This policy governs the manner in which the TUDA service (hereinafter referred to as the “Service”) collects and processes personal and other confidential data of individuals, using automation tools via the Internet.
1. The following terms and definitions are used throughout this document:
1.1. “Personal Data” means any information relating directly or indirectly to a specific or definable individual (subject of personal data).
1.2. “Service” means a person that independently organizes and/or performs the processing of personal data, as well as defines the purposes of the processing of personal data, the content of personal data to be processed, actions (operations) performed with personal data.
1.3. “Website” means a set of programs for computers and other information contained in the information system, access to which is provided via the Internet by domain names, and/or network addresses that allow identifying sites on the Internet, and used by the Service to provide services to Customers The website address is tu-da.com.
1.4. “Mobile Application” means a computer program installed on the Customer’s mobile device and integrated into the hardware and software system, and allowing automating the process of creating orders via the Internet.
1.5. “Services” mean the information services aimed at receiving, processing, transferring and entering the Customer’s requests into the database, and at informing the Customer about the order fulfillment.
1.6. “Customer” means a person ordering a service through the Service.
1.7. “Partner” means a person who independently, on his/her own, provides the Customer with services.
1.8. “Order” means an order processed by the system, for services provided by the Partner.
1.9. “Processing of Personal Data” means any action (operation) or a set of actions (operations) performed with or without the use of the automation tools, with personal data, including collection, recording, systematization, accumulation, storage, correction (updating, modification), retrieval, use, transfer (distribution, provision, granting access), depersonalization, blocking, deletion, destruction of personal data.
1.10. “Automated Processing of Personal Data” means the processing of personal data by means of computer technology.
1.11. “Provision of Personal Data” means the actions aimed at disclosing personal data to a specific person or a specific group of persons.
1.12. “Blocking of Personal Data” means the temporary suspension of the processing of personal data (except in cases where the processing is necessary for correction of personal data).
1.13. “Destruction of Personal Data” means the actions resulting in the impossibility to restore the content of personal data in the personal data information system and/or resulting in the destruction of tangible media of personal data.
1.14. “Personal Data Information System” means a set of personal data contained in the databases and a set of information technologies and technical means ensuring the processing of personal data.
1.15. “Cookies” mean pieces of data sent by the website and stored on a computer, mobile phone, or another device from which the Customer accesses the website, and used to store data about the Customer’s actions on the website.
1.16. “Device Identifier” means unique data allowing identifying the Customer’s device on which the mobile application is installed, and provided by the device itself or calculated by the mobile application.
2. When ordering services through the website or mobile application, the Customer agrees to the terms of this Policy, as well as gives his/her consent to the Service to process his/her personal data in cases where the provisions of the law of Republic of Indonesia which requires such consent.
3. During the processing of personal data, the Customer shall be entitled:
3.1. to receive information regarding the processing of his/her personal data, also containing:
3.1.1. confirmation of the processing of personal data;
3.1.2. legal basis and purposes of the processing of personal data;
3.1.3. purposes and applied methods of the processing of personal data;
3.1.4. information about the name and location of the person processing personal data, information about the persons (except for the employees of the Service) that have access to personal data or to that personal data may be disclosed based on a contract with the Service or based on the law of Republic of Indonesia ;
3.1.5. processed personal data relating to the respective subject of personal data, the source of personal data unless otherwise provided for by the law of Republic of Indonesia;
3.1.6. time of the processing of personal data, including time of its storage;
3.1.7. procedure for the exercise by the Customer of the rights provided for by the law of Republic of Indonesia;
3.1.8. information on the completed or intended cross-border data transfer;
3.1.9. title or last name, first name, patronymic, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person;
3.1.10. other information provided for by the law of Republic of Indonesia;
3.2. to require the Service to correct his/her personal data, to block or destroy it in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of the processing, as well as to take legal measures to protect his/her rights;
3.3. to appeal the actions or omissions of the Service to an authorized body for the protection of the rights of subjects of personal data, or in court, in case the Customer believes that the Service processes his/her personal data in violation of the requirements of the law of Republic of Indonesia, or otherwise violates his/her rights and freedoms;
3.4. to the protection of his/her rights and legitimate interests, including compensation for damages and/or compensation for moral damages in court.
