E-Grid Rider Privacy Policy
Last Updated on January 29, 2026
Applies to riders using e-Grid services for ride-hauling and delivery service providers.

e-Grid Inc. ( ge-Grid h, gwe h) collects, uses, and protects rider personal data for our rider platform services (ride-hailing, food delivery, courier; gservices h) via mobile app/website. This policy targets riders as independent contractors.

You (or "Rider"): refers to the individual applicant, independent contractor, or authorized rider who has registered to use the e-Grid platform for the purpose of providing transportation, delivery, or logistics services. This includes anyone accessing the Services via a Rider-Partner account.

1.       Data We Collect About Riders

We collect the following personal data for the purposes of providing the Service, managing operations, ensuring security, preventing fraud, and improving service quality and energy efficiency:

• Identity: Name, nickname, DOB, gender, profile photos, national ID/passport, driver's license, signature.
• Contact: Phone, email, address, emergency contacts.
• Financial: Bank details, tax ID, payout history.
• Vehicle: Type/brand/model/color/plate/chassis, registration/insurance docs, capacity, DLT public vehicle registration.
• Work/Performance: Ratings, acceptance/cancellation rates, trip history (routes, duration, fares), chat logs.
• Location and telematics: Real-time GPS (online/trip-active), speed, acceleration information, service region routes, timestamps, EV battery charge/discharge data.
• Device/Tech: Device ID, OS, IP, advertising ID, crash logs, Root status, sensors, SDK data.
• Verification: Criminal records (Royal Thai Police), daily facial recognition (ThaID), biometrics (face scan), health/disability data (explicit consent only).
• Other: Official docs, insurance claims, referrals.

We minimize sensitive data collection; redact unnecessary sensitive info (e.g., religion on ID). You ensure accuracy and notify changes. Third-party data (e.g., emergency contacts) requires their consent.

Sources: Direct from you, auto-collected (GPS/usage), affiliates/partners, public/background checks, other users.

2. How We Use Rider Data

Core Services (contract necessity):

• Onboarding/KYC, account management, job matching/navigation.
• Trip tracking, fare/incentive calculation, payouts.
• Safety: real-time monitoring, emergency response.

Improvement/Safety (legitimate interests):

• Performance analytics, fraud detection, ratings.
• R&D, A/B testing, algorithm training (anonymized where possible).
• Telematics analytics

Communications:

• Service updates, support, promotions (consent-based opt-out).

Legal/Compliance:

• Tax/audit, regulators, claims defense.
• Annual ETDA compliance reports (vehicle count, driver verification methods)
• DLT vehicle registration system integration

Automated decisions (e.g., job allocation, fraud flags) include human review option.

3. Legal Bases

• Contract: Service delivery/payouts.
• Legal Obligation: KYC/tax/ETDA driver verification.
• Legitimate Interests: Safety/fraud/R&D (balanced vs your rights).
• Consent: Marketing, sensitive data (biometrics/health); withdraw anytime.

Non-provision may limit Services.

4. Sharing Your Data

The Company shall establish Data Processing Agreements with its external service providers in compliance with the PDPA and shall maintain appropriate supervision to ensure the protection of personal data.

During Trips (essential + ETDA mandatory): Customers/merchants see name, photo, vehicle/plate, rating, live location/route, fare calculation (display mandatory).
Partners: Payment processors, insurers, background firms, cloud/analytics providers, fleet managers.
Group/Affiliates: For operations (Japan/Thailand).
Legal: Regulators, law enforcement, mergers.
No selling. Aggregated/anonymized data shared for research.

5. Cross-Border Data Transfers

Where we transfer personal data between Japan and Thailand, or to other countries, we ensure that such transfers are conducted in compliance with the Thailand Personal Data Protection Act (PDPA). Where the destination country does not provide a level of personal data protection recognized as adequate under Thai law, we implement appropriate safeguards, including Standard Contractual Clauses, to ensure the protection of personal data and the enforceability of data subjects f rights. Further information regarding such safeguards is available upon request.

6. Retention

• KYC/ThaID documents: Account active + 5 years.
• Personal data associated with inactive accounts that have not been used for over three years will be deleted, except where retention obligations under Thai law apply (e.g., the 10-year retention requirement for tax records).
• Communications: 3 years following resolution.
• Secure shredding or erasure after retention. Processors do the same.

7. Security

In order to prevent the leakage, loss or damage of personal data and to otherwise ensure its safety, we will take the following security measures in accordance with the Personal Information Protection Act of Thailand (PDPA) and related guidelines.

