Confidentiality notifications for passengers, in accordance with the European General Data Protection Regulation ( GDPR )
The information we provide below gives an overview of our approach regarding the processing of your personal data and your rights based on the provisions of data protection legislation regarding the use of our intermediation application for taxi transport services. for passengers (the Taxi RAL app).
The personal data processed depends very much on the services or products you use.
1 Information about the data operator
2 Processing purposes and categories of data processed
3 The basis of processing
4 Your rights
5 Data security
6 Retention Period
1. Data Operator Information
The data operator, according to the provisions of art. 4 point 7 GDPR for passengers on the territory of Romania:
Str Cotesti Nr 109 Focsani, Vrancea
* Phone: +40237.220.220
* E-mail address: firstname.lastname@example.org.
* Responsible for data protection: Cornel Ticau
The easiest way to contact the data protection officer is to send an e-mail to email@example.com or write to the addresses above.
2. Processing purposes and categories of data processed
We hereby intend to inform you about the different types of personal data we process and the purposes for which we do so.
2.1 Ordering the rides
The RAL Taxi application allows you to order a taxi ride through us. You must provide personal data in order to use the RAL Taxi application, to order taxis, data that we process to provide the respective service. The optional additional informations are marked as such.
In the context of the service of ordering the rides, the following personal data will be processed in accordance with the provisions of art. 6 paragraph (1) lit. (b) GDPR to carry out the contract:
- The exact GPS position (mobile networks) or approximate (WIFI networks) will be used to provide the driver the place where he will take the order.
- Nickname will be provided to the driver to eliminate the possibility of mistakenly taking an order, of taking another customer in the respective area.
- The e-mail address and telephone number will be used in the exceptional case by dispatch to contact you in case of errors related to the order (the driver will not find you in the indicated location, the driver will be delayed, etc.) if this does not can be done through the application.
- The email address and password will be used to allow you to log in to the system. In case of forgetting, the password can only be changed by you, on our servers it is stored in encrypted form.
- Device IMEI is used for authentication only for password-insecure accounts. We recommend setting a password on an account (email), in the future we will renounce authentication through IMEI. Setting an initial password for an old account can be done using the "Forgot Password" option.
- The addresses predefined by you are optional and will only be processed / stored if they are entered. These will allow you to quickly place a new order in the future.
- The history of your rides is kept on servers according to the Taximetry Law. In the application you will find this information and possibly use it for the quick placing of a new order.
- Bank data (card number, expiration date, CVV, embossed card name) are optional and will be processed and stored by our card processor only if they are entered, if you wish to pay online the rides with a card. In this case you will be forced to secure your account with a password, we not accepting the old accounts secured through the device\'s IMEI. On our servers will be stored only the type of card, the termination of the card number and the expiration date to give you the possibility to identify a card at the time of subsequent use.
- The data of the company (Name, fiscal code, email and address) are optional and will only be required if you want to pay with the payment order or with a business card of the courses made for business.
At the time of registration, personal data is either entered by you (eg, name), or received directly from your device (eg GPS location). During the use of the application there may be additional personal data provided by the taxi dispatcher (the history of your orders).
You cannot order transport services through us if we cannot process your personal data indicated above.
This does not apply to optional information. Optional information provided by you will eventually allow you to use additional options in the application, such as online payment of the ride by card.
In the context of online payment, the following personal data will be processed in accordance with the provisions of art. 6 paragraph (1) lit. b) GDPR to carry out the contract:
- first and last name, the start and destination coordinates of the ride, the e-mail address, the phone number, the last four digits of the card number, the card expiration date.
We cannot offer you certain payment methods if we do not process this personal data. But you can pay in another way.
We have taken the appropriate technical and organizational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as against intentional modification, loss or destruction. These measures are periodically reviewed and adapted according to the latest technologies. The transfer of your data from your device to us is always encrypted.
You can pay for the rides ordered in cash or by the payment function by app.
The payment function by app allows you to pay directly to the driver without cash, using the RAL Taxi application. We will debit the amount through the payment method specified by you. You can communicate the details of your bank card through the application, directly to our payment service provider, through an encrypted connection, to activate the payment function by app. The payment service provider holds the PCI DSS (Payment Card Industry Data Security Standard) certification. Only the last four digits of your bank card number and the expiry date are transmitted to us for security reasons, and we store them for identification and verification.
In order to protect you against fraudulent additional charges, the driver\'s mobile device sends us the GPS location at short intervals during a ride, which allows us to map the entire trip. We do this because we want to make sure that the Driver does not extend the ride intentionally.
If you think you have paid too much, you can request the route for the respective ride. The processing of the data of your GPS location takes place for your and our protection against Drivers and / or fraudulent passengers based on the provisions of art. 6 paragraph (1) lit. f) GDPR, in order to protect your and our interests (eg, against fraudulently supplemented fees).
2.3 Error elimination, customer service and functionality improvement
In order to be able to eliminate the errors within the Taxi RAL application, to answer certain specific requests of the clients regarding the functionalities or the services of transport control services and to adapt the Taxi RAL application to the needs of the passengers, the following personal data are processed in order to fulfill the contract according to the terms of art. 6 paragraph (1) lit. b) GDPR:
- first name, e-mail address, mobile phone number, your actual GPS location at the time of placing the order or the location indicated by you on the map, the addresses predefined by you, the start and destination coordinates of the ride and information about your device (IMEI).
