What Kind of Personal Information Does GroundLink.com Gather?
At GroundLink, we care deeply about privacy. We believe in transparency, and we're committed to being upfront about our privacy practices, including how we treat your personal information. This policy explains our privacy practices for Groundlink.com (the "Site"), and GroundLink's mobile application (the "App"), ("GroundLink," together with "we," "us," and "our"). We'll refer to the Site, the App, and our other services as the "Services."
It will take effect on January 1, 2020.
The previous version of this policy can be viewed here.
We need to process your personal information in order to provide the service and run our business. By accepting our Terms & Conditions, you are confirming that you have read and understand this policy, including how and why we use your information.
By using the Services, you acknowledge that GroundLink will use your information in the United States, and any other country where GroundLink operates. Please be aware that the privacy laws and standards in certain states and/or countries, including the rights of authorities to access your personal information, may differ from those that apply in the state and/or country in which you reside.
GroundLink is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In the course of providing our Services, we collect or receive your personal information in a few different ways. When such information is received from the EU or Switzerland in reliance on the Privacy Shield, we commit to subjecting it to the Privacy Shield Principles.
More specifically, in the past twelve months (from January 1st, 2019 to December 31st, 2019) we have collected—and we are still collecting—the following personal information from our users:
Registration, Account Setup, Service Usage: In order to set up an account, you need to provide a valid email address, full name, phone number and password. In order to take a ride, you need to provide a pick-up address, drop-off address, and credit card information. We may need to store encrypted credit card information and use it for both billing and payment purposes.
Automated Information: GroundLink automatically receives and collects information from your browser or your mobile device when you visit the Site or use the App (e.g., your IP address, or cookies). This information is stored in log files. We may combine this information from your browser or your mobile device with other information that we collect about you. This information is used to prevent fraud and to keep the Services secure, to analyze and understand how the Services work for users and provide more personalized experience for users and advertising.
We may also automatically collect device-specific information when you install, access, or use our Services. This information may include the hardware model, operating system information, app version, app usage and debugging information, browser information, and device identifiers.
Cookies: We use the following types of cookies (you may adjust the cookie settings in your browser at any time):
Required Cookies - These cookies are required to enable core site functionality.
- Remember log-in details
- Provide secure log-in
- Remember your task or transaction progress
- Remember how far you are through an order
Functional Cookies - These cookies enable additional functionality like saving preferences, allowing social interactions, and analyzing usage for site optimization.
- Analyze site usage to provide custom content
- Remember your log-in details
- Conduct analytics to optimize site functionality
- Remember what is in your shopping cart
- Allow third parties to provide social sharing tools
- Make sure the website looks consistent
Advertising and 3rd Party Cookies - These cookies, along with email addresses, are used by us and third parties to serve ads that are relevant to your interests.
- Provide you with interest-based offers or ads
- Allow you to share pages with social networks
- Allow you to post comments
- Serve ads relevant to your interests
Location Information: When you use the App, you may consent to share your geo-location details with GroundLink in order to automatically set your pick-up location. We may use and store information about your location to provide features to improve and customize the Services. We will only share your geo-location details with third parties in order to provide you with the Services.
Images Stored on Device: When using the app and with your consent, GroundLink will access stored images on your device in order for you to more easily provide feedback about your experience with the App and the Services.
Analytics Information: We use data analytics to ensure site functionality and improve the Services. We use a mobile analytics software to allow us to understand the functionality of the App on your phone. This software may record information such as how often you use the App, what happens within the App, aggregated usage, performance data, app errors and debugging information, and where the App was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information that you submit within the mobile application.
Information from Third Parties: Some visitors may choose, at their discretion, to connect to GroundLink using an external third-party application, such as Facebook. GroundLink may receive information from that connected third-party application.
Non-Member Information: GroundLink may receive or obtain information (for example, an email address) about a person who is not a registered GroundLink member (a "non-member") in connection with certain GroundLink features (e.g., when a member adds a non-member guest to the ride s/he is booking). Non-member information is used only for the purposes disclosed when it was submitted to GroundLink.
We know that members of our community value having control over their own information, so GroundLink gives you the choice of providing or editing certain information, as well as choices about how we contact you. You may change or correct your GroundLink account information through your GroundLink profile and download your ride information from your GroundLink account. You may also request that your account be deactivated. If your account is deactivated, your information will no longer be visible but GroundLink must maintain certain information in order to comply with legal obligations. Guest booking information may be accessed by completing a registration and logging in to view your account details. Guest passengers wishing to review their personal data should contact the GroundLink account holder that booked on their behalf.
You also have the following additional rights with respect to your information:
Disclosure (Data access and portability): Access to and portability of your data are available by downloading your ride history and personal data by logging into your GroundLink account. You can also call the following toll free number: (855) 747-6863.
Data correction and/or editing: Personal, ride, password and payment information can be easily changed by logging into your GroundLink account or calling the following toll free number: (855) 747-6863.
Deletion: You may request that your data be deleted—as allowed by the applicable regulation—by completing the webform at www.groundlink.com/ccpa, contacting our Customer Support Center or calling the following toll free number: (855) 747-6863.
Withdrawal of consent or objection to processing: You can object to data processing in certain limited circumstances by completing the webform at www.groundlink.com/ccpa, contacting our Customer Support Center or calling the following toll free number: (855) 747-6863. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have consented to our use of your data for direct marketing purposes, you can always withdraw your consent, using the "unsubscribe" link in such communications or changing your marketing preference settings.
Personal, payment and ride information are required to provide your rides, receipts, cancellation notices, etc. GroundLink cannot offer or fulfill the Services without processing this information.
