Apollo Go Privacy Policy

Apollo Go provides you with account registration and login functions to ensure the security of your account.

(1) When registering or logging into an account, you need to provide us with your mobile phone number. Alternatively, you can choose to log in with a third-party account such as Google.

(2) In order to ensure the security of your account, carry out risk control and defense, when you register/log in to your account, we will collect your device information and information related to the registration/login environment (including International Mobile Device Identity (IMEI), Advertising Identifier (IDFA), Integrated Circuit Card Identity (ICCID), device name, device model, operating system version, WIFI information, BSSID, SSID, IP address information).

After logging into your account, you can use the function to book and participate in the Pilot Test as provided through Apollo Go.

(1) If you use the function to book and participate in the Pilot Test, we will apply for access to your location in your device system.

(2) Apollo Go collects your order location, departure location, arrival location, tracking trajectory, time and distance information by recording your user behavior and accessing your location. We collect the above information based on navigation functions, legal and regulatory requirements, and the need to protect your physical safety and property safety. If you refuse to provide access to your location, it will prevent you from participating in the Pilot Test smoothly. If you refuse us to obtain your tracking information, it may result in us not being able to obtain your actual driving route and not being able to better protect your rights.

(3) You can refuse Apollo Go from using the identity information you provide by deleting the identity information of passengers and companions at any time. After the identity information is deleted, you may not be able to use the relevant functions provided based on identity information, or achieve the expected effects of the above-mentioned identity based functions, but it will not affect your normal use of Apollo Go's other functions that can be achieved without identity information.

After logging in to your account, you can use the query site function provided by Apollo Go. If you use the query site function, we will apply for location permission for your device system. After obtaining your authorization and consent, we will collect your location information for the purpose of displaying nearby sites and sites in your city.

Apollo Go may occasionally initiate activities for newly launched features. If the newly launched features require processing of your Personal Data or applying for device system permissions without your authorization and consent, we will obtain your consent separately. For sensitive Personal Data processing, we will obtain your separate consent separately. If you participate in relevant activities, we may collect information including but not limited to your identity, contact information, and trading account through the activity interface, in order to contact you, confirm your participation information, conduct user experience follow-up, and distribute activity rewards to you. If you do not participate in the relevant activities, you do not need to provide the aforementioned information.

If you have any questions about the relevant functions we provide or need customer service intervention for dispute resolution, in order to verify your identity and locate your problem, you may need to provide your identity information for verification. In order to ensure the quality of calls and the proper resolution of disputes, we may keep records of your communication with us, including call records, information you provide related to dispute resolution, and the contact information you use or provide.

We may send multiple types of notifications to one or more of the contact information (such as phone number) provided by you during the use of Apollo Go and/or its features for purposes such as user message notification, identity verification, security verification, user experience research, etc.

When you use the location-based features provided by Apollo Go, we may collect and process information about your device, location, and network identity to enable you to use the following features without manually entering your geographic coordinates. Location information includes precise location information obtained through GPS information, WLAN access points, Bluetooth, base stations, and other sensor information (such as gyroscope sensors, acceleration sensors, etc.), as well as rough geographic location information obtained through IP addresses or other network information. When you use the following functions, we will request precise geographic location permission authorization. If you refuse to authorize precise geographic location permission, we will not provide you with the above functions based on precise location information. We will only provide you with functions based on the city and/or district information corresponding to the IP address or other network information, as well as rough location information inferred from other network location information. Please be aware that the IP address information we use has undergone de identification processing. Data analysis and inference only correspond to specific codes that cannot be directly associated with your identity and will not be linked to your real information.

(1) When you use the function to book Pilot Test, we will collect your location information in order to provide you with nearby stations and the ability to reserve vehicles.

(2) When you use the query site function, in order to provide you with more accurate search results for the surrounding area and city, we will collect your location information.

(3) When you successfully book the Pilot Test and use the navigation function, we will collect your location information in order to provide you with a reference route for walking to the station.

You can cancel the system authorization for Apollo Go to access your precise location information at any time, and stop our collection of your precise geographic location information. Afterwards, you may not be able to use the relevant functions provided based on precise location information, or achieve the intended effects of the relevant functions provided based on precise location information. But this will not affect your normal use of Apollo Go's other functions that are not based on precise location information.