4. During the processing of personal data, the Service shall:
4.1. provide the following information to the Customer at his/her request:
4.1.1. confirmation of the processing of personal data;
4.1.2. legal basis and purposes of the processing of personal data;
4.1.3. purposes and applied methods of the processing of personal data;
4.1.4. its title and location, information about the persons (except for employees) that have access to personal data or to that personal data may be disclosed based on a contract or based on the law of Republic of Indonesia;
4.1.5. processed personal data of the Customer, the source of personal data unless otherwise provided for by the law of Republic of Indonesia;
4.1.6. time of the processing of personal data, including time of its storage;
4.1.7. procedure for the exercise by the Customer of the rights provided for by the law of Republic of Indonesia;
4.1.8. information on the completed or intended cross-border data transfer;
4.1.9. title or last name, first name, patronymic, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person;
4.1.10. other information provided for by the law of Republic of Indonesia ;
4.2. ensure the adoption of measures for the prevention of unauthorized access to the Customer’s personal data;
4.3. publish or otherwise provide unrestricted access to the document defining the policy regarding the processing of personal data, as well as to the information about the requirements implemented for the protection of personal data.
5. The purpose of collecting and processing the Customer’s personal data is the conclusion of a contract between the Customer and the Service for the provision of services to the Customer.
6. The Customer’s personal data is stored on electronic media and processed with the use of automated personal data processing systems.
7. The Service collects and processes the following personal data of the Customer:
7.1. last name, first name, patronymic;
7.2. date of birth;
7.3. subscriber telephone number;
7.4. location address;
7.5. email address.
8. The Customer may provide the Service with the following personal data at his/her discretion, and may also modify and/or delete it at his/her discretion:
8.1. last name, first name, patronymic;
8.2. date of birth;
8.3. location address;
8.4. email address.
9. The Customer’s personal data shall be destroyed by the Service in the following cases:
9.1. upon the expiry of three years from the moment of completion of the Services;
9.2. in case of withdrawal by the Customer of his/her consent to the processing of his/her personal data.
10. The destruction of the Customer’s personal data shall be carried out without the possibility of its subsequent restoration.
11. Only persons directly related to the provision of the Services may have access to the Customers’ personal data. In other cases, the Service shall neither disclose the Customer’s personal data, nor provide access to it to third parties without the Customer’s prior consent, except for cases when personal data is provided at the request of authorized state bodies in accordance with the law of Republic of Indonesia.
12. The Service shall implement the following measures to prevent unauthorized access to the Customer’s personal data. The Service shall:
12.1. appoint the employees responsible for the organization of the processing of personal data;
12.2. implement organizational and technical measures to ensure the security of the Customer’s personal data, namely:
12.2.1. identify threats to the security of personal data in the course of its processing in the personal data information systems;
12.2.2. organize a security regime for the premises in which the information system is housed, hindering the possibility of uncontrolled entry or occupancy of these premises by persons lacking the right to access such premises;
12.2.3. ensure the safety of personal data storage media;
12.2.4. approve the list of persons having access to personal data necessary for them to perform their official (job) duties;
12.2.5. use information security tools necessary to prevent unauthorized access to personal data;
12.2.6. assess the effectiveness of measures taken to ensure the security of personal data;
12.2.7. ensure the detection of unauthorized access to personal data and take measures;
12.2.8. restore personal data modified or destroyed due to unauthorized access (if such restoration is technically feasible);
12.2.9. establish the rules for access to personal data processed in the personal data information system;
12.2.10. control the measures implemented to ensure the security of personal data and the security level of the personal data information systems.
