Drivers4TUI – the app for transport drivers serving TUI customers.

App Privacy

Version: May 2021

I. Introduction

This notice specifically applies to Drivers (hereinafter, “Drivers” or “You”), who are employees of transportation companies which have signed contract with TUI Holding (hereinafter, “TUI MM”, “we” or “us”) to provide transport services to our end-customers.

II. What this Privacy Policy covers

TUI Holding is the data controller with registered office at Calle Rita Levi, Parc Bit 07121, Palma de Mallorca. We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Policy which explains:

• What types of personal data we collect and why we collect it.
• When and how we may share personal data.
• The choices you have, including how to access and update your personal data.

III. Personal Data we collect

• Your personal details, including your name, surname and telephone number.
• Your account login details, such as your username and the password you chose.
• Your location data during the trip assigned.

IV. How we use your personal data

The legitimate basis to process your personal data is for the performance of contract only for the following purposes:

• To manage the service contracted by TUI MM

We use your personal data to manage the relationship with the transportation company where you are employee.

• To manage Driver’s account

We use your data to establish and maintain your account, verify your user identity and enable to performance transport services.

• To improve the service that we provide to end-customers

We process your data to provide end-customer the location of the vehicle, being able to track the progress of their trip, and be informed of any delays compared to the initial timing provided, in order to enhance the user experience and to maintain the safety, security and integrity of our services. We inform you that your location data is collected when the App is open or running in the background of the mobile device. In this sense, location tracking is activated only during the time a trip is taking or it should be taking place. Location data will not be active in case you do not have a Trip active or about to have one or in the case they close completely the App. Your personal data will not be shared to end-customers. Location coordinates of the vehicle to be driven obtained through the App will be shared to end-customers in an anonymised way.

V. Sharing your personal data

We inform you that your personal data will not be disclosed to third parties, unless there is a legal obligation or is required by government authorities. In this case, we may share the minimum personal data necessary if laws say we must or we are legally allowed to do so.

VI. Protecting your personal data

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure. The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential. The personal data that we collect and process from you is not be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). Where any personal data may be transferred to or processed in a country outside EEA, we shall ensure that requirements in Data Protection Legislation relating to international data transfers are met before any such transfer. In this sense, we will put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Policy. These protections will include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.

VII. Data retention

We retain your personal data for only as long as it is necessary for the uses set out in this Privacy Policy and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data. In this regard, TUI MM has in place a security policy implemented a process to control the last time each user has logged into the application which will behave in the following way:

• In case more than 90 days have passed since the last time a user logged in the application, the system will automatically disable the user account.
• In case more than 365 days have passed since the last time a user logged in the system will automatically remove the user account.

VIII. Rights of Data Subject

We inform you of the possibility to exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, by sending an email to gdprdx@tui.com attaching a copy of your national identity card, passport or other analogous ID proof. Furthermore, we inform you of the possibility to present a claim to the local Data Protection Supervisory Authority when you consider that TUI MM has violated your rights under the applicable regulations regarding the processing of your personal data. If you have any doubt concerning the processing of your personal data, please contact our Data Protection Officer (DPO) at gdprdx@tui.com.

IX. Changes to our Policy

This Policy replaces all previous versions. We may change the Policy at any time so please check it regularly for any updates. If the changes are significant, we will provide a prominent notice including, if we believe it is appropriate, a notification of Privacy Policy changes.