Privacy Notice

Effective Date: 15 October 2025

This Privacy Notice and its Addendums (“Privacy Notice”) explain how Grab Holdings Limited and its subsidiaries, affiliates, associated companies and jointly controlled entities (“Grab Group and Associates”, “Grab” or “we”) handle your Personal Data (as defined under applicable data privacy laws) when you use our Platforms (including mobile applications, websites, softwares or portals) that we own or operate in connection with providing our services, products and solutions (“Services”).

It applies to our consumers, agents, vendors, suppliers, partners (driver, delivery and merchant partners), contractors and service providers (“you”). 

We process Personal Data with your consent or as allowed by law, such as to:

  • Meet legal requirements
  • Enter into or fulfill our contractual obligations to you
  • Fulfill our legitimate interests or in the interest of others.

I. COLLECTION OF PERSONAL DATA

We collect your Personal Data in the ways listed below. We may also combine Personal Data collected via these various channels.

You provide your Personal Data to us

We collect your Personal Data when you provide it to us. For example, when you:

  • complete a user registration form or customize your profile (such as your name, contact information and other identification where needed);
  • provide information to assess your eligibility to provide services as a Grab driver partner or delivery partner (such as your driver’s license information, vehicle information and background check results);
  • furnish supporting documents, such as proof of disability, discount eligibility, so that we can support you better as a Grab driver partner, delivery partner or user on our platform;
  • provide information to assess your suitability to be a Grab merchant partner, vendor, supplier, or other partner (such as the name and contact information of the authorized representative);
  • interact with our social media pages (such as your social media account ID, profile photo, and any content (e.g. photos, videos, stories) you create for publication on our social media channels;
  • participate in contests or events organised by us (such as the pictures, audio, or videos you may submit, which may include images of yourself);
  • fill up demographic information in surveys (such as your age, gender, and other information you may volunteer such as your marital status, occupation and income information); 
  • grant us access to your calendar events (such as reservation dates, times and venue names or addresses, flights);
  • apply for loans, insurance claims or other financing products to enable us to assess your eligibility (such as earning statements, bank statements, accident information, medical certificates, proof of relationship and relevant information you may volunteer); 
  • contact us through our various customer support channels (such as chat, messages, emails, call recordings, pictures you submit to support your claim); 
  • submit reviews, feedback, ratings, media, or other content about a place and/or any Services, that we may associate with and display alongside your public profile page; 
  • interact with other users in our in-app communication features;
  • agree to take a ride with in-vehicle audio and/or video recording features;
  • use map-related features, such as Live Location Sharing, we may collect and use precise location information from your device with your permission;
  • verify your identity through various means (such as social media logins, submission of selfie images, liveness checking, or independently verified payment card information). For example, if you are a user, we may verify your identity through selfie images as an additional layer of protection, or in accordance with Grab’s Know Your Customer procedure as required by applicable financial regulations. If you are a driver-partner, you may be asked to authenticate your identity via selfie before or after rides to prevent unauthorized usage of your driver account; and 
  • provide information through the use of our artificial intelligence (“AI”) services, such as when you ask questions to AI-powered chatbots or input data to our AI solutions.

When our Services are used

Personal Data may be passively collected through the normal operation or use of our Platforms. Some examples are:

