Privacy Policy

%>

1. Introduction and Controller Information

This Privacy Policy explains how Goosed ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our roadside assistance platform. This policy complies with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Data Protection Act 2018 (Ireland)
  • ePrivacy Directive 2002/58/EC (as amended)
  • EU Cookie Law and EU Directive 2009/136/EC

Data Controller

Goosed Platform

Ireland

Email: legal@goosed.ie

Data Protection Officer

Email: dpo@goosed.ie

Phone: Available via email request

2. What Personal Data We Collect

We collect different types of personal data depending on your role (customer or service provider) and how you interact with our platform.

2.1 Account and Profile Information

  • Identity Data: Name, date of birth, email address, phone number, profile photograph
  • Credentials: Username, password (encrypted), two-factor authentication data
  • Profile Preferences: Language, communication preferences, notification settings

2.2 Vehicle and Service Information

  • Vehicle Data: Make, model, year, color, registration number, VIN
  • Insurance Information: Insurance provider, policy number, coverage details
  • Service History: Past service requests, provider ratings, feedback
  • Emergency Contacts: Names and phone numbers of designated emergency contacts

2.3 Location Data

Sensitive Location Tracking:

Our service requires precise location data to function. We collect:

  • GPS Coordinates: Real-time location when requesting or providing services
  • Route Data: Provider travel routes to service locations
  • Location History: Historical location data for completed services
  • Geofencing Data: Entry/exit from service areas and designated zones
  • IP Address Location: Approximate location based on IP address

2.4 Device and Technical Data

  • Device Information: Device type, operating system, browser type, device ID
  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Technical Data: IP address, time zone, session data, cookies
  • App Permissions: Camera (for photos), microphone (for calls), background location

2.5 Payment and Financial Data

  • Payment Information: Credit/debit card details (tokenized), billing address
  • Transaction Data: Payment history, invoices, receipts, refunds
  • Tax Information: VAT numbers for business accounts

Note: Payment card data is processed by our PCI-DSS compliant payment processors. We do not store full card numbers on our servers.

2.6 Service Provider Specific Data

  • Business Information: Company registration, tax ID, business insurance
  • Professional Credentials: Driving license, trade certifications, qualifications
  • Background Checks: Garda vetting results, identity verification
  • Vehicle Information: Service vehicle details, NCT certificates, insurance
  • Financial Data: Bank account details for payments, earnings history
  • Performance Metrics: Response times, customer ratings, service quality scores

2.7 Communication Data

  • Messages: In-app messages, SMS, email correspondence
  • Call Data: Phone call metadata, recordings (with consent)
  • Support Tickets: Customer service inquiries, complaints, feedback

2.8 Special Category Data (GDPR Article 9)

Sensitive Personal Data:

We may collect special category data only with your explicit consent or where legally required:

  • Health Information: Disability accommodations, medical emergency information (voluntary)
  • Criminal Records: Background check results for service providers (legal requirement)

3. Legal Basis for Processing (GDPR Article 6)

Under GDPR Article 6, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity (Article 6(1)(b))

Processing necessary to perform our contract with you:

  • Creating and managing your account
  • Matching customers with service providers
  • Processing payments and transactions
  • Providing real-time location tracking for service delivery
  • Communicating about service requests

3.2 Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations:

  • Tax reporting and VAT compliance
  • Anti-money laundering checks
  • Background checks for service providers (safety requirements)
  • Record-keeping for insurance and liability purposes
  • Responding to law enforcement requests

3.3 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests or third parties, balanced against your rights:

  • Platform security and fraud prevention
  • Service improvement and analytics
  • Marketing to existing customers (with opt-out option)
  • Quality assurance and training
  • Business intelligence and reporting

3.4 Consent (Article 6(1)(a))

Processing based on your explicit, freely given consent:

  • Marketing communications (promotional emails, SMS)
  • Location tracking when app is not in use
  • Cookies and tracking technologies (non-essential)
  • Special category data (health information)
  • Call recording for quality purposes

You can withdraw consent at any time through your account settings or by contacting dpo@goosed.ie. Withdrawal does not affect the lawfulness of processing before withdrawal.

