This Personal Data Protection policy sets out the policies and practices for Shariot™ (Car Sharing Programme by Autobahn Rent A Car Pte Ltd) and its subsidiaries and affiliates (collectively, “SHARIOT”, “we”, or “us”), with respect to how SHARIOT collects, uses, discloses, and otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This notice applies to personal data collected by SHARIOT via this website and other websites operated or provided by SHARIOT, mobile applications provided by SHARIOT, and by any other means in the course of providing the Products and/or Services, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for SHARIOT.

SHARIOT may collect personal data from you, when you register on our website, subscribe to our newsletter, complete our survey form, fill out any form (via our website or face-to-face), enter into any agreement with us, when you send us queries, requests and feedback to us, when your images are captured by us via in-car cameras while you are using our service or photographs or videos taken by us or our representatives when you attend events, roadshows, contests and promotions hosted by us, when you download or use SHARIOT’s mobile applications, or when you submit your Personal Data to us for any other reason.

Personal Data We Collect From Our Mobile Application

• Full Name
• Email Address
• Mobile Number
• NRIC / FIN
• Date of Birth
• Address
• Payment Card Details
• Driving Licence Document
• NRIC Document
• Selfie
• Mobile GPS Location (when you click “use current location” to search nearest carpark)

If you have provided us with your email address or mobile phone number, and consented to us sending you promotional and marketing information, we may send you promotional and marketing materials via email, SMS, or MMS.

You can choose not to receive such materials by selecting the unsubscribe option which we provide in each email, SMS, or MMS sent to you, or otherwise inform us.

If you have installed our mobile application(s) on your mobile device, we may send you promotional and marketing materials via push and pop-up notifications through the application(s). You can choose not to receive such materials by disabling push and/or pop-up notifications in the application(s) or in your mobile device settings.

We may collect and use your personal data for any or all of the following purposes:

• To build, conduct and maintain our business relationship with you, including to process transactions and payments;
• To track our vehicles’ usage and suggest closest available carpark that has our vehicles
• To contact you in relation to your transactions and enquiries with us, and to respond to any communications you may have with us;
• To administer events, roadshows, contests, and promotions that you have participated in;
• To make recommendations on the type of Products and/or Services that you should book, based on our knowledge of your last servicing with us;
• To improve our website, Products and Services;
• To better understand our customers;
• To maintain and update our records;
• To train our staff and develop our business and operations;
• Where you have provided consent, to send you periodic emails about promotions, events, Products and Services that you may be interested in;
• To verify or enforce compliance with the policies governing our website or mobile applications, and applicable laws;
• To protect against misuse or unauthorised use of our website or mobile applications;
• For any other purposes for which the personal data was provided to us;
• For any other purposes to which you have consented; and
• For any other purposes permitted or required by law.

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Personal Data may be exchanged with or among SHARIOT, any of its existing or future related or associated companies (“Affiliate”) or any third party in order to satisfy the purposes for which the Personal Data have been collected (collectively referred to as “Recipients”). Personal Data will not be shared with a third party without a valid business or legal reason, a data sharing agreement in place, or without your consent.

All Recipients who are managing and handling Personal Data supplied by us in accordance with the PDPA will be required to confirm that they will abide by the requirements of the PDPA with regard to the Personal Data supplied by us.

Personal Data will only be transferred to Recipients not located in Singapore in accordance with the requirements of the PDPA to ensure that a suitable level of protection of the Personal Data, which is comparable to the protection under the PDPA, is provided. In case the country where the Recipient of Personal Data is located does not provide such comparable data protection standard by law or is taken to have satisfied such standard according to the PDPA, we will bind them either by contract or corporate rules to ensure that the Recipient complies with the material provisions of the PDPA.

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of data loss prevention software to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

SHARIOT takes reasonable steps to ensure the personal data it holds is accurate and complete. An access or correction request shall be made to the DPO in writing (email or mail). The Data Protection Officer will respond to a written request within 30 days after receiving the request or, if the DPO is unable to respond during that time, he/she shall within that time inform you in writing of the time by which he/she will respond to the request. Please note that in certain circumstances, we are not obliged to accede to your request.

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner: dpo@shariot.com

We may revise this policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.