Last modified: 11/08/2023

Allo Cabs Privacy Notice

I. Introduction

When you use Allo, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices.

This notice describes the personal data (“data”) we collect, how it’s used and shared, and your choices regarding this data. We recommend that you read this along with our privacy overview, which highlights key points about our privacy practices.

II. Overview

A. Scope

This notice applies to all users of Allow’s services worldwide, including Allo’s apps, websites, features, and other services.

  • Riders: Individuals who request or receive transportation and related services via their Allocabs account.
  •  Drivers: Individuals who provide transportation to Riders individually or through partner transportation companies.

B. Data controller and transfer

Allo operates, and processes personal data, globally; wherever and whenever you travel, your data travels with you so we can offer you a seamless experience. We also respect your data protection rights whether you are in your home country or elsewhere.

This means that we may transfer personal data to countries other than your home country in order to provide our services in a different country at your request. We may also transfer personal data to another country if necessary to respond to a customer support request you submitted outside your region. Users in another country may access trip/order histories after they have left the country where services were rendered. Because our services involve multiple users simultaneously, limited personal data may be accessible to other users in another country.

We do so in order to fulfil our agreements with all of our users, or based on users’ instructions or prior consent, adequacy decisions for the relevant countries, or other transfer mechanisms as may be available under applicable law, such as the Standard Contractual Clauses.

We may also transfer data to other countries in order to respond to a request for personal data from a law enforcement agency. To provide additional safeguards to these data transfers, Allo applies a robust internal procedure for processing these requests. Allo only discloses personal data to law enforcement agencies in a manner that is consistent with the regulatory requirements of applicable laws, such as the GDPR. 

Allo has implemented the following procedures globally to help offer equal data protection wherever you use our services:

  • policies and procedures to limit access to, and the processing of personal data for defined purposes;
  • specific training of personnel responsible for managing personal data;
  • Data is securely protected when in transit between Allo apps and our servers, as well as when it is processed on our servers. This involves the use of encryption and pseudonymized data to help safeguard users’ entire identities from unauthorised publication.
  • For your convenience, you can exercise your data protection rights by contacting Allo through any of the specified channels listed above, and they will be processed centrally on behalf of the relevant controller. You can send questions, comments, and concerns about Allo’s data practices here. You can also use this form to ask Allo’s Data Protection Officer a question and request a copy of the Standard Contractual Clauses or other transfer mechanisms in place for the data processing activity in issue.

III. Data collections and uses

A. The data we collect

This notice applies to all users of Allow’s services worldwide, including Allo’s apps, websites, features, and other services.

  • Provided by users to Allow, Such as during account creation
  • Created during our services, such as location, app usage, and Device data.

    We’ve included a visual summary of the data we collect and how we use it for your convenience.

    1. Data provided by users. This includes:

    • User profile information:

      User profile data: We collect this information when users create or update their Allo accounts or place orders using the guest checkout services. Their name, email, phone number, login name and password, address, profile picture, payment or banking information (including related payment verification information), driver’s licence, and other government-issued documents (which may include identification numbers as well as their birth date, gender, and photo) may be included. This also contains driver and delivery person car or insurance details, emergency contact information, user settings, and evidence of health or fitness to provide services utilising Allo apps.

    • Background check information (drivers): This comprises information submitted during the driver/delivery person application process, such as driver history or criminal record (where authorised by law), licence status, known aliases, former addresses, and work authorization. An authorised Allo’s team may acquire this information.
    • Identity verification photos:

      This comprises user photographs (such as selfies) and/or government-issued identification documents (such as driver’s licences or passports). Such images could be used to validate a user’s identity, for example, using facial recognition technologies. Please visit the “How we use personal data” section for more information on how user images are used for safety and security purposes, such as identity verification.

    •  Demographic data:

      When certain Allo services or programmes, such as Allo Cash, alcohol deliveries, or safety features that allow women users to set a preference to provide or receive services to/from other women (“Women Rider Preference”), we may collect demographic data about users, such as birth date/age, gender, or occupation. We may also gather demographic data through user surveys, such as age group and household composition, and use this information to offer Allo products and services that are likely to be of interest to you.We may also deduce demographic information from other user data. We may, for example, deduce a user’s gender based on their first name in order to enable safety features such as the Women Rider Preference or to offer personalised adverts for third-party products or services.