  • your location information;
  • transaction information (such as payment method, settlement records, items purchased or paid through our Services);
  • usage data (such as features used and content viewed);
  • device information (such as hardware model and serial number, IP addresses), file and app names and versions, GPS location, IMEI number, and advertising identifiers or any information that may indicate device or app modification); 
  • telematics data (such as speed, acceleration and braking data) collected through devices installed in vehicles for the following purposes:
    • to ensure that vehicles are maintained appropriately and serviced in a timely fashion;
    • to help maintain the safety, security, and integrity and improve our products and Services;
    • for internal tracking of the vehicle, analysis and administrative purposes; and
    • to analyze driving patterns for insurance-related purposes, such as assessing risk, determining premiums and offering usage-based insurance programs
  • personal data that may be captured through your interaction with us, our agents, in-vehicle audio and/or video recording during a ride (such as your image, video, r voice or a combination of these, and its related metadata).
    • our in-vehicle applications or devices
      • we may install in-vehicle audio and/or video recording applications or devices to promote the safety and security of our driver partners, delivery partners and consumers. 
    • personal in-vehicle applications or devices
      • some Grab partners may install personal in-vehicle applications or devices in their vehicles for their own purposes. This practice is not endorsed nor prohibited by Grab;
      • the collection, use and disclosure of Personal Data obtained from personal in-vehicle applications or devices is the responsibility of the relevant partner. Please check with the relevant partner if you have any queries about their use of personal in-vehicle cameras.

From other sources

We may collect Personal Data, including but not limited to information about you (such as customer information, contact details, other identification information, and financial data where needed) from other sources. Such sources include:

  • Grab Group and Associates;
  • referral programmes;
  • our business partners, such as fleet partners, payment providers, ride-hailing partners and transport partners;
  • insurance and financial providers;
  • risk intelligence and fraud assessment providers;
  • credit bureaus, payment network providers, alternative credit scoring agencies and any other third party credit reporting organisations; 
  • publicly available or governmental sources of data; and
  • marketing services providers or partners.

When you provide Personal Data of other individuals to us

In some situations, you may provide Personal Data of other individuals to us, such as when you add them as your emergency contact, use the in-app chat, book a ride on their behalf, or add them as recipients or beneficiaries of any use of our Services. If you provide us with their Personal Data, you represent and warrant that you have obtained their consent for their Personal Data to be collected, used and disclosed as set out in this Privacy Notice.

Personal Data of Teens

Information for parents / guardians

Grab prioritises the safety and privacy of our teen users. When you use the Family Account feature, we may process your teen’s Personal Data (such as their username, contact number, birthdate and location) to verify eligibility for teen-specific features such as trip monitoring or in-car audio recording as a safety measure, and to facilitate communication with your teen (via push notifications and/or in-app/direct calls). We may collect additional personal data on a need-to basis, which we would ensure that there is a legal basis when doing so. By allowing your teen to be onboarded onto our platform, you, in your capacity as a parent or guardian, are providing consent for us to process your teen’s data. 

Information for teens

Grab offers a variety of Services, and may need to use some personal information provided by your parents or guardians via our Family Account feature. This information may include your username, contact number, birthdate and location. This helps us to keep you safe and share updates about our Services. In some cases, we may share your data with trusted third parties like Driver or Delivery-Partners to complete your bookings. When we do, we will make sure your information is protected as outlined in this Privacy Notice. 

Sensitive Personal Data

Some Personal Data we collect may be sensitive in nature in certain jurisdictions. This may include your national ID information, religious beliefs, background information (including financial and criminal records, where legally permissible), health data, disability, marital status, location and biometric data, as applicable. We collect sensitive Personal Data only with your consent and/or in strict compliance with applicable laws. In the event that you are required to furnish any documentation or information to us for any Purpose which may contain such sensitive Personal Data (which is not required for that Purpose), you agree to redact such sensitive Personal Data before providing such documentation or information to us.

II. USE OF PERSONAL DATA

Grab uses your Personal Data for the purposes below. (“Purposes). Additionally, if you use Grab in various capacities (for example, if you use multiple Services, or if you operate as a merchant/driver partner/delivery partner and a consumer, or user of Services across the Grab Group and Associates), we may link your Personal Data collected across your various capacities to facilitate your use of our Services and for the Purposes described below: 

Providing services and features

Your Personal Data will be used to provide, personalise, maintain and improve our Platforms and Services. This includes using your Personal Data to:

