MTR Nordic AB (“MTR”) safeguards your personal privacy. This privacy policy explains how we collect and use your personal data. It also describes your rights in relation to us, and how you can exercise those rights.
The policy applies to persons who install MyHeadsapp (“services”) or who otherwise come into contact with us via our services.
It is important that you read and understand our privacy policy before using our services. If you have any questions about how your personal data are processed, please contact us via the contact details listed in section 5.
Personal data are any information which can be directly or indirectly (i.e. together with other data) linked to you, such as username, IP address, favourites trips and last known location.
In principle, processing means any operation performed with your personal data, such as collection, registration, organisation, structuring, storage, adaptation, transfer and erasure.
In this section, we explain how your personal data are used to provide you with relevant experiences, services and offers.
We process personal data from various sources.
We always process your personal data in accordance with current data protection legislation. This means that each processing operation has a legal basis. Most processing operations are performed to enable us to deliver the service. In certain cases – when we have a legitimate interest – our processing is based on a balancing of interests. If we process your personal data for any purpose which requires your consent, we will obtain your consent before commencing such processing.
Some examples of the purposes for which we process your personal data, and the legal bases on which this takes place, are presented below.
We process your personal data in order to:
Storage period: Your data are saved until lifetime end of service, or when you erase your historical data from the app.
Legal basis:Balancing of interests
We process your personal data (e.g. data about how you use our services such as trip search history, data about your personal preferences and trip history) on an aggregated level (i.e. not on an individual level) to develop and improve our services, including by compiling statistics for analysis.
Storage period: Your data are saved until lifetime end of service, or when you erase your historical data from the app.
Legal basis:Balancing of interests
We process your personal data in connection with personalized push messages.
Storage period: Your data are saved until lifetime end of service, or when you erase your historical data from the app.
Legal basis:Balancing of interests
We may process your personal data to provide you with offers, news, recommendations and informationwhich are related to your travel and preferences, from us or our partners, by push notifications or within the app. If you wish to opt out from receiving direct marketing, you can disable notifications in your device.
Storage period: Your data are saved until lifetime end of service, or when you erase your historical data from the app.
Legal basis:Consent
We process your personal data to ensure the security of our services (e.g. the app), to detect or prevent different types of unlawful use or use that otherwise violates the service.
Storage period: Your data are saved until lifetime end of service, or when you erase your historical data from the app.
Legal basis:Balancing of interests
We may share your personal data with:
Companies that manage personal data on our behalf must always enter into a data processor agreement with us so that we are able to ensure a high level of protection for your personal data with our partners and suppliers. We only share personal data for purposes that are consistent with the purposes for which the data were collected.
Special safeguards are taken when using partners and suppliers outside the EU/EEA, such as signing agreements that include the standardised model clauses for data transfer adopted by the EU Commission and which are available on the EU Commission’s website.
We protect your personal data through technical and organisational security measures. We use IT systems to protect confidentiality, privacy, and access to personal data. We have implemented specific security measures to protect your personal data against unauthorised or unlawful processing (such as unlawful access, loss, destruction or damage). Only those persons who actually need to process your personal data in order for us to fulfil our stated purposes have access to them.
You have certain rights in relation to us. If you wish to exercise any of your rights, please contact us via the contact details in the next section.
If you feel that our processing of your personal data does not comply with the data protection legislation, you are also entitled to lodge a complaint with the competent supervisory authority.
MTR Nordic AB is the data controller for the data processing performed in accordance with this privacy policy. If you would like more information on how your personal data are processed, or if you wish to exercise any of the rights listed above, please contact us:
MTR Nordic AB
Data Protection Officer
Address: Rålambsvägen 17, SE-112 59 Stockholm, Sweden
E-mail:personuppgifter@mtr.se
This privacy policy was last updated on Dec 2018 and may change. If we make significant changes to the policy, we will notify you about these changes at least 30 days before the changes come into effect by the app, through the services or by publishing a new version on app stores. You always have the option to reset historical user data in the app.