Privacy Notice

Last Modified: 31 May 2022

This Privacy Notice and its Addendum(s) (“Privacy Notice”) describe how Grab Holdings Inc, its respective subsidiaries, affiliates, associated companies and jointly controlled entities (collectively “Grab”, “we”, “us” or “our”) collect, use, process and disclose your Personal Data through the use of Grab’s mobile applications and websites (respectively “Apps” and “Websites”), as well as products, features and other services globally, operated by Grab (collectively, “Services”).

This Privacy Notice applies to our consumers , agents, vendors, suppliers, partners (such as driver, delivery, and merchant partners), contractors and service providers (collectively “you”, “your” or “yours”).

Personal Data” is any information which can be used to identify you or from which you are identifiable. This includes but is not limited to your name, nationality, telephone number, bank and credit card details, personal interests, email address, your image, government-issued identification numbers, biometric data, race, date of birth, marital status, religion, health information, vehicle and insurance information, employment information and financial information.

We typically collect, use, disclose or otherwise process your Personal Data in accordance with this Privacy Notice with your consent, or in compliance with applicable laws, such as where:

  • it is required for us to comply with legal requirements;
  • it is required for us to enter into or perform a contract with you; and/or
  • for our legitimate interests or the legitimate interests of any other persons, including but not limited to for the purposes set forth in this Privacy Notice.

I.    COLLECTION OF PERSONAL DATA

This Privacy Notice and its Addendum(s) (“Privacy Notice”) describe how Grab Holdings Inc, its respective subsidiaries, affiliates, associated companies and jointly controlled entities (collectively “Grab”, “we”, “us” or “our”) collect, use, process and disclose your Personal Data through the use of Grab’s mobile applications and websites (respectively “Apps” and “Websites”), as well as products, features and other services globally, operated by Grab (collectively, “Services”).

This Privacy Notice applies to our consumers , agents, vendors, suppliers, partners (such as driver, delivery, and merchant partners), contractors and service providers (collectively “you”, “your” or “yours”).

Personal Data” is any information which can be used to identify you or from which you are identifiable. This includes but is not limited to your name, nationality, telephone number, bank and credit card details, personal interests, email address, your image, government-issued identification numbers, biometric data, race, date of birth, marital status, religion, health information, vehicle and insurance information, employment information and financial information.

We typically collect, use, disclose or otherwise process your Personal Data in accordance with this Privacy Notice with your consent, or in compliance with applicable laws, such as where:

  • it is required for us to comply with legal requirements;
  • it is required for us to enter into or perform a contract with you; and/or
  • for our legitimate interests or the legitimate interests of any other persons, including but not limited to for the purposes set forth in this Privacy Notice.

II.    USE OF PERSONAL DATA

Grab may use your Personal Data for the following purposes set out in the list below. (“Purposes”). Additionally, if you use Grab in various capacities (for example, if you use multiple Grab Services, or if you are both a driver partner/delivery partner and a consumer), we may link your Personal Data collected across your various capacities to facilitate your use of our Services and for the Purposes described below:      

Providing services and features

Your Personal Data will be used to provide, personalise, maintain and improve our Apps, Websites and Services. This includes using your Personal Data to:

  • engage you to provide you with Services across our various business verticals;
  • create, administer and update your account;
  • process, manage or verify your eligibility for or application of Services, promotions, rewards and subscriptions with Grab;
  • conduct due diligence checks and risk assessments / analysis;
  • verify your identity and age (where necessary);
  • validate your ride and process payments;
  • offer, obtain, provide, facilitate or maintain insurance or financing solutions;
  • track the progress of your trip and detect abnormal trip variations;
  • personalise your Apps experience (such as to recommend products and services relevant to you, identify your preferences or otherwise personalise your experience with Grab);
  • make your experience more seamless, such as automatically filling in your registration information (such as your name or phone number) from one Service to another Service or when you participate in our surveys;
  • perform internal operations necessary to provide our Services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analysing usage and activity trends;
  • protect the security or integrity of the Services and any facilities or equipment used to make the Services available;
  • enable communications between our users;
  • invite you to participate in our surveys and studies;
  • enable our partners to manage and allocate fleet resources; and
  • fulfil the services to you as a data processor, where you have provided consent to the data controller (i.e. the organisation you had purchased goods or services from, and for whom Grab is providing services on behalf of) for such services to be rendered. 