  • provide you with Services across our various business verticals, including within and across the Grab Group and Associates where relevant;
  • create, administer and update your account;
  • process, manage or verify your eligibility for or application of products, services, promotions, rewards and subscriptions;
  • conduct due diligence checks, assess and monitor user risk profiles, and perform ongoing risk analysis to ensure compliance with regulatory and operational requirements;
  • verify your identity and age (where necessary);
  • validate your ride and process payments;
  • offer, obtain, provide, facilitate, or maintain insurance or financing solutions;
  • track the progress of your trip, detect abnormal trip variations and improve the accuracy and reliability of navigation services using data from your device;
  • allow you to participate in the loyalty programmes or marketing activities organized by our merchant-partners and/or in collaboration with Grab;
  • personalise your experience (such as to identify your preferences and recommend products and services relevant to you);
  • make your experience more seamless (such as automatically filling in your registration information when you switch from one Service to another Service); 
  • perform internal operations necessary to provide our Services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analysing usage and activity trends;
  • protect the security or integrity of the Services and any facilities or equipment used to make the Services available;
  • enable communications between our users;
  • invite you to participate in our events, surveys and studies; 
  • enable our partners to manage and allocate fleet resources; and
  • fulfil the services to you as a data processor, where you have provided consent to the data controller (i.e. the organisation you had purchased goods or services from, and for whom Grab is providing services on behalf of) for such services to be rendered.

In providing you with these services and features, we may use manual or automated means, including AI services. We strive to ensure the accuracy and reliability of our AI services, and whenever necessary, we may manually verify the outputs. 

 Safety and security

We use your data to ensure the safety and security of our Services and all users. This includes:

  • screening driver and delivery partners before enabling their use of our Services;
  • identifying unsafe driving behaviour such as speeding, harsh braking and acceleration; and providing personalised feedback to driver partners;
  • verifying your identity when you log in to Grab;
  • using gender information, for personalising your experience on our platform, such as same gender ride allocations;
  • using device, location, profile, usage, in-carriage activities and other Personal Data to prevent, intervene, detect and combat fraud or unsafe activities;
  • sharing the location and details of driver partners and passengers when the emergency button or the “Share My Ride” feature is activated; and
  • monitoring compliance with our terms and conditions and policies.

User support

We use Personal Data to resolve user support issues. For example, we may:

  • investigate and address concerns;
  • monitor and improve our user support responses;
  • respond to questions, comments and feedback; and
  • inform you about steps taken to resolve user support issues.

Research, development and security

We may use the Personal Data we collect for testing, research, analysis, machine learning, and product development. This allows us to understand and analyse your needs and preferences, protect your Personal Data, improve and enhance the safety and security of our Services, develop new features, products and services, and facilitate the development of insurance and finance solutions.

Legal purposes

We may use the Personal Data we collect for legal purposes such as to: 

  • prevent, detect, investigate, resolve or prosecute fraud or crimes; 
  • comply with court orders or other legal, governmental or regulatory requirements;
  • enforce our Terms of Service or other agreements; and
  • enforce or protect our rights, interests or properties in the event of a claim, investigations, complaints or dispute in any jurisdiction.

Marketing and promotions

We may use your Personal Data to send you marketing communications relating to customised products or services (that may be of interest or relevance based on your profile), or Grab’s partners’, sponsors’ and advertisers’ products, services, events or promotions. For example, we may:

  • send you special offers that may be of interest or relevance to you across all of Grab’s service offerings;
  • send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and
  • notify, invite and manage your participation in our events or activities, including the publication of any photos or videos captured.

We may communicate such marketing to you by various means, where applicable (including by SMS, chat applications (e.g. WhatsApp, Telegram, LINE, Viber, WeChat, Zalo), push notification, call, and by email).

If you wish to unsubscribe from such marketing communications, please click on the unsubscribe link in the relevant email or message. Alternatively, you may also update your preferences in our App settings. Please note that while you may opt out of marketing or promotion communications, Grab may still send you account and / or service-related messages (such as two-factor authentication, information on your transactions, rewards, etc.).

