Privacy Policy

Otto stands for the freedom of personal mobility to all who want it. Every member of our team is dedicated the cause. Fairness matters.

We understand your concerns about privacy. When you use the otto mobile application (“App”) and our websites, products or services (collectively, the “Services”), you trust us with your information. We want to assure you that we respect your privacy and the confidential nature of the information that we gather during the course of our relationship with you.

This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please take a few minutes to read this Privacy Policy carefully so you may understand how your personal information is used and the measures we take to protect your personal information.

This privacy notice for Otto Mobility DMCC, describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services, such as when you:

  • Download and use our mobile application (Otto’s), or any other application of ours that links to this privacy notice;
  • Engage with us in other related ways, including any sales, marketing, or events;

If you still have any questions or concerns, please contact us at privacy@weareotto.com.

1.SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice.

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with our app or Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information?

We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law.

Do we receive any information from third parties?

We may receive information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information?

We may share information in specific situations and with specific third parties.

How do we keep your information safe?

We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights?

The easiest way to exercise your rights is by contacting us at privacy@weareotto.com.

Personal information you disclose to us

We collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information provided by You.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we could collect may include the following:

  • names
  • phone numbers
  • email addresses
  • mailing addresses
  • usernames
  • passwords
  • contact preferences
  • contact or authentication data
  • job titles

Sensitive Information.

When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • information revealing race or ethnic origin

Payment Data.

We don’t collect any data to process your payment, you will use only Stripe Inc. and your payment will be secured by the following privacy policy by Stripe Inc.

  • For payment transactions with Link. End User Personal Data is shared with others to enable the transaction. For example, when you choose to use a payment method for the transaction with Stripe or with Link (e.g. credit card, debit card, buy now pay later, or direct debit), that payment method will receive transaction information that includes your Personal Data. Please review your payment method’s privacy policy to learn more. When you use Link, the merchant you choose to do business with will also receive Transaction Data that includes your Personal Data and with your permission, your bank account information. The merchant may share that Personal Data with others (see below regarding End Customers). Please review your merchant’s privacy policy for further information.
  • Fraud Detection Services.We use your Personal Data collected across our Services (e.g. Stripe Radar) to detect and prevent fraud against us, our Business Users and financial partners, including to detect unauthorized log-ins using your online activity. We may provide Business Users (including card issuers and others involved in payment processing activities) that have requested our fraud Business Services with Personal Data about you (including your attempted transactions) so that they can assess the associated fraud risk with a transaction.
  • Transaction Data.If you are an End Customer, when you make payments to, get refunds from, begin a purchase, make a donation or otherwise transact with a Business User that uses us to provide payment processing Business Services, we will receive transaction data. The “Transaction Data” that we collect includes Personal Data, and may include the following: your name, email address, billing address, shipping address, payment method information (such as credit or debit card number, bank account information or payment card image selected by you), merchant and location, purchase amount, date of purchase, and in some cases, some information about what you have purchased and your phone number. We may also receive your transaction history with the Business User. We may collect information typed into a checkout form, even if you choose not to complete the form or purchase with the Business User.
  • Identity/Verification Information.Stripe provides a verification and fraud Service that allows a Business User to verify Personal Data about you, such as your age (when purchasing age restricted goods) or your authorization to use a payment method. You will be asked to share Personal Data and we will collect the information that you share for this purpose, such as your government ID, your image, and Personal Data you input or that is apparent from the physical payment method (e.g. credit card image). We may compare this information with information about you we collect from Business Users, financial partners, business partners, identity verification services, publicly available sources, and third party service providers.
  • b. How we use and share personal data of End Customers

We generally use and share Personal Data of End Customers with Business Users to provide Business Services as described below, as well as for Stripe’s own purposes to secure, improve and provide our Business Services, as described below.