Safety and security

We use your data to ensure the safety and security of our Services and all users. This includes:

  • screening driver and delivery partners before enabling their use of our Services;
  • identifying unsafe driving behaviour such as speeding, harsh braking and acceleration, and providing personalised feedback to driver partners;
  • verifying your identity when you log in to Grab;
  • using device, location, profile, usage and other Personal Data to prevent, detect and combat fraud or unsafe activities;
  • sharing drivers and passengers of driver partners’ location and details when the emergency button or the “Share My Ride” feature is activated; and
  • monitoring compliance with our terms and conditions and policies.

User support

We use Personal Data to resolve user support issues. For example, we may:

  • investigate and address concerns;
  • monitor and improve our user support responses;
  • respond to questions, comments and feedback; and
  • inform you about steps taken to resolve user support issues.

Research and development and security

We may use the Personal Data we collect for testing, research, analysis and product development. This allows us to understand and analyse your needs and preferences, protect your Personal Data, improve and enhance the safety and security of our Services, develop new features, products and services, and facilitate development of insurance and finance solutions.

Legal purposes

We may use the Personal Data we collect for legal purposes, such as to investigate and resolve claims or disputes, detect/prevent/prosecute crime, or as allowed or required by applicable law.

We may also use your Personal Data when we are required, advised, recommended, expected or requested to do so by our legal advisors or any local or foreign legal, regulatory, governmental or other authority.

For example, we may use your Personal Data to:

  • comply with court orders or other legal, governmental or regulatory requirements;
  • enforce our Terms of Service or other agreements; and
  • protect our rights or property in the event of a claim or dispute.

Marketing and promotions

We may use your Personal Data to send you marketing communications relating to customised products or services (that may be of interest or relevance based on your profile), or Grab’s partners’, sponsors’ and advertisers’ products, services, events or promotions. For example, we may:

  • send you special offers that may be of interest or relevance to you across all of Grab’s service offerings;
  • send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and
  • notify, invite and manage your participation in our events or activities.

We may communicate such marketing to you by various means, where applicable (including by SMS, chat applications (e.g. WhatsApp, Telegram, LINE, Viber, WeChat, Zalo)), push notification, call, and by email).

If you wish to unsubscribe to the receiving of such marketing communications, please click on the unsubscribe link in the relevant email or message. Alternatively, you may also update your preferences in our Apps settings. Please note that while you may opt out of marketing or promotion communications, Grab may still send you service-related messages (such as information on your transactions, rewards, etc.).

User Published Content

If you publish content (such as a review or comment) on Grab’s platform, it will be shown publicly along with your personal data (such as profile name, uploaded photo(s)), and other information you choose to include in your content. For more information, see our Review Guidelines.

III.    DISCLOSURE OF PERSONAL DATA

We need to share Personal Data with various parties for the Purposes. These parties include:

Other users

For example: 

  • If you are a passenger of driver partners, we may share your username, pick-up and drop-off locations with our driver partner fulfilling your Service request;
  • If you are a driver partner, we may share your Personal Data with your passenger including your name and photo; your vehicle make, model, number plate, location and average rating;
  • If you are a delivery partner, we may share your Personal Data with your selected merchant and user, including your name and photo; your vehicle make, model, location and average rating;
  • If you are using our GrabExpress Service, we may share your Personal Data with the recipient of your parcel, and vice versa, as well as the delivery partner in charge of fulfilling your service request; and
  • If you use our in-app chat, we may share your mobile number and Grab-registered name with the other parties to your chat.

With third parties

With third parties related to your use of Grab Services

For example:

  • If you are a passenger of driver partners, we may share a vehicle’s location and driver’s and/or your name with third parties when you use the “Share My Ride” feature or activate the Emergency Button.
  • If you are a driver-partner, we may disclose your vehicle plate number or other personal data to the insurance company and/or to your passenger for the purpose of submission of insurance claims..

With the owner of Grab accounts that you may use

For example, your employer may receive trip data (tagged as business rides) when you use your employer’s Grab for Business account.

With subsidiaries and affiliates

We share Personal Data with our subsidiaries, associated companies, jointly controlled entities and affiliates. The companies in the Grab group share resources, such as infrastructure and technology, with each other to provide you with a consistent, relevant and secure experience when you use our Services, and for the Purposes set out in this Privacy Notice.

For example, we do this to make your experience more seamless, such as by automatically completing your registration information from your use of one Grab’s Service when you sign up for a new Grab Service.

