Users’ personal data are processed mainly to operate the public transportation service under legal bases such as:

• The execution of the contract or pre-contractual measures at the request of the data subject;
• legal obligations;
• The performance of a task of public interest or necessity connected with the exercise of public authority vested in the data controller.

You can see in the full policy statement all the specific purposes of the treatments.

In addition, with the consent of the interested parties, Cotral may contact users, directly or through third parties, to detect customer satisfaction with the quality of services rendered and the activity carried out, to profile service usage data for customized infomobility solutions and/or on-demand services, or to send promotional communications.

In addition to sharing personal data with Law Enforcement and Public Authorities when necessary or mandatory, it is good to know that some personal data, as part of the operation of regional public transportation, i.e., in the Metrebus Integrated Electronic Ticketing System, are recorded in the central Regional Information Systems to which the Lazio Region and other transportation companies such as ATAC S.p.A., Trenitalia S.p.A., Gruppo Ferrovie dello Stato, or service companies of the Lazio Region that operate in the management of regional information systems may have access.

Personal data are not subject to dissemination or automated decision-making, and specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.

Cotral retains your data for a period of time identified according to the criteria of civil prescription and in compliance with specific sector laws, as well as according to the terms necessary for the proper pursuit of the identified control purposes.

Cotral is available to receive any requests for the exercise of Data Subjects’ rights, which should be sent to the e-mail address privacy@cotralspa.it or to the Data Protection Officer.

This policy describes the methods of management of the Cotral portal (hereinafter also only the “Portal “or “website”) with reference to the processing of personal data of users, identified or identifiable, who consult it and interact with it and with the regional web services accessible by telematic means.

The information is provided in accordance with Art.art.13 of the Regulation General Data Protection Regulation (EU Regulation 679/2016) and relate exclusively to the navigation within this portal (and the use of the App owned by Cotral) identified by the domain www.cotralspa.it and not for other external websites, which may be consulted by the user through links on the pages of the site itself.

Purposes of processing The processing of personal data carried out within this portal is aimed at the provision of specific services pertaining to public transport in the Lazio regional territory (including rental services, school transport service, disabled service, etc.). In particular, the Portal aims to provide users with all necessary information, including through newsletters, regarding the aforementioned suburban public transport.

The legitimacy bases of these processing activities may include contractual necessity or pre-contractual measures, but also processing, publications, controls and verifications necessary for the fulfillment of provisions arising from legal obligations.

Other activities, such as monitoring the use of web services, managing electronic processing systems and the website, and using advertising space, may be based on the assumption of the legitimate interest of the Data Controller.

The activation of the (optional) geolocation sharing function, which can be exercised only on the user’s specific choice for the “SEARCH ON MAP” function, is intended to show the location of vehicles in real time and to provide the user with an infomobility service that allows him/her to calculate travel times and choose which vehicles can be used.

Data Controller and Data Protection Officer The Data Controller is Cotral with headquarters in Rome, via Bernardino Alimena, 105 – 00173.

Cotral has identified a Data Protection Officer, in implementation of EU Regulation 679/2016, cha the task of monitoring and assisting the Data Controller and Data Processors in ensuring compliance with the rules and respect for the rights of data subjects.

The data protection officer (DPO, or DPO) can be contacted at. dpo@pec.cotralspa.it .

Place of data processing Processing related to the web services of this site takes place at the aforementioned headquarters of the transport company by the technical personnel in charge of processing, or by any persons in charge of occasional maintenance operations. No data from the web service is disseminated except in cases expressly provided for by law. Personal data provided by users are used only to perform the service or provision requested and expressed in the purposes of processing and are not disclosed to third parties outside Cotral.

Types of data processed

Navigation data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Portal, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to check its correct functioning and are kept for the time strictly necessary. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user: The optional, explicit and voluntary sending of electronic mail to the addresses possibly indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the Portal pages prepared for particular services on request.

Optional provision of data: apart from what has been specified for navigation data, the user is free to provide the personal data reported in any request forms to the Company. Failure to provide them may result in the impossibility of obtaining what has been requested.

Method of processing: personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Policy on “Cookies”

With this notice, in accordance with the provisions of the General Provision of the Privacy Guarantor “Identification of the simplified procedures for information and acquisition of consent for the use of cookies” of May 8, 2014 (web doc 3118884), Cotral , Data Controller, provides users of the site www.cotralspa.it with some information regarding the cookies used.

What are ‘cookies’

A “cookie” is a small text file created on the user’s computer at the time the user accesses a particular site, for the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (e.g., Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s device; they are then re-sent to the website on subsequent visits. In the course of browsing, the user may also receive on his or her device cookies from different websites ( so-called “third-party” cookies ) set directly by the operators of those websites and used for the purposes and in the manner defined by them.

