Privacy Notice Figo

1               Who are we and what do we offer?

We are FIGO B.V.  (FIGO). We optimize public transport and private mobility travel experiences. We enable our Users to use all modes of transportation that are available in their city using one app (our Services).

You can find more information about our Services on our Website:


2               Privacy Notice

This is our General Privacy Notice. In this document we explain what kind of Personal Data (defined below) we collect in the context of our Services. We also explain what role we have in the processing of Personal Data, how long we retain them and what rights you have as a Data Subject.


3               Personal Data and Controller

We process Personal Data. Personal Data means all information by which a person can be directly or indirectly identified. Under the General Data Protection Regulation (GDPR) we are the so-called Controller for the processing of Personal Data as described in this Privacy Notice. If you have questions about the processing of your Personal Data, you can always contact us through the contact details listed at the bottom of this Privacy Notice.

Please note that we are  the Controller within the meaning of the GDPR for any Personal Data collected via the FIGO app. 

4               What Personal Data do we collect as Controller?

We process the following Personal Data of Users:


(Personal) Data:



Legal basis:


If you create an account: 


Your name, telephone number, email address, date of birth, gender, street name, postal code, city, driving license


We use these data to:

–   provide our Services to you and support you in using our Services; 

We may process these Personal Data to perform our contract with you, i.e. with respect to our Services.

In addition, we process these data because we have a legitimate interest to improve/expand our Services.

If you use Services for which we charge:

Contact information (your name, telephone number and/or email address) address, invoice details, IBAN and BIC code.

We use these data to:

–   handle, check and administer payments from you;

–   maintain our list of accounts receivable and outstanding invoices; and

–   include in our administration on behalf of the tax authorities.

We may process these data, because this is necessary to perform our contract with you, i.e. with respect to our Services.

We may also process these data because we are legally obligated to administer for (and share some of these data with) tax authorities.

If you subscribe to our newsletter, we process the following Personal Data:


(Personal) Data:



Legal basis:


If you subscribe to our newsletter:


Name and e-mail address.



We use these data to:

–   send you our newsletter and keep you informed on all our (future) Services.

We may process these data, if you gave us your consent to do so (by subscribing via our Website).

We may send our Users – who paid for our Services – newsletters, because we have a legitimate interest to do so. In every newsletter there is a link via which you can unsubscribe.

If you engage with us via one of our email addresses or social media channels, we process the following Personal Data:


(Personal) Data:



Legal basis:


Contact information:

The contact information you share when contacting us (e.g. your name, e-mail address, social media username and bio) and the content of the correspondence or post you share with us.


We use these data to:

–   respond to your posts and comments and to answer/handle your questions and feedback;

–   support you in using our Services; and

–   improve our Services as a result of the posts, comments, questions and feedback received from you.

We may process these data, because we have a legitimate interest to contact and assist you based on your input and to improve our Services as a result of that.

Our social media pages are also controlled by the provider itself. Please check their own privacy policies, to see how each social medium handles Personal Data:

Instagram: Privacy Policy

LinkedIn: Privacy Policy

Personal Data we process when you visit our Website:

(Personal) Data: Purpose(s): Legal basis:

Usage Data:

Information on how the Website is accessed and used, such as your IP-address, when and for how long you visit the Website, which pages you visit on the Website, on which links you click and technical information (e.g. type of browser and operating system) (“Usage Data”)

We collect the Usage Data using cookies and/or similar techniques.

Our Cookie Statement outlines the purposes for which Usage Data is processed and the principles underlying the processing of Usage Data.

We may process these data because we have a legitimate interest to do so, namely to analyse and improve the Website, or because we have obtained your consent.



5               Mandatory information

It may be legally or contractually required that you provide us with certain Personal Data, as indicated with a (*). For example, we need your email address to be able to respond to your question or request. Where you do not provide us with such information, this will usually imply that we will not be able to provide you with specific Services or perform part of our agreement with you.


6               How long do we keep the Personal Data?

We store Personal Data for as long as we need it for the above purposes, unless we are legally obliged to retain the Personal Data for a longer period. In this respect, we apply the following retention periods:

  •   Newsletters | We retain the Personal Data used for sending newsletters until you unsubscribe from our newsletters, or we decide to not send newsletters anymore.
  •   Cookies | You can find more information about the retention periods of Personal Data collected via cookies in our Cookie Statement.
  •   Personal Data in correspondence | This data is stored as long as necessary to handle your message/question/feedback.
  •   Personal Data in our records for the (tax) authorities | This data is stored for seven (7) years, unless we are legally obliged to retain the data for a longer period.

Apart from (and even after expiry of) the aforementioned purposes and corresponding retention period(s), we may process and retain certain Personal Data to comply with legal retention obligations and/or for fraud/misuse investigations or to substantiate a (judicial) claim. In such events, we will retain the Personal Data separately and only use such Personal Data for the aforementioned purposes.


7               Do we share your Personal Data with others?


We use third parties (Processors) who support us in providing our Services. Within this context these Processors receive Personal Data from us which they process on our behalf. For instance, we use Processors for building and maintaining our Website, sending our newsletters and hosting our data.

These Processors may only use or disclose the data collected and processed by us within the scope of our instructions to them and under no circumstances for other purposes.


We may also share your Personal Data with external controllers in the following cases:

  •   Payments for our paid Services will be processed by Stripe and the specific third-party payment provider that you choose, such as Visa, MasterCard, Maestro, SEPA, or AMEX
  •   Tax authorities: We are legally obliged to include (some of) the Personal Data in our financial administration, which must be shared with the national tax authority. The tax authority will process these Personal Data in accordance with its own privacy policies.

We may also share your Personal Data with relevant parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Apart from the above, we will not share your Personal Data with third parties, unless we are legally obliged to do so.


8               Export of Personal Data outside the European Union

We may transmit Personal Data to parties outside the European Union, if one of the Processors or Controllers is established outside the European Union. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European standards. You contact us if you wish to receive more information or a copy of the safeguards we take in this scope where necessary.


9               Third party websites

You may find advertising or other (hyper)links on our Website that link to the websites, products and services of partners, suppliers, advertisers, sponsors, licensors or other third parties. We do not control the content or the links that appear on these websites and we are not responsible for the practices employed by websites linked to or from our Website. In addition, these websites, products and services, including their content and links, may be constantly changing. These websites, products and services may have their own privacy notices, user terms and customer service policies. Browsing and interaction on any other website, including websites that are linked to or from our Website, are subject to the terms and policies of that website.


10             Changes of the Privacy Notice

The Privacy Notice may be changed from time to time. Please check our Privacy Notice frequently. The new Privacy Notice will be effective immediately upon posting on our Website. If we change our Privacy Notice significantly, then we will state so on our Website together with the revised Privacy Notice.


11             Your rights as a Data Subject and our contact data

You are always entitled to file a complaint with a data protection supervisory authority if you believe that we are not processing your personal data in accordance with the GDPR. In the Netherlands, the supervisory authority for data protection is:

Autoriteit Persoonsgegevens


If you have questions or concerns about this Privacy Notice or your privacy, you can contact us at



W.J. Wenkebachweg 144

1114AD, Amsterdam

The Netherlands




Chamber of Commerce: 74766759