If that is enough, we work with anonymised or aggregated data, and not with personal data.
2.4 Business account
You can also order the rides invoice for your business trips, according to "Framework conditions for Taxi RAL accounts of the business account". If you use the Taxi RAL application to book rides for a business trip or if you decide to pay a company ride, then the personal data that Taxi RAL collects through the use of the Taxi RAL application will be transmitted to the contracting party that authorizes you to initiated a business trip, for the purpose of processing and pricing the ride ("billing data"). If a ride is charged as a business trip, then the relevant data for billing (especially name / surname, e-mail address, fare, time, starting point and destination of the ride) will be transmitted to your employer or company that agreed with your race. The data will be transmitted as necessary measure in order to pay the cost of the ride by the holder of company account, in accordance with the provisions of art. 6 paragraph (1) GDPR.
If the user has the right to pay business travel type through an account of the legal person belonging to his employer, then he is obliged to provide correct information regarding the nature of a ride performed (for personal or business purpose). The RAL Taxi application is neither obliged nor has the possibility to determine if the respective ride was carried out for personal or professional purpose.
RAL Taxi will not be responsible for the expenses, costs or damages that result from the fact that a user to whom a contractual partner has granted the option to declare rides as business trips through the account of the legal partner of the contractual partner, respectively that a ride has been performed for professional or personal interest.
2.5 The evaluation process
At the end of each ride, we request the evaluation of the drivers, the completion constituting your agreement to participate in the evaluation process. When you submit a rating, it is assigned to a specific trip and taken into account the average of the ratings of the respective driver and of his vehicle. It does not involve the transmission of personal data to the Driver.
3. The basis of data processing
In general, the processing of Personal Data is necessary in order to carry out the activity specific to the purpose of processing, more precisely, the provision of services through the RAL Taxi application.
In general, you are required to provide your personal data as required.
In order to be able to process your personal data, Taxi RAL is based on different legal bases, as follows:
- The processing is necessary to make the necessary steps before the conclusion of the contract between you and Taxi RAL, as well as for the performance of the existing contract;
- The processing is necessary in order to fulfill a legal obligation, such as, for example, issuing an invoice;
- The processing is necessary for the purpose of the legitimate interest of the company to process the respective data. In the course of its activity, Taxi RAL processes your data in order to be able to offer you the requested services, as described in this Policy.
4. Your rights
You have the right to request information from us at any time regarding your personal data that we hold, as well as the origin, the recipients or categories of recipients to whom these data are transmitted or disclosed, the purpose of the retention and processing, the period of retention, our automated decision-making procedure, the right to data portability, the existence of the right of rectification, deletion, restriction or opposition against processing and the right to transmit notifications to the supervisory authority.
You also have the right to rectify incorrect data and, in cases where the legislative provisions are met, their deletion, as well as to restrict their processing. Based on the conditions provided by the applicable law (GDPR), you have the following rights:
(i) Right of access: You have the right to be notified, upon request, if your personal data are processed, and if so, you have the right to request access to them. The information includes, among others, the purposes of processing, the categories of personal data affected and the recipients or categories of recipients to whom your personal data have been disclosed or will be disclosed. You have the right to obtain a copy of your personal data processed. For additional children, we can charge you a reasonable fee, based on administrative costs.
(ii) The right to rectification: You have the right to obtain from us the rectification of your incorrectly personal data. Depending on the purpose of processing, you have the right to complete incomplete personal data, including through a supplementary statement.
(iii) The right to delete ("the right to be forgotten"): You have the right to ask us to delete your personal data.
(iv) Right to restriction: You have the right to request a restriction on the processing of your personal data. In this case, the respective data will be marked and can be processed by us only for certain purposes.
(v) The right to data portability: You have the right to receive your personal data that you have provided to us, in a structured, common and machine-readable format, and you have the right totransmit this data to another entity without objections from us.
(vi) The right to object: You have the right to object, for reasons related to your situation, at any time, to the processing of your personal data by us, and we may be required to we will no longer process your personal data. If you have the right to object and exercise it, we will no longer process your personal data for that purpose. The exercise of this right does not imply any cost. This right can be invalidated especially if the processing of your personal data is necessary for the formalities related to the conclusion of a contract or for the fulfillment of a contract already concluded.
You can send requests for information, withdrawal of consent, objections and other communications regarding data processing by e-mail at firstname.lastname@example.org or at the addresses provided in the introduction.
We reserve the right to respond to requests received within the time allowed by law, as well as to protect us against repeated or unintentionally wrong requests.
5. Data security
We have taken the appropriate technical and organizational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as against intentional modification, loss or destruction. These measures are periodically reviewed and adapted according to the latest technologies. The transfer of your data from your device (eg smartphone) to us is always encrypted.
6. Retention period
Your data will be retained for the duration of the contract. In principle, we will keep your personal data for the duration requested or permitted by the applicable law. After the termination of the contractual relationship between us, we will retain the data for a period of three years from this moment. In addition, the legal provisions (for example the retention periods under the tax legislation) require the retention of certain data about you for a period of ten years. Later, we will delete your personal data from our systems and records and/or take measures to anonymise them so that you can no longer be identified based on them.
If a legal or disciplinary measure is initiated, the personal data may be stored until the end of this action, including any periods of appeal or appeal, and then they will be deleted or archived, according to the provisions of the applicable legislation.