3.5 Vital Interests (Article 6(1)(d))

Processing necessary to protect vital interests:

  • Emergency situations requiring immediate location sharing
  • Health and safety emergencies
  • Contacting emergency contacts in critical situations

4. How We Use Your Personal Data

4.1 Service Delivery

  • Connecting customers with qualified service providers
  • Real-time GPS tracking to dispatch providers efficiently
  • Facilitating communication between customers and providers
  • Processing payments and managing transactions
  • Sending service updates and notifications
  • Maintaining service history and records

4.2 Safety and Security

  • Verifying provider credentials and conducting background checks
  • Monitoring platform for fraudulent activity
  • Investigating incidents, complaints, and policy violations
  • Emergency response coordination
  • Insurance claims processing

4.3 Platform Improvement

  • Analyzing usage patterns and service performance
  • Conducting research and development
  • Testing new features and functionality
  • Personalizing user experience
  • Improving matching algorithms

4.4 Communication

  • Sending transactional emails (booking confirmations, receipts)
  • Customer support and responding to inquiries
  • Platform updates and important notices
  • Marketing communications (with consent)
  • Survey and feedback requests

4.5 Legal and Compliance

  • Complying with legal obligations and regulations
  • Enforcing our Terms of Service
  • Protecting our rights and property
  • Responding to legal requests from authorities
  • Resolving disputes and claims

5. Data Sharing and Third-Party Disclosure

We share personal data with third parties only when necessary and in accordance with GDPR requirements.

5.1 Service Providers (Data Processors)

We share data with trusted service providers who process data on our behalf under GDPR Article 28 Data Processing Agreements:

  • Cloud Hosting: Amazon Web Services (AWS), Google Cloud Platform
  • Payment Processing: Stripe, PayPal (PCI-DSS compliant)
  • Email Services: Mailgun, Postmark
  • SMS Services: Twilio, MessageBird
  • Analytics: Google Analytics (anonymized IP), Mixpanel
  • Customer Support: Zendesk, Intercom
  • Background Checks: Authorized vetting services
  • Mapping Services: Google Maps, OpenStreetMap

5.2 Service Provider Network

When you request roadside assistance, we share necessary information with service providers:

  • Your name and contact information
  • Vehicle details
  • Current location and destination
  • Service requirements
  • Special instructions or preferences

5.3 Business Transfers

If Goosed is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements

We may disclose personal data when legally required:

  • Compliance with legal obligations
  • Response to valid court orders or subpoenas
  • Cooperation with law enforcement
  • Protection of our rights and property
  • Prevention of fraud or illegal activity
  • Public safety emergencies

5.5 Insurance Companies

With your consent or when necessary for claims processing, we may share data with insurance companies for policy verification and claims handling.

Data Processor Safeguards:

All third-party processors are required to implement appropriate technical and organizational security measures and comply with GDPR requirements.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may not have equivalent data protection laws.

6.1 Transfer Safeguards

We ensure adequate protection through:

  • European Commission Adequacy Decisions: Transfers to countries deemed to provide adequate protection
  • Standard Contractual Clauses (SCCs): EU Commission-approved contracts with data recipients
  • Binding Corporate Rules: For transfers within corporate groups
  • Privacy Shield Replacements: Alternative mechanisms for US transfers

6.2 Countries We Transfer Data To

  • United States: Cloud hosting (AWS), payment processing (Stripe), support tools
  • United Kingdom: Data centers and support services
  • Switzerland: Secure data storage

You can request copies of the safeguards we have in place by contacting dpo@goosed.ie.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy and to comply with legal obligations.

7.1 Retention Periods

Data Type Retention Period Legal Basis
Account Information Duration of account + 7 years Legal, tax, liability
Service History 7 years after service Insurance, liability claims
Location Data 90 days (operational), 7 years (service-related) Service delivery, disputes
Payment Data 7 years Tax law, accounting
Background Checks Duration of provider account + 7 years Legal obligation, safety
Marketing Consent Until withdrawn or 3 years inactivity Consent management
Support Communications 6 years after resolution Legal claims, quality
Analytics Data 26 months (anonymized) Business intelligence

7.2 Deletion Process

When retention periods expire or upon valid deletion requests, we:

  • Permanently delete data from active systems
  • Remove data from backups within 90 days
  • Anonymize data that must be retained for statistical purposes
  • Maintain deletion logs for audit purposes

Note: Some data may be retained longer when required by law (e.g., accounting records, legal proceedings, insurance claims).

8. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data. We will respond to requests within one month.

8.1 Right of Access (Article 15)

You have the right to obtain:

  • Confirmation that we process your personal data
  • A copy of your personal data
  • Information about how and why we process your data
  • Details of data recipients and retention periods

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. You can update most information through your account settings.

8.3 Right to Erasure - "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • Data is no longer necessary for original purposes
  • You withdraw consent and no other legal basis exists
  • You object to processing and no overriding legitimate grounds exist
  • Data was unlawfully processed
  • Legal obligation requires deletion

Note: This right is not absolute. We may retain data when required for legal obligations, defense of legal claims, or public interest purposes.

