This Privacy Policy applies to HeXA Rides, HeXA Ride Driver our iOS and Android Mobile Applications (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.
GENERAL INFORMATION
Our use of your Personal Data is subject to the Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address and device ID.
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing
Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The responsible party within the meaning of the NPICICA and the GDPR is HeXA Apps LLC dba HeXA Rides of 5415 W Harmon Ave #1054, Las Vegas, NV 89103 (“HeXA Rides”, “we”, “us”, or “our”). If you have any questions about this policy or our data protection practices, please contact us using admin@hexarides.com.
In accordance with the above-mentioned laws, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
PROCESSING OF AUTOMATICALLY COLLECTED DATA
The App can be downloaded from the “Google Playstore'' a service offered by Google LLC, or the Apple App service “App Store” a service of Apple Inc, to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and Billing confirmations.
We may request permission to store your App data including your Internet Connection and Network, Precise Location, Address Book Contacts, Gallery and Photo Storage. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent. You can deny access on your device via the permission system when you first open our App and within your device’s permission manager system. See your device manufacturer’s instructions for further details. However, this means that our App may not function as intended.
When you use one of our location-enabled services, we may collect and process information about your mobile device’s GPS location (including the latitude, longitude or altitude) and the time the location information is recorded to provide the services with location-based information and features. Some of these services require your Personal Data for the feature to work and we may associate location data with your device ID and other information we hold about you. We keep this data for no longer than is reasonably necessary for providing services to you. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can deny access on your device via the permission system when you first open our App and within your device’s permission manager system. See your device manufacturer’s instructions for further details.
If you permit us to access the address book on your device through the permission system used by your mobile platform, we may access and store names and contact information from your address book to facilitate invitations and social interactions that you initiate through our App. You can deny access on your device via the permission system when you first open our App and within your device’s permission manager system. See your device manufacturer’s instructions for further details.
We use the Google Firebase developer App and related features and services provided by Google. We use the following Google Firebase services in our App: a) Firebase Analytics, b) Firebase Crashlytics, c) Firebase Firestore for cloud storage, d) Firebase Authentication, d) Firebase Cloud Messaging for Push Notifications. By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy The legal basis is the implementation of the user contract for the use of the App.
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract using Firebase Cloud Messaging for Push Notifications for Android devices and the Apple Push Notification service (APNs) for iOS devices. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) or by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
The app uses the tool Crashlytics to log crashes of our App. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of our App. The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not.
Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution and any updates.
In order to provide the relevant data for analysis, Firebase Analytics uses your a) device's advertising ID, b) an App instance ID (a randomly generated number that identifies a single app installation), c) and the IP address, which is shortened (IP masking) before being processed on Google's servers (which may be located outside the EEA) to generate the usage analysis. You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations. The basis for processing is our legitimate interest and your consent.
DATA PROCESSING BY US
Personal data is processed depending on the contact method. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also include certain Personal Data. The personal data collected when you contact us is used to process your request and the legal basis is your consent.
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures.
If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form (your name, address, phone number and email address). The entry of your data is encrypted so that third parties cannot read your data when it is entered. Your data will remain stored for as long as the registration lasts, in particular if the storage is necessary for the fulfillment/execution of the contract, to enforce our rights or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
As a registered user, you have the opportunity to create a user profile with just a few clicks and details and the relevant profile data you provide will be posted on your profile. Of course, you can change the information and delete your account at any time via the settings in your profile. You have choices about the information on your profile. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add Personal Data to your profile that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our App.
In providing our App and permitting you to create a user profile we may process images and facial-related information from our Users. Images and facial-related information are used and processed solely for the purpose explicitly consented to and we do not collect, use, or store any images and facial-related information for the purpose of recognising faces outside of this purpose. The legal basis is your consent.
We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. As such, we process:
Contract and passenger data (e.g., name of the passenger, contact number, e-mail address, pickup location, and destination, date and time, number of passengers, luggage, hand luggage, fare, payment method info, earnings).
Usage data (e.g., pages visited, access times, Search location, Vehicle location, IP addresses, Geo Location, Map Location).
Log Information (e.g.,When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and times, app features or screens viewed, app crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services.)
In-App Chat Data (e.g., Call and Text Information including the information exchanges between Riders and Drivers who we have connected for a ride time of the call or message, the parties’ phone numbers, and the content of any messages).
Emergency SOS Button (When requesting assistance or making an emergency call, the following data is temporarily transmitted to and stored in the server system: i) phone number provided by the user; ii) location provided by the user).
Drivers Contract Data (e.g., Full name, gender, birth date, age, licenses, place of birth, physical address, email, telephone number, social security number, tax ID, pay-out preference or bank account, user ID, trainings and webinars, location data, ride status, tour milestones, vehicle number plate, vehicle details, customer orders, customer ratings, photographs, audio files, incident information, criminal background checks, compliance with our guidelines company data).
Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.
You have choices about the Personal Data you upload and share. You don’t have to provide Personal Data; however, Personal Data helps you to get more from our Services. It’s your choice whether to include special category data and to make that special category data public. Please do not upload or add data that you would not want to be available.
The legal basis for the processing of your personal and special category data is the establishment and implementation of the user contract for the use of the service as well as your consent. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to admin@hexarides.com.
The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose including improving our App and Services. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
If you take out a subscription your payment will be processed via our payment service provider and payment will solely be processed through the payment system of our payment service provider. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
We use your data (name and email) within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.
HOW WILL WE USE YOUR PERSONAL DATA?
We may collect, store and use your Personal Data for the following purposes:
We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances we may also be required by law to disclose or otherwise process your Personal Data.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
GENERAL PRINCIPLES
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if HeXA Rides (or a part of HeXA Rides) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect our business.