      User Content:  When customers contact Allo customer support (including at Allo Greenlight Hubs or via phone chat or video conferencing capabilities), provide ratings or feedback for other users, or otherwise contact Allo, we gather the data they provide. Photographs or audio or video recordings submitted by users in connection with a customer service request may be included. This also includes details about the communication mode you use with Allo. The contents of user-submitted photographs and recordings are subject to Allo’s Community Guidelines.

    • Travel information: Users of our Allo Travel service provide us with travel itinerary information, including the times and dates of upcoming vehicle rental reservations. We gather such information: (i) when users manually enter their information into their Allo Travel itinerary; or (2) via travel-related email confirmations if users authorise us to access their email account. If users authorise it, allo will only access their email accounts to collect travel itinerary information in order to enable the Allo Travel feature and will abide by the applicable email provider policies, including Google’s API Services User Data Policy, which imposes certain limitations on the use of data collected from their email accounts. Users can deactivate Allo’s access to their email accounts at any time by navigating to their email service provider’s settings.

2. Data created during use of our services. This includes:

    • Location data (driver and delivery person): When the Allo app is running in the foreground (app open and on-screen) or background (app open but not on-screen), we receive precise or approximate location data from drivers’ and delivery personnel’ mobile devices.
    • Location data (riders and order recipients). Allo collects such data from the time a ride or order is requested until it is completed, as well as whenever the app is active and on-screen. For details on how riders and order recipients can enable exact location data gathering, see “Choice and transparency” below.

      Riders and order recipients can use the Allo apps without allowing their mobile devices to collect location data. However, this may have an impact on certain Allo app functionalities. A rider who has not enabled exact location data, for example, will have to manually enter their pickup address.

      Furthermore, precise location data obtained from a driver’s device during a journey is linked to the rider’s account, even if the rider has not authorised precise location data collection from their device. This information is used for things like receipt generation, customer support, fraud detection, insurance, and litigation.

    • Transaction information: We collect transaction information related to the use of our services, such as the type of services requested or provided; trip or order details (such as date and time, requested pick-up and drop-off addresses, distance travelled, and items ordered); and payment transaction information (such as the name and location of a restaurant or merchant, amount charged, and payment method). We also link a user’s name to anyone who uses their promotion code.
    • Usage data:  We gather information on how users engage with our services. Access dates and times, app features or pages seen, browser type, app crashes, and other system activities are all included
    • Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data
    • Communications data:  We collect information about phone, text, and in-app communications between Allo app users. This contains the date and time, as well as the text or in-app message content. We may also collect the content of phone calls where users are informed ahead of time that the call may be recorded.
    •  

3. Data from other sources These include:

  • Users who take part in our referral programs When a user refers another user, for example, we obtain the referred person’s data from that user.
  • Account owners who seek services for or on behalf of other users (such as friends or family members) or who allow other users to request services are considered service providers.
  • Users or others who provide information in connection with claims or disputes
  • partner transportation firms (for drivers or delivery people who use our services through an account affiliated with a partner transportation company).
  • publically available sources.
  • Marketing partners and service providers, such as banks, in connection with cash-back programmes and data resellers.
  • Officials from law enforcement, public health, and other government agencies

B. How We Use Data

Allo makes use of data to provide dependable and convenient transportation. We also make use of data.

