Privacy Policy

Last modified: 31 Oct 2019

This Privacy Policy and its Addendum(s) (“Policy”) describe how Grab Holdings Inc, its respective subsidiaries, affiliates, associated companies and jointly controlled entities (collectively “Grab”, “we”, “us” or “our”) collect, use, process and disclose your Personal Data through the use of Grab’s Apps and Websites (including all mobile applications and websites operated by Grab (respectively “Apps” and “Websites”), products, features and other services globally (collectively, “Services”).

This Policy applies to our customers, passengers, agents, vendors, suppliers, partners (such as driver and merchant partners), contractors and service providers (collectively “you”, “your” or “yours”).

Personal Data” is any information which can be used to identify you or from which you are identifiable. This includes but is not limited to your name, nationality, telephone number, bank and credit card details, personal interests, email address, your image, government-issued identification numbers, biometric data, race, date of birth, marital status, religion, health information, vehicle and insurance information.

I.    COLLECTION OF PERSONAL DATA

We collect Personal Data about you in the ways listed below. We may also combine the collected Personal Data with other Personal Data in our possession.

You provide your Personal Data to us

We collect your Personal Data when you voluntarily provide it to us. For example, you may provide your Personal Data to us when you:

  • fill up a user profile or registration forms;
  • provide information to assess your eligibility to provide services as a Grab driver-partner;
  • interact with our social media pages;
  • participate in contests or events organised by us;
  • use biometric features to identity yourself; and
  • fill up demographic information in surveys.

When our services are used 

Personal Data may be collected through the normal operation of our Apps, Websites and Services. Some examples are:

  • your location (to detect pick-up locations and abnormal route variations);
  • feedback, ratings and compliments;
  • transaction information (such as payment method and distance travelled);
  • information about how you interacted with our Apps, Website or services (such as features used and content viewed);
  • device information (such as hardware model and serial number, IP address, file names and versions and advertising identifiers); and
  • personal data you enter in messages when you use our in-app communication features.

From other sources

When we collect Personal Data from other sources, we make sure that that data is transferred to us in accordance with applicable laws. Such sources include:

  • referral programmes;
  • our business partners, such as fleet partners, payment providers, ride-hailing partners and transport partners;
  • insurance and financial providers;
  • publicly available data;
  • governmental sources of data;
  • when our users add you as an emergency contact; and
  • marketing services providers or partners.

Personal Data about driver-partners

If you are a driver-partner, we may collect:

  • telematics data (such as your speed, acceleration, and braking data);
  • device data (such as accelerometer data, GPS location, your IMEI number and the names of apps you have installed on your device); and
  • your vehicle registration data.

Sensitive Personal Data

Some of the information that we collect is sensitive in nature. This includes information such as national ID numbers, race, marital status, and your health or religious beliefs. We only collect this information when this is necessary to comply with legal or regulatory requirements.

In-vehicle cameras

Some Grab partners may install personal in-vehicle cameras in their vehicles for their own purposes (including safety and security). The use of such in-vehicle cameras is not endorsed or prohibited by Grab. The collection, use and disclosure of Personal Data obtained from personal in-vehicle cameras is the responsibility of the relevant partner. Please check with the relevant partner if you have any queries about their use of personal in-vehicle cameras.

Personal Data of minors

As a parent or legal guardian, please do not allow minors under your care to submit Personal Data to Grab. In the event that such Personal Data of a minor is disclosed to Grab, you hereby consent to the processing of the minor’s Personal Data and accept and agree to be bound by this Policy and take responsibility for his or her actions.

When you provide Personal Data of other individuals to us

In some situations, you may provide Personal Data of other individuals (such as your spouse, family members or friends) to us. For example, you may add them as your emergency contact. If you provide us with their Personal Data, you represent and warrant that you have and you have obtained their consent for their Personal Data to be collected, used and disclosed as set out in this Policy.

II.    USE OF PERSONAL DATA

Grab may use, combine and process your Personal Data for the following purposes (“Purposes”).

Providing services and features

Your Personal Data will be used to provide, personalise, maintain and improve our products and services. This includes using your Personal Data to:

  • provide you with Services across our various business verticals;
  • engage you to provide Services;
  • create, administer and update your account;
  • verify your identity;
  • validate your ride and process payments;
  • offer, obtain, provide or facilitate insurance or financing solutions;
  • track the progress of your trip and detect abnormal trip variations;
  • enable features that personalise your App, such as lists of your favourite places and previous destinations;
  • perform internal operations necessary to provide our Services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analysing usage and activity trends;
  • protect the security or integrity of the Services and any facilities or equipment used to make the Services available;
  • process and manage your rewards;
  • enable communications between our users;
  • process, manage or verify your application for subscription with Grab and to provide you with subscribers’ benefits; and
  • enable our partners to manage and allocate fleet resources.