With Grab’s service providers and business partners

We may provide Personal Data to our vendors, consultants, marketing partners, research firms, and other service providers or business partners. This includes:

  • payment processors and facilitators;
  • debt collectors;      
  • credit bureaus, alternative credit scoring agencies and any other credit reporting organisations;
  • background check and anti-money laundering service providers;
  • cloud storage providers;
  • advertising and marketing partners and platform providers;
  • data analytics providers;
  • research partners, including those performing surveys or research projects in partnership with Grab or on Grab’s behalf;
  • educational and training institute partners;
  • fleet and merchant partners;
  • insurance and financing partners;
  • third party intermediaries involved in the managed investment of funds, such as brokers, asset managers, and custodians;
  • service providers who perform identity verification services; and
  • vehicle solutions partners, vendors or third-party vehicle suppliers.

For example:

  • If you requested a service through a Grab partner or used a promotion provided by a Grab partner, Grab may share your Personal Data with that Grab partner.
  • If you have rented a vehicle from our recommended fleet partners to drive with Grab, we may share relevant information (e.g. the status of your account, applicable incentives/promotions, your ride statistics) for collaborative efforts (e.g. create new incentives and benefits for you or improving supply of driver partners).

With our legal advisors and governmental authorities

We may share your Personal Data with our legal advisors, law enforcement officials, government authorities and other third parties. This may take place to fulfil the legal purposes (mentioned above), or any of the following circumstances:

  • where it is necessary to respond to an emergency that threatens the life, health or safety of a person; or
  • where it is necessary in the public interest (e.g. in a public health crisis, for contact tracing purposes and safeguarding our community).

Business transfers

We may share your Personal Data with other parties, in connection with any acquisitions, sales, mergers, joint ventures, consolidation, restructuring, financing or any other type of business transactions. Your Personal Data will however remain subject to our obligations made in any pre-existing Privacy Notice that you have agreed to.

IV.    RETENTION OF PERSONAL DATA

We retain your Personal Data for the period necessary to fulfill the Purposes outlined in this Privacy Notice unless a longer retention period is required or allowed by law. Once your Personal Data is no longer necessary for the Services or Purposes, or we no longer have a legal or business purpose for retaining your Personal Data, we take steps to erase, destroy, anonymise or prevent access or use of such Personal Data for any purpose other than compliance with this Privacy Notice, or for purposes of safety, security, fraud prevention and detection, in accordance with the requirements of applicable laws.

V.    INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your Personal Data may be transferred from country, state and city (“Home Country”) in which you are present while using our Services to another country, state and city (“Alternate Country”).

When we transfer your Personal Data from your Home Country to the Alternate Country, we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will also ensure that the recipient in Alternate Country is obliged to protect your Personal Data at a standard of protection comparable to the protection under applicable laws.

Our lawful basis will be either consent (i.e. we may ask for your consent to transfer your Personal Data from your Home Country to the Alternate Country at the time you provide your Personal Data) or one of the safeguards permissible by laws.

VI.    COOKIES AND ADVERTISING ON THIRD PARTY PLATFORMS

Cookies

Grab, and third parties with whom we partner, may use cookies, web beacons, tags, scripts, local shared objects such as HTML5, advertising identifiers and similar technologies (collectively, “Cookies”) in connection with your use of the Websites and Apps, which may be persistent or stored only during an individual session on your browsers or devices.

Cookies may have unique identifiers, and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may be used for various purposes such as to:

  • provide the essential, basic functions of the use of our Websites, Services or Apps;
  • authenticate you, or remember your user preferences and settings;
  • delivering and measuring the effectiveness of advertising campaigns, such as by measuring number of views or clickthroughs;
  • analyse site traffic and trends;
  • serve you relevant advertisements across other apps and websites owned by other companies (whether by us or by other advertisers); and
  • enhance user interface and experience by generally understanding the online behaviors and interests of users who interact with our Website, Services or Apps.

Grab may allow third parties to use Cookies on the Websites and Apps to collect the same type of Personal Data for the same purposes Grab does for itself. Third parties may be able to associate the Personal Data they collect with other Personal Data they have about you from other sources. We do not necessarily have access to or control over the Cookies they use.

Disabling the collection of cookies on our websites 

You have the right to choose to disable, block or deactivate cookies. Please note that however refusal or removal of some cookies could affect the availability, functionality or use of our Website, Services or Apps.

You may adjust your internet browser settings to disable, block or deactivate cookies, delete your browsing history or clear the cache from your internet browser. The settings may be contained within the “History”, “Preferences”, “Settings” or “Privacy” section of your internet browsers, or you may otherwise consult the help section of your internet browser for more information.