  • to improve our users’ and services’ safety and security
  • for client service
  • to conduct research and development
  • to allow people to communicate with one another
  • for the sake of marketing and advertising
  • to send users non-marketing communications
  • with relation to legal procedures

1. To provide our services: Allo uses data to provide, personalize, maintain, and improve our services.:

This includes leveraging data to:

  • Accounts can be created and updated.
  • facilitate transit and other services and features such as:
  • Using location data to navigate rider pickups and track ride progress
  • Enabling data-sharing capabilities, such as sharing the driver’s initial name and car details with riders to expedite pick-ups.
  • matching available drivers to users requesting services, including based on personal data such as location and proximity to other users, user settings and preferences (such as preferred destinations), and non-personal data such as vehicle type desired.
  • enabling account-linking capabilities, such as linking email addresses to establish an Allo account to log in.
  • Calculating pricing and charges, including the use of location data and trip information such as requested pick-up and drop-off destinations, We may also consider non-personal data or criteria such as date and time, expected distance and time, minimum base rates, tolls, taxes and levies, and surge pricing.
  • process payments and enable payment and e-money products such as Allo Money
  • to provide users with excursions, produce receipts and notify them about changes to our terms, services, or policies.
  • execute the tasks required to keep our services running, such as debugging software defects and operational issues.
  • Allo does the aforementioned activities because they are required to fulfil the terms of our agreements with users, are compatible with such uses, or are required for Allow’s and its users’ legitimate interests.

2. Allo uses data to provide, personalize, maintain, and improve our services:

  • Verifying users’ accounts, identities, or compliance with safety standards.
  • For example, we conduct background checks on drivers (including criminal history where required or permitted by law) to confirm their identities and eligibility to provide transportation.
  • We may also do rider and order recipient identity verification using names, dates of birth, emails, phone numbers, payment information, and third-party wallets to assist prevent fake accounts from utilising our services.
  • To achieve this verification, we process user profile pictures, government-issued identity photos and numbers, or other user-submitted photographs, including in some locations through the use of facial recognition technology. We also utilise such technology to prevent people from creating numerous accounts or from fraudulently using identifying images.
  • We also utilise facial recognition technology to prevent unauthorised users from accessing Allo accounts. We also utilise this tool to validate changes to bank account information and to make recovering account access easier.
  • We also collect data from driver devices to confirm the type of cars used for pickup and dropoff.
  • Identifying potentially risky drivers and driving by using customer service information (including reports of safety incidents), device data (e.g., to detect fast or severe braking / acceleration), transaction, and usage data. This can result in messages advocating safer driving and/or account deletion following human review.
  • Using account, device, location, usage, transaction, cellular carrier, and other data, including user conversations and metadata, to prevent, detect, and combat fraud, including those committed by guest users.
  • Using reported incidents, user ratings*, and other feedback to encourage safe use of Allow’s platform and compliance with our conditions, as well as as justification for deactivating users with low ratings.
  • predicting and avoiding user pairings that may result in increased risk of conflict using driver data (such as past trip information and reported incident rates) and rider data (such as account information, cancellation and reported incident rates, current pick-up and drop-off location, past trip information, and ratings information). We also prevent pairings in which one user has rated the other poorly (e.g., 1 star).
  • Providing live support from safety experts during excursions by using location, phone number, user name, vehicle details, and other important information.
  • The above-mentioned fraud and unsafe driving prevention and detection operations may be considered profiling under applicable legislation and may result in user deactivation (usually only after human review).
  • Allo does the aforementioned actions because they are required to complete the terms of our user agreements and/or for the legitimate safety and security interests of Allo, our users, and members of the general public.

3. Customer Support:

We use the information we gather (which may include call recordings, chat logs, and dashcam footage) to provide customer support, including investigating and responding to user issues, as well as monitoring and improving our customer support answers and processes.

Allo does the aforementioned actions because they are required to fulfil the conditions of our agreements with users or for Allo’s legitimate interests in monitoring and enhancing its customer support services.

4. Research and Development:

We analyse data, apply machine learning, design products, conduct research, and test them. This allows us to make our services more convenient and user-friendly, improve their safety and security, and create new services and features.

Allo does the aforementioned actions because they are important for Allo’s legitimate interests in enhancing and creating new services and features.

5. Enabling communications between users:

A driver, for example, may message or contact a passenger to confirm a pick-up location and a rider may call a driver to collect a misplaced item.

Allo does the aforementioned operations because they are required to fulfil the conditions of our user agreements.

6. Marketing and Advertising:

Allo markets its services using data.

We use account, approximate location, device and usage data, and travel data to create personalised advertisements and marketing communications based on users’ observed or inferred location, interests, and characteristics (which may include inferred gender*).

