Privacy Policy

ID-TAXI Privacy Policy for passengers and taxi drivers

Privacy notices for passengers and taxi drivers in accordance with the EU's General Data Protection Regulation ('GDPR')
Information as of May 2018
This document provides an overview of our approach to processing your personal data and your rights under the provisions of data protection legislation in connection with the use of our ridehailing apps for passengers:

• ID TAXI
• MEGA TAXI Kjustendil
• Euro TAXI Pernik
• Jet TAXI
• Elite TAXI
• Happy TAXI Vratza

and drivers:

• ID TAXI Driver
• Jet TAXI Driver

shortly ID TAXI app. The personal data processed depends largely on the services or products you use in any given case.

• 1.Information on the data controller
  Data controller under Article 4(7) GDPR for passengers in the territory of EU:
  ST SOFT EOOD
  Druzba, 257 B
  Sofia, 1582
  Email address: stpest.bg@gmail.com
  
  
• 2.Processing purposes and data categories
  We aim to inform you about the various types of personal data we process and the purposes for which we do this below. 2.1 Ride-hailing
  The ID TAXI app enables you to hail a ride in a taxi with a taxi driver ('driver') through us. You must provide personal data to use our ID TAXI app for ride-hailing, which we process to provide the given service. Additional voluntary information that may also be provided is marked accordingly (optional).
  In the context of the hailing service, the following personal data will be processed in accordance with GDPR rules for the performance of the contract:
  Your GPS location data at the time of booking, the start and destination coordinates of your ride and mobile phone number. You approve the transmission of your GPS location data via your device's (smartphone, tablet, coordinates of your location so that the taxi you have ordered can find and collect you.
  We will forward your GPS location data to the driver who has accepted the ride you have booked so that he is able to pick you up.
  It will not be possible for you to hail taxis through us if we do not process the personal data shown above. This does not apply to optional information.
  2.2 Bug fixing, customer services and improvement of functionality
  To make it possible to eliminate malfunctions in the ID TAXI app, to answer specific customer inquiries about functionality or the hailing services and to adapt the ID TAXI app to the needs of passengers, the following personal data is processed for the performance of the contract in accordance with GDPR rules:
  Mobile phone number, your GPS location data at the time of booking, start and destination coordinates of your ride. If sufficient for the purpose, we work with data rendered anonymous or aggregated data rather than personal data.
  2.3 Google Maps
  The ID TAXI app makes use of the Google Maps API. This enables us to display maps in your ID TAXI app and you to use those maps. Our ID TAXI app cannot function without the Google Maps API. You can view Google's terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google's privacy policy is available at https://policies.google.com/privacy?hl=en. After you have given your approval via your operating system, we use Google Maps to calculate the estimated fare for your ride and show you the distance of the taxi you have booked interactively. This involves us processing your GPS location data in accordance with GDPR rules. We render your GPS location data anonymous before forwarding it to Google. Identification of you personally is ruled out.
  2.4 Rating drivers
  You can rate drivers via the ID TAXI app. When you submit a rating, it is assigned to a specific ride and considered in the average rating of the driver and vehicle in question. It does not involve transmitting personal data to the driver.
  We store all our data with a cloud service provider within the EU or in IT infrastructures and systems (employee computers) at our sites within the EU.
  We work with IT service providers that facilitate the ride-hailing services in accordance with point 2.1, as well as the fault elimination, customer services and improvement of functionality in accordance with point 2.2.
  We do not sell personal data to third parties.
  However, we do reserve the right to disclose information about you if we are legally obliged to or if we are required to surrender it by administrative or law enforcement bodies (e.g. police or public prosecutors).
• 3. Your rights
  You have the right to request information from us at any time about your personal data we have stored and the origin, recipients or categories of recipients to whom these data are forwarded or otherwise disclosed, the purpose of the storage and processing, the planned storage period, our automated decision-making procedure, the right to data portability, the existence of a right to rectification, erasure, restriction of or objection to processing, and any existing right to lodge a complaint with a supervisory authority.
  You also have the right to rectification of incorrect data and, in cases where the legal requirements are met, to blocking and erasure, as well as to restrict the processing of data.
  You may also send requests for information, withdrawals of consent, objections and other concerns regarding data processing by email to stpest.bg@gmail.com
• 4. Data security
  We have taken appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction. Such measures are reviewed periodically and adapted in line with the state of the art. The transfer of your personal data from your device (e.g. smartphone) to us is always encrypted.
• 5. Storage period
  In principle, we process and store your data for the duration of our contractual relationship. In addition, we are subject to various retention and documentation requirements. The required periods, e.g. from tax law, can be up to 10 years. Moreover, special statutory provisions can make a longer retention period necessary, e.g. evidence in the context of statutory periods of limitation.
  If data is no longer required for compliance with contractual or statutory requirements, they are regularly deleted, unless their limited further processing is necessary for the purposes listed above.
• 6. Obtaining access to, removing, or changing information you provide
  Users may review, update, or correct their Personal Information (PI) via a written request to the dedicated email address stpest.bg@gmail.com
  Users may, to the extent permitted by law, request the deletion of their PI, unless we are required to retain such information by law. This can be done if User would like to access the PI we have collected online from him/her, correct errors in such PI, request to have the PI deleted or no longer collected or maintained. We reserve the right to verify the identity of any person making an opt-out or correct/update request, but shall have no liability whatsoever resulting from false or erroneous requests.
  We may in Our discretion delete any information provided by a User or related to a User, pursuant to Our policies as then in effect, to the extent permitted by applicable law.