• Technical: Encryption (TLS/SSL), access controls, hashed passwords.
• Organizational: implementing education and training for employees, regular internal audits, and establishing an internal system for protecting personal data.
• Physical: Secure facility management including access control, encryption of work devices.
• Notification Obligations in the Event of a Breach: In the event of a personal data breach resulting in leakage, loss, or damage, and where such a breach poses a risk to the rights and freedoms of data subjects, the Company is obligated to notify the Personal Data Protection Commission (PDPC) within 72 hours of becoming aware of the breach. Where the risk is assessed as high, the Company is also obligated to promptly inform the affected individuals and provide details of the remedial measures taken.

8. Cookies & Tracking

Our application may use cookies and other tracking technologies, such as software development kits (SDKs), for purposes including session management, service functionality, usage and performance analysis (e.g., Google Analytics or Firebase), and, where applicable, the delivery of advertisements. Users may manage or disable certain tracking technologies through their device or browser settings. Please note that technologies that are strictly necessary for the operation and provision of our services may be used at all times.

Push Notifications

We may send push notifications regarding ride dispatch, service announcements, and summary information regarding earnings. Users can set whether or not to receive push notifications by following the steps below.

iOS: Settings > e-Grid > Notifications

Android: Settings > Apps > e-Grid > Notifications.

9. User Rights

Users have the following rights with respect to their personal data held by the Company in accordance with the Thailand Personal Data Protection Act (PDPA):

• Right of Access: the right to request access to, and obtain a copy of, their personal data held by the Company.
• Right to Rectification: the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: the right to request deletion of personal data under certain conditions prescribed by law.
• Right to Restriction of Processing: the right to request a temporary restriction on the processing of personal data as permitted by law.
• Right to Data Portability: the right, where applicable under law, to receive personal data in a machine-readable format.
• Right to Object: the right to object to the processing of personal data based on the Company fs legitimate interests.
• Withdrawal of Consent: where processing is based on consent, the right to withdraw such consent at any time.
• Automated Decision-Making: where decisions are made solely through automated processing, the right to receive meaningful information about such processing and to request human review.
• Right to File a Complaint: Users have the right to file a complaint with the Personal Data Protection Commission (PDPC) if they believe that the Company has processed personal data in violation of the Thai Personal Data Protection Act (PDPA) or any related laws and regulations.

Exercise of Rights
To exercise any of the above rights, users may contact us at the address below. In principle, we will respond within a reasonable period in accordance with applicable laws (normally within 30 days).

Contact: prxyzivacy ＠ e-grido.co.jpk

10. Personal Data of Minors

This service is intended for individuals who are 20 years of age or older, who are considered adults under the laws of Thailand. We do not intend for minors to use this service. If we become aware that we have collected or retained personal data relating to a minor, we will promptly delete such personal data.

11. Changes to this Policy

We may change the contents of this policy. We will notify users of important changes by appropriate means such as email or in-app notification. If you continue to use the Service after changes have been made, you will be deemed to have agreed to the changes.

12. Thailand-Specific Requirements (PDPA + ETDA) 

In providing services in the Kingdom of Thailand, our company complies with the following laws and related notifications:

• Applicable Laws:

·         Personal Data Protection Act (B.E. 2562) (PDPA).

·         Royal Decree on Digital Platform Services (B.E. 2565).

·         Electronic Transactions Development Authority (ETDA) Notice Regarding Ride-Hailing Platforms (Effective March 31, 2026).

• Rider Authentication and Verification (ETDA Notice Article 18, Paragraph 3):
• Daily facial recognition verification conducted prior to the commencement of ride operations.
• Identity verification through ThaID or a linked government-issued identification document.
• Criminal background screening conducted by the Royal Thai Police.
• Possession of a valid government-issued driver fs license and use of vehicles registered with the Department of Land Transport (DLT).
• Prohibition of account sharing.

·         Vehicle Requirements:

• All vehicles used for service provision must be registered as public vehicles with the Department of Land Transport (DLT).
• Installation and operation of real-time GPS tracking systems.
• Display of fare calculation information in accordance with applicable regulations + real-time GPS.
• Account sharing prohibited

13. Certified Personal Information Protection Organization

Name of Certified Personal Information Protection Organization
General Incorporated Foundation Japan Institute for Promotion of Digital Economy and Community (JIPDEC)

Complaint Resolution Contact
Personal Information Protection Complaint Consultation Office

Address
Roppongi First Building
1-9-9 Roppongi, Minato-ku, Tokyo 106-0032, Japan

Telephone
03-5860-7565 / 0120-700-779

14. e-Grid Personal Information Consultation and Complaint Desk

e-Grid Inc.
Personal Information Consultation Desk Manager: [
Chief Personal Information Protection Officer: [

Address
526 Tsunematsu-cho, Izumo-shi, Shimane Prefecture 693-0057, Japan

Email: prxyzivacy ＠ e-grido.co.jpk