User Published Content

If you choose to publish content (such as a review or comment) on the Grab Platform, it will be shown publicly along with your personal data (such as username, uploaded photo(s)), and other information you have included in your content. For more information, see our Review Guidelines.

III. DISCLOSURE OF PERSONAL DATA

We may disclose your Personal Data with various parties only as needed for the Purposes. These parties include:

Other users 

For example: 

  • if you are a passenger, we may share your username, pick-up and drop-off locations with our driver partner fulfilling your service request;
  • if you are a driver or delivery partner, we may share to the selected merchant-partner and user your Personal Data including your name and photo, your vehicle make, model, number plate, location and average rating;
  • if you are using our GrabFood or GrabMart service, we may share your Personal Data with our delivery partner and selected merchant-partner, including your name, contact details, order information and drop off location;
  • if you leave a rating and review of any merchant-partner, your profile picture, feedback, content, and username may be available to to the public and other users; 
  • if you are participating in loyalty programmes or marketing activities organized by our merchant-partners, we may share your Personal Data with them, including your name and contact details;
  • if you are a member of the Family Profile account, we may share your Personal Data with your administrator, including your order details, interactions with our driver / delivery partner (if any), pick up and drop off location. If you are a driver / delivery partner fulfilling such transactions, the administrator will have access to your location and chat conversations with the member; 
  • if you use the live location feature, your device’s real-time location will be shared for a specific period of time with the emergency contacts you select;
  • if you are using our GrabExpress service, we may share your Personal Data with the recipient of your parcel, and vice versa, as well as the delivery partner in charge of fulfilling your service request; and
  • if you use our in-app chat service, we may share your Grab-registered name and profile photo with the other parties to your chat.

With third parties

With third parties related to your use of Grab Services

For example:

  • if you are a passenger, we may share the vehicle’s location, driver’s and/or your name with third parties when you use the “Share My Ride” feature or activate the Emergency Button.
  • if you are a driver-partner, we may disclose your vehicle plate number or other personal data to the insurance company and/or to your passenger for the purpose of submission of insurance claims.
  • if you use our payment services, we may share your Personal Data with another individual should you authorise and enable connection of his or her third party service payment method to our payment service for the purposes of enabling your payment on Grab.

With administrators of Grab accounts that you may use

For example:

  • your employer may receive transaction data (tagged as business expenses) when you use your employer’s Grab for Business account.
  • the administrator of any community group to which you link your Grab account may receive transaction data when you carry out a transaction.

With subsidiaries, affiliates, associated companies and jointly controlled entities

The companies in the Grab Group and Associates share infrastructure, technology, and other resources with each other to provide you with a consistent, reliable, and secure experience when you use our products or Services, and for the Purposes set out in this Privacy Notice. We may also share Personal Data to conduct periodic due diligence, assess and manage user risk profiles, perform analysis across Grab Group and Associates to improve our products and Services, ensure responsible credit decisions, and comply with applicable legal or regulatory obligations. 

For example, a responsible credit decision may involve evaluating your financial history and risk factors to ensure that the credit extended aligns with your ability to repay, thereby protecting both you and the lender from potential financial harm. 

With Grab’s service providers and business partners

We may provide Personal Data to our vendors, consultants, marketing partners, research firms, and other service providers or business partners. This includes:

  • payment processors and facilitators;
  • debt collectors;
  • credit bureaus, payment network providers, alternative credit scoring agencies and any other third party credit reporting organisations;
  • background check and anti-money laundering service providers;
  • risk intelligence and fraud assessment providers;
  • cloud storage providers;
  • document storage and management providers;
  • advertising and marketing partners and platform providers;
  • data analytics providers;
  • research partners, including those performing surveys or research projects in partnership with Grab or on Grab’s behalf;
  • educational and training institute partners;
  • fleet and merchant partners;
  • insurance and financing partners; 
  • third party intermediaries involved in the managed investment of funds, such as brokers, asset managers, and custodians;
  • service providers who perform identity verification services; and
  • vehicle solutions partners, vendors or third-party vehicle suppliers.