8.4 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.

8.5 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes:

  • Marketing: Absolute right to opt-out at any time
  • Legitimate Interests: We must demonstrate compelling grounds to continue processing
  • Profiling: Right to object to automated decision-making

8.6 Right to Restriction of Processing (Article 18)

You can request we limit processing when:

  • You contest data accuracy (during verification period)
  • Processing is unlawful but you oppose erasure
  • We no longer need data but you need it for legal claims
  • You have objected to processing (pending verification of grounds)

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time through:

  • Account settings (marketing preferences, location tracking)
  • Unsubscribe links in emails
  • Contacting dpo@goosed.ie

8.8 Right to Lodge a Complaint

You have the right to complain to a supervisory authority:

Data Protection Commission (Ireland)

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Phone: +353 57 868 4800 or +353 (0)761 104 800

Email: info@dataprotection.ie

Website: www.dataprotection.ie

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies in compliance with the ePrivacy Directive and EU Cookie Law.

9.1 What Are Cookies

Cookies are small text files stored on your device. We use cookies to improve functionality, analyze usage, and provide personalized experiences.

9.2 Types of Cookies We Use

Strictly Necessary Cookies (No Consent Required)

Essential for platform operation. Cannot be disabled:

  • Authentication: Session management, login state
  • Security: CSRF protection, fraud prevention
  • Load Balancing: Server routing
  • Cookie Consent: Storing your cookie preferences

Functional Cookies (Consent Required)

Enhance functionality and personalization:

  • Preferences: Language, region, theme settings
  • Features: Map preferences, notification settings
  • Chat Support: Customer service widget functionality

Analytics Cookies (Consent Required)

Help us understand platform usage:

  • Google Analytics: Traffic analysis (anonymized IP)
  • Mixpanel: User behavior analytics
  • Performance Monitoring: Error tracking, page load times

Marketing Cookies (Consent Required)

Used for advertising and remarketing:

  • Advertising Networks: Google Ads, Facebook Pixel
  • Remarketing: Display ads on other websites
  • Conversion Tracking: Measure campaign effectiveness

9.3 Third-Party Cookies

Third parties may set cookies when you use our platform:

  • Google Maps: For location services
  • Payment Processors: Stripe, PayPal
  • Social Media: If you interact with social features
  • Customer Support: Zendesk, Intercom

9.4 Managing Cookie Preferences

You can control cookies through:

  • Cookie Banner: Manage preferences when you first visit
  • Account Settings: Update preferences in your account
  • Browser Settings: Block or delete cookies (may affect functionality)

9.5 Other Tracking Technologies

  • Web Beacons: Small graphics for email tracking
  • Local Storage: HTML5 storage for app data
  • SDKs: Mobile app analytics and crash reporting
  • Device Fingerprinting: Fraud prevention (limited use)

Cookie Consent:

We obtain explicit consent before placing non-essential cookies. You can withdraw consent at any time through your cookie preferences.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

10.1 Technical Security Measures

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Firewalls: Network segmentation and intrusion detection
  • Vulnerability Management: Regular security audits and penetration testing
  • Secure Development: Code reviews, security testing, dependency scanning
  • Monitoring: 24/7 security monitoring and incident detection
  • Backup Systems: Encrypted backups with disaster recovery procedures

10.2 Organizational Security Measures

  • Staff Training: Regular data protection and security training
  • Access Restrictions: Need-to-know principle for data access
  • Confidentiality: All staff sign confidentiality agreements
  • Vendor Management: Due diligence on third-party processors
  • Incident Response: Data breach response procedures
  • Data Protection Impact Assessments: For high-risk processing

10.3 Data Breach Notification

In the event of a personal data breach:

  • We will notify the Data Protection Commission within 72 hours when required
  • Affected individuals will be notified without undue delay if high risk exists
  • Notifications will include nature of breach, likely consequences, and measures taken
  • We maintain records of all data breaches

Your Security Responsibilities:

  • Keep your password secure and confidential
  • Enable two-factor authentication
  • Log out from shared devices
  • Report suspicious activity immediately
  • Keep your app updated to latest version

11. Children's Privacy

Our platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children.

11.1 Age Verification

  • Users must confirm they are 18+ during registration
  • Service providers must be 18+ with valid driving licenses
  • We verify age through documentation for service providers

11.2 Parental Rights

If you believe we have inadvertently collected data from a child under 18, please contact us immediately at dpo@goosed.ie. We will promptly:

  • Investigate the matter
  • Delete the child's data from our systems
  • Terminate the account if applicable

12. Automated Decision-Making and Profiling

We use automated processing in limited circumstances. Under GDPR Article 22, you have rights regarding automated decision-making.

