Privacy Policy

Last updated: June 20, 2026

This Privacy Policy explains how RIKBA collects, uses, stores, shares, retains, and protects personal data relating to Riders, Drivers, website visitors, applicants, support users, and other persons who interact with the RIKBA platform and services.

This notice applies to the website, mobile applications, support channels, marketing touchpoints, onboarding flows, and other interactions connected with the platform.

RIKBA Rides Ltd. is the controller of personal data processed for the core operation of the platform, except where a separate notice states otherwise.

For privacy-related matters, users may contact RIKBA at info@rikba.eu. Where required under applicable law, a data protection contact or representative may be appointed.

Depending on how you use RIKBA, we may collect the following categories of personal data:

Rikba Driver uses GPS and location services to collect the driver's approximate and/or precise location when the driver uses the app, is online or available, or is assigned to or completing a trip. This location data is necessary to provide core ride-hailing services, including driver availability, nearby ride assignment, navigation, live trip tracking, estimated arrival times (ETA), route management, dispatch and admin monitoring, safety, support, fraud prevention, and service improvement.

Location data may be shared with riders or customers where required for the booking or trip, with authorised dispatchers and administrators, with map and navigation providers, and with backend, cloud, and service providers that help operate, secure, and support the platform. Location data may also be disclosed to legal or regulatory authorities where required by applicable law.

Drivers can manage or disable location permissions at any time from their device settings. However, disabling location access may prevent the Rikba Driver app from functioning correctly, including receiving trip assignments, navigation, and live trip tracking.

RIKBA collects data directly from the user, automatically through app and website use, from payment partners, from verification and fraud-prevention vendors, from support interactions, and from authorities or third parties where legally permitted and operationally necessary.

Some data is generated during platform use, such as trip history, timestamps, support logs, and app event records. Where available features allow it, data is also collected when a user captures or uploads images or documents through camera or media-library permissions.

We process personal data for purposes including:

• account creation, login, verification, and identity management;
• onboarding and eligibility verification, driver and document approval, and vehicle, sticker, or branding verification;
• trip dispatch, matching, route coordination, navigation support, and ride history management;
• payment processing, refunds, accounting, fraud prevention, collections, and chargeback handling;
• customer support, safety and compliance checks, dispute handling, and communications;
• security, abuse detection, sanctions compliance, internal audit, legal defence, and regulatory cooperation;
• incident review and support or dispute evidence handling;
• product development, analytics, reliability improvements, and lawful marketing activities.

RIKBA relies on contractual necessity where data is required to provide bookings, trips, payments, and account functionality; on legal obligation where retention, reporting, and lawful disclosures are required; on legitimate interests for security, fraud prevention, service quality, and legal defence; and on consent where required for certain marketing or tracking activities.

Where consent is used, it may be withdrawn at any time without affecting prior lawful processing. Where processing is based on legitimate interests, RIKBA ensures that such interests are balanced against the rights and freedoms of the data subject.

RIKBA may share personal data with Drivers for trip execution, with payment processors and banks for transaction handling, with cloud and software vendors for hosting and communications, with verification and fraud-prevention providers, with insurers and advisers, and with authorities or courts where required or appropriate under law.

Only data necessary for the relevant purpose is intended to be shared. RIKBA ensures that all third-party service providers are contractually bound to process personal data in accordance with applicable data protection laws and only for specified purposes.

Where personal data is transferred outside the European Economic Area, RIKBA will rely on an appropriate transfer mechanism recognised under applicable data protection law, such as adequacy decisions or standard contractual safeguards, together with supplementary measures where needed.

Where required, RIKBA implements supplementary safeguards to ensure that personal data transferred outside the European Economic Area is adequately protected. Where applicable, individuals may request additional information regarding international data transfers and the safeguards applied.

Personal data is retained only for as long as necessary for the purposes for which it was collected and in accordance with applicable law.

Typical retention periods include:

• account data: retained for the duration of the account and up to 5 years after closure;
• transaction and payment records: retained for up to 10 years to comply with tax and accounting obligations;
• support communications: retained for up to 24 months;
• location and trip data: retained for up to 12 months unless required for dispute resolution or legal claims;
• fraud and security data: retained as long as necessary to prevent abuse and comply with legal obligations.

Data may be retained longer where required for legal claims, regulatory compliance, or safety investigations. When no longer required, data will be securely deleted, anonymised, or archived.

RIKBA applies technical and organisational measures designed to protect personal data, including access control, system monitoring, role-based restrictions, encrypted transmission where appropriate, vendor due diligence, and incident management procedures. No method of transmission or storage is entirely immune from risk, but RIKBA seeks to maintain safeguards proportionate to the nature of the data and the processing involved.

• the right to be informed about processing activities;
• the right of access to personal data;
• the right to rectification of inaccurate or incomplete data;
• the right to erasure in certain circumstances;
• the right to restrict processing in certain circumstances;
• the right to object where processing is based on legitimate interests or direct marketing;
• the right to data portability where applicable;
• the right to lodge a complaint with the competent supervisory authority, including the Office of the Information and Data Protection Commissioner (IDPC) in Malta.

Users may exercise their rights by contacting info@rikba.eu. RIKBA may request verification before responding to a rights request where this is necessary to protect the data of the requester and others.

RIKBA will respond within the timeframes required by applicable data protection law, subject to lawful extensions where complex requests justify additional time.

The platform is not intended for independent use by children under the minimum age required by the service terms. Marketing communications will be sent only where there is a lawful basis, and recipients may opt out where applicable.

RIKBA may use automated tools to help detect suspicious activity, payment risk, account misuse, spam, or fraud. Where such tools materially affect a user, additional review or safeguards may be applied in accordance with applicable law and internal procedures.

Users have the right to request human review of decisions that significantly affect them and to contest such decisions where applicable under data protection law.

RIKBA uses cookies and similar tracking technologies to operate and improve its website and services. Cookies may be used for authentication, security, analytics, and user experience purposes. Where required by law, users will be asked to provide consent before non-essential cookies are used. Users may manage or withdraw consent at any time through browser settings or consent tools.

This Privacy Policy may be updated from time to time. The latest version will be published through the platform or website.

Contact info@rikba.eu for privacy-related matters.