Types of cookies used

The site does not use navigation or session cookies.

Rights of data subjects

The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of such data and to know their content and origin, verify their accuracy or request their integration or updating, or the rectification, cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing, unless Cotral proves the existence of compelling legitimate reasons to proceed with the processing that override the interests, rights and freedoms of the subjects to whom the data refer, or in case of ascertainment, exercise or defense of a right in court. To exercise the rights listed above, data subjects may contact the Data Controller at the following address:

via e-mail, at: dpo@pec.cotralspa.it; dpoteam@cotralspa.it

via mail to COTRAL S.p.A. – based in Rome, Via Bernardino Alimena, 105 – 00173 to the attention of the DPO Team.

The use of Cotral S.p.A.’s public transport services is allowed to the holders of tickets; while some tickets do not provide for the identification of the holder, others may refer to identified or identifiable persons registered in Cotral’s databases, for example when the tickets relate to season tickets or are granted against concessions or other rights to free or reduced fares. A further case of identification of service users is that required by law in the case of checks of travel tickets; in this case, the verifiers or drivers, holders of administrative police badges, proceed to identify the persons concerned, and in cases of fines being levied, acquire personal data in accordance with current legal regulations, using electronic instruments or paper forms. In any case, the processing of personal data carried out by Cotral personnel is based on the principles of lawfulness and proportionality and is carried out in accordance with the service contract and in relation to legal obligations; the legal prerequisite that allows for the possible processing of special categories of personal data (such as the possible state of health or disability) is the relevant public interest, pursuant to Art. 9 Par 2 g) and Art. 2 sexies of the Personal Data Protection Code Legislative Decree 196/2003 as amended by Legislative Decree 101/2018. It is also important to know that Cotral S.p.A., in order to facilitate the mobility services provided for public transport and in the legitimate interest of the company, has installed inside the cars:

• Geolocation systems that enable real-time knowledge of the vehicle’s location, for the protection of the safety of people, property, and assets, as well as for checking the validity of travel tickets in relation to the permitted travel ranges;
• Surveillance cameras that meet the needs of internal security, asset protection, and the prevention of unlawful acts of any nature.

The purposes meet the principles of correctness and lawfulness and compliance with the legal provisions on the protection of confidentiality of passenger and staff data; in particular, the geolocation system transmits to the Cotral control centers only the data of the vehicle, while the automatic video surveillance systems allow the recording of images in an encryption-protected medium, and the data are stored for 7 days with an automatic overwriting system. Data in geolocation and video surveillance systems are processed only by authorized Cotral personnel. The location of the vehicle may be communicated to infomobility systems and applications such as Citymapper and Moovit, while access to image recordings, protected in encrypted media, takes place exclusively on the occasion of requests received from judicial authorities in the event of the need for investigations following unlawful acts, in compliance with specific legal obligations. The interested parties may exercise towards Cotral S.p.A., Data Controller, according to the type of data, the rights exercisable under the Regulation (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data; in particular:

• Right of access: You may ask Cotral to confirm whether or not personal data concerning you is being processed and if so, to obtain access to the personal data;
• Right of rectification: You may obtain from Cotral the rectification of inaccurate personal biographical data, recorded in Cotral systems, concerning you;
• Right to cancellation/oblivion: You may, under certain circumstances, obtain from Cotral the cancellation of personal data concerning you (e.g. unsubscription informative newsletter, deletion of personal data no longer necessary because it relates to contractual relationships that have ceased and for which there is no legal obligation to retain);
• Right to portability: You may, under certain circumstances, obtain from Cotral your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit them to another data controller without hindrance from Cotral;
• Right to limitation of processing: You may, under certain circumstances, obtain limitation of processing from Cotral;
• Right to object to processing: You may object at any time, on grounds related to your particular situation, to the processing of personal data concerning you; Cotral will refrain from further processing your personal data, unless you demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or in the case of establishing, exercising or defending a right in a court of law.

Interested parties may also submit any complaints to the Data Protection Authority by the means explained on the Authority’s website.

To exercise your rights, or for any information or request for clarification, you can contact the Data Protection Officer of Cotral S.p.A. by writing to dpoteam@cotralspa.it or by certified mail to dpo@pec.cotralspa.it

Purpose and legal basis for processing

The personal data provided, both of contact and related to studies, acquired skills and previous professional experience, are processed for purposes related to selection and possible recruitment of personnel for Cotral, scheduling of activities, internal control services, through processing, including electronic processing of professional profiles, and inherent consultation and comparison.