For example:

  • If you requested a service through a Grab partner or used a promotion provided by a Grab partner, Grab may share your Personal Data with that Grab partner. 
  • If you have rented a vehicle from our recommended fleet partners to drive with Grab, we may share relevant information (e.g. the status of your account, applicable incentives/promotions, your ride statistics) for collaborative efforts (e.g. create new incentives and benefits for you or improving supply of driver partners).

With our legal advisors and governmental authorities

We may share your Personal Data with our legal advisors, law enforcement officials, government authorities and other third parties. This may take place to fulfil the legal purposes (mentioned above), or any of the following circumstances:

  • where it is necessary to respond to an emergency that threatens the life, health or safety of a person; or 
  • where it is necessary in the public interest (e.g. in a public health crisis, for contact tracing purposes and safeguarding our community).

Business transfers

We may share your Personal Data with other parties, in connection with any acquisitions, sales, mergers, joint ventures, consolidation, restructuring, financing or any other type of business transactions. Your Personal Data will however remain subject to our obligations made in any pre-existing Privacy Notice that you have agreed to.

IV. RETENTION OF PERSONAL DATA

We retain your Personal Data for the period necessary to fulfill the Purposes outlined in this Notice unless a longer retention period is required or allowed by law. Retention periods differ depending on things like the nature of the data, why it is collected and processed, and relevant legal or business needs. For example, selfie images will be destroyed within 10 years from collection, unless otherwise authorized or required by law or legal process to retain the data. 

Once your Personal Data is no longer necessary for the Services or Purposes, we take steps to erase, destroy, anonymise or prevent access or use except where needed for legal compliance, safety, security, fraud prevention and detection, in line with applicable laws.

V. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Your Personal Data may be transferred from your current location to another jurisdiction for various reasons such as centralized data processing and storage, regional back office operations and support and service delivery. 

We ensure these transfers comply with applicable laws and regulations. This includes having a lawful basis for transfer, conducting impact assessments and putting appropriate technical and organizational safeguards to ensure an adequate level of protection for your Personal Data. Our lawful basis will be either consent (obtained at the time you provide your Personal Data) or one of the safeguards permissible by laws.

VI. COOKIES, RELATED TECHNOLOGIES AND TARGETED ADVERTISING

Cookies

Grab, and third parties with whom we partner, may use cookies, web beacons, tags, scripts, local shared objects such as HTML5, advertising identifiers and similar technologies (such as software development kits (SDKs), which have similar functions to cookies and which may be installed in the Grab App to allow partners to collect certain information about your interaction with the Grab App) (collectively, “Cookies”) in connection with your use of our Platforms, which may be persistent or stored only during an individual session on your browsers or devices. 

Cookies may have unique identifiers, and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may be used for various purposes such as to:

  • provide the essential, basic functions of the use of our Platforms or Services;
  • authenticate you, or remember your user preferences and settings;
  • delivering and measuring the effectiveness of advertising campaigns, such as by measuring number of views or clickthroughs;
  • analyse site traffic and trends; 
  • serve you relevant advertisements across other apps and websites owned by other companies (whether by us or by other advertisers); and
  • enhance user interface and experience by generally understanding the online behaviors and interests of users who interact with our Platforms or Services.

Grab may allow third parties to use Cookies to collect the same type of Personal Data for the same purposes Grab does for itself. Third parties may be able to associate the Personal Data they collect with other Personal Data they have about you from other sources. We do not necessarily have access to or control over the Cookies they use.

Disabling the collection of cookies on our websites 

You have the right to choose to disable, block or deactivate cookies. Please note that refusal or removal of some cookies could affect the availability, functionality or use of our Platforms or Services.

You may adjust your internet browser settings to disable, block or deactivate cookies, delete your browsing history or clear the cache from your internet browser. The settings may be contained within the “History”, “Preferences”, “Settings” or “Privacy” section of your internet browsers, or you may otherwise consult the help section of your internet browser for more information. You may also adjust your cookie settings here:

Cookie Settings

Disabling the display of Targeted Ads 

You can control how your Personal Data is used for targeted advertising in several ways: 

Within the Grab App

You can adjust your preferences directly in the App settings.