Safety and security

We use your data to ensure the safety and security of our services and all users. This includes:

  • screening driver and delivery partners before enabling their use of our Services;
  • identifying unsafe driving behaviour such as speeding, harsh braking and acceleration, and providing personalised feedback to driver partners;
  • verifying your identity when you log in to Grab;
  • using device, location, profile, usage and other Personal Data to prevent, detect and combat fraud or unsafe activities;
  • sharing drivers and passengers’ location and details when the emergency button or the “Share My Ride” feature is activated;
  • monitoring compliance with our terms and conditions, policies and Driver’s Code of Conduct; and
  • detecting, preventing and prosecuting crime.

Customer support

We use Personal Data to resolve customer support issues. For example, we may:

  • investigate and address concerns;
  • monitor and improve our customer support responses;
  • respond to questions, comments and feedback; and
  • inform you about steps taken to resolve customer support issues.

Research and development and security

We may use the Personal Data we collect for testing, research, analysis and product development. This allows us to understand and analyse your needs and preferences, protect your Personal Data, improve and enhance the safety and security of our services, develop new features, products and services, and facilitate insurance and finance solutions.

Legal purposes

We may use the Personal Data we collect to investigate and resolve claims or disputes, or as allowed or required by applicable law.

We may also use your Personal Data when we are required, advised, recommended, expected or requested to do so by our legal advisors or any local or foreign legal, regulatory, governmental or other authority.

For example, we may use your Personal Data to:

  • comply with court orders or other legal, governmental or regulatory requirements;
  • enforce our Terms of Service or other agreements; and
  • protect our rights or property in the event of a claim or dispute.

We may also use your Personal Data in connection with mergers, acquisitions, joint ventures, sale of company assets, consolidation, restructuring, financing, business asset transactions, or acquisition of all or part of our business by another company.

Marketing and promotions

We may use your Personal Data to market Grab and Grab’s partners’ sponsors’ and advertisers’ products, services, events or promotions. For example, we may:

  • send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and
  • notify, invite and manage your participation in our events or activities;

We may communicate such marketing to you by post, telephone call, short message service, online messaging service, push notification by hand and by email.

If you wish to unsubscribe to the processing of your Personal Data for marketing and promotions, please click on the unsubscribe link in the relevant email or message. Alternatively, you may also update your preferences in our App settings.

III.    DISCLOSURE OF PERSONAL DATA

We need to share Personal Data with various parties for the Purposes. These parties include:

Other users

For example, if you are a passenger, we may share your pick-up and drop-off locations with drivers.

If you are a driver, we may share your Personal Data with your passenger including your name and photo; your vehicle make, model, number plate, location and average rating.

With third parties

For example, we may share a driver’s location and name with third parties when a passenger uses the “Share My Ride” feature or activates the Emergency Button.

With Grab partners at your request

For example, if you requested a service through a Grab partner or used a promotion provided by a Grab partner, Grab may share your Personal Data with that Grab partners. Our partners include partners that integrate with our App or our App integrates with, vehicle services partners, or business partners which Grab collaborate with to deliver a promotion, competition or other specialised service.

With the owner of Grab accounts that you may use

For example, your employer may receive trip data when you use your employer’s Grab for Business account.

With subsidiaries and affiliates

We share Personal Data with our subsidiaries, associated companies, jointly controlled entities and affiliates.

With Grab’s service providers and business partners

We may provide Personal Data to our vendors, consultants, marketing partners, research firms, and other service providers or business partners. This includes:

  • payment processors and facilitators;
  • background check and anti-money laundering service providers;
  • cloud storage providers;
  • marketing partners and marketing platform providers;
  • data analytics providers;
  • research partners, including those performing surveys or research projects in partnership with Grab or on Grab’s behalf;
  • fleet and merchant partners;
  • insurance and financing partners; and
  • vehicle solutions partners, vendors or third-party vehicle suppliers.

With our legal advisors and governmental authorities

We may share your Personal Data with our legal advisors, law enforcement officials, government authorities and other third parties.

IV.    RETENTION OF PERSONAL DATA

We retain your Personal Data for as long you maintain your Grab account. Once your Personal Data is no longer necessary for the Services or Purposes, or we no longer have a legal or business purpose for retaining your Personal Data, we take steps to prevent access or use of such Personal Data for any purpose other than compliance with this privacy policy, or for purposes of safety, security, fraud prevention and detection.

V.    INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your Personal Data may be transferred from country, state and city (“Home Country”) in which you are present while using our services to another country, state and city (“Alternate Country”). You understand and consent to the transfer of your Personal Data from your Home Country to the Alternate Country.

VI.    COOKIES

Grab, and third parties with whom we partner, may use cookies, web beacons, tags, scripts, local shared objects such as HTML5 and Flash (sometimes called “flash cookies”), advertising identifiers (including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID) and similar technology (“Cookies”) in connection with your use of the Websites and Apps. Cookies may have unique identifiers, and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit Personal Data about you and your use of the Service, such as your browser type, search preferences, IP address, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. Cookies may be persistent or stored only during an individual session.

Grab may allow third parties to use Cookies on the Websites and Apps to collect the same type of Personal Data for the same purposes Grab does for itself. Third parties may be able to associate the Personal Data they collect with other Personal Data they have about you from other sources. We do not necessarily have access to or control over the Cookies they use.

