Privacy Policy for UrbanVind CrowdFlow
Effective Date: September 2024
At UrbanVind B.V., we prioritize the privacy and security of our users' personal information. This Privacy Policy outlines how we collect, use, and safeguard the data provided through the UrbanVind Bus Driver App (“App”). By using the App, you agree to the terms of this
Privacy Policy.
Information We Collect
1.1 Location Data:
The App collects location data in the background to monitor bus routes and optimize public transport operations. Location data is essential to the App's core functionalities, including determining the vehicle’s real-time position and performance.
The App uses location data to:
Determine the actual location of the public transport vehicle (bus/tram/train).
Identify when the vehicle is moving to exclude stationary devices from scan analysis.
Assess the average speed and performance of specific transport lines at various locations.
In future versions, location data will be used for on-device geofencing, allowing automatic activation and deactivation of scanning when the vehicle follows a set route. This feature will automate the App’s start and stop to prevent unnecessary scanning.
1.2 Bluetooth Device Detection:
The App detects nearby Bluetooth-enabled devices to estimate crowd levels within the bus. It does not collect personal identifiers (such as names or phone numbers) but only anonymized MAC addresses and device information. This information helps estimate passenger occupancy.
Purpose of Data Collection
The data we collect is used to:
Improve real-time passenger crowd estimation.
Assist public transport operators in optimizing routes and service quality.
Provide aggregated and anonymized travel insights for public transport efficiency.
Analyze the performance of transport lines in terms of speed and reliability.
Data Processing
3.1 Anonymization Methods:
To ensure privacy, Bluetooth MAC addresses are hashed using a random string (salt) that is unique per trip and deleted after each trip. This hashing method ensures that no MAC address can be traced back to an individual.
3.2 Tokenization:
In some instances, tokenization methods may be applied where data is temporarily stored in a 2-hour token vault, which is automatically deleted after the bus trip or 2-hour period, whichever comes first. This ensures that data remains anonymized and cannot be reverted.
Storage and Retention of Data
Location Data: GPS data is stored for a maximum of 24 hours before being deleted from our servers. The stored data is used to analyze passenger flow, occupancy, and line performance.
Bluetooth Data: Bluetooth detection data is retained for a maximum of 24 hours, after which it is purged. We only store aggregated, anonymized data for longer periods to refine our predictive models.
Data Security: All data is stored securely on servers located within the European Union (Netherlands) and complies with GDPR regulations.
User Control: Geofencing and Time Slots
The App allows users to set time slots and geofencing to limit when and where data collection occurs. Users can configure the App to only collect data during specific time frames related to bus operations and within predefined geographical boundaries (bus routes). Future versions of the App will include automatic geofencing, eliminating the need for user intervention. This feature will allow the App to start and stop automatically when a vehicle follows a pre-defined route.
Sharing of Data
We do not share any personally identifiable information (PII) with third parties. Aggregated and anonymized data may be shared with public transport operators and other relevant stakeholders to improve transport services and ensure optimal performance. Additionally, non-personal data insights may be shared with mobility services and advertisers in compliance with applicable privacy laws.
Legal Basis for Data Processing
Our legal basis for processing personal data under the General Data Protection Regulation (GDPR) is Article 6(1)(e), which allows processing of personal data for tasks carried out in the public interest. The data collected is essential for improving public transport services and is handled in strict accordance with European data protection standards.
User Rights
As a data subject under the GDPR, you have the following rights:
Access: You can request access to your personal data collected by the App.
Rectification: You may ask us to correct any inaccurate or incomplete data we hold about you.
Deletion: You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected.
Restriction of Processing: You can ask us to restrict the processing of your data under certain circumstances.
Objection: You can object to the processing of your data where it affects your rights under the GDPR.
To exercise any of these rights, you can contact us at privacy@urbanvind.com.
Data Breaches
We take all reasonable steps to protect the data we collect, including the use of encryption and secure servers. In the unlikely event of a data breach, we will promptly notify affected users in accordance with GDPR guidelines.
Changes to This Policy
UrbanVind B.V. reserves the right to make changes to this Privacy Policy from time to time. Any changes will be communicated to users through the App and will take effect immediately upon posting. We encourage you to review this policy periodically.
Contact Us
For any questions regarding this Privacy Policy or your data, please contact us at:
Urban Vind B.V.
Email: privacy@urbanvind.com
Website: urbanvind.com