12.1 Automated Processing We Use

  • Provider Matching Algorithm: Matches customers with available service providers based on location, availability, and qualifications (not solely automated - subject to provider acceptance)
  • Fraud Detection: Automated screening for suspicious activity and fraud prevention
  • Pricing Calculation: Dynamic pricing based on distance, time, and service type
  • Quality Scoring: Provider performance metrics and customer ratings

12.2 Profiling Activities

We may create profiles for:

  • Service personalization and recommendations
  • Fraud risk assessment
  • Marketing segmentation (with consent)
  • Platform usage analysis

12.3 Your Rights

You have the right to:

  • Not be subject to solely automated decisions with legal or significant effects
  • Request human intervention in automated decisions
  • Express your point of view and contest decisions
  • Obtain explanation of decisions reached

Note: No decisions with legal or similarly significant effects are made based solely on automated processing without human oversight.

13. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee GDPR compliance and handle data protection matters.

13.1 DPO Responsibilities

  • Monitoring GDPR compliance
  • Advising on data protection impact assessments
  • Cooperating with supervisory authorities
  • Acting as contact point for data subjects and authorities
  • Conducting staff training on data protection

13.2 Contact the DPO

You can contact our Data Protection Officer regarding any data protection matters:

Data Protection Officer

Goosed Platform

Email: dpo@goosed.ie

Subject Line: "Data Protection Inquiry"

We will respond to your inquiry within 30 days. For urgent matters, please indicate "URGENT" in the subject line.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes

  • Material Changes: 30 days advance notice via email and platform notification
  • Minor Changes: Notice on platform and updated "Last Modified" date
  • Legal Requirement Changes: Immediate implementation with notification

14.2 Review and Consent

We encourage you to review this policy periodically. Continued use after changes constitutes acceptance, except for material changes requiring new consent.

Last Updated: December 06, 2025

15. How to Exercise Your Rights

We make it easy for you to exercise your GDPR rights. Here's how:

15.1 Self-Service Options

  • Account Settings: Update personal information, preferences, marketing consent
  • Privacy Dashboard: Download your data, view processing activities
  • Cookie Preferences: Manage cookie consent settings
  • Communication Preferences: Opt-out of marketing emails

15.2 Submitting Requests

To exercise your rights, contact us at:

Email: dpo@goosed.ie

Subject Line: "GDPR Rights Request - [Your Right]"

Include:

  • Your full name and email address
  • Account details (if applicable)
  • Specific right you wish to exercise
  • Description of your request
  • Proof of identity (for security purposes)

15.3 Response Timeline

  • Standard Requests: Response within 1 month
  • Complex Requests: Up to 3 months (with notification and explanation)
  • Urgent Matters: Prioritized response for security or breach issues

15.4 Verification Process

To protect your data, we may request additional information to verify your identity before processing requests. This may include:

  • Government-issued ID
  • Proof of address
  • Account verification questions
  • Two-factor authentication

15.5 No Fee Policy

We do not charge fees for exercising your rights, unless requests are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable administrative fee or refuse the request.

16. Additional Information

16.1 Do Not Track Signals

Some browsers include "Do Not Track" (DNT) features. Currently, there is no industry standard for DNT. We do not respond to DNT signals but honor opt-out preferences managed through cookie settings.

16.2 Links to Third-Party Websites

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

16.3 Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that present high risks to your rights and freedoms, including:

  • Real-time location tracking
  • Background checks and vetting
  • Large-scale processing of special category data
  • Automated decision-making systems

16.4 Privacy by Design and Default

We implement privacy by design and default principles:

  • Data minimization - collecting only necessary data
  • Purpose limitation - using data only for stated purposes
  • Storage limitation - retaining data only as needed
  • Default privacy settings - most protective settings by default
  • Pseudonymization and encryption where appropriate

Your Privacy Matters

We are committed to protecting your personal data and respecting your privacy rights. If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please don't hesitate to contact us.

Quick Contact

General Inquiries: privacy@goosed.ie

Data Protection Officer: dpo@goosed.ie

Legal Department: legal@goosed.ie

Support: support@goosed.ie

Legal Compliance Notice: This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018 (Ireland), the ePrivacy Directive 2002/58/EC, and applicable Irish and EU data protection laws. This policy has been prepared to meet the transparency requirements of GDPR Articles 13 and 14.