In order to ensure that we can more accurately locate and solve the problems you encounter when using Apollo Go, improve and optimize the user experience of Apollo Go, safeguard the security of your account, prevent, detect, investigate fraud, endangering security, illegal or violating our agreements, policies or rules, and protect the legitimate rights and interests of you, us or our affiliates, partners and the public, we will collect your device information, location information, log information and other information related to the login environment.

Please understand that when you switch Apollo Go from the device screen to running in the background, due to some device models and system reasons, the information collection behavior generated by your previous use of Apollo Go related functions may not be immediately stopped, resulting in a brief background information collection behavior.

We may receive your Personal Data from our affiliates, partners, and other trusted third-party suppliers (Associates) in accordance with laws and regulations or based on your valid consent, in order to jointly provide you with products/services or improve the quality of product/service or for reasonable needs such as product and service security considerations. We will require the Associates to explain the source of their Personal Data in advance and confirm the legality of their Personal Data source. At the same time, we will understand the scope of authorization and consent obtained by the Associates for Personal Data processing. If the Personal Data processing activities required for conducting business exceed the scope of authorization and consent obtained, we will obtain your explicit consent within a reasonable period of time after obtaining the Personal Data or before processing the Personal Data, or obtain your explicit consent through the Associates.

Please note that we may process your Personal Data for purposes/purposes that do not require your prior consent, in accordance with relevant laws and regulations, national standards, and/or requirements of relevant regulatory authorities.

Provided that your Personal Data is not publicly disclosed, we have the right to mine, analyze, and utilize the anonymized user database (including commercial use), and have the right to collect statistics on product/service usage and share anonymized statistical information with the public/third parties.

When we are to use your Personal Data for a purpose that is different from the purpose when such Personal Data was collected, we will seek your prior consent separately.

We will not share your Personal Data with third parties other than authorized partners and ourselves unless you have given your prior separate consent or comply with other laws and regulations, except for those that cannot identify specific individuals and cannot be restored after processing.

We will investigate the data security environment of companies, organizations, and individuals with whom we share Personal Data, sign strict confidentiality agreements, and require them to handle your Personal Data in accordance with legal confidentiality and security measures. We may share your Personal Data with the following third parties in the following situations:

We will not transfer your Personal Data to any company, organization, or individual other than us, except in the following circumstances:

(1) Obtain your explicit authorization or consent in advance;

(2) Meet the requirements of laws, regulations, legal procedures, mandatory government requirements, or judicial rulings;

(3) If we or our affiliates are involved in transactions such as mergers, divisions, liquidations, acquisitions or sales of assets or businesses, your Personal Data may be transferred as part of such transactions. We will ensure the confidentiality of such information at the time of transfer, inform you of the name or contact information of the recipient, and make every effort to ensure that the new company or organization holding your Personal Data continues to be bound by this Privacy Policy. Otherwise, we will require the company or organization to seek your authorization and consent again.

We will only publicly disclose your Personal Data in the following situations:

(1) Obtain your separate consent;

(2) Based on laws and regulations, legal procedures, litigation, or mandatory requirements from government regulatory authorities.

(3) When issuing punishment notices for illegal accounts and behaviors, we will disclose information about the relevant accounts, which inevitably includes account related authentication information and violations.

In order to adapt to the use of Apollo Go and third-party platform services on different mobile devices, and achieve functions such as mobile device identity authentication, mobile device security, logging into third-party platform accounts, and sharing information through third-party platforms, Apollo Go has integrated third-party SDKs. The above-mentioned third-party SDK providers include mobile device manufacturers, social platforms, communication operators, and third-party payment institutions. Some third-party SDKs may call your device permissions and obtain your relevant information, so that you can use the corresponding functions normally on different mobile devices or third-party platforms. The device permission types and information obtained by different third-party SDKs may vary, including obtaining your location, reading/writing your external storage card, reading your phone status and identity, viewing WLAN connections, and retrieving running applications/Bluetooth information. Regarding the specific device permission types called by third-party SDKs, as well as how to collect and use your Personal Data, we suggest that you refer to the relevant service agreements and privacy policies of third-party SDKs.

