Glimble FVG

Privacy Policy

Arriva and Trieste Trasporti aim to provide information about the processing of personal data in connection with the Glimble app. The Glimble app allows users to plan and purchase journeys while offering information on a wide range of transport options, including, for example, bike-sharing services. Once a journey is planned, users can use the app to book, pay for, and access their chosen transport options.

Data Controllers

In compliance with the General Data Protection Regulation (GDPR), the data controllers responsible for processing personal data are:

Arriva Personenvervoer Nederland B.V. (Arriva) Registered office: Trambaan 3, 8441BH Heerenveen, Netherlands Chamber of Commerce registration number: 30124575
Trieste Trasporti S.p.A. Registered office: Via dei Lavoratori 2, 34144 Trieste, Italy VAT number: 00977240324 Phone: +39 040 7795111 Email: mail@triestetrasporti.it Certified email: mail@cert.triestetrasporti.it

Additional information about the data controllers and their respective Data Protection Officers (DPOs) can be found in the privacy sections of their official websites.

For questions or comments regarding this notice or the processing of personal data in the context of the Glimble app, users can contact Trieste Trasporti via the provided email addresses. These addresses can also be used for inquiries about potential data processing, corrections, restrictions on processing, data portability, deletion, or access to personal data.

How We Collect Personal Data

Personal data is processed by the data controllers when it is provided directly by the user. For example, this occurs when the Glimble app is installed or used, or when users contact Glimble or Trieste Trasporti via customer service. Additionally, the app automatically collects personal data as described below. Participation in surveys or similar initiatives may also result in the collection of additional data voluntarily provided by users.

What Personal Data We Collect

The personal data collected, processed, and shared to enable the use of the Glimble app and the various transport options is outlined below.

Personal Data	Account	Trip planning	Travel with GPS tracking	Public transportation	Flexible transportation	Cab	Bicycles	Scooters	Automobiles
First and last name	x		x	x	x	x	x	x	x
Date of birth	x		x					x	x
Phone number	x				x	x	x	x	x
Address			x					x	x
GPS location data		x
Email	x			x	x	x	x	x	x
Type of phone or device	x
Operating system and version	x
IP-address	x
Device language	x
Payment method	x			x	x	x	x	x	x
Name of account holder	x	x		x	x	x	x	x	x
IBAN	x	x		x	x	x	x	x	x
BIC	x	x		x	x	x	x	x	x
Last 4 digits of credit card	x	x		x	x	x	x	x	x
Credit card expiration date	x	x		x	x	x	x	x	x
Third-party traveler details
Name (first and last name)	x	x		x	x	x	x	x	x
Date of birth	x	x							x
Driver's license details (driver's license check)
First and last name								x	x
Document number								x	x
Date of issue								x	x
Validity								x	x
Issuing entity									x
Category								x	x
Date of birth								x	x
Date and time		x		x	x	x	x	x	x
Pickup or drop-off address		x			x	x
Travel information		x		x	x	x	x	x	x
Trips booked	x
Travel preferences		x
Type of phone or device								x	x
Self-timer								x	x
Personal data we manage through cookie-like software
Type of phone or device	x
Operating system and version	x
Trips booked	x
Navigation behavior	x
Research history	x
Purchase history	x
Unique identifier by device	x
Device language	x

Personal data we process before, during, and after travel
Origin and destination of the trip	x	x
Means of transportation	x	x
App behavior during the trip	x	x
Tickets	x	x
Reservations	x	x
Order status	x	x
Cancellations	x	x

GPS-Tracked Travel The Glimble app offers an optional GPS-based travel feature. This is an additional, non-mandatory option that removes the need for travelers to check in and out manually. Simply swipe in at the start of your journey and swipe out at the end. The journey is determined based on location data. For any questions or comments regarding a trip, please contact customer service using the details provided at the beginning of this privacy notice.

If you choose to travel using GPS, you enter into an agreement with Glimble to process your personal data (including location) to determine your completed journey and subsequently charge the travel costs. In this context, we may process and share your personal data with payment service providers and other service providers to the extent necessary for executing the agreement. Your data is also used to identify potential fraud, for example, if you frequently and deliberately perform an early swipe out.

Traveling with GPS If you wish to travel using the GPS feature in the Glimble app (optional), you must create a user account and provide your account details to enable the billing of your journeys. Your data may also be used to detect possible fraud, such as repeated intentional early swipe outs.

Fairtiq and GPS-Based Travel In the context of GPS-based travel, your data is shared with Fairtiq, the technology enabling GPS-based journeys.

Data Retention Arriva does not retain your data longer than necessary when traveling using GPS. Location details are kept for a maximum of 12 months to enable customer service to assist you with travel-related inquiries.

Data Processing During App Use When using the Glimble app, data related to planned, completed, and saved journeys is processed. Additionally, data on user behavior (clicks) within the app is collected. Arriva and Trieste Trasporti process information before, during, and after travel, including:

Departure and destination locations
Means of transportation
App behavior during travel
Tickets, bookings, order statuses, and cancellations in the Glimble app

This information may cover all user activities within the Glimble app, such as:

A unique trip number per user to identify and track planning, ticket purchases, and completed journeys
Modes and types of transport chosen (e.g., public transport, private transport, bike sharing)
Whether the journey is for business, personal, or commuting purposes
Cancellations of trips or parts of trips
Departure and arrival points of the journey
Start and end times of the journey
Costs of the journey or its components

From the above travel information, indirect data about the user may also be derived, which could qualify as personal data.

