Privacy

Types of personal information collected by us may include but is not limited to:

• name and contact details (including your email address and phone number);
• past searches on the BRIDJ mobile application;
• location, trip and payment history;
• feedback and ratings on your past trips;
• device information and the operating system of your device; and
• your IP address.

We may also collect and hold sensitive information about you, including information about your mobility and accessibility needs.

We provide software products and services to assist service providers to provide mobility and transportation solutions in the public and private sectors. This includes storing, managing and processing personal information, payment information, and sensitive information about your mobility or accessibility needs.

Under the terms and conditions with third-party operators, BRIDJ may have access to personal information (End-User data) collected by third-parties that integrate with BRIDJ. This may include personal and sensitive information. BRIDJ does not share End-User data with third parties without consent or unless compelled to do so by law. BRIDJ does not use third-party End-User data for marketing purposes. BRIDJ only uses third-party End-User data for the purposes of delivering our products and services, and as permitted by this Policy.

BRIDJ will only collect personal information by lawful and fair means. When reasonable and practical to do so, we will collect personal information directly from you, however, we also collect information in other ways, such as when you use our website, our products or services or when you contact us via phone or email.

BRIDJ may also collect personal information from third parties. For example, your representatives or publicly available sources of information. If someone other than you provides us with personal information about you that we did not ask for and we determine that we could have collected this information from you, we will notify you as soon as practicable (unless to do so would potentially cause harm to you, be unlawful, or result in a breach of confidence or privacy).

All personal information collected by BRIDJ is reasonably necessary for the purposes relating to providing our products and services to you. If we determine that we have received personal information that is not related to providing products and services to you, or personal information that we could not have collected, we will de-identify or permanently destroy that personal information.

“Cookies” are small data files that may be downloaded to your device when you visit a website; these may be used to track your use on that website. Our website uses cookies, the main purpose for this is to identify users and prepare customised web pages for them.

Our Cookies do not identify you personally but may link back to a database to record information about your visit to our website.

We use Cookies from time to time to:

• monitor usage of our website;
• create a personal record of your visit to our website and the pages you viewed so that we may improve your experience on our software products;
• provide you with better service when you use our software products;
• authenticate your access to our software products; and
• recognise you when you return to our software products.

This information may be linked to any personal information that you provide and may be used in conjunction with your personal information to identify your interactions with our software products.

You can adjust your internet browser to disable or warn you when Cookies are used. However, disabling Cookies will stop our software products from functioning properly.

Our purpose in collecting, holding, accessing, and using personal information is to:

• provide and deliver our products and services to you or your representative;
• communicate with you and administer our relationship with you;
• provide you with information about other services, that we or our related entities and other organisations that we have affiliations with, offer and may be of interest to you;
• discuss potential updates to our products with you;
• analyse our services and customer needs with a view to develop new or improved services;
• address any query, feedback or complaints you may have;
• record and manage your marketing and communication preferences;
• perform user data analytics;
• perform research and trials (no personal identifying information is used for this purpose, however, de-identified data may be used in these activities);
• fulfil and comply with any legal, enforcement (including data recovery), regulatory and contractual obligations;
• fulfil any purpose that was made clear at the time of the collection of that personal information.

If the personal information provided to us is incomplete or inaccurate, we may not be able to provide you with the services that you are seeking. If we hold personal information about you that was collected for a particular purpose, BRIDJ will not use or disclose the information for another purpose without obtaining your consent, unless you would reasonably expect us to use or disclose the information for the secondary purpose.