In order to better serve you, we may entrust third-party partners to process your Personal Data. We will only entrust third-party partners to process your information for legal, legitimate, necessary, specific, and clear purposes. We will strictly limit the information processing purposes of the trustee and require the trustee to adopt sufficient data security measures. If a third-party partner uses your information for purposes that we have not delegated, they will obtain your consent separately. Our authorized partners include advertising and analytics service providers. We will entrust these partners to handle information related to advertising placement, advertising effectiveness, and advertising reach, while complying with industry standard security technologies. Without your valid authorization, we will not entrust third-party partners to process information that can directly identify your personal identity. If you voluntarily leave your contact information, address information, and other Personal Data for a specific third-party partner to contact you, they will directly process your Personal Data. In the context of joint processing, we will also sign relevant agreements with our partners in accordance with legal and regulatory requirements, and fulfill relevant Personal Data protection obligations.

We will keep your Personal Data for the period required to provide the service, but in cases where laws and regulations have other provisions on the retention period, you agree to keep it for a longer period, ensure the safety and quality of the service, achieve dispute resolution purposes, or it is technically difficult to achieve, we will extend the retention period in accordance with the law, contract, or within a reasonable range after the expiration of the aforementioned retention period.

After exceeding the retention period, we will delete your Personal Data or anonymize it in accordance with legal regulations.

(1) We will collect, use, store, and transmit user information based on the principle of "minimization", and inform you of the purpose and scope of the use of relevant information through user agreements and privacy policies.

(2) We attach great importance to information security. We have established a dedicated team responsible for developing and applying various security technologies and programs. We conduct security background checks on security management personnel and key security positions. We have established a sound information security management system and internal security incident handling mechanism. We will take appropriate security measures and technological means that comply with industry standards to store and protect your Personal Data, in order to prevent loss, unauthorized access, public disclosure, use, damage, loss or leakage of your information. We will take all reasonable and feasible measures to protect your Personal Data. We will use encryption technology to ensure the confidentiality of data; We will use trusted protection mechanisms to prevent data from being maliciously attacked.

(3) We will cultivate employees' awareness of data security and provide training and assessment on security capabilities to strengthen their understanding of the importance of protecting Personal Data. We will authenticate the identity and control the permissions of employees who process Personal Data, and sign confidentiality agreements with employees and partners who come into contact with your Personal Data, clarifying job responsibilities and codes of conduct to ensure that only authorized personnel can access Personal Data. If there is any violation of the confidentiality agreement, our cooperation will be immediately terminated and relevant legal responsibilities will be pursued. Confidentiality requirements have also been made for personnel who have access to Personal Data when leaving their posts.

(4) We remind you that the Internet is not an absolutely secure environment. When you interact with other users through third-party social software, email, SMS, etc. embedded in Apollo Go, you are not sure whether the third-party software completely encrypts the transmission of information, and pay attention to ensuring the security of your Personal Data.

(5) We also ask you to understand that in the Internet industry, due to the limitations and rapid development of technology and various possible malicious attacks, even if we try our best to strengthen security measures, it is impossible to always ensure 100% security of information. Please be aware that the systems and communication networks you use when using our products and/or services may have security issues beyond our control.

(6) According to our security management system, incidents of Personal Data leakage, damage, or loss are classified as major security incidents, and once they occur, the company's highest level emergency response plan will be activated.

(1) We will develop emergency plans for network security incidents, promptly deal with security risks such as system vulnerabilities, computer viruses, network attacks, and network intrusions. In the event of an incident that endangers network security, we will immediately activate the emergency plan, take corresponding remedial measures, and report to the relevant authorities in accordance with regulations.

(2) Personal Data leakage, damage, and loss are classified as major security incidents at the company level. We will be responsible for regularly organizing security plan drills for our team members to prevent such incidents from occurring. If an unfortunate event occurs, we will activate the emergency plan according to the highest priority, form an emergency response team, trace the cause in the shortest possible time, and reduce losses.