GroundLink strives to meet its customers' inquiries. If you have a concern about your service or the processing of your information, please contact customer service.
Right not to be subject to a decision based only on automated processing: Much of GroundLink's processing (booking, billing, fulfilling your ride) is automated in order to protect the security of your information and bring you high quality services. If you would like to speak to a GroundLink agent, please contact customer support (855)747-6863 (toll free).
Decisions based on automated processing cannot be avoided when they are necessary to perform the Services or authorized by EU law.
Complaint filing: If you have any questions or concerns, we encourage you to contact to us as indicated in Section 9 below. We will investigate and attempt to resolve complaints and disputes.
If your complaint is about GroundLink's compliance with the Privacy Shield and the issue does not receive timely acknowledgment or is not satisfactorily addressed by GroundLink, you may file a dispute with the International Centre for Dispute Resolution of the American Arbitration Association (ICDR/AAA), which serves as our third-party alternative dispute resolution provider. Please visit http://go.adr.org/privacyshield.html for more information and to file a dispute. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Privacy Shield.
If you have used our Services while physically in the EU (i.e., you have taken a ride in the EU, and/or booked a ride while in the EU), you have the right to file a complaint against GroundLink with the European Data Protection Supervisor ("EDPS"), regarding personal data processed specifically for those events. The EDPS's contact details are: Office of the European Data Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium, email: [email protected]. If you live in the EU, you may also file a complaint with your local data protection authority.
On occasion, GroundLink may need to contact you. These communications are service-related and necessary for members and Guest Checkout users. You agree that GroundLink can send you service-related communications, such as those related to rides, transactions, your account, or security. Examples of service-related communications include an email address confirmation/welcome email when you register your account, notification of a booked ride, modification of key features or functions, and correspondence with GroundLink's support team.
When you register for an account, or provide us with your email address or phone number (e.g. for a Guest Checkout booking), you can agree to receive marketing communications from us. You can unsubscribe at any time from marketing communications through the opt-out link included in the marketing communications or through your account settings.
We respect your privacy. GroundLink will not process or share your personal information without your consent, except based on the following legal grounds:
- It is necessary to perform the contractual obligations in our Terms & Conditions and in order to provide the Services to you;
- It is necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims;
- It is necessary for the purposes of our or a third party's legitimate interests, such as those of visitors, members, or partners;
- You have expressly made the information public;
- It is necessary in the public interest;
- It is necessary to protect your vital interests, or those of others.
Where we process your information without your consent, we do as follows.
Providing and improving our Services: We may use customer information as it is necessary to pursue our legitimate interests of improving our Services for our users, understanding how our Services are being used, and exploring and unlocking ways to develop and grow our business.
Keeping our Services safe and secure: We may also use customer information for safety purposes, in order to ensure the security of our Services.
Legal and Safety: GroundLink may also retain, preserve, or release your personal information to a third party in the following limited circumstances: in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims; to comply with a subpoena, court order, legal process, or other legal requirement; or when we believe in good faith that such disclosure is reasonably necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of GroundLink's Terms & Conditions.
Service Providers: It is also necessary for GroundLink to engage third-party companies in order to operate and provide the Services. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to GroundLink not to disclose or use your information for other purposes.
In the event we transfer personal data received from the EU or Switzerland to a third party acting as an agent (i.e. performing tasks on our behalf and under our instructions, as for example our service providers mentioned above), we will transfer only the personal data needed for the agent to deliver to GroundLink the requested product or service. Furthermore, we will (i) permit the agent to process such personal data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with GroundLink's obligations under the Privacy Shield Principles; and (iv) require the agent to notify GroundLink if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.
GroundLink remains liable under the Privacy Shield if an agent processes personal data received from the EU or Switzerland in a manner inconsistent with the Privacy Shield Principles, except where GroundLink is not responsible for the event giving rise to the inconsistent processing.
The security of your personal information is important to us. Your account information is protected by a password. It is important that you protect against unauthorized access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services.
GroundLink follows the industry best practices to protect the personal information submitted to us, both during transmission and after it is received. Some of these standards are:
- Encryption of certain information (such as credit card numbers) using secure socket layer technology (SSL);
- Protection of the confidentiality, integrity, and availability of all customer information systems;
- Definition and monitoring of IT security standards aligned with industry regulations;
- Implementation of vulnerability management techniques according to which we scan and map our network, prioritize areas of importance and apply fixes and safeguards;
- Application of safeguard firewalls and anti-virus tools to detect/prevent attacks;
- Continuous monitoring for security risks and maintenance of patch updated infrastructure;
- Over 85 polices encompassing data security;
- Security awareness trainings to our personnel.
With specific regard to credit card information, we comply with the Payment Card Industry Data Security Standard ("PCI DSS") by (but not limited to) designing, implementing, and maintaining a coherent set of standards and procedures to manage risks to cardholder data – in an effort to ensure an acceptable level of Information Security risk – and by conducting yearly PCI DSS audits.
We regularly review, test and update our security policies and systems in order to meet the highest standards of data security. Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.
GroundLink will retain your information only for as long as it is necessary for the purposes set out in this policy, for as long as your account is active (i.e., for the lifetime of your GroundLink member account), as described in this policy, or as needed to provide the Services to you. If you no longer want GroundLink to use your information to provide the Services to you, you may close your account. GroundLink will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and as otherwise described in this policy. In addition, GroundLink's service providers may also be required to retain and use your information in order to comply with their legal obligations.
If you have any questions, you can contact GroundLink's Support Team via our Customer Support Center, call (855) 747-6863 (toll free), and/or write to us at the following address:
GroundLink Holdings LLC
134 West 37th Street
New York, NY 10018