Uber Privacy Notice
I. Introduction / II. Overview / III. Data collections and uses / IV. Choice and transparency / V. Legal information
I. Introduction
When you use Uber, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices. This notice describes the personal data (“data”) we collect, how it’s used and shared, and your choices regarding this data. We recommend that you read this along with our privacy overview, which highlights information about our privacy practices and provides summaries of the data we collect and how we use it. |
---|
II. Overview
A. ScopeThis notice applies to users of Uber’s apps, websites, and other services globally. |
---|
This notice describes how Uber and its affiliates collect and use data. This notice applies to all Uber users globally, unless they use a service covered by a separate privacy notice, such as Uber Freight, Careem or Uber (South Korea). This notice specifically applies to:
This notice also governs Uber’s other collections of data in connection with its services. For example, we may collect contact information of owners or employees of restaurants or merchants on the Uber Eats or Postmates platforms; contact information of those who manage and use accounts owned by Enterprise Customers; or data of those who start but do not complete their applications to be drivers or delivery persons. All those subject to this notice are referred to as “users” in this notice. Our privacy practices are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this notice in a particular country or region only if permitted under the laws of those places. In addition, please note the following:
Please contact us here with any questions regarding our practices in a particular country or region. |
III. Data collections and uses
A. The data we collectUber collects data:
Please see here for a summary of the data we collect and how we use it. |
---|
Uber collects the following data from these sources: 1. Data provided by users. This includes:
2. Data created during use of our services. This includes:
3. Data from other sources. These include:
|
B. How we use dataUber uses data to enable reliable and convenient transportation, delivery, and other products and services. We also use data:
Please see here for a summary of the data we collect and how we use it. |
---|
Uber uses the data we collect: 1. To provide our services. Uber uses data to provide, personalize, maintain, and improve our services.
Uber performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, are compatible with such uses, or are necessary for purposes of Uber’s and its users’ legitimate interests. 2. Safety, fraud protection and security. We use data to help maintain the safety, security, and integrity of our services and users. This includes:
The fraud and unsafe driving prevention and detection activities described above may be considered profiling under applicable laws, and can result in deactivation of users (generally only after human review). For information regarding how to object to the above activities, please see “Choice and transparency” below. 3. Customer support. We use the information we collect (which may include call recordings, chat logs, in-app audio recordings and dashcam footage) to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes. 4. Research and development. We use data for analysis, machine learning, product development, research, and testing. This helps us make our services more convenient and easy-to-use, enhance the safety and security of our services, and develop new services and features. 5. Enabling communications between users. For example, a driver may message or call a rider to confirm a pick-up location, a rider may call a driver to retrieve a lost item, or a restaurant or delivery person may contact an order recipient with information about their order. 6. Marketing and Advertising. Uber uses data (other than guest users’ data) to market its services, and those of Uber partners. We specifically use account, approximate location, device and usage data, preferred language, and trip and order history to provide ads and marketing communications that are personalized based on users’ observed or inferred location, interests and characteristics (which may include inferred gender*). This includes using this data to:
We also display ads for third party products that are not available on Uber’s apps. These ads may contain links to third party apps or websites. Users should refer to such third parties’ privacy notices for information on their collection and use of data when visiting such apps or websites. We also provide ads that are personalized based on data about users’ current trip or delivery request, including time of request and services requested. For example, if a user requests a trip to a supermarket, we may display in-app ads for third party products that may be available at that supermarket. We also measure the effectiveness of Uber’s ads, and of third party ads displayed in Uber’s apps or in connection with our services. Uber performs the above activities on the grounds that they are necessary for purposes of Uber’s legitimate interests in informing users about Uber services and features or those offered by Uber partners. See the sections titled “Choice and transparency” and “Marketing and advertising choices” for information on users’ choices regarding how Uber may use their data for marketing and advertising. 7. Non-marketing communications. Uber may use data to send surveys and other communications that are not for the purpose of marketing the services or products of Uber or its partners. We may also send users communications regarding elections, ballots, referenda, and other political processes that relate to our services. For example, Uber has notified users of ballot measures or pending legislation relating to Uber’s services in those users’ areas. 8. Legal proceedings and requirements. We use data to investigate or address claims or disputes relating to use of Uber’s services, to satisfy requirements under applicable laws, regulations, operating licenses or agreements, insurance policies, or pursuant to legal process or governmental request, including from law enforcement. |
C. Cookies and third-party technologiesUber and its partners use cookies and other identification technologies on our apps, websites, emails, and online ads for purposes described in this notice, and Uber’s Cookie Notice. |
---|
Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and ads. Uber uses cookies and similar technologies for purposes such as:
We may also allow others to provide audience measurement and analytics services for us, to serve ads on our behalf across the internet or for other companies’ products and services on our apps, and to track and report on the performance of those ads. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services. Please see our Cookie Notice for more information regarding the use of cookies and other technologies described in this section. |
D. Data sharing and disclosureSome of Uber’s services and features require that we share data with other users, or at users’ request or with their consent. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes. |
---|
Uber may share data: 1. With other users This includes sharing:
2. At users’ request or with users’ consent
3. With Uber subsidiaries and affiliates 4. With Uber service providers and business partners
5. For legal reasons or in the event of a dispute 6. With consent |
E. Data retention and deletionUber retains user data for as long as necessary for the purposes described above. Users may request account deletion through the Uber apps and websites. |
---|
Uber retains user data for as long as necessary for the purposes described above, which varies depending on data type, the category of user to whom the data relates, the purposes for which we collected the data, and whether the data must be retained after an account deletion request for the purposes described below.