Curricula vitae sent spontaneously will, if deemed not of interest, be destroyed and not stored; otherwise, however, the candidate will be promptly inquired about the request for the preservation of the curriculum vitae on electronic/paper media and will be provided, in addition, with this notice.

The basis of legitimacy for these processing activities may include the need for pre-contractual measures, but also necessary processing, monitoring and verification based on the assumption of the legitimate interest of the Data Controller.

The Processing of the Data Subject’s data may involve “special categories of personal data,” i.e., those personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sex life or sexual orientation.

For example, the candidate might spontaneously include membership in protected categories in the CV;

The prerequisite for processing, if any, such data of a “particular” nature, if indicated in the curriculum vitae, is that the data are rendered directly by the data subject and that their processing may be necessary to fulfill the obligations and exercise the specific rights of the data controller or the data subject in the field of labor and social security law and social protection.

Methods of data collection, processing and storage

The processing of personal data of data subjects will be based on the principles of fairness, lawfulness and transparency, and the rights to privacy protection, and will be carried out by manual, paper and automated means for the time strictly necessary to achieve the purposes for which they were collected.

Curricula retained for further future selection processes are kept in digital format in special protected folders with no expiration date limit, unless interested parties wish to request removal, or send us an updated cv. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access.

The selection processes, if any, may include paper notes, for the evaluation of resources, which are, however, immediately destroyed after the selection process.

In any selection processes, personal data will be retained for the duration of the same processes, and as long as obligations or fulfillments related to the execution thereof persist, or for compliance with legal and regulatory obligations, as well as for its own or third party defense purposes (e.g., requests for access to records).

Personal data may be subject to processing in compliance with applicable regulations and in accordance with the confidentiality obligations imposed on authorized personnel and any external parties that perform processing as Processors on behalf of Cotral, such as email system operators.

His rights

EU Regulation 2016/679 (Articles 15 to 23) grants data subjects the exercise of specific rights. In particular, in relation to the processing of your personal data, you have the right to request from Cotral, by contacting the office preferably by email at privacy@cotralspa.it: access to your data; rectification, deletion and portability of your data; restriction of processing; opposition to processing.

Specifically:

It can, in addition, file a complaint against the Supervisory Authority, which in Italy is the Garante per la Protezione dei Dati Personali.

Right of access: You may ask Cotral to confirm whether or not personal data concerning you is being processed and if so, to obtain access to the personal data;

Right of rectification: You may obtain from Cotral the rectification of inaccurate personal data concerning you;

Right to erasure/oblivion: You may, under certain circumstances, obtain from Cotral the erasure of personal data concerning you;

Right to portability: You may, under certain circumstances, obtain from Cotral your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit them to another data controller without hindrance from Cotral;

Right to limitation of processing: You may, under certain circumstances, obtain limitation of processing from Cotral;

Right to object to processing: You may object at any time, on grounds related to your particular situation, to the processing of personal data concerning you; Cotral will refrain from further processing your personal data, unless you demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or in the case of establishing, exercising or defending a right in a court of law.

Who we are and why we process your data

The following information is intended to describe the processing of personal data that takes place in the relationships with Customers, Partners and Suppliers of Cotral in relation to the services rendered, in compliance with the General Data Protection Regulation 2016/679 (hereinafter, “GDPR” or “Regulation”) applicable since May 25, 2018 in every Member State of the European Union, and the national legislation (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

Specifically, those affected by the processing activities are the following natural persons who, in employment or other type of relationship with legal entities, Partners or suppliers, operationally are involved in commercial, pre-contractual and contractual communications. Although often the relationships are between legal persons, the contact persons of these are natural persons who communicate with each other and process data; thus, the personal data processed are contact details (telephone numbers, email addresses and other references). In other cases, the supplier may be a professional or sole proprietor, so other data are also processed for administrative-accounting activities or product/service controls.

Cotral, based in Via B. Alimena, 105 – 00173 Rome(hereinafter, also referred to as “COTRAL”) is the Data Controller of your personal data (hereinafter, also the “Data Controller” or “we”).

For any questions concerning the processing of personal data, you can contact the e-mail address privacy@cotralspa.it.

A Data Protection Officer (DPO, or DPO) has also been designated to monitor and assist the Data Controller and Processors in ensuring compliance and respect for the rights of data subjects. The DPO can be contacted at dpoteam@cotralspa.it

Purpose and legal basis of processing

Personal contact data are processed for purposes related and instrumental to the collection of contractual and pre-contractual information, and for the execution of the contractual and/or collaborative relationship, as well as for purposes related to the management of related obligations (e.g. accounting and/or tax) and for tasks of a technical-organizational nature.