Additional Data Processing Further data that the controllers may process includes information provided by the user in the context of complaints, support requests, or information inquiries. We also process personal data collected through the use of cookie-like software, as outlined in the related privacy notice available [here].

Data Combination Data may be processed in combination to assist and support users, improve the services offered, or for marketing or analysis purposes.

Market Research and Surveys Glimble may invite users to participate in surveys and market research about the app, during which additional personal information might be requested.

Non-Disclosure of Data If you choose not to share your personal data, the Glimble app may not function optimally, or it may be impossible to select certain transport options.

Legal Basis for Processing User Data Arriva processes personal data based on one of the following four options:

1	Executing and entering into an agreement	When you want to book a trip through the Glimble app, you enter into a transportation agreement with your chosen transportation service provider. In this context, we may process and share your personal data with this provider or with payment service providers or other providers involved to make the execution of the contract possible.
2	Legal Obligation	In some cases, we are required by law to provide personal data to third parties for purposes beyond the scope of our direct services to you. For example, in cases where there is suspicion of a serious crime, judicial investigation, or when data is requested from us by the police or other competent authorities. Other examples include the disclosure of data for the implementation of tax legislation, for administrative obligations, or in the context of requests or investigations by regulatory authorities.
3	Legitimate business interests	Our legitimate interests include: optimizing, developing and improving the Glimble app and user experience and conducting research, analysis, studies.
4	Cases when the user gives consent	a) When we want to process the user's location data, to be able to determine the starting point or to be able to process and show a walking route to the arrival point; (b) When we use cookie-like software on the user's device; (c) when we use user data for marketing purposes or for purposes other than the use of the Glimble app.

Withdrawal of Consent Users can withdraw their consent to the processing of their personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out based on consent before its withdrawal. Users may delete their account at any time, provided there are no outstanding payment obligations. Account deletion can be requested by contacting the data controllers using the contact details provided in this notice.

Purpose of Data Processing We process users’ personal data for the purposes outlined below. The number associated with each purpose corresponds to one of the four options indicated in the table above.

Purposes	Options
1	Inviting you to use the Glimble app. In some cases, we may use your contact information to send you an email invitation to use our app. If we have already received the user's contact information in connection with the sale of one of our products or services and the user has not previously objected to our possibly unsolicited communications, the user will be considered existing and active and communications may be sent to the user based on our legitimate interest. In all other cases, the user will be considered a new user and will therefore be sent the invitation on the basis of prior consent. In both cases, we offer the possibility to object to the further use of contact data. The objection can be made (in addition to the methods described in the invitation email), also by contacting us via the contact details given in this policy.	3 (for existing customers) or 4 (for new customers)
2	Creating a user account and entering into an agreement to use the Glimble app Before you can use the Glimble app, you must install the Glimble app and go through the registration process. During this process, users will be asked to provide some personal information and enter into an agreement with Glimble.	1
3	Travel booking and payment	1 e 2
4	Use of third-party transportation services (external service providers) The Glimble app can be used to book, pay for, and use various services and transportation based on user preferences. We use user data to arrange transportation arrangements and to inform users about the various services and means of transportation available. If you use transportation services operated by third parties, your data will be made available to the transportation service providers when necessary to ensure that the transportation contract can be concluded and executed.	1
5	Transportation damage management and billing for any penalties	1 e 3
6	App usage and travel history. We use the user's data in order to provide the user with travel advice based on the user's preferences and settings. We also give the user the ability to view their own travel history.	1
7	Handling requests, complaints or comments, and disputes For example, when you contact us through our customer service (phone, email, chat, social media or web form): correspondence may also be used to assess and improve the quality of our services and for training, coaching and evaluation purposes. Such messages will be retained for up to 2 years.	1 e 3
8	Detect and correct errors and malfunctions in the Glimble app.	1 e 3
9	To analyze and improve the use of the Glimble app and its features. , and to ensure, for example, that our information is based on your actual preferences and that these are tailored to your use of our websites and apps.	3
10	To inform you about other Arriva products or services and to keep you informed about our activities (contests, events, surveys), with email communications or push notifications in the Glimble app These communications are based on the user's travel behavior and habits over the past two years. If the user prefers not to receive these types of communications, you can immediately unsubscribe from their account and they can turn off push notifications.	3 e 4
11	Research and analysis Research and analysis purposes may include market and demographic research or internal studies (e.g., for process improvement, analysis of usage rates, planning and installation of new tools).	3
12	Security To prevent, detect, and investigate incidents related to fraud and cybersecurity (e.g., using users' personal data) and to investigate, prevent, and deter unauthorized access and fraud.	1 e 3
13	To send notifications to users, for example, when maintenance or updates are made to the Glimble app, or when booked or planned trips are canceled or changed, or when there are disruptions to public transportation services. The settings for receiving push notifications in the Glimble app can be changed from your device.	1
14	Processing of location data in order to provide the user with personalized and optimal assistance. To do this, we ask for consent from the user. Consent can be revoked at any time.	4
15	Payment processing For payments under 3, we store the user's payment data to the extent strictly necessary and in accordance with our legal obligations.	2
16	Driver's license check If sharing services are used with vehicles for which a driver's license is required, Glimble verifies the user's identity and the validity and authenticity of the user's driver's license (and possibly the user's ID card or passport). For driver's license checking, we use the services of our partner Veriff OÜ (Estonia, hereafter Veriff). Veriff's software is integrated into the Glimble app via a software development kit (SDK). During the booking process, the user is asked to have their driver's license and identity verified. The process requires a selfie. During the driver's license check, Veriff processes the user's name and date of birth, driver's license issuance date, driver's license expiration date, driver's license number, type of driver's license (AM, A, A1, A2, B, BE, B+, others), the selfie taken by the user, and the mobile device used by the user. Veriff will remove, obfuscate or make unreadable any personal data or identification documents presented during the verification session that are not needed for the driver's license check. Veriff's software will automatically delete photos after 30 days. Arriva does not store the photos in its systems. Designated Arriva officials have access to Veriff's software to assist users with problems. Personal data processed by Veriff are available to Arriva for up to 90 days. Thereafter, the data will be stored by Veriff for up to 18 months and will be available to Arriva only upon request.	3
17	Cookie-like software We ask for user consent for the installation of cookie-like software. More information about the use of these software can be found in the appropriate section. Consent can be revoked at any time.	4

