Privacy Policy
Effective date: 1 June 2026 · Last updated: 1 June 2026
Summary: Rit Belgium BV operates the Rit ride-hailing platform. We collect only the personal data necessary to provide our service. We never sell your data. You have full rights under the GDPR to access, correct, or delete your information. Questions? Use our contact form.
1. Data Controller
The data controller responsible for your personal data is:
Rit Belgium BV
Registered office: Ghent, Belgium
BCE/KBO registration number: [to be registered]
VAT: BE [to be registered]
Contact: rit.taxi/contact
2. Data We Collect and Why
We collect personal data only when necessary and for specific, lawful purposes.
2.1 Account and Identity Data
Full name, phone number, e-mail address, profile photo (optional). Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
2.2 Location Data
Pickup and destination coordinates, real-time GPS position during an active trip. Location is collected only while the app is in use for an active booking. Legal basis: performance of a contract; legitimate interest in safety and dispatch accuracy.
2.3 Trip and Transaction Data
Booking history, fare amounts, payment method type (card last 4 digits or cash), receipts, cancellations. Legal basis: performance of a contract; compliance with legal obligations (Belgian accounting law).
2.4 Device and Technical Data
IP address, device model, operating system, app version, crash logs. Legal basis: legitimate interests in maintaining a secure and functional platform.
2.5 Communications
Customer support tickets, in-app messages, ratings and reviews. Legal basis: performance of a contract; legitimate interests.
2.6 Verification Data (Drivers only)
National identity document, driving licence, vehicle registration, taxi licence, insurance certificate, criminal background check result. Legal basis: compliance with Belgian taxi regulation; performance of a contract.
3. How We Use Your Data
- Matching passengers with drivers and facilitating trips
- Processing payments and issuing receipts
- Sending OTP verification codes and booking confirmations via SMS
- Providing customer support and resolving disputes
- Ensuring safety (SOS alerts, incident investigation)
- Preventing fraud and abuse
- Complying with legal obligations (tax records, regulatory reporting)
- Improving our platform through anonymised analytics
We do not use your data for automated decision-making that produces legal effects, profiling for advertising, or sale to third parties.
4. Data Sharing and Recipients
We share your data only where necessary:
- Drivers/Passengers: limited trip-relevant information (name, rating, pickup point) is shared between matched parties
- Payment processors: tokenised card data for processing payments
- SMS gateway (Twilio): phone number for OTP delivery — data processed under a Data Processing Agreement
- Cloud infrastructure (Supabase/AWS EU-West): database and file storage — data stored within the European Economic Area
- Regulatory authorities: when required by Belgian law or court order
We do not transfer personal data outside the EEA without adequate safeguards (Standard Contractual Clauses or equivalent).
5. Data Retention
- Account data: retained for the duration of your account, plus 2 years after closure
- Trip records: 7 years (Belgian accounting and tax law obligations)
- Location data: deleted 90 days after trip completion
- Support communications: 3 years from closure of the ticket
- Driver verification documents: duration of the driver relationship plus 5 years
6. Your Rights Under GDPR
As a data subject under Regulation (EU) 2016/679, you have the following rights:
- Right of access (Art. 15): obtain a copy of all personal data we hold about you
- Right to rectification (Art. 16): correct inaccurate data
- Right to erasure (Art. 17): request deletion, subject to legal retention obligations
- Right to restriction (Art. 18): limit processing in certain circumstances
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, you may withdraw at any time
To exercise any right, submit a request via our contact form with proof of identity. We will respond within 30 days.
7. Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Rue de la Presse 35, 1000 Brussels · dataprotectionauthority.be
8. Security
We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, strict access controls, and regular security audits. No system is completely immune to breach; in the event of a breach that poses a risk to your rights, we will notify the GBA within 72 hours and affected individuals without undue delay.
9. Cookies
Our website uses cookies. Please see our Cookie Policy for details.
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified via the app or e-mail at least 30 days before they take effect. Continued use of the platform after the effective date constitutes acceptance.
Rit Belgium BV · Ghent, Belgium