On other platforms

We may work with other online platforms to show ads to users with specific traits or interests. While we do not use your Personal Data for these ads, you might still see ads that seem relevant based on general audience profiles. You can manage your preferences directly on those platforms to limit such targeting. 

Through your device settings

Depending on your phone and operating system, you may have the option to disable our use of mobile identifiers (such as Apple’s IDFA or Google’s GAID) and the ability to track activity across apps and websites owned by other companies by adjusting your device’s privacy settings. 

VII. PROTECTION OF PERSONAL DATA

We implement reasonable legal, physical, organisational and technical measures to ensure that your Personal Data is protected. This includes measures to prevent loss, unauthorized access or misuse of your information. We limit access to your Personal Data on a need-to-know basis. Those processing your Personal Data will only do so in an authorised manner and are required to treat your information with confidentiality.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the absolute security of your Personal Data during online transmission. By using our Services, you acknowledge that some risk remains with any data sent or transferred online.

VIII. YOUR PRIVACY RIGHTS    

In accordance with applicable laws and regulations, you may be entitled to:

  • inquire about the processing of your Personal Data and be provided with a copy of it;
  • request correction or deletion;
  • restrict or object to processing;
  • withdraw consent ( where processing is based on consent);
  • request a transfer of your data to another organisation, in a machine-readable form; and 
  • complain to the relevant data privacy authority if you believe your rights were violated and we failed to address your concerns.

If you choose not to provide your Personal Data or later withdraw consent you may be unable to access certain services or features of the App. However, we may continue to process your data as required or permitted by law.

To protect your rights, we verify all requests and may ask for supporting information or documentation. Once verified, we will process your request within the timelines prescribed by applicable laws.

IX. AMENDMENTS AND UPDATES

Grab may update this Privacy Notice at any time. It is your responsibility to review the Privacy Notice regularly. Your continued use of the Platforms or Services, purchase of products from Grab or continued communication or engagement with Grab following the modifications, updates or amendments to this Notice, whether or not reviewed by you, shall constitute your agreement to be bound by such amendments.

X. HOW TO CONTACT US

If you have any queries about this Notice or would like to exercise your rights, please fill-in the following form or direct your mail to our Data Protection Officer:

For users in Malaysia,
Name: MyTeksi Sdn. Bhd. (Attention: Grab Privacy Office)
Address: Level 25, 1 First Avenue, Bandar Utama, Petaling Jaya, Selangor, 47800, Malaysia

For users in Philippines,
Name:  MyTaxi PH Inc (Attention: Grab Privacy Office)
Address: Level 27,28 & 29 Exquadra Tower – Lot 1A Exchange Road corner Jade Street, Ortigas Center Pasig City, Philippines

For users in Thailand,
Name: Grabtaxi (Thailand) Co., Ltd. (Attention: Grab Privacy Office)
Address: 252 SPE Tower, 10th floor, Phahonyothin Rd,Samsen Nai, Phaya Thai, Bangkok 10400, Thailand 

For users in Vietnam,
Name: Grab Company Limited (Attention: Grab Privacy Office)
Address: Mapletree Business Centre, 1060 Nguyen Van Linh, Tan HungWard, District 7, Ho Chi Minh City, Vietnam

For users in other countries,
Name: c/o Grab Holdings Limited. (Attention: Grab Privacy Office)
Address: 3 Media Close, Singapore 138498

In order for us to attend to your queries expeditiously, we prefer that inquiries be made via the online form.

The original of this Notice is written in the English language. In the event of any conflict between the English and other language versions, the English version shall prevail.

ADDENDUM 1: GRAB FOR BUSINESS

I. INTERPRETATION

All capitalised but undefined terms used shall bear the same meaning as those defined in the Terms of Use. This Addendum forms part of the Privacy Notice and prevails for Grab for Business services if there is any inconsistency.