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
In the course of our business and App operations, we process data in our Ireland based headquarters. All data collected is generally transferred to our Google Cloud Server. The legal basis for the data processing is our legitimate interest in providing our App.
Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through our App.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
YOUR RIGHTS AND PRIVILEGES
Under the NPICICA, you can exercise the following rights:
Under the GDPR, you can exercise the following rights:
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
USA SPECIFIC PROVISIONS
The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.
As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
HELP AND COMPLAINTS
If you have any questions about this policy or the information we hold about you please contact us by email using admin@hexarides.com.
CHANGES
The first version of this policy was issued on Friday, August 2nd, 2024 and is the current version. Any prior versions are invalid and if we make changes to this policy, we will revise the effective date.
This Cookie Policy applies to our use of cookies and other similar technologies on our website at www.hexarides.com. The purpose of this policy is to provide you with information about what cookies are and how they work. It also explains what cookies we use, what they do and how you can control what cookies we use when you visit www.hexarides.com.
WHO IS THE DATA CONTROLLER?
A “data controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In this sense, HeXA Apps LLC dba HeXA Rides of 5415 W Harmon Ave #1054, Las Vegas, NV 89103 (“HeXA Rides”, “we”, “us”, “our”) is the data controller. If you have any questions about cookies or about data protection at HeXA Rides in general, you can reach us by email using admin@hexarides.com.
WHY DO WE HAVE A COOKIE POLICY?
In accordance with the Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to inform you about the cookies we use and obtain your consent when using certain types of cookies namely Functional, Performance, Analytics and Advertising Cookies.
WHAT IS A COOKIE?
Cookies are text files containing small amounts of information which are downloaded to your device (e.g. computer, smartphone, electronic device which accesses the internet) when you visit a website. Cookies can be useful because they allow a website to recognise a user’s device, preferences and generally help to improve your online experience.
WHAT TYPES OF COOKIES DO WE USE AND HOW LONG DO THEY LAST?
There are three types of cookies that we use, Necessary Cookies, Analytics Cookies and Marketing Cookies. These cookies perform different functions as explained below above the relevant cookies sections.
Necessary cookies are essential in order to provide you with the services you request on our website and in order that we can comply with legal obligations. We do not need to ask for your consent in order to use these cookies as without them we would not be able to provide the services requested by you. These are always active on the Website.
Analytics cookies collect information about things like how many people visit our Website, what parts of the Website people look at and how many new visitors we have to the Website. These cookies help us to monitor how effective our Website is and to improve it, tailoring it to our visitors. Analytics cookies are only used if you consent to it in our Cookie Consent Tool.
Marketing cookies help us provide you with personalized and relevant services or advertising, and track the effectiveness of our digital marketing activities. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. Advertising cookies are only used if you consent to it in the Cookie Consent Tool.
CONSENT
Necessary Cookies will always be active on your device, but we ask for your consent to place Analytics and Advertising Cookies and other similar technologies on your device. If at any time you want to change your cookie settings, including withdrawing your consent to this processing, we would encourage you to do this via the links below. You may need to refresh the page before the changes to the settings take effect.
THE COOKIES WE USE
Google Analytics
We use Google Analytics, a web analysis service of Google. Google Analytics uses a specific form of cookie, which is stored on your device and enables an analysis of your use of our website. The cookies set by Google Analytics for measurement are different for each visitor (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of our website generated by the cookie is generally transmitted to a Google server in the USA and stored there.
Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data. In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes.
In relation to the data transfer into the USA Google’s processing agreement for Google Analytics, can be read here. You can disable tracking by Google Analytics with future effect by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser following this link.
Pixel Cookies and Tags
We use so-called Pixel Cookies and Tags (“Pixel Cookies”). A Pixel Cookie is an advertising tool and typically consists of a JavaScript code snippet that allows us to understand and track visitors' activity on our Platform. For this purpose, Pixel Cookies collect and process information about visitors of our Platform and the device used (so-called event data).
Event data collected through Pixel Cookies is used for targeting our advertisements and improving ad delivery and personalized advertising. For this purpose, the event data collected on our Platform by means of Pixel Cookies is transmitted to the relevant operator of the Pixel Cookie and in part, also stored on your device. However, this only happens with your consent, and we and the relevant operator of the Pixel Cookie are considered joint controllers. Nonetheless, for the subsequent processing of the transmitted Event Data, the relevant operator of the Pixel Cookie is the sole controller.
For more information about how the relevant operator of the Pixel Cookie processes personal data, including the legal basis on which they rely on and how you can exercise your rights against, please refer to the following Privacy Policies: Facebook and Instagram.
HOW TO BLOCK COOKIES AND THE CONSEQUENCES OF THIS
If you want to block all cookies, you may be able to do this through the settings in your browser for each browser you use and each device you use to access the internet (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, Safari).
We also offer a Cookie Consent Tool when you first visit our website. This tool allows you to specify your preference about cookies. You can accept or reject them or access this Cookie Policy before giving your consent to cookies or rejecting them. This permits you to make an informed decision about the cookies we use. You are free to accept or reject cookies, but note that after rejecting them, browsing our website might be less user-friendly and the relevant content might be affected.
In addition, if you do not wish to participate in advertising personalisation or retargeting/tracking you can object to behavioral advertising at the following websites: Your Online Choices, Digital Advertising Alliance of Canada, Network Advertising Initiative, AdChoices the European Interactive Digital Advertising Alliance (Europe only), and Google Ad Settings,
HELP AND COMPLAINTS
If you have any questions about this policy or the information we hold about you please contact us by email using admin@hexarides.com.
CHANGES
The first version of this policy was issued on Friday, August 2nd, 2024 and is the current version. Any prior versions are invalid and if we make changes to this policy, we will revise the effective date.