BRIDJ does not share personal information with governments or government entities, companies, organisations, and individuals unless one of the following circumstances applies:

1. we have your consent to do so;
2. we provide personal information to our affiliates or other service providers who assist us in operating our business to process it for us, based on our instructions and in compliance with the appropriate confidentiality, security and privacy measures;
3. we will share personal information with local governments or government entities, companies, organisations, and individuals (within the data sovereignty jurisdictional control) if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
4. meet any legal, regulatory or enforceable governmental request;
5. comply with any contractual obligations imposed on BRIDJ by government, or government entities, organisations, or individuals that relate to providing services to you;
6. enforce BRIDJ Terms and Conditions of Use, including investigating any potential violations of them;
7. detect, prevent, or otherwise address fraud, security or technical issues;
8. protect against any potential breaches to BRIDJ’s rights, property or safety or to those of BRIDJ users or the public as required or permitted by law.

We may share non-personally identifiable information publicly and with our partners – like advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

We may share non-personally identifiable information with our research partners for studies, analytics and trials.

If BRIDJ is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Your personal information may be held on servers both within and outside your data sovereignty jurisdictional area. All data held by us is subject to the local laws of the original data sovereignty jurisdictional area. For example, your personal data may be held within the EU data centre however, any emailed queries and service requests (help request tickets) from the EU are processed within Australia; this data is still subject to the General Data Protection Regulation requirements and will not be disclosed to the Australian Government or Australian Government entities.  By providing your personal information or using our services, you consent to our processing of your data outside of your local data sovereignty jurisdictional area.

Our website and software products may from time to time contain links to other websites, or products, and those third-party providers may collect information about you. You acknowledge that linked websites and products are not operated by us and BRIDJ takes no responsibility for the content or privacy practices of other providers that are linked to our software products or website.

BRIDJ may use your personal information about you for the purpose of providing you with our products and services, and for other purposes that you would reasonably expect us to use that information. As noted in this policy, BRIDJ does not use third-party End-User Data from other companies for marketing purposes.

You acknowledge and agree that we may use personal information collected by us for our marketing and research purposes. This may include sending updates and information related to our services, products or activities via post, telephone or electronic transmission. We may also share your personal information with our partners who may use your contact information for this purpose. You authorise us, and our partners, to use any contact information you provide for this purpose.

You can opt out of receiving our marketing material at any time by contacting us. Once you opt out of receiving marketing material from us, you agree and acknowledge that the removal of your contact information may take several business days after the date of your request.

You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you communications about essential information that is necessary or that we are legally required to send you relating to the services that we provide.

We are committed to the protection of personal information and BRIDJ assets from unauthorised access, alteration, destruction or disclosure. As such we take reasonable steps to ensure that personal information is protected from misuse, interference and loss.

All digitally stored personal information is password protected and encrypted at rest. BRIDJ restricts access to only those who require access to the records in the course of their duties. For example providing our customers with our services, such as troubleshooting and monitoring system functionality. BRIDJ constantly reviews and tests our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and all access to personal information is audited.

Although reasonable steps have been taken to keep information secure, security cannot be guaranteed, and breaches may occur. If a security incident does occur, BRIDJ also has procedures in place which will allow us to react quickly to an incident. This involves triaging and containing the incident to prevent further damage and determining if there has been a data breach involving personal data. In the event that a security incident becomes a data breach, BRIDJ adheres to the notification requirements set out by the Australian Privacy Act and the General Data Protection Regulation.

If you reasonably believe that there has been unauthorised use, loss or disclosure of your data, please contact us immediately.

Our Privacy Policy applies to all of the services offered by BRIDJ Technology Pty Ltd and BRIDJ Pty Ltd and their affiliates, services BRIDJ provides on Android or Apple devices, and services offered on other sites. It excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be linked to the use of BRIDJ products, sites that may include BRIDJ products or services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organisations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

In particular, because we provide public transportation solutions, we have to share information with the government and other third parties working in the public transport sector. Therefore:

• Personal information (information or an opinion about passengers) collected from passengers, such as name, date of birth, contact details, or sensitive personal information (including information about mobility/accessibility requirements) (called “Personal Information”) collected by us may be disclosed to third parties and/or government agencies under contractual arrangements or obligations with those third parties/government agencies.
• The third parties and/or government agencies may disclose the Personal Information to other government agencies. These government agencies may use the Personal Information for any purpose regarding the exercise of their government functions. Such Personal Information may also be disclosed to other third parties if required by law.
• The third parties and/or government agencies may also use Your contact details to conduct surveys regarding the provision of the services provided by BRIDJ or third parties using the BRIDJ Applications.