II. GRAB’S RELATIONSHIP WITH USERS AND CLIENTS

How Grab for Business works

Grab for Business allows organisations (“Client”) to manage and pay for work-related Grab Services used by their employees, guests or contractors (“Authorized Users”). 

Authorized Users can tag their transactions as either “business” or “personal”. For business-tagged transactions, Grab discloses to Client information such as the Authorized User’s identifiers and detailed booking information to facilitate corporate billing. 

Separately, individual users may also choose to set up a “business profile” even if their employer is not a Client. This lets them tag business-related transactions and organize consolidated reports to facilitate the manual claims submission to their employers. 

Authorized Users and individual users are collectively referred to as “Users” in this Addendum.

Grab is a data controller, so are our Clients

Grab does not process any Personal Data for and on behalf of the Client. Regardless of who pays for the business-related expense, Grab independently determines how and why it processes the User’s Personal Data (e.g. for service fulfillment, safety, billing or analytics) in accordance with its own legal obligations and privacy practices, not on the instructions of the Client. 

Accordingly, Grab is not the data processor of the Client, but an independent data controller in respect of all Personal Data that it processes under Grab for Business. Likewise, the Client is an independent data controller of the Personal Data that it discloses to and/or receives from Grab.

III. WHAT PERSONAL DATA IS COLLECTED, PROCESSED AND DISCLOSED

What Grab collects as part of Grab for Business

In order to provide the Grab for Business feature, the User or the Client will be required to provide the following information about the User to Grab:

  • full name;
  • business email address; and
  • other identifying information about the User as reasonably requested by Grab.

Grab will use this information for the purposes of:

  • authenticating the User;
  • where applicable, linking the Authorised User’s account with the Client’s Grab for Business account or tracking the Authorised User’s business profile bookings on our Platforms, as the case may be;
  • where applicable, verifying the corporate billing status of such Authorised User from time to time; and
  • contacting the User in accordance with the purposes set out in the Privacy Notice.

Upon onboarding a User to the App, Grab will process the Personal Data of the User in accordance with the Grab Privacy Notice and this Addendum.

What Grab discloses to its Clients

Grab will disclose relevant trip and booking information as determined by Grab from time to time to the Client to facilitate corporate billing.

What Grab discloses to its individual users

Depending on the business profile settings selected by the individual user, the user may retrieve and generate reports containing relevant trip and booking information.

IV. PARTIES’ OBLIGATIONS

As independent data controllers, Client and Grab shall each comply with their respective obligations under applicable data protection laws when processing Personal Data, including:

  • informing their data subjects how each processes Personal Data and allows the exercise of privacy rights;
  • obtaining the necessary consents (if applicable) for disclosure of Personal Data to facilitate Grab for Business feature; and
  • implementing appropriate legal, technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, loss, destruction, damage, alteration, or disclosure of Personal Data.

ADDENDUM 2: GRABDEFENCE PRIVACY STATEMENT

 

This Privacy Statement (“Statement”) describes how Grab collects, uses, processes and discloses data through use of GrabDefence and its related services (“GrabDefence”).

Grab provides its customers (“GD Customers”) with the GrabDefence service that helps to prevent, detect, and combat fraud or unsafe activities on their platforms and applications (such as web-based and mobile applications based e-commerce platforms) (“Digital Platforms”). GD Customers will integrate GrabDefence into their Digital Platforms to identify potentially fraudulent activities on their Digital Platforms.

This Statement applies to the users of GD Customers’ Digital Platforms (“you”), and strictly relates to the data collected, used and disclosed on behalf of GD Customers for the purposes of providing GrabDefence. Kindly refer to the applicable terms of service and/or privacy notices of the GD Customers to understand how they otherwise collect, use and disclose your data.