Additionally, we may share non-personally identifiable Personal Data with third parties, such as location data, advertising identifiers, or a cryptographic hash of a common account identifier (such as an email address), to facilitate the display of targeted advertising.

If you do not wish for your Personal Data to be collected via Cookies on the Websites, you may deactivate cookies by adjusting your internet browser settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your internet browser. You may also be able to limit our sharing of some of this Personal Data through your mobile device settings, or by submitting your details here.

VII.    AMENDMENTS AND UPDATES

Grab shall have the right to modify, update or amend the terms of this Policy at any time by placing the updated Policy on the Websites. By continuing to use the Apps, Websites or Services, purchase products from Grab or continuing to communicate or engage with Grab following the modifications, updates or amendments to this Policy, you signify your acceptance of such modifications, updates or amendments.

If you have any queries about your Personal Data, please contact our Data Privacy Officer at:

Grab Data Protection Officer

c/o Grab Holdings Inc.

6 Shenton Way

#38-01 OUE Downtown

Singapore 068809

Email: dataprotection@grab.com

The original of this Privacy Statement is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.


ADDENDUM 1: GRAB FOR BUSINESS

I.    INTERPRETATION

All capitalised terms but undefined terms used herein shall bear the same meaning as those defined in the Terms of Use and the Grab Privacy Policy (accessible at https://www.grab.com/sg/privacy/).

This Addendum forms part of the Grab Privacy Policy. In the event of any inconsistency between the Grab Privacy Policy and this Addendum, this Addendum shall prevail.

II.    GRAB’S RELATIONSHIP WITH USERS AND CLIENTS

How Grab for Business works

Grab for Business is provided as an add-on feature to facilitate corporate billing for the Authorised Users’ use of Grab’s Services in the course of work.

When an organisation (“Client”) chooses to utilise Grab for Business, the Authorised User is given the option of tagging his/her rides or other transactions to the Client or to tag it as a personal ride. An Authorised User is referred to in the Grab Privacy Policy as a passenger.

As part of this feature, Grab will disclose detailed trip and booking information that Authorised Users have tagged as being for business purposes to the Client. Apart from this, Grab does not disclose other Personal Data of its Authorised Users to the Client.

Alternatively, an individual user may choose to set up a business profile within the App to facilitate the tagging of business-related rides and to generate consolidated trip reports to facilitate the submission of claims from his or her employer. When used in this mode, the claims process is user-driven and the user’s employer need not be a Client.

For ease of reference, Authorised Users and individual users will each be referred to as a “User” and collectively as “Users” in this Addendum.

Grab is a data controller, so are our Clients

In respect of any User and the processing of all their Personal Data (including but not limited to Linking Data and Portal Data), Grab acts as a data controller. For further information on how Grab collects, uses and discloses Users’ Personal Data, please refer to the Grab Privacy Policy.

Due to the way Grab for Business works, Grab does not process any Personal Data for and on behalf of the Client. Accordingly, Grab is not the data processor of the Client, but an independent data controller in respect of all Personal Data that it processes in the course of providing the Grab for Business feature. Likewise, the Client is an independent data controller of the Personal Data (e.g. the Linking Data and Portal Data) that it discloses to and/or receives from Grab. 

As independent controllers, Grab and the Client individually determine the purposes and means of processing Personal Data, subject to the provisions set out in the Terms of Use and this Privacy Policy. Grab and the Client are also individually responsible to ensure the protection of Personal Data under their charge. 

III.    WHAT PERSONAL DATA IS COLLECTED, PROCESSED AND DISCLOSED

What Grab collects as part of Grab for Business

In order to provide the Grab for Business feature, the individual user or the Client will be required to provide the following information about the Authorised User to Grab:

  • full name;
  • business email address; and
  • other identifying information about the Authorised User as reasonably requested by Grab.

Grab will use this information for the purposes of:

  • authenticating the User;
  • where applicable, linking the Authorised User’s account with the Client’s Grab for Business account or tracking the Authorised User’s business profile bookings on the Apps, as the case may be;
  • where applicable, verifying the Corporate Billing status of such Authorised User from time to time; and
  • contacting the User in accordance with the purposes set out in the Grab Privacy Policy.

Upon onboarding such User to the App, Grab will process the Personal Data of the User in accordance with the Grab Privacy Policy and this Addendum.

What Grab discloses to its Clients

Grab will disclose relevant trip and booking information as determined by Grab from time to time to the Client to facilitate Corporate Billing.

What Grab discloses to its individual user

Depending on the business profile settings selected by the individual user, the user may retrieve and generate reports containing his/her relevant trip and booking information.

IV.    PARTIES’ OBLIGATIONS

The Client and Grab shall each:

  • individually inform their data subjects of how each processes Personal Data and allow their data subjects to exercise their rights under the local data protection/data privacy laws;
  • comply with the obligations applicable to each party under the applicable data protection/data privacy laws when processing any Personal Data of the Proposed or Authorised Users;
  • obtain the necessary consents (if applicable) to facilitate the provision of the Grab for Business feature; and
  • implement appropriate legal, technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against unauthorised loss, destruction, damage, alteration, or disclosure, as well as any breach or attempted breach of each party’s security measures (“Information Security Incident”).