11. Purpose

This Data Retention Policy outlines the guidelines and procedures for retaining and deleting personal data collected and processed by intelliTicket in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

12. Scope

This policy applies to all personal data collected and processed by intelliTicket, including data from users of the intelliTicket App and any other data subjects whose personal data is processed by intelliTicket.

13. Categories of Personal Data and Retention Periods

13.1. Identity Data

• Description: Name, profile picture.
• Retention Period: 3 years from the last active use of the account.
• Reason: To provide ongoing services and for user identification.

13.2. Contact Data

• Description: Email address, phone number.
• Retention Period: 3 years from the last active use of the account.
• Reason: For communication purposes and account management.

13.3. Journey Data

• Description: Journey booking information, start/end location, live location (with consent).
• Retention Period: 3 years from the journey date.
• Reason: To improve service offerings and for historical reference in case of disputes.

13.4. Payment Data

• Description: Payment method, transaction details.
• Retention Period: 7 years from the transaction date.
• Reason: To comply with tax and accounting requirements.

13.5. Usage Data

• Description: App usage, access logs, IP address.
• Retention Period: 3 years from the date of collection.
• Reason: To monitor and improve the App’s performance and security.

13.6. Aggregated Driver Rating

• Description: Ratings given by users.
• Retention Period: 3 years from the rating date.
• Reason: To maintain service quality and for driver performance reviews.

13.7. Customer Communication Data

• Description: Customer support interactions.
• Retention Period: 3 years from the date of the last interaction.
• Reason: To address ongoing issues and for quality assurance.

13.8. Eligibility Data for Grant Programs

• Description: Name, date of birth, geographical origin, verification status.
• Retention Period: 3 years from the end of the grant program.
• Reason: To comply with grant administration and oversight requirements.

13.9. Public Transport Data

• Description: Name, birthdate, salutation.
• Retention Period: 3 years from the date of ticket issuance.
• Reason: For proper ticket issuance and user support.

14. Retention Procedure

14.1. Data Minimization and Anonymization

Personal data will be anonymized or deleted when it is no longer necessary for the purposes for which it was collected, unless retention is required by law.

14.2 Secure Storage

Personal data will be stored securely, with appropriate technical and organizational measures in place to prevent unauthorized access, alteration, or deletion.

14.3 Regular Review

The Data Protection Officer (DPO) will conduct regular reviews of the data stored to ensure compliance with this policy and applicable laws.

14.4. Data Deletion

• Inactive accounts and associated personal data will be deleted after 3 years of inactivity.
• When data is no longer needed, it will be securely deleted or anonymized.

15. Rights of Data Subjects

Data subjects have the right to:

• Access their personal data.
• Correct, update, or request deletion of their personal data.
• Restrict or object to the processing of their personal data.
• Request portability of their personal data.
• Withdraw consent for data processing (where consent was given).
• Lodge a complaint with a supervisory authority if they believe their rights under data protection laws have been violated.

Requests to exercise these rights can be made through the contact form at https://www.intelli-ticket.com/contact/.

16. Updates to this Policy

This Data Retention Policy may be updated from time to time to reflect changes in legal, regulatory, or operational requirements. Changes will be communicated to data subjects as appropriate.

Last updated: June 2024

This policy ensures that intelliTicket retains personal data only as long as necessary to fulfill the purposes for which it was collected, while also complying with legal obligations and respecting the rights of data subjects.