(3) After the unfortunate occurrence of a Personal Data security incident, we will promptly inform you of the basic situation and possible impact of the security incident, the measures we have taken or will take, suggestions for risks that you can independently prevent and reduce, and remedial measures for you in accordance with legal requirements. We will promptly inform you of the relevant situation of the event through on-site notifications, SMS notifications, phone calls, emails, and other contact information you have reserved. If it is difficult to inform you one by one, we will take reasonable and effective measures to publish announcements. At the same time, we will proactively report the handling of Personal Data security incidents in accordance with regulatory requirements. Please understand that according to laws and regulations, if the measures we take can effectively prevent information leakage, tampering, or loss from causing harm, we may choose not to notify you of the Personal Data security incident unless required by regulatory authorities.

In principle, you can access your Personal Data through the following methods:

(1) Account information: You can access the personal center - Settings - Account Management, access or edit personal profile information in your account, change your password, associate your account or authenticate your identity, etc.

(2) Common site information: You can view or clear common site information in the personal center - Common Sites.

(3) Usage information: You can view your itinerary details through the personal center - itinerary orders in Apollo Go.

You have the right to correct your Personal Data if it is not accurate or if it is incomplete. After verifying your identity and ensuring that the correction does not affect the objectivity and accuracy of the information, you can make corrections or supplements on your own through the personal center settings account management in Apollo Go, or submit your correction or supplement application to us through feedback and error reporting.

We shall strive to only process and retain your Personal Data for as long as We need to. Where there is no good reason for us continuing to process your Personal Data, You have the right to request that we erase Personal Data of yours that We hold, in particular where (i) it is no longer necessary for the purposes for which it was collected or processed, (ii) You have withdrawn your consent (where the data processing was based on consent) and/or there is no other ground for the processing, (iii) following a successful request on the ground of your right to object to processing, (iv) it has been processed unlawfully, (v) If we cease to provide products or services, (vi) if the retention period has expired, or (vii) based on the necessity to comply with a specific legal obligation to which we are subject to.

Upon our receipt of your request to erase your Personal Data, we will complete the deletion within 10 working days. However, in compliance with potential legal or regulatory requirements, or if it is technically difficult to erase your Personal Data, your Personal Data might be retained for a certain period even after your request for erasure, and we will stop processing other than storage and taking necessary security measures.

You have the right to withdraw your prior consent to processing based on it, at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data for the purpose(s) You originally agreed to.

(1) You can access the Personal Center - Settings - Account Management - Authorization Management to unbind your account from third-party accounts, or you can disable some functional options and revoke some authorizations through Apollo Go's Personal Center - Settings - Account Management.

(2) You can directly disable system permissions such as location in the device system, change the scope of consent, or revoke your authorization.

(3) After you withdraw your consent, we will no longer be able to provide you with the services corresponding to the withdrawal of consent, and we will no longer use your corresponding Personal Data. But your decision to withdraw your consent will not affect the Personal Data processing that was previously carried out based on your consent.

You can deregister the previously registered account.

(1) You can deregister your account on Apollo Go through the following path: Personal Center - Settings - Account Management - Account Deregistration.

(2) Once you deregister your account, you will no longer be able to use the product's services, so please proceed with caution. We will determine whether to support your deregisteration request based on your usage of the product in order to protect your or others' legitimate rights and interests.

Apollo Go is willing to accompany you at all times. If Apollo Go suspends or terminates the provision of related products and/or services due to special reasons, we will notify you within a reasonable period of time on the main page or internal message of the product or service, or send you an email or other suitable means of reaching you, and will stop collecting your Personal Data. At the same time, we will delete or anonymize the collected Personal Data in accordance with legal provisions.

You have the right to be informed of any processing of your data in clear, transparent, and easily understandable means. You have the right to request interpretation of our Personal Data processing rules. You can contact us through the contact information provided in Article 8.

To invoke your data subject rights, and for the purpose of ensuring the safety process of your Personal Data, please send an email or letter to us (see contact details below). Please note that You are entitled to lodge a complaint with a competent Data Protection Authority, concerning e& compliance with the applicable data protection laws and regulations.

Notwithstanding the above, under UAE Data Protection Law, we may process your Personal Data in the following cases:

If the processing is limited to storing Personal Data

If the processing is necessary to establish any legal claims or defense of rights or is in connection with any judicial proceedings

If the processing is necessary to protect the rights of third parties in accordance with applicable legislation

If the processing is necessary to protect the public interest.