The bases of legitimacy of these processing activities may include contractual necessity or pre-contractual measures, but also processing, monitoring and verification necessary for the fulfillment of provisions arising from legal obligations.

Other activities, such as service/product control, management of electronic processing systems, or communications pertaining to the relationship contracted or being finalized, could be based on the assumption of the legitimate interest of the Data Controller.

Methods of data collection, processing and storage

The personal data processed are contact data, as well as additional identifying and economic-financial information in the case of contractual relationships entered into with individuals.

The processing of information of legal persons entities and Suppliers and personal data of interested parties, i.e. natural persons employees/collaborators of them, will be based on the principles of fairness, lawfulness and transparency, and the protection of privacy rights, and will be carried out by manual, paper and automated means for the time strictly necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access.

Personal data will be kept for the duration of the contract and as long as obligations or fulfillments related to its execution persist.

Even after the termination of the contractual relationship, Cotral and any other authorized parties may retain your personal data of an administrative-accounting nature – including for compliance with legal and regulatory obligations, as well as for their own or third parties’ defensive purposes – or for the fulfillment of specific legal obligations, until the expiration of the regulatory retention period applicable on a case-by-case basis.

Personal data will be processed in compliance with applicable regulations and in accordance with the confidentiality obligations imposed on authorized personnel and external parties who perform processing as Processors on behalf of Cotral.

His rights

EU Regulation 2016/679 (Articles 15 to 23) grants data subjects the exercise of specific rights. In particular, in relation to the processing of your personal data, you have the right to request from Cotral: access to your data; rectification, erasure and portability of your data; restriction of processing; and opposition to processing.

Specifically:

It can, in addition, file a complaint against the Supervisory Authority, which in Italy is the Italian Data Protection Authority.

Right of access: You may ask Cotral to confirm whether or not personal data concerning you is being processed and if so, to obtain access to the personal data;

Right of rectification: You may obtain from Cotral the rectification of inaccurate personal data concerning you;

Right to erasure/oblivion: You may, under certain circumstances, obtain from Cotral the erasure of personal data concerning you;

Right to portability: You may, under certain circumstances, obtain from Cotral your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit them to another data controller without hindrance from COTRAL;

Right to limitation of processing: You may, under certain circumstances, obtain limitation of processing from Cotral;

Right to object to processing: You may object at any time, on grounds related to your particular situation, to the processing of personal data concerning you; Cotral will refrain from further processing your personal data, unless you demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or in the case of establishing, exercising or defending a right in a court of law.

Cotral in accordance with the European Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter also “Regulation”, or “GDPR”) intends to explain to interested parties the necessary information on the use of the data of its users, collected through the use of the application for smartphones “BusCotral”, by calling the Contact Center or by filling out the information request forms on the Company’s website. We recommend that you read this information carefully to understand how we process personal data and what your rights are.

Type of personal data

By“personal data“, we mean any information capable of identifying, directly or indirectly, a natural person (so-called “Data Subject”). The personal data you provide, will be used in accordance with the principles of lawfulness, relevance and necessity of processing provided by the data protection regulations.

You will be asked for the biographical information strictly necessary for user identification and for eventual registration with the “BusCotral” application, and contact information to handle requests; photographs will also be required for the issuance of Travel Tickets.

In the case of acquisition of these data from third parties such as in the case of Social log-in through Facebook, Apple, Google for registration and access to the application “BusCotral” will be processed only the data that, according to privacy preferences, the user has set on these Social Networks.

Under certain circumstances, (e.g., for facilities or gratuities) the information to be provided, then, in processing the request, for services reserved for the disabled or beneficiaries of special facilities under the law, “special categories of personal data,” such as health status information, may be processed.

In relation to calls to the Contact Center, whose operators are located throughout the country, please be advised that the same may:

• Be recorded for purposes of monitoring the quality of the service provided;
• transcribed in real time through the use of special software, for the purpose of improving the service provided.