If the data controllers intend to process users' personal data for purposes other than those specified, they will inform users in advance.

Who We Share Data With

To fulfill the purposes described above, we may share users' personal data with the following parties:

External transport service providers for booking, payment, and execution of journeys, as well as for handling damages or applying administrative penalties.
Users must accept the terms and conditions of external transport providers before using their services.
Payment service providers to ensure proper processing of payments for purchased journeys.
Providers assisting in the creation and delivery of electronic tickets.
Providers enabling the delivery of push notifications via the Glimble app.
Entities that analyze the effectiveness of our campaigns within the Glimble app.
IT and software service providers, including the Glimble app developer.
Providers assisting with invoicing processes.
Providers supporting customer relationship management and complaint handling.
Other parties involved in services related to the Glimble app, including consultants, accountants, banks, and marketing agencies.
Law enforcement or other competent authorities when data is required for investigations or suspected crimes.
Tax authorities when data is needed to fulfill tax obligations.

Where necessary, specific agreements are in place regarding data processing, including its security and storage. Certain parties (such as transport service providers, payment service providers, security services, and consultants) process user data as independent data controllers under the GDPR.

Generally, processed data is not shared with third parties or stored outside the EU. However, in specific situations requiring involvement of entities in non-EU countries, we ensure appropriate measures are in place to safeguard users' personal data in compliance with EU data protection laws.

External Websites

The Glimble app may contain links to websites other than those operated by the data controllers. The controllers are not responsible for how these external websites process users' personal data. Users are encouraged to review the privacy policies available on each website.

Data Retention

We do not retain user data longer than necessary for the purposes for which it was collected or as permitted by law. The retention period depends on the nature of the data and the processing purposes. In general, personal data is retained for two years unless explicitly stated otherwise in this notice. This retention period helps us monitor, improve, and personalize the user experience within the Glimble app, detect fraud or abuse, and generate accurate reports and internal analyses.

Planned and completed journey data is collected and stored in an aggregated format that cannot be directly linked to any individual user. When users delete the Glimble app from their devices or their Glimble account, personal data is retained for two years. After this period, all personal data is either deleted or anonymized.

We retain proof of user consent as long as personal data continues to be processed. Once personal data is deleted, proof of consent is also removed unless required for accountability purposes under the GDPR.

In legal proceedings or at the request of judicial authorities, data controllers may retain data for longer than specified in this notice. For more information about data retention periods, users can contact the data controllers directly at the contact details provided.

User Rights

Users have the rights outlined in Articles 15, 16, 17, 18, 20, 21, and 77 of EU Regulation 679/16 (GDPR). These include, but are not limited to:

Accessing their personal data.
Requesting corrections, deletion, or restriction of processing.
Withdrawing consent for data processing at any time without affecting the lawfulness of prior processing.
Requesting data portability.
Objecting to data processing (Article 21 GDPR) by providing valid reasons for opposition.
Lodging complaints with the appropriate supervisory authority (Article 77 GDPR).

Requests may be rejected if there are compelling legitimate reasons for processing that outweigh the user’s rights and interests.

Inquiries

For questions or comments about this notice or the processing of personal data in connection with the Glimble app, users may contact the data controllers at the contact details provided. Users may also request information, corrections, data restriction, portability, deletion, or access to their data.

Changes to This Privacy Notice

The data controllers reserve the right to update this notice at any time. The most recent version of the privacy notice is always available via the Glimble app. If substantial changes are made, users will be notified via push notifications, websites, or email communications.