I. COLLECTION OF DATA

To provide GrabDefence to GD Customers, information from your device and information relating to your use of GD Customers’ Digital Platform will be collected from GD Customers. Such information include device identifier information (such as IMEI, Android ID, MAC address etc), device and hardware information (such as device name, screen size etc), account information (such as email address, phone number, etc) as well as other contextual data in relation to your use of GD Customers’ Digital Platforms (such as IP address, Wifi address, GPS location data, address, payment details etc). Such information is collected by GD Customers when you interact with GD Customers’ Digital platforms, in accordance with GD Customers’ terms of service and/or privacy notices.

We may combine the information we have collected from GD Customers with data points from Grab’s ecosystem to derive relevant insights (for example, insights on whether there are signs of app modification, data manipulation, device tampering, GPS spoofing). We do not attempt to personally identify you based on the information above in order to provide GrabDefence to GD Customers.

II. USE OF DATA

We generally process your information on behalf of GD Customers in order to assist with their fraud detection efforts. It is up to the GD Customers’ sole discretion to apply the outcome derived from the use of GrabDefence on their Digital Platforms.

In this regard, we may use, combine and process your information for the following purposes (“Purposes”):

  • providing, operating and maintaining GrabDefence; 
  • investigating faults with, and troubleshooting, GrabDefence; 
  • research and development for GrabDefence, including but not limited to improving existing features and services, or developing new features and services, for GrabDefence; 
  • detecting patterns in the datasets collected to gather insights on fraudulent activities;
  • regulatory and internal audit compliance purposes; and
  • responding to any law enforcement request or court order.

Please be assured that the information collected will not be used by Grab for any marketing efforts or combined with any other datasets available to Grab in a manner that unfairly prejudices you. 

III. DISCLOSURE OF DATA

We may need to share information with various parties for the Purposes. These parties include:

  • GD Customers, with whom you are registered as a user;
  • Our subsidiaries and affiliates;
  • Our service providers (for example, we use Amazon Web Services’ cloud to host your information); and
  • Our legal advisors, law enforcement officials and government authorities.

Save for the above mentioned parties, we will not disclose your information to any other third party.

IV. YOUR RIGHTS OVER YOUR DATA

In accordance with applicable privacy laws and to the extent that any information collected pursuant to the use of GrabDefence may constitute personal data, you may be entitled to access or update your personal data. Given that GrabDefence’s processing of your personal data is premised on GD Customers’ use of GrabDefence when you use their Digital Platforms, if you would like to exercise your rights, we recommend that you directly approach the operator of the Digital Platform you are using to obtain more information about how your information is used and processed, and to exercise your rights over your personal data.

V. RETENTION OF DATA

We retain your information for as long as we have a business purpose (i.e. to provide GrabDefence, and to fulfil the Purposes) or legal purpose to do so. Once these purposes are satisfied, we take steps to destroy or anonymise your information.

VI. INTERNATIONAL TRANSFERS OF DATA

Your information may be transferred from your current location while using GD Customers’ Digital Platforms to another jurisdiction.

VII. PROTECTION OF DATA

We implement reasonable legal, physical, organisational and technical measures to ensure that your Personal Data is protected. This includes measures to prevent loss, unauthorized access or misuse of your information.. We limit access to your information to our employees on a need to know basis. Those processing your data will only do so in an authorised manner and are required to treat your information with confidentiality. 

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the absolute security of your Personal Data during online transmission. By using our Services, you acknowledge that some risk remains with any data sent or transferred online.

VIII. AMENDMENTS AND UPDATES

Grab shall have the right to modify, update or amend the terms of this Statement at any time by placing the updated Statement on its website. 

If you have any queries about how your data is being used, please reach out to the GD Customer with whom you may be registered as a user. If you have other queries relating to GrabDefence, please contact our Data Privacy Officer via the form set out in Grab’s Privacy Notice.

Dịch vụ trung gian thanh toán do Công ty Cổ phần Công nghệ và Dịch Vụ Moca cung cấp. Mã số doanh nghiệp: 0106254974