Disabling the display of Targeted Ads through our App 

We may facilitate the display of targeted advertising on other platforms, such as on other online platforms that you may be a user of.

You may be able to limit our use of your Personal Data to display targeted advertisements on behalf of our advertisers, by adjusting your preference through the Apps. Depending on the type of phone and operating software that you are using, you may be granted the option to disable our use of mobile identifiers (such as Apple’s IDFA or Google’s GAID) and the ability to track you across apps and websites owned by other companies by adjusting the settings available on your mobile devices. Through adjusting the settings on your device, you can typically reset, delete, limit and/or otherwise restrict the use of such mobile identifiers.

Although we will not use your Personal Data to show you such targeted advertisements on other platforms, you may still see generic ads that appear relevant to you. This may be because we have engaged third party advertisers / platforms to display ads to users of specific attributes or demographic makeups who may find them relevant. You may be able to limit seeing these advertisements through managing your preferences on these platforms.

VII.    PROTECTION OF PERSONAL DATA

We will take reasonable legal, organisational and technical measures to ensure that your Personal Data is protected. This includes measures to prevent Personal Data from getting lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to our employees on a need to know basis. Those processing your Personal Data will only do so in an authorised manner and are required to treat your information with confidentiality.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through any online means, therefore, any transmission remains at your own risk.

VIII.    YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA    

In accordance with applicable laws and regulations, you may be entitled to:

  • inquire about the processing of your Personal Data and be provided with a copy of it;
  • in some cases, request the correction and/or deletion of your Personal Data;
  • in some cases, request the restriction of or object to the processing of your Personal Data;
  • withdraw your consent to the processing of your Personal Data (where we are processing your Personal Data based on your consent);
  • request receipt or transmission to another organisation, in a machine-readable form, of the Personal Data that you have provided to us where we are using your Personal Data based on consent or performance of a contract; and
  • complain to the relevant data privacy authority if your data privacy rights are violated, or if you have suffered detriment as a result of unlawful processing of your Personal Data.

Where you are given the option to share your Personal Data with us, you can always choose not to do so. If we have requested your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

However, choosing not to share your Personal Data with us, withdrawing your consent to our use of it or to your agreement with our Privacy Notice could mean that we are unable to perform the actions necessary to achieve the purposes of processing described in Section II (Use of Personal Data) or that you are unable to make use of the Apps or the Services.

After you have chosen to withdraw your consent, we may be able to continue to process your Personal Data to the extent required or otherwise permitted by applicable laws and regulations.

We will screen and verify all requests beforehand. In order to verify your identity and/or authority to make the request, we may require you to provide supporting information or documentation to corroborate the request. Once verified, we will give effect to your request within the timelines prescribed by applicable laws.


IX.    AMENDMENTS AND UPDATES

Grab may modify, update or amend the terms in this Privacy Notice at any time. Such amendments shall be notified to you through the Apps and/ or other appropriate means  at least five (5) business days before the effective date. The updated version will be posted on the website http://www.grab.com. It is your responsibility to review the Privacy Notice regularly. Your continued use of the Apps, Websites or Services, or continuing to communicate or engage with Grab following the effective date of the modifications, updates or amendments to this Privacy Notice , whether or not reviewed by you, shall constitute your agreement to be bound by such amendments.

 


X. HOW TO CONTACT US

If you have any queries about this Notice or would like to exercise your rights set out in this Notice , please fill-in the following form or direct your mail to our Data Protection Officer. :

For users in Philippines,
Name: MyTaxi PH Inc (Attention : Grab Privacy Office)
Address: Level 27&28 Exquadra T,ower – Lot 1A Exchange Road corner Jade Street, Ortigas Center Pasig City Philippines

For users in Thailand,
Name: Grabtaxi (Thailand) Co., Ltd. (Attention : Grab Privacy Office)
Address: 1550 Thanapoom Tower, 30th Floor, New Petchburi Road, Makkasan Sub-District, Ratchathewi District, Bangkok 10400, Thailand 

For users in other countries,
Name: c/o Grab Holdings Inc. (Attention : Grab Privacy Office)
Address: 6 Battery Road, #38-04 Singapore 049909

In order for us to attend to your queries expeditiously, we prefer that inquiries be made via the online form.

The original of this Notice is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.


ADDENDUM 1: GRAB FOR BUSINESS

I.    INTERPRETATION

All capitalised terms but undefined terms used herein shall bear the same meaning as those defined in the Terms of Use and Grab’s Privacy Notice.