Users may request deletion of their account through the Privacy menus in the Uber app, or through Uber’s website (riders and order recipients here; drivers and delivery persons here; guest checkout users here). |
IV. Choice and transparency
Uber enables users to access and/or control data that Uber collects, including through:
Uber also enables users to request access to or copies of their data, make changes or updates to their accounts, request deletion of their accounts, or request that Uber restrict its processing of user data. |
---|
1. Privacy settings
2. Device permissions 3. In-app ratings pages 4. Marketing and advertising choices
5. User data requests Uber provides users with a variety of ways to learn about, control, and submit questions and comments about Uber’s handling of their data. In addition to the methods indicated below, users may also submit data requests via our Privacy Inquiry Form (riders and order recipients here, drivers and delivery persons here).
|
V. Legal information
A. Data controllers and Data Protection OfficerUber Technologies Inc. is controller of the data processed in connection with use of Uber’s services globally, except where it is joint controller with other Uber affiliates. |
---|
Uber Technologies Inc. (“UTI”) is controller of the data processed in connection with Uber’s services globally, except that:
Users may submit requests to exercise their rights regarding their data (riders and order recipients here; and drivers and delivery persons here. Users may also contact Uber's Data Protection Officer at https://uber.com/privacy-dpo, or by mail to Uber B.V. (Burgerweeshuispad 301, 1076 HR Amsterdam, The Netherlands), regarding issues relating to Uber's processing of their personal data, and their data protection rights. |
B. Legal Framework for Data TransfersUber operates, and processes user data, globally. We comply with applicable legal frameworks relating to the transfer of data. |
Uber operates, and processes user data, globally. This may result in processing of your personal data in countries, including the United States, whose data protection laws may differ from those where you live. This includes processing of your data on Uber’s servers in the United States, and transferring or enabling access to your data globally, in order to:
Uber is committed to protecting our users’ personal data regardless of where they are located or where, or by who, their personal data is processed. This includes implementing global measures to protect users’ data, including:
When we transfer user data from the EEA, UK and Switzerland, we do so on the basis of the necessity to fulfill our agreements with users, consent, adequacy decisions regarding the country of transfer (available here, here or here), and transfer mechanisms such as the Standard Contractual Clauses adopted by the European Commission (and their approved equivalents for the UK and Switzerland), and the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as set forth by the U.S. Department of Commerce. Such data remains subject to the GDPR or equivalents after such transfer. Users may contact Uber regarding the above, or to request copies of applicable Standard Contractual Clauses (riders and order recipients here; and drivers and delivery persons here). UTI has certified to the United States Department of Commerce that it adheres to (1) the EU-U.S. Data Privacy Framework Principles regarding the processing of personal data received from EEA member countries in reliance on the EU-U.S. DPF, and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; and (2) the Swiss-U.S. Data Privacy Framework Principles regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. In the event of a conflict between this notice and the Principles mentioned above, the Principles shall govern. In the event that the EU-U.S. DPF or the Swiss-U.S. DPF are invalidated, Uber will transfer data that is subject to these certifications in reliance on the other data transfer mechanisms described above. Please note the following:
Users can learn more about the EU-U.S. DPF and Swiss-U.S. DPF here, and view Uber’s certification, including the scope of data subject to our certification here. |
C. Updates to this Privacy NoticeWe may occasionally update this notice. |
We may occasionally update this notice. If we make significant changes, we will notify users in advance of the changes through the Uber apps or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices. Use of our services after an update constitutes consent to the updated notice to the extent permitted by law. |
Uber does not perform the data collections or uses indicated with an asterisk (*) in the EEA, UK or Switzerland. |
Več