This involves using the information to:

  • Send emails, text messages, push notifications, in-app messages, and other communications marketing or advertising Allo products, services, features, offers, promotions, sweepstakes, news, and events. We may, for example, send push alerts suggesting a user’s favourite destinations or in-app messaging providing discounts or promotions for rides.
  • Show Allo ads on third-party apps or websites.
  • Third-party advertising may be displayed in Allo apps or in connection with our services. These advertising (marked as “offer Banner ” in Allo apps) provide personalised recommendations depending on users’ location. We also show advertisements for third-party products that are not available on Allo apps.

We also offer personalised adverts based on information about the user’s current travel, such as the time of request and the services requested. For example, if a user requests a trip to the grocery, we may display in-app advertisements for third-party products that may be available at that store.

We also track the effectiveness of Allo advertisements as well as third-party ads that appear in Allo apps or in connection with our services.

Allo engages in the foregoing activities because they are necessary for Allo’s legitimate interests in informing users about Allo services and features or those supplied by Allow partners.

7. Non-marketing communication:

Allo may use data to send surveys and other communications that are not intended to market Allo or its partners’ services or products. We may also send information to users about elections, ballots, referendums, and other political processes related to our services. For example, Allo has advised users in their areas about vote initiatives or pending laws relating to Allo’s services.

Allo does the aforementioned actions because they are required to fulfil the terms of our agreements with users or to protect Allo’s and its users’ legitimate interests in notifying users about events that may affect their use of Allo’s services.

8. Legal proceedings and requirements:

We utilise data to investigate or resolve claims or disputes relating to Allo’s services, to comply with applicable laws, regulations, operating licences or agreements, insurance policies, or in response to legal processes or governmental requests, including from police enforcement.

Allo does the aforementioned actions because they are essential for Allo’s legitimate interests in investigating and responding to claims and disputes connected to the use of Allo’s services and features, and/or to comply with applicable legal obligations.

C. Cookies and Third-party technologies

Cookies are little text files that websites, apps, online media, and advertisements place on browsers or devices. Allo use cookies and related technologies for a variety of objectives, including:

  • user authentication
  • keeping track of user preferences and settings
  • calculating the popularity of content
  • executing and measuring the success of advertising campaigns
  • analysing site traffic and trends, as well as learning about the online behaviours and interests of those who use our services

D. Data sharing and disclosure

Allo may share data:

1. With other users: The includes Sharing:

  • Riders’ initial names, ratings, and pickup/dropoff locations are shared with drivers.
  • For drivers, we may share data with the rider(s), order recipient(s), and driver profile, including compliments and other feedback submitted by previous users; vehicle make, model, colour, number plate, and vehicle photo; location (before and during trip); average rating provided by users; total number of trips; period of time since they signed up to be a driver; contact information; and driver profile, including compliments and other feedback submitted by previous users.
  • We share certain data of referred users, such as trip count, with the user who referred them as necessary to establish the referral bonus for individuals who engage in Allo’s referral programme.

2. With Allo service providers and business partners: These include the third parties, or categories of third parties, listed below. Where a third party is identified, please see their linked privacy notices for information regarding their collection and use of personal data.

  • Payment processors and facilitators, such as (bank Name) background check, identity verification, and risk solution providers.
  • Providers of cloud storage.
  • customer support platform and service providers.
  • Google, as it relates to the use of Google Maps in Allo’s apps.
  • To reach or better understand our consumers and measure advertising effectiveness, we engage with marketing partners and marketing platform providers such as social media advertising services, advertising networks, third-party data suppliers, and other service providers.
  • Service providers who help Allo improve the safety and security of its apps and services.
  • Service providers who offer artificial intelligence and machine learning technologies and services.
  • Accountants, consultants, lawyers, and other professionals provide professional services.

3. For legal reasons or in the event of a dispute: 

Allo may share users’ data if we feel it is necessary by applicable law, regulation, operating licence or agreement, legal process or governmental request, insurance policy, or is otherwise suitable due to safety or similar considerations.