13. The Customer shall be entitled to require the Service to correct (update) his/her personal data, block or destroy it, in case the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to withdraw his/her consent to the processing of personal data by sending the appropriate request to the Service and/or demand in writing by registered mail with notification of delivery or its personal delivery at the address of the Service. The addresses of the Service subdivisions are provided in the corresponding section of the website. The specified request/demand shall include the number of the main identifying document of the Customer or his/her representative, the date of issue of the specified document and the name of the issuing authority, the address of the Customer’s place of residence, information confirming the Customer’s relationship with the Service (number of the contract, date of conclusion of the contract, conditional verbal designation and/or other information), or information that otherwise confirms the processing of personal data by the Service, request to correct, block or destroy the Customer’s personal data, or notice of withdrawal of consent to the processing of personal data, signature of the Customer or his/her representative. The Service shall give a reasoned response on the merits of the Customer’s request/demand within 30 calendar days from the date of its receipt.
14. The Service receives data on the location of the Customer (geolocation data) through the mobile application. Geolocation data is transmitted to the Service only during the use of the mobile application. The Customer, at his/her discretion, can prohibit the transmission of geolocation data by changing the corresponding settings in his/her mobile device.
15. For the order to be executed, the Service shall provide the Customer’s geolocation data to the Partner that accepts the order for fulfillment.
16. In order to be able to pay for services provided by the Partner by cashless payment using bank cards, the Customer can link a bank card to his/her subscriber phone number. The Customer shall link the bank card independently in the mobile application by providing the following data:
16.1. bank card number;
16.2. bank card expiration date;
16.3. bank card holder full name;
16.4. bank card security code.
17. Cashless payment using bank cards shall be carried out in accordance with the international payment systems rules on the principles of confidentiality and security of payment. The security of the data provided by the Customer shall be ensured by the compliance of the procedures with the requirements of the Payment Card Industry Data Security Standard, and no one, including the Service, can obtain the data. Bank card data shall be entered on the secure payment page of the acquiring bank providing the option of cashless payment for services.
18. The Service can use the following types of cookies:
18.1. Strictly necessary cookies. They are necessary to navigate the website and use the requested services. Cookies of this type are used when the Customer registers and logs in. The services requested by the Customer become unavailable without them. These cookies are essential and can be either persistent or temporary. Without the use of this type of cookies, the website does not function properly.
18.2. Performance cookies. They collect website usage statistics. These files do not access the Customer’s personal information. All information collected by these cookies is statistical and anonymous. The purposes of using these cookies are:
18.2.1. obtaining the website usage statistics;
18.2.2. evaluating the effectiveness of advertising campaigns.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
18.3. Functionality cookies. They are used to store information provided by the Customer (such as username, language, or location). These files use anonymized information and do not track the Customer’s actions on other websites. The purposes of using these cookies are:
18.3.1. storing information about whether any service has been provided to the Customer before;
18.3.2. improving the quality of online experience in general by storing the preferences selected by the Customer.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
18.4. Advertising cookies. They are used to manage advertising materials on the website, limit the number of times an ad is viewed by a user, as well as to evaluate the effectiveness of advertising campaigns. Advertising cookies are placed by third parties, for example, advertisers and their agents. These files are associated with advertising on the website provided by third-party companies. They can be either persistent or temporary.
19. The Customer can use the settings of the browser used by him/her in order to block or delete cookies, as well as to limit their functioning.
20. The collected data about the device identifier does not contain the Customer’s personal data.
21. The purpose of collecting information about the device identifier is the internal accounting of users of the mobile application.
Data on a Mobile Network Operator
22. The Service, through the mobile application, receives data on the operator that provides the Customer with mobile phone (cellular) services.
23. The collected data on the mobile network operator does not contain personal data of the Customer.
24. The purpose of collecting data on the mobile network operator is to automatically determine in the mobile application settings the data on the Customer’s country of residence and the language of the application interface.
25. The Service retains the information about the Customer’s ride history, namely, the time of creation of the Order, the address of the pick-up point, the intermediate and drop-off points of the route, the rate applied, the payment method and other information specified at the time of creation of the Order.
26. The purpose of collecting order history information is the improvement of the quality of provided services by automatic filling in the order information using the previously obtained data, which reduces the order creation time.