  • Payments.We use your Transaction Data to provide our Payments related Business Services to Business Users, including to process online payment transactions, to calculate applicable sales tax, to invoice and bill, and to calculate their revenue. We may also use Personal Data to provide and improve our Business.
  • For payment transactions, your Personal Data is shared with a number of parties in connection with your transaction. Because we act as a service provider or processor, we share Personal Data to enable the transaction. For example, when you choose to use a payment method for the transaction (e.g. credit card, debit card, buy now pay later, or direct debit), your payment method will receive the Transaction Data that includes your Personal Data. Please review your payment method’s privacy policy to learn more about how they use and share this information.
  • The merchant you choose to do business with will also receive Transaction Data that includes your Personal Data and the merchant may share that Personal Data with others. Please review your merchant’s privacy policy to learn more.
  • Other Financial Services. Some of our Business Users use our Services in order to offer financial services to you, through Stripe or its financial partners. For example, they may provide a card product that enables you to purchase goods and services. These cards may carry the Stripe brand, bank partner brand and/or the brands of Business Users. In addition to any Transaction Data we may produce or receive when these cards are used for purchases, we will also receive and use your Personal Data in order to provide and manage these products. Please also see the privacy policies of the Business User and our bank partner, if applicable, associated with the financial service (whose brands may be shown on the card).
  • Identity/Verification Services. We use Personal Data about your identity, including information provided by you and our service providers, to perform verification Services for Stripe or for the Business Users that you are doing business with and to reduce fraud and enhance security. If you provide a “selfie” along with an image of your identity document, we will use technology to compare and calculate whether they match and you can be verified
  • Fraud Detection Services.We use your Personal Data collected across our Services to detect and prevent fraud against us, our Business Users and financial partners (e.g. Stripe Radar), including to detect unauthorized log-ins using your online activity. We may provide Business Users (including card issuers and others involved in payment processing activities) that have requested our fraud Business Services with Personal Data about you (including your attempted transactions) so that they can assess the associated fraud risk with a transaction.
  • Our Business Users (their Authorized Third Parties). We share Personal Data of End Customers with their respective Business Users and with parties directly authorized by those Business Users to receive Personal Data. This includes sharing Personal Data of End Customers with Business Users when a Business User authorizes a third party application provider to access its Stripe account using Stripe Connect. For example, when the Business User uses Identity Services to verify an End Customer’s identity, Stripe shares with the Business User the information, documents or photos provided by the End Customer to verify their identity. The Business Users you choose to do business with may further share your Personal Data to third parties they authorize. Please review your merchant’s privacy policy to learn more.
  • Advertising by Business Users.If you have begun a purchase, we share Personal Data with that Business User in connection with our provision of Services and that Business User may use your Personal Data to market and advertise their products or services. Please review your merchant’s privacy policy to learn more, including your rights to stop their use of your Personal Data for marketing purposes. We do not use or share End Customer Personal Data for our marketing or advertising, or for marketing and advertising by third parties who are not the Business User with which you have transacted or attempted to transact. We do not sell the data of End Customers.

You may find their complete privacy notice link(s) here: https://stripe.com/ae/privacy

Social Media Login Data.

We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account.

Application Data.

If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

Geolocation Information.

We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

Mobile Device Access.

We may request access or permission to certain features from your mobile device, including your mobile device’s calendar, camera, reminders, sms messages, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.

Mobile Device Data.

We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.

Push Notifications.

We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services. We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

Log and Usage Data.

Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings.

Device Data.

We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Location Data.

We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address).

You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device.

Information collected from other sources

We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
  • To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent.

We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Click here to learn more.

Performance of a Contract.

We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

Legal Obligations.

We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights.

Vital Interests.

We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. The third parties we may share personal information with are as follows:

We also may need to share your personal information in the following situations:

Business Transfers.

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). To find out more about Google’s Privacy Policy, please refer to this link. We use certain Google Maps Platform APIs to retrieve certain information when you make location-specific requests.

You may revoke your consent anytime by contacting us at the contact details provided at the end of this document. The Google Maps Platform APIs that we use store and access cookies and other information on your devices.