This includes sharing data with law enforcement, public health officials, other government authorities, airports (if required by airport authorities as a condition of operating on airport property), insurance companies, or other third parties as needed to enforce our Terms of Service, user agreements, or other policies; to protect Allo’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the Services.

In the event of a credit card dispute, we may be obligated by law to share a user’s data, including trip or order information, with the owner of that credit card.

This includes exchanging information with others in connection with or during talks for any merger, sale of corporate assets, consolidation or restructuring, financing, or purchase of all or a portion of our business by or into another firm.

4. With consent:

Allo may share a user’s data in ways other than those specified in this notice if we notify the user and they approve.

E. Data retention and deletion

Allo retains user data for as long as necessary for the above-mentioned purposes, which varies depending on data type, the category of user to whom the data relates, the purposes for which we collected the data, and whether the data must be retained after an account deletion request for the purposes described below.

  • For example, if such data is required to perform our services, we retain it for the term of the user’s account. For example, account information
  • If necessary to meet tax obligations, for a period of seven years. For example, drivers’.
  • for specific time periods as determined by safety or fraud prevention. For example, we keep incomplete driver applications for one year and rejected driver applications for seven years.

Users may request the deletion of their account via the Allo app’s Support or via Allo’s email.

Following an account deletion request, we delete the user’s account and data, except when necessary for safety, security, fraud prevention, or compliance with legal requirements, or when issues with the user’s account (such as an outstanding credit or an unresolved claim or dispute) arise. For drivers, this generally means that we keep some information on them for as long as it is required for real or possible tax, lawsuit, or insurance claims. We normally erase data for rider and order recipients within 90 days of an account deletion request, unless retention is required for the reasons stated above.

IV. Choice and Transparency

Allo enables users to access and/or control data that Allo collects, including through: 

  • privacy settings
  • device permissions
  • in-app rating pages

1. Privacy Settings: Riders can modify or adjust their options for location data collection and sharing, emergency data sharing, and notifications in the Allo app’s Account > Settings menu.

Share location:

  • Riders can allow Allo to share real-time location data from their mobile device with emergency police, fire, and ambulance services. This includes providing the approximate location at the time the emergency call was placed, as well as information on the car’s make, model, colour, and number plate; the rider’s name and phone number, pickup and dropoff locations, and the driver’s identity.
  • Riders can enable and disable this feature through the device’s permissions.
  • Drivers can also enable and cancel Emergency Data Sharing using the App settings > Emergency Data Sharing option.

V. Legal information

A. Data Controller and Data protection

  • Allo Pvt. Ltd. is the controller of the data processed in connection with Allo’s services in Sri Lanka.
  • Users (riders and drivers) may submit requests to exercise their data rights.
  • Users may also contact Allo’s Management via email at (allo.management@allow.com or (– Head office address–) with questions about Allo’s processing of their personal data or their data protection rights.

B.Legal Framework for Data Transfers

Sri Lanka is where Allo operates and processes user data. As a result, your personal data may be processed in other countries. This includes processing your data on Allo’s Sri Lankan servers and transferring or permitting access to your data in order to: provide you with services wherever you request them.

  • Give you with access to your information, such as trip/order history, whenever and wherever you need it.
  • Give access to and responses from Allo’s customer service specialists.
  • As needed, react to information demands from governments or law enforcement.

Allo is committed to protecting our users’ personal data regardless of where they are situated, where their personal data is processed, or by whom it is processed. This entails putting in place global safeguards to protect users’ data, such as:

  • Safeguarding user data when in transit, including through encryption, and at rest.
  • Requiring company-wide privacy and data security training.
  • Putting in place internal policies and procedures to limit access to and use of users’ data.
  • Limiting government and law enforcement access to user data unless necessary by law, there are imminent dangers to safety, or users have consented to the access.

C.Updates to this Privacy Notice

This notice may be updated from time to time. If we make significant changes, we will warn users in advance via the Allo apps or other ways, such as email. We advise users to visit this notice on a regular basis for the most up-to-date information on our privacy practises. To the extent permitted by law, use of our services following an update represents consent to the new notice.