TaxiMe Privacy Policy for Partners

Privacy notices for drivers in accordance with the EU's General Data Protection Regulation ('GDPR')

Information as of May 2018

The information we have provided below gives you an overview of our approach to processing your personal data and your rights under the provisions of data protection legislation in connection with the use of our ride-hailing app for drivers (TaxiMe Driver App').

1. Information on the data controller

Data controller under Article 4(7) GDPR for drivers in the territory of EU:

TaxiMe OOD (TaxiMe)
47A Cherni Vrah Blvd.
Sofia, 1407

Email address: gdpr@taxime.to

2. Processing purposes and data categories

We aim to inform you about the various types of personal data we process and the purposes for which we do this below.

2.1 Ride-hailing

When the TaxiMe Driver App is used, we can coordinate taxi rides on your behalf with passengers using the corresponding TaxiMe Passenger App ('passengers'). You must provide personal data to use our TaxiMe Driver App, which we process to provide the given service. Additional voluntary information that may also be provided is marked accordingly (optional).

In the context of the hailing service, the following personal data will be processed in accordance with Article 6(1.)(b) GDPR for the performance of the contract:

Optional entries will be processed only if entered.

You either enter the personal data (e.g. your name) at the time of registration or we receive it directly from your terminal equipment (e.g. GPS location data). You approve the transmission of your GPS location data via your terminal equipment's (smartphone, tablet, etc.) operating system. We need the GPS data of your location to enable us to coordinate rides for you.

We will forward your GPS location data, name, and vehicle registration number to the passenger who has booked you for a ride for identification purposes. The passenger can call you after the acceptance of and during a ride, as well as for a certain period after the completion of a ride via her/his TaxiMe Passenger App, where the mobile phone number you provided during registration is displayed. This is necessary so that the passenger can call you after a ride to ask you, the driver, to look for items left in the taxi and return them to the passenger if necessary.

It will not be possible for us to coordinate passengers for you if we do not process the personal data shown above. This does not apply to optional information.

2.2 Invoicing

To enable invoicing, in each case as amended from time to time, the following personal data of the taxi operator are processed for the performance of the contract in accordance with Article 6(1.)(b) GDPR:

2.3 Fraud prevention and non-payment

To prevent fraudulent behaviour, the driver's mobile phone transmits GPS location data to us at short intervals during a taxi ride, enabling us to map the entire course of a ride. We do this because we want to ensure that fraudulent drivers do not extend the route intentionally to earn higher remuneration. At the same time, we can correct unjustified passenger complaints by demonstrating the actual course of a ride. The processing of your GPS location data takes place for your, the passenger's and our protection on the basis of Article 6(1.)(f) GDPR.

2.4 Fault elimination, customer services and improvement of functionality

To make it possible to eliminate malfunctions in the TaxiMe Driver App, to answer specific driver inquiries about functionality or the hailing services and to adapt the TaxiMe Driver App to the needs of drivers, the following personal data are processed for the performance of the contract in accordance with Article 6(1.)(b) GDPR:

Calls made to us are not recorded without your consent.

If sufficient for the purpose, we work with data rendered anonymous or aggregated data rather than personal data.

2.5 a) News and personalised offers

You will receive offers and advertising from us if you have agreed to receive news and personalised offers (advertising, vouchers and promotions) and to the display of usage-based advertising ('retargeting'). This concerns non-personalised (sent to all customers) and personalised (sent only to you and based on an analysis of the TaxiMe Driver App usage frequency) newsletters sent electronically (email, SMS, MMS, in-app messages, push messages) to your terminal equipment (smartphone, tablet, etc.). To send you personalised advertising, we will process your usage data. Usage data is information about the number of app installations, registrations and taxi rides. Based on this data, you will then receive special offers and advertising from us.

In this context, we will process the following personal data in accordance with Article 6(1.)(a) GDPR:

If you do not wish to receive the news and personalised offers already discussed, you can contact us by sending an email to gdpr@taxime.to

Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 7 days from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.5 b) Facebook Custom Audiences

In order to be able to display individually targeted advertisements about our services within the Facebook social network, a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and on Facebook partner sites, we work with Facebook Custom Audiences. We do this so that advertisements (e.g. banners) can be tailored exactly to the possible needs of the customer. The basis of this is a marking process, wherein the Ad-ID (IDFA or GAID) from the customer's end device (e.g. smartphone) is sent automatically or manually to Facebook via a certain interface with the involvement of a service provider selected by TaxiMe. TaxiMe then creates a list of customers who have carried out certain actions with the TaxiMe Driver App. Only certain pre-defined actions can be selected (e.g. installation of the TaxiME Driver App in the last 30 days). Finally, Facebook compares the customers' Ad-ID with the Ad-ID of people with a Facebook profile, defines certain groups (e.g. group 1: installation in the last 30 days) and displays corresponding advertisements to these groups. Customers who are not also users of Facebook cannot be compared by Facebook and advertising is not displayed to them. In the context of Facebook Custom Audiences, we will process the following data in accordance with Article 6(1.)(a) GDPR:

If you do not wish to receive advertising in the context of Facebook Custom Audiences, you can send an email to gdpr@taxime.to

Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 7 days from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.5 c) Newsletter

Once we receive from you for performance of our service your email address or your mobile phone number and you have accomplished a tour using our service, we may use it for electronical direct marketing by email, SMS and MMS as long as you have not revoked to our direct marketing. In this context we process pursuant to Art. 6 (1) f) GDPR the following personal data: e-mail and mobile phone number. You may revoke to direct marketing by clicking on a link at the end of an email (e.g. Opt out from newsletter) or by SMS contact with effect for the future. Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 7 days from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.6 Google Maps

The TaxiMe Driver App makes use of the Google Maps API. This enables us to display maps in your TaxiMe Driver App and you to use those maps, e.g. for navigation. Our TaxiMe Driver App cannot function without the Google Maps API. You can view Google's terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google's privacy policy is available at https://policies.google.com/privacy?hl=en. This involves us processing your GPS location data in accordance with Article 6(1.)(b) GDPR. We render your GPS location data anonymous before forwarding it to Google. Identification of you personally is ruled out.

2.7 Rating drivers and regular drivers

Passengers can rate you and your vehicle via the TaxiMe Passenger App. This involves passengers rating you and the respective vehicle with 1-5 star(s) after a ride. Each rating is included in the average rating determined by us. The rating is only visible to the passenger who gives it, to you as the driver and to us. For drivers employed by a taxi operator, we will only forward the rating to the operator with the consent of the driver in question.

3. Provider of processing services

In some cases, we arrange for external service providers to process your data (e.g. troubleshooting, creation of mailings). This makes it necessary for us to transmit your personal data to our external service providers for a specified purpose (confined to the purpose in question). We have selected our service providers carefully and commissioned them in writing. They are bound by our instructions and we have obtained information about their technical and organisational measures for the secure processing of personal data. We also require that our service providers comply with the applicable data protection regulations.

We work with service providers from the EU and other EEA countries. We have concluded processing contracts with our external service providers in accordance with Article 28(3.) GDPR, EU standard contractual clauses in accordance with Article 28(7.) GDPR or the transmission is based on a decision of the EU Commission in accordance with Article 45 GDPR (e.g. Privacy Shield).

We store all our data with a cloud service provider within the EU or in IT infrastructures and systems (employee computers) at our sites within the EU.

We work with IT service providers that facilitate the ride-hailing services, as well as the fault elimination, customer services and improvement of functionality in accordance with points 2.1 and 2.3 respectively. We also work with payment service providers that facilitate payment processing in accordance with point 2.2. Moreover, we work with a fraud prevention service provider to protect us against non-payment in accordance with point 2.3. If you have agreed to receive news and personalised offers (point 2.5) and to be contacted by us for studies and surveys (point 2.6), then we work with marketing agencies and service providers. Please do not hesitate to contact us at gdpr@taxime.to if you would like to know more about the service providers we engage.

We do not sell personal data to third parties.

However, we do reserve the right to disclose information about you if we are legally obliged to or if we are required to surrender it by administrative or law enforcement bodies (e.g. police or public prosecutors).

4. Your rights

You have the right to request information from us at any time about your personal data we have stored and the origin, recipients or categories of recipients to whom these data are forwarded or otherwise disclosed, the purpose of the storage and processing, the planned storage period, our automated decision-making procedure, the right to data portability, the existence of a right to rectification, erasure, restriction of or objection to processing, and any existing right to lodge a complaint with a supervisory authority.

You also have the right to rectification of incorrect data and, in cases where the legal requirements are met, to blocking and erasure, as well as to restrict the processing of data.

You may also send requests for information, withdrawals of consent, objections and other concerns regarding data processing by email to gdpr@taxime.to or to the address stated in the introduction.

5. Data security

We have taken appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction.

Such measures are reviewed periodically and adapted in line with the state of the art. The transfer of your personal data from your terminal equipment (e.g. smartphone) to us is always encrypted.

6. Storage period

In principle, we process and store your data for the duration of our contractual relationship. In addition, we are subject to various retention and documentation requirements. The required periods, e.g. from tax law, can be up to 10 years. Moreover, special statutory provisions can make a longer retention period necessary, e.g. evidence in the context of statutory periods of limitation.

If data is no longer required for compliance with contractual or statutory requirements, it is regularly deleted, unless limited further processing is necessary for the purposes listed above.