This Addendum forms part of the Privacy Notice. In the event of any inconsistency between the Privacy Notice and this Addendum, this Addendum shall prevail.

II.    GRAB’S RELATIONSHIP WITH USERS AND CLIENTS

How Grab for Business works

Grab for Business is provided as an add-on feature to facilitate corporate billing for the Authorised Users’ use of Grab’s Services in the course of work.

When an organisation (“Client”) chooses to utilise Grab for Business, the Authorised User is given the option of tagging his/her rides or other transactions to the Client or to tag it as a personal ride. An Authorised User is referred to in the Privacy Notice as a passenger of driver partners.

As part of this feature, Grab will disclose detailed trip and booking information that Authorised Users have tagged as being for business purposes to the Client. Apart from this, Grab does not disclose other Personal Data of its Authorised Users to the Client.

Alternatively, an individual user may choose to set up a business profile within the Apps to facilitate the tagging of business-related rides and to generate consolidated trip reports to facilitate the submission of claims from his or her employer. When used in this mode, the claims process is user-driven and the user’s employer need not be a Client.

For ease of reference, Authorised Users and individual users will each be referred to as a “User” and collectively as “Users” in this Addendum.

Grab is a data controller, so are our Clients

In respect of any User and the processing of all their Personal Data (including but not limited to Linking Data and Portal Data), Grab acts as a data controller. For further information on how Grab collects, uses and discloses Users’ Personal Data, please refer to the Privacy Notice.

Due to the way Grab for Business works, Grab does not process any Personal Data for and on behalf of the Client. Accordingly, Grab is not the data processor of the Client, but an independent data controller in respect of all Personal Data that it processes in the course of providing the Grab for Business feature. Likewise, the Client is an independent data controller of the Personal Data (e.g. the Linking Data and Portal Data) that it discloses to and/or receives from Grab.

As independent controllers, Grab and the Client individually determine the purposes and means of processing Personal Data, subject to the provisions set out in the Terms of Use and this Privacy Notice. Grab and the Client are also individually responsible to ensure the protection of Personal Data under their charge.

III.    WHAT PERSONAL DATA IS COLLECTED, PROCESSED AND DISCLOSED

What Grab collects as part of Grab for Business

In order to provide the Grab for Business feature, the individual user or the Client will be required to provide the following information about the Authorised User to Grab:

  • full name;
  • business email address; and
  • other identifying information about the Authorised User as reasonably requested by Grab.

Grab will use this information for the purposes of:

  • authenticating the User;
  • where applicable, linking the Authorised User’s account with the Client’s Grab for Business account or tracking the Authorised User’s business profile bookings on the Apps, as the case may be;
  • where applicable, verifying the Corporate Billing status of such Authorised User from time to time; and
  • contacting the User in accordance with the purposes set out in the Privacy Notice .

Upon onboarding such User to the Apps, Grab will process the Personal Data of the User in accordance with the Privacy Notice and this Addendum.

What Grab discloses to its Clients

Grab will disclose relevant trip and booking information as determined by Grab from time to time to the Client to facilitate Corporate Billing.

What Grab discloses to its individual user

Depending on the business profile settings selected by the individual user, the user may retrieve and generate reports containing his/her relevant trip and booking information.

IV.    PARTIES’ OBLIGATIONS

The Client and Grab shall each:

  • individually inform their data subjects of how each processes Personal Data and allow their data subjects to exercise their rights under the local data protection/data privacy laws;
  • comply with the obligations applicable to each party under the applicable data protection/data privacy laws when processing any Personal Data of the Proposed or Authorised Users;
  • obtain the necessary consents (if applicable) to facilitate the provision of the Grab for Business feature; and
  • implement appropriate legal, technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against unauthorised loss, destruction, damage, alteration, or disclosure, as well as any breach or attempted breach of each party’s security measures (“Information Security Incident”).

ADDENDUM 2: GRABDEFENCE PRIVACY STATEMENT

This Privacy Statement (“Statement”) describes how GrabTaxi Holdings Pte. Ltd., its respective subsidiaries, affiliates, associated companies and jointly controlled entities (collectively “Grab”, “we”, “us” or “our”) collect, use, process and disclose data through use of GrabDefence and its related services (“GrabDefence”).