By using the services provided by BRIDJ or third parties using the BRIDJ Applications, You consent to the collection, use and disclosure of Personal Information in the manner that We have outlined.

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review, on request.

If you do not agree with our Privacy Policy, you should not use any BRIDJ products or Services. Your use of BRIDJ products or services confirms your acceptance of and agreement with this Policy.

Where you wish to question or have a complaint regarding the collection or use of your information, please write to:

PRIVACY OFFICER
River City Labs, The Precinct, TC Beirne Building,
Level 3/315 Brunswick St,
Fortitude Valley, Queensland, 4101 AUSTRALIA

Or email your query to customerdata@bridj.com placing “Privacy Policy Query” in the Subject line of the email.

Where you wish to request a copy of your personal information, request to correct your personal information or request the deletion of your personal information, please write to:

PRIVACY OFFICER
River City Labs, The Precinct, TC Beirne Building,
Level 3/315 Brunswick St,
Fortitude Valley, Queensland, 4101 AUSTRALIA

Or email your query to customerdata@bridj.com placing “Personal Data Request” in the Subject line of the email.

Please note the deletion of your personal data does not extend to the removal of your personal data from our archived backups. Your personal data may be stored up to seven years inside backups dependant on auditing and retention agreements. However, all backups are fully encrypted and in the event that a backup is restored, your personal information will be removed from the system as part of our restoration process.

All queries or complaints will be handled pursuant to BRIDJ’s internal privacy procedures and the relevant privacy legislation. We will respond to your queries as soon as we reasonably can, and within thirty (30) days. If you are not satisfied with our response, or at any time, you may refer your query to your relevant Data Protection Authority.

If you do not agree with our Privacy Policy, you should not use any BRIDJ products or Services. Your use of BRIDJ products or services confirms your acceptance of and agreement with this Policy.

Where you wish to question or have a complaint regarding the collection or use of your information, please write to:

PRIVACY OFFICER
River City Labs, The Precinct, TC Beirne Building,
Level 3/315 Brunswick St,
Fortitude Valley, Queensland, 4101 AUSTRALIA

Or email your query to customerdata@bridj.com placing “Privacy Policy Query” in the Subject line of the email.

Where you wish to request a copy of your personal information, request to correct your personal information or request the deletion of your personal information, please write to:

PRIVACY OFFICER
River City Labs, The Precinct, TC Beirne Building,
Level 3/315 Brunswick St,
Fortitude Valley, Queensland, 4101 AUSTRALIA

Or email your query to customerdata@bridj.com placing “Personal Data Request” in the Subject line of the email.

Please note the deletion of your personal data does not extend to the removal of your personal data from our archived backups. Your personal data may be stored up to seven years inside backups dependant on auditing and retention agreements. However, all backups are fully encrypted and in the event that a backup is restored, your personal information will be removed from the system as part of our restoration process.

All queries or complaints will be handled pursuant to BRIDJ’s internal privacy procedures and the relevant privacy legislation. We will respond to your queries as soon as we reasonably can, and within thirty (30) days. If you are not satisfied with our response, or at any time, you may refer your query to your relevant Data Protection Authority.

