2022-11-18
Most of this document is based on the official GDPR template.
The main goal is to provide you (and everyone else) with accurate, up-to-date, low-latency real-time public transit info, including the actual vehicle locations (displayed on a map). You may see that info on zenbus.net, our android and iOS apps, or any site, app or service that uses our APIs (many of them standard open-data feeds). Some (very minimal) info inevitably ends-up on our servers, and some (pretty usual) usage stats are shared with analytics services.
We’ll try our hardest to earn your trust, and this starts by not spying on you (nor anyone else) (for instance, as a passenger, your location info is never sent, it stays on your device) or really doing anything you’ve not explicitly agreed to.
Only our (paying) customers have accounts. Quite naturally we store (just enough) info to allow them to securely login, as they are the people actually running the public transit networks (and/or supervising, modelling them, employing bus drivers, etc.). Our customers are paying us to collect (analyse, display, etc.) data about their public transit networks, which include detailed positions of devices in vehicles and other potentially sensitive information. This information may be sent to our servers by direct calls to Zenbus APIs, or by using the Zenbus Driver app. This is always covered by a contract, in addition to this document.
Geolocation data (trajectories) of vehicles, with a high sampling frequency and accuracy, and more generally all the “real-time inputs” of the system (meta-data about what the vehicle is supposed to be doing, occupancy status). We receive such data through the Zenbus Provider API, as used by our own Zenbus Driver app. A valid contract with Zenbus is required.
Technical connections logs (remote connection address, timestamp, endpoint and request parameters, google account when applicable i.e. in the authenticated parts of the zenbus.net website), stored for a month.
Occasionally volontary survey data.
For paying customers, google account id (email address).
Configured (or at least provided) by paying customers, info about devices that provide the real-time location of monitored vehicles (public buses and the like), and info about the vehicles themselves. Except for public identifiers, none of these are made public.
Configured (or at least provided) by paying customers, info about the public transit network (such as routes and schedules).
Actual trips, statistics and statistical models derived (in-house) from the above.
We collect and process data when you:
Use or view our websites, services and apps (zenbus.net, zenbus.fr, Zenbus app, Zenbus Driver app), via cookies and connection logs.
Voluntarily complete a customer survey or provide feedback.
Upload and/or edit it (paying customers on the zenbus.net website or its APIs).
Because we use google analytics, some info about you that we didn’t collect may be shown to us.
We use google analytics.
Also, obviously: the public transit service (APIs, server algorithms, clients) uses the provided transit data, some of which might be sensitive. To be specific we’re talking about vehicle data that might be linked to specific drivers, using additional data that we don’t have and don’t request. In very few cases the ZenbusDriver app might be installed on a personal phone, and our database may thus contain a private phone number (and android-id and other meta-information of the sort). Our contract should cover that. If you’re unsure : don’t provide us with sensitive information! We don’t need it, we don’t want it!
Connection logs are stored for a month.
Public transit data is securely stored in the datastore and BigQuery.
Zenbus would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Zenbus for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Zenbus correct any information you believe is inaccurate. You also have the right to request Zenbus to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Zenbus erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Zenbus restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Zenbus transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
Zenbus does not generate specific cookies… but google cloud services and google analytics do, and that’s what we use.
Well, we don’t, but as far as google accounts of paying customers “just work”, it’s thanks to cookies.
Same goes for every user and google analytics, which is how we understand how you use our apps and websites.
There are a number of different types of cookies, however, our website uses:
Functionality – Zenbus uses these cookies so that we recognize you on our websites (i.e. google accounts for paying customers).
Advertising – Zenbus uses google analytics, so they collect data and then share it with us, so that we can know about your visit to our websites, the content you viewed, the links you followed and information about your browser, device…
You can set your browser not to accept cookies, and you always may remove cookies from your browser. Expect to be logged out if you do. ^^
The zenbus.fr website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy. Yeah, that means all those nice links to and from facebook, twitter, linked-in, etc. are spying on you.
Zenbus keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 28 February 2022.
If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to email us.
Should you wish to report a complaint or if you feel that Zenbus has not addressed your concern in a satisfactory manner, you may contact the CNIL.