Grab provides its customers (“GD Customers”) with the GrabDefence service that helps to prevent, detect, and combat fraud or unsafe activities on their platforms and applications (such as web-based and mobile applications based e-commerce platforms) (“Digital Platforms”). GD Customers will integrate GrabDefence into their Digital Platforms to proactively capture data which helps to identify potentially fraudulent activities on their Digital Platforms.

This Statement applies to the users of GD Customers’ Digital Platforms (“you”), and strictly relates to the data collected, used and disclosed on behalf of GD Customers for the purposes of providing GrabDefence. Kindly refer to the applicable terms of service and/or privacy notices of the GD Customers to understand how they otherwise collect, use and disclose your data.

Please note that GrabDefence only collects information from the users of GD Customers’ Digital Platforms, details of which are shared in this statement.

I.    COLLECTION OF DATA

To provide GrabDefence to GD Customers, information from your device and information relating to your use of GD Customers’ Digital Platform will be collected. Such information include device identifier information (such as IMEI, Android ID, MAC address etc), device and hardware information (such as device name, screen size etc) as well as other contextual data in relation to your use of GD Customers’ Digital Platforms (such as IP address, Wifi address, GPS location data, etc).

We may combine the information we have collected to derive insights on a particular device (for example, insights on whether there are signs of app modification, data manipulation, device tampering, GPS spoofing). We do not attempt to personally identify you based on the information above in order to provide GrabDefence to GD Customers.

The information on your device that we collect above is done when you interact with GD Customers’ Digital Platforms, for example, when you launch the Digital Platform on your device or when you make a transaction on the Digital Platform. Such collection will be done in accordance with the GD Customers’ terms of service and/or privacy notices.

II.    USE OF DATA

We generally process your information on behalf of GD Customers in order to assist with their fraud detection efforts. It is up to the GD Customers’ sole discretion to apply the outcome derived from the use of GrabDefence on their Digital Platforms.

In this regard, we may use, combine and process your information for the following purposes (“Purposes”):

  • providing, operating and maintaining GrabDefence;
  • investigating faults with, and troubleshooting, GrabDefence;
  • research and development for GrabDefence, including but not limited to improving existing features and services, or developing new features and services, for GrabDefence;
  • detecting patterns in the datasets collected to gather insights on fraudulent activities;
  • regulatory and internal audit compliance purposes; and
  • responding to any law enforcement request or court order.

Please be assured that the information collected of your device will not be used by Grab for any marketing efforts or combined with any other datasets available to Grab in a manner that unfairly prejudices you.

III.    DISCLOSURE OF DATA

We may need to share information with various parties for the Purposes. These parties include:

  • GD Customers, with whom you are registered as a user;
  • Our subsidiaries and affiliates;
  • Our service providers (for example, we use Amazon Web Services’ cloud to host your information); and
  • Our legal advisors, law enforcement officials and government authorities.

Save for the abovementioned parties, we will not disclose your information to any other third party.

IV.    YOUR RIGHTS OVER YOUR DATA

In accordance with applicable privacy laws and to the extent that any information collected pursuant to the use of GrabDefence may constitute personal data, you may be entitled to access or update your personal data. Given that GrabDefence’s processing of your personal data is premised on GD Customers’ use of GrabDefence when you use their Digital Platforms, if you would like to exercise your rights, we recommend that you directly approach the operator of the Digital Platform you are using to obtain more information about how your information is used and processed, and to exercise your rights over your personal data.

V.    RETENTION OF DATA

We retain your information for as long as we have a business purpose (i.e. to provide GrabDefence, and to fulfil the Purposes) or legal purpose to do so. Once these purposes are satisfied, we take steps to destroy or anonymise your information.

VI.    INTERNATIONAL TRANSFERS OF DATA

Your information may be transferred from the country, state and city (“Home Country”) in which you are present while using GD Customers’ Digital Platforms to another country, state and city (“Alternate Country”).

VII.    PROTECTION OF DATA

We will take reasonable legal, organisational and technical measures to ensure that your information is protected. This includes measures to prevent data from getting lost, or used or accessed in an unauthorised way. We limit access to your information to our employees on a need to know basis. Those processing your data will only do so in an authorised manner and are required to treat your information with confidentiality. 

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted through any online means, therefore, any transmission remains at your own risk. 

VIII.     AMENDMENTS AND UPDATES

Grab shall have the right to modify, update or amend the terms of this Statement at any time by placing the updated Statement on its website.

If you have any queries about how your data is being used, please reach out to the GD Customer with whom you may be registered as a user. If you have other queries relating to GrabDefence, please contact our Data Privacy Officer via the form set out in the Privacy Notice