• Austria – Austrian Data Protection Authority (German: Österreichische Datenschutzbehörde)
• Belgium – Commission for the protection of privacy (Dutch: Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL), French: Commission de la protection de la vie privée (CPVP))
• Bulgaria – Bulgarian data protection authority (Bulgarian: Комисия за защита на личните данни)
• Croatia – Croatian Personal Data Protection Agency (Croatian: Agencija za zaštitu osobnih podataka (AZOP))
• Cyprus – Commissioner for Personal Data Protection (Greek: Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
• Czech Republic – The Office for Personal Data Protection (Czech: Úřad pro ochranu osobních údajů (ÚOOÚ))
• Denmark – Danish Data Protection Agency (Danish: Datatilsynet)
• Estonia – Estonian Data Protection Inspectorate (Estonian: Andmekaitse Inspektsioon)
• Finland – Office of the Data Protection Ombudsman (Finnish: Tietosuojavaltuutetun toimisto)
• France – National Commission on Informatics and Liberty (French: Commission nationale de l’informatique et des libertés), also known as CNIL
• Germany – Federal Commissioner for Data Protection and Freedom of Information (German: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI))
• Greece – Hellenic Data Protection Authority (Greek: Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), also known as HDPA
• Hungary – Data Protection Commissioner of Hungary (Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH))
• Ireland – Data Protection Commissioner (Irish: An Coimisinéir Cosanta Sonraí), also known as DPC
• Italy – Italian Data Protection Authority (Italian: Garante per la Protezione dei Dati Personali), also known as Italian DPA
• Latvia – Data State Inspectorate (Latvian: Datu valsts inspekcija, Russian: Государственная инспекция данных)
• Lithuania – State Data Protection Inspectorate (Lithuanian: Valstybinė duomenų apsaugos inspekcija (VDAI))
• Luxembourg – National Commission for Data Protection (German: Nationale Kommission für den Datenschutz, French: Commission nationale pour la protection des données), also known as CNPD
• Malta – Office of the Information and Data Protection Commissioner, also known as IDPC
• Netherlands – Dutch Data Protection Authority (Dutch: Autoriteit Persoonsgegevens (AP)), also known as Dutch DPA
• Poland – The Bureu of the Inspector General for the Protection of Personal Data (Polish: Generalny Inspektor Ochrony Danych Osobowych (GIODO))
• Portugal – National Commission for Data Protection (Portuguese: Comissão Nacional de Protecção de Dados (CNPD)), also known as NCDP
• Romania – The National Supervisory Authority for Personal Data Processing (Romanian: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
• Slovakia – Office for Personal Data Protection of the Slovak Republic (Slovak: Úrad na ochranu osobných údajov Slovenskej republiky)
• Slovenia – Information Commissioner of the Republic of Slovenia (Slovene: Republika Slovenija Informacijski pooblaščenec)
• Spain – Spanish Agency of data protection (Spanish: Agencia Española de Protección de Datos (AEPD))
• Sweden – Swedish Data Protection Authority (Swedish: Datainspektionen), also known as Swedish DPA
  

• Australia – The Office of the Australian Information Commissioner
• Canada – Privacy Commissioner of Canada (French: Commissariat à la protection de la vie privée du Canada)
• Guernsey – Office of the Data Protection Commissioner
• Hong Kong – Privacy Commissioner for Personal Data
• Iceland – Icelandic Data Protection Agency (Icelandic: Persónuvernd)
• Isle of Man – Information Commissioner
• Israel – Privacy Protection Authority (PPA)
• Liechtenstein – Data Protection Office (German: Datenschutzstelle)
• Macedonia – Directorate for Personal Data Protection (Macedonian: Дирекција за заштита на лични податоци)
• Montenegro – Agency for Protection of Personal Data (Montenegrin: Агенција за Заштиту Личних Података)
• New Zealand – Privacy Commissioner
• Norway – Norwegian Data Protection Authority (Norwegian: Datatilsynet)
• Serbia – Commissioner for Information of Public Importance and Personal Data Protection (Serbian: Повереник за информације од јавног значаја и заштиту података о личности)
• Switzerland – Federal Data Protection and Information Commissioner (in German: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), in French: Préposé fédéral à la protection des données et à la transparence (PFPDT), in Italian: Incaricato federale della protezione dei dati e della trasparenza (IFPDT)), also known as FDPIC
• United States of America – Federal Trade Commission
• United Kingdom – Information Commissioner’s Office, also known as ICO