The privacy statement is applicable to all privacy-sensitive information or personal data which we receive from our clients and users via the tools of the Fynch Platform, such as the Fynch app and ProDrive Learning. It is also possible for you to issue personal data to us directly, for example by email or a contact form.
We consider the privacy of our clients and users to be extremely important. That is why we try to be as careful as possible when processing and protecting personal data. All our employees have signed a confidentiality agreement and have also been extensively trained in dealing carefully with confidential information. We process the data in accordance with the conditions imposed in the General Data Protection Regulation (GDPR).
In this privacy statement, we explain which data we process, for which purposes it is used, and what your rights are on the grounds of the GDPR.
Processing personal data on the instruction of our clients
In many cases, we process personal data on the instruction of our clients. These are usually parties that have a contract with us for the use of the Fynch app or ProDrive Learning on behalf of their staff or their clients’ staff, or participants in campaigns and projects.
We can receive personal data in either of two ways: from the client or directly from you, our user. We only collect personal data from the client when relevant for the purpose for which the app is used, such as an employee number when this is required to create an expense report. In these cases, our client is the controller within the framework of the GDPR with regard to the processing of your personal data.
Processing personal data as the controller
It may be the case that we process personal data independently and not on the basis of instructions, for example, if you visit our website(s), independently use the Fynch app, or fill in a contact form. In such instances, we are the controller within the meaning of the GDPR. We only process this personal data if that is necessary for the execution of an agreement to which you are a party, or if the processing is necessary in order to defend the legitimate interests of Fynch. In addition to this, we may have a legal obligation to process your personal data.
Overview of the personal data we can process
The following is an overview of your personal data we may process. We do not always have all the data summarized below; this depends on the product you are using and the purpose for which you are using it.
- First and last name
- E-mail address
- IP-address of website visitors
- Car license plate number (always optional)
- Mobility data
- Start and end date, and time of trip
- Start and end location of trip
- Mode of transport
- Travel time and distance
- Trip objective (commute, private, business)
- Home address and closest train station to determine fixed commute distance
- Data from your employer such as employee number, name of employer, department name
- Data from mobility cards such as the NS Businesscard
Fynch uses the software provided by Leadinfo, which collects publicly available business information (for example from the public registry of the Chamber of Commerce) based on your IP-address. The IP-addresses are not saved and Fynch only receives publicly available business information.
The purpose for which the personal data is being processed
We process your personal data for the following purposes, depending on the product you use:
- To analyse the travel and driving behaviour of our users to provide insights into CO2 footprint and vitality;
- To facilitate admin of travel and work from home days so that our users can submit their expenses with their employer;
- Report aggregated information to the client, such as total CO2 footprint of all employees;
- To allow users to create an account an subsequently access their personal data;
- To inform the client and users about changes in our products and services;
- To contact users via e-mail when this is needed to provide the agreed-on service, such as sending the reward purchased in the Fynch Reward Shop.
We keep your personal data for no longer than is strictly necessary in order to fulfil the purposes for which your data was collected unless we are legally obliged to save certain data for longer.
Fynch protects your personal data with measures against abuse, unauthorized access, general availability, changes, and destruction. The Fynch app environment is digitally protected following the prescribed guidelines and is ISO 27001 certified. The personal data is stored and processed in a secured data center in Western Europe.
Issuing to third parties
We only share your personal data with third parties, such as our client, based on explicit consent from our user of when this is necessary or justified for the purpose of the Fynch app. Think about submitting expenses, where the required information to process the expenses is shared with your employer, or about consenting to additional terms of service for a project or campaign. We only share information with the client when this is necessary for the execution of an agreement which we have concluded with you, or for the protection of one of our legitimate interests, or in order to fulfil one of our statutory obligations.
We conclude data processing agreements with companies that process your data on our instruction, for example, a hosting company, in order to ensure the same level of security and confidentiality that we apply ourselves. We continue to be responsible for this processing.
We can also use this anonymized data to create general analyses, for example with regard to sustainable travel behaviour, which is relevant to a wider audience. We only publish or share the outcomes with third parties if the data cannot be linked in any way with an identifiable person.
We use your personal data for market research and to optimize our services. Within this framework, your personal data will also be anonymized and untraceable.
Your data will never be sold or shared with third parties for commercial purposes unless you have given your explicit permission.
A cookie is a small file that is saved on your computer, tablet, or smartphone when you visit our website. You can choose not to accept cookies by adjusting your internet browser so that it no longer saves any cookies. You can also delete any information saved previously via your browser settings.
We use the following cookies:
- Functional cookies. These are necessary for the technical operation of the website and enhance your user experience. These analytical cookies do not violate your privacy, so we do not need your consent.
- Google Analytics. Google Analytics is used by Fynch to generate reports on how the website is used, in order to measure the quality and effectiveness. We use Google Analytics in the way described by the Dutch Data Protection Authority [Autoriteit Persoonsgegevens] so that we are covered by the exception in cookie legislation, meaning that we do not need your prior permission.
Automated decision making
The Fynch app can take decisions based on automated processes with regard to issues that can have consequences for people. This means decisions taken by computer programs or systems without any human involvement (for example one of the employees of Fynch). This primarily involved automated trip registration, which uses GPS and movement data to estimate your trip route and mode of transport. In some cases, automatic labelling (private, commute, business) of trips can take place. You are personally responsible for checking the trips and to make sure that the presented information is correct.
Access, rectification, or erasure
You have the right to access, rectify or erase your personal data, or to restrict the processing. You also have the right to withdraw your permission for data processing or to object to the processing of your personal data.
In the instances in which our client is the controller, we cannot independently take a decision in response to your request. In those instances, we will forward your request to the controller as quickly as possible.
If we are no longer allowed to process your data, that may have detrimental consequences for the use of our application(s). In the worst case, the request or objection can make it impossible to continue using our products and services. If participation is no longer possible, we are obliged to inform our clients.
You have the right to data portability, but only if we have digital personal data which we either process with your permission, or process in order to execute an agreement we have concluded with you. Data portability means you can submit a request to us to send the digital personal data which we have from you in a readable computer file to you or another organization of your choosing.
You can send a request to access, rectify, erase or transfer your personal data, or a request to withdraw your permission or object to the processing of your personal data, to email@example.com.
In order to be sure that the request to access is being made by you, we will ask you to submit a copy of your proof of identity along with the request. In this copy you should black out your passport photo, MRZ (machine readable zone, the zone with numbers at the bottom of the passport), passport number, and Citizen Service Number [Burgerservicenummer (BSN)] to protect your privacy. We will respond to your request as quickly as possible but by no later than within six weeks.
We also want to draw your attention to the possibility you have of submitting a complaint to the national supervisory body, the Dutch Data Protection Authority [Autoriteit Persoonsgegevens].
We take the protection of your data very seriously and take suitable measures to prevent misuse, loss, unauthorized access, unwanted publication, and unlawful amendment. If you have any questions, or are under the impression that your data is not properly secured, or if there are indications of misuse, please contact us via firstname.lastname@example.org.
This privacy statement came into effect on 16 February 2017 and was last updated on 14 November 2022.