices, please contact us:

Regulatory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:

Effective Date

This Privacy Notice is effective as of the date last updated shown at the top of this document. This Privacy Notice replaces any previous privacy policies or notices that may have been in effect.