Affiliates.

We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Business Partners.

We may share your information with our business partners to offer you certain products, services, or promotions.

Offer Wall.

Our application(s) may display a third-party hosted “offer wall.” Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for the acceptance and completion of an advertisement offer. Such an offer wall may appear in our application(s) and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will be brought to an external website belonging to other persons and will leave our application(s). A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account with the relevant reward.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

HOW DO WE HANDLE YOUR SOCIAL LOGINS?

If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than six (6) months past the start of the idle period of the user’s account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 21 years of age.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions, you have certain rights under applicable data protection laws.

These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information. We disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to privacy@weareotto.com.

The California Code of Regulations defines a “resident” as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose and

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

All other individuals are defined as “non-residents.”

12. DO UAE RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

If you are a UAE resident you need to know that you’re under The Federal Law No. 15 of 2020 on Consumer Protection. This law introduction of privacy and data security for consumers and the unauthorized use of consumers’ data (Article 4(5)). Suppliers and businesses now have an obligation to safeguard their consumers’ data, avoid using consumer data and information for marketing and promotion, and protect consumers’ religious values, customs and traditions when providing a commodity or receiving any service.

If you are in DIFC you are under the DIFC Law No. 5 of 2020. This Law applies to the Processing of Personal Data: (a) by automated means; and (b) other than by automated means where the Personal Data forms part of a Filing System or is intended to form part of a Filing System

If you are in ADGM you are under the ADGM data protection regulation 2021 and Law No.4 of 2013.

The objects of these Regulations are: (a) to promote the protection of individuals’ Personal Data; (b) to provide the basis for consistent regulation and Processing of Personal Data within ADGM; (c) to promote lawful, fair and transparent Processing of Personal Data; (e) to facilitate the transfer of Personal Data across borders while ensuring that the rights of individuals are respected;

You need to remind that processing of personal data revealing racial or ethnic origin is prohibited if you don’t give an explicit consent to the processing.

We want to inform you that any transfer of Personal Data outside of ADGM or to an International Organization will be evaluated and we will put particular attention to evaluate the protection level of the receiving jurisdiction.

We also want to inform you that in ADGM you have the following rights:

(1) Rectification: the right to request and obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her.

(2) Erasure: the right to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay.

(3) Restriction of Processing: the right to obtain from the Controller restriction of Processing where one of the following applies: the Controller no longer needs the Personal Data; the Processing is unlawful; the accuracy of the Personal Data is contested by the Data Subject.

(4) Data portability: the right to receive the Personal Data that is held by, or on behalf of, the Controller concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format and has the right to transmit that data to another Controller.

(5) A Data Subject has the right to object at any time, on grounds relating to their particular situation (like unsolicited marketing purposes), to the Processing of their Personal Data, including Profiling.

13. WHAT YOU NEED TO KNOW IF YOU DOWNLOAD OTTO’S APP FROM APPLE STORE

Apple may use your Apple ID account information to send you communications about the Apple Store and other Apple products, services and offers that may be of interest to you, and to request feedback about your in-store experience or the products and services you purchase.

Apple may share information with partners in order to fulfill your request, such as processing your purchase, delivering your product, or providing customer service.

Apple may provide information that cannot be linked to you to third-party partners who offer products and services or who help Apple market their products for customers.

Apple Store when you download Otto’s App will process this personal data identity

Shopping Financial information

Position

Contact Information

Identification

Usage data

The following data may be collected but is not linked to your identity:

Position

Diagnosis

14. WHAT YOU NEED TO KNOW IF YOU DOWNLOAD OTTO’S APP FROM GOOGLE PLAY

Google collect information about the apps, browsers, and devices you will use to access Google services.

The information collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.

Google collect information about your activity in his services, The activity information we collect may include:

  • Terms you search for
  • Purchase activity
  • Activity on third-party sites and apps that use our services

15. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?

Contact us at privacy@weareotto.com

If you wanna take a ride with me