Data Privacy Framework Policy

Mears Data Privacy Framework Policy

The Mears group of companies provides a variety of transportation services in a number of markets. Get Me Mears2, LLC; City Cab Company of Orlando, LLC d/b/a GetMe Mears; Mears Destination Services, Inc.; Mears Global Chauffeured Services, Inc.; and other members or affiliates of its transportation group, including but not limited to Yellow Cab Company of Orlando, LLC; Checker Cab Company of Orlando, LLC (collectively, “Mears”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. This Data Privacy Framework Policy applies to Personal Data transferred to the United States from the European Union (EU), European Economic Area (EEA), Switzerland, and the United Kingdom (UK).

Mears has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Mears adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland.

Mears has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

This statement outlines our general policy and practices for implementing the Data Privacy Framework Program, including the types of Personal Data we gather, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, the Personal Data relating to them. If there is any conflict between this Policy and the Data Privacy Framework Principles, the Principles will govern. To learn more about the Data Privacy Framework Programs, and to view Mears’ certification, please visit: https://www.dataprivacyframework.gov/. The Federal Trade Commission (FTC) has jurisdiction over Mears’ compliance with Data Privacy Framework.

For purposes of this Policy, “Personal Data” means information that:

• Is transferred from the EU, EEA, Switzerland, or the UK, to the United States, in reliance on the Data Privacy Framework;
• Is about, or pertains to, a specific individual;
• Can be linked either directly or indirectly to that individual.

For the avoidance of doubt, the Data Privacy Framework Principles and this Policy do not apply to data that is transferred to or within Mears on any other legal basis or from any other source.

Principles protecting individuals’ privacy notice and choice

• We notify individuals about the Personal Data we collect from them, how we use it, and how to contact us with privacy concerns
• We provide such notice through this Policy and our contracts or other similar documents
• We collect and process Personal Data from individuals only as permitted by the Data Privacy Framework Program.
• Consent for Personal Data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use our services. Such consent is provided through our account registration, website forms, mobile applications, contracts, employment agreements, and other similar documents.

Data subjects

The Personal Data transferred from the EU, EEA, Switzerland, or the UK may concern the following categories of persons:

• Mears personnel;
• Clients, prospective clients, and website and application users;
• Our business partners and service providers (including their employees, agents, officers, workers, and owners)
• Advisors, consultants, and other professionals who render services to Mears.

Disclosures and transfers

Personal Data may be disclosed or transferred for one or more of the following reasons:

• We have the individual’s permission to make the disclosure;
• The disclosure is related to Mears providing its services (including payment processing)
• The disclosure is to another Mears entity or to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained;
• The disclosure is related to Mears marketing its services (including in-app notifications, texts, and emails);
• The disclosure is required by lawful request by public authorities, including to meet national security or law enforcement requirements;
• The disclosure is required by law or mandatory professional standards;
• The disclosure is reasonably related to the potential sale or other disposition of all or part of our business or assets;
• The information in question is publicly available;
• The disclosure is reasonably related to collection efforts or the establishment of a legal claim

We may transfer Personal Data from one jurisdiction to another. Privacy laws vary by jurisdiction, and some may provide less or different legal protection than others. However, Mears will protect Personal Data in accordance with the Data Privacy Framework Program regardless of the jurisdiction in which the data resides.

Mears may potentially be held liable for a third party’s vendors acts that result in the processing of Personal Data inconsistent with the Data Privacy Framework Program, as set forth in the EU-U.S. Data Privacy Framework.

Data security and integrity

We employ various physical, electronic, and managerial measures, including education and training of our personnel, designed to reasonably protect personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction. Personal data collected or displayed through a website is protected in transit by standard encryption processes. However, we cannot guarantee the security of information on or transmitted via the Internet.

Access to Personal Data

Persons to whom the Data Privacy Framework is applicable may request confirmation regarding whether Mears is processing their Personal Data, request access to their Personal Data, and/or request that Mears correct, amend, or delete their Personal Data if it is inaccurate or has been process in violation of the Data Privacy Framework Principles. The individual will need to provide sufficient identifying information, such as name, address, and birth date. We may request additional identifying information as a security precaution such as a national identifier (e.g. a Social Security number). In addition, we may limit or deny access to personal information where providing such access would: (1) be unreasonably burdensome or expensive in the circumstances; (2) compromise confidentiality obligations or the privacy, proprietary or legitimate rights of Mears or other third parties; (3) violate other applicable laws. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.

Persons who have consented to Mears’ collection, storage, transfer, disclosure to a third party, or other use of their Personal Data (“Processing”) may withdraw that consent at any time and opt out from any future Processing. To the extent, if any, Mears processes sensitive personal information (that is, personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, or information about the sex life of the individual), Mears will obtain your consent before Processing such data, except to the extent that such consent is not required under the Data Privacy Framework Principles.

Verification mechanism and enforcement

Verification of Mears’ Data Privacy Framework Policy will be through self-assessment. This program will include a statement, at least once a year, signed by an authorized representative of Mears, verifying that this statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible. We encourage interested persons to raise any concerns with us using the contact information below.

Individuals may submit a complaint in connection with Mears’ processing of their Personal Data under the Data Privacy Framework Program using the contact information below.

Mail: Attention: Privacy Mears Transportation 324 West Gore Street Orlando, FL 32806

Email: webmaster@mears.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mears commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mears commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to American Arbitration Association (AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of American Arbitration Association (AAA) are provided at no cost to you.

Under certain conditions, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information please visit https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

Amendment

We may amend this policy from time to time by posting a revised policy on this website, or a similar website that replaces this site. If we amend the policy, the new policy will apply to Personal Data previously collected only insofar as the rights of the individual affected are not reduced.

Information subject to other policies

We are committed to following the Data Privacy Framework Principles for all Personal Data within the scope of the Data Privacy Framework Program. However, certain information is subject to company policies that may differ in some respects from the general policies set forth in this statement.

Mears websites and applications have their own Privacy Policy that applies to those sites. These policies may be accessed through the websites or applications in question.

Information relating to present or former Mears personnel is subject to our policies concerning personnel data privacy, which are available to current Mears personnel on Mears’s intranet site and former Mears personnel upon request.

Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any contract, or other similar letters or agreements with the client.

Contact information

For further information or to submit a complaint, please contact us at:

Mail: Attention: Privacy Mears Transportation 324 West Gore Street Orlando, FL 32806

Email: webmaster@mears.com