The provision of data is optional; of course, any refusal or incorrect or insufficient communication of data suitable to meet the request may result in the total or partial impossibility to implement the operations. The “BusCotral” application can also be used without the user’s registration, but only for the purpose of consulting the ride schedules. If the user wishes to make full use of the functionality of the application (e.g. purchase of the ticket), he/she must register by providing the minimum necessary data (First Name, Last Name, email, phone number) for the normal execution of the requested services. The data are processed by the Owner and the Co-Owners or Managers and under no circumstances are they transferred or sold to third parties. However, specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Purpose and legal basis of processing

The data that are the subject of processing are processed and used for the following purposes:

• Fulfilling requests for information sent by the data subjects themselves; in this case the legal basis for such processing is the execution of pre-contractual measures; establishing or updating the Register of Users, and managing the contractual relationship: the processing of the Data Subject’s personal data is carried out in order to give effect to the issuance of the Securities and to manage public transport services; the legal basis for such processing is the execution of the contract; purposes related to the obligations provided for by laws, regulations and EU legislation as well as provisions issued by authorities legitimized to do so and by supervisory and control bodies, as well as obligations in tax and accounting matters; these purposes also include those of verification of the validity of the Travel Tickets and the management of fines and penalties in case of violations; for communication activities related to public transport; in this case the legal basis is the task of public interest;
• Purposes functional to the activity of the Company for the management of public transport, exercised in the legitimate interest of the Owner after the establishment of the relationship. The following activities fall into this category:
  • Survey of customer satisfaction with the quality of services rendered and activities performed, carried out directly or through third parties;
  • control, including through geolocation and video surveillance systems on board transportation vehicles, in the interest of people’s safety and for the protection of Cotral’s assets;
  • Statistical (anonymous) processing of travel data for studies related to wheeled transportation needs.

In addition, for further processing such as promotional and marketing activities or profiling of your travel preferences, you will be asked to give or withhold optional consent to the processing. Any consent given with respect to these purposes is freely revocable at any time, without prejudice to the lawfulness of the processing carried out before revocation.

Requested information belonging to special categories of personal data (e.g., visual and/or motor disabilities) and information on minors is processed exclusively for purposes of significant public interest (particularly for granting and revoking benefits, and for social welfare activities to protect minors and needy, dependent and incapacitated individuals).

How personal data are processed and stored

The processing will be carried out both in paper form and with the aid of electronic and/or automated tools; the data recorded in Cotral’s computer systems can only be accessed by Cotral’s authorized internal persons or employees of external companies, specially appointed Data Processors.

The recording of the footage taken by the video surveillance systems may be made available to the Company’s internal control functions and possibly handed over to judicial police bodies in charge of public security audits, or to insurance companies in the event of a claim. In any case, all personal data acquired are not subject to dissemination or automated decision-making, and specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.

Cotral retains your data for a period of time identified according to the criteria of civil prescription and in compliance with specific sector laws, as well as according to the terms necessary for the proper pursuit of the control purposes identified above. Specifically, data recorded in video surveillance systems are automatically overwritten (and stored encrypted for up to 7 days). Recordings and transcripts of calls to the Contact Center will be retained for a maximum of 7 days and will be automatically erased from the systems.

Some personal data, as part of the operation of regional public transport, i.e., in the Metrebus Integrated Electronic Ticketing System, are recorded in the central Regional Information Systems to which the Lazio Region and other transport companies such as ATAC S.p.A., Trenitalia S.p.A., Gruppo Ferrovie dello Stato, or service companies of the Lazio Region operating the systems may have access.

Cotral may also disclose the personal data of service users to law enforcement agencies or other public administrations pursuant to legal obligations or the exercise of rights of defense in court. No personal data provided by users is transferred outside the European Union.

What are the rights for data subjects

Cotral is available to receive any requests to exercise the rights of interested parties, which should be addressed to the e-mail address: privacy@cotralspa.it or dpoteam@cotralspa.it;

At any time you may exercise against the Data Controller the rights to protect the data subjects, in particular:

Propose, in addition, complaints to the Supervisory Authority, in the cases and for the effects expressed by the current legislation, in the manner described on the website of the Authority for the Protection of Personal Data – https://www.garanteprivacy.it; mandate a non-profit body, organization or association, which are duly constituted according to the law of the Italian State, to propose on your behalf and to exercise on your behalf the complaints to the Authority for the Protection of Personal Data.

obtain confirmation of the existence or otherwise of personal data concerning him/her and their communication in intelligible form; obtain indications regarding: a) the purposes and methods of processing; b) the logic applied in case of processing carried out with the aid of electronic instruments;

to know the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as managers or authorized persons; to obtain, also: a) access to the personal data processed by Cotral; b) the updating, rectification or, when there should be an interest, and if possible, the cancellation of the data; c) the portability, for certain services rendered, of the data provided; to oppose, in whole or in part, the processing of your personal data in cases where this is expressly permitted by laws or regulations;

Our app uses users’ precise location data to ensure the proper operation of certain services, such as real-time schedules, suggestion of stops near the user, and departure locations near the user. Location access is used solely to improve the user experience and will not be shared with third parties without the user’s consent.

Users have the option to disable geolocation at any time through their device settings. However, disabling this feature may limit some features of the app.