Privacy Policy
Passenger
privacy policy
Privacy
warnings for passengers, pursuant to the EU General Data Protection Regulation
(“GDPR“) for users of the nccgesto.com service for use
by passengers. October 2020 This information provides an overview of the
processing of your personal data by us and your rights under the provisions on
data protection regarding the use of our car rental with driver booking service
(“Ddtransfer. com"). The type of personal data processed depends
fundamentally on the services or products used. Sections:
1.
Information on the data controller
2.
Definitions
3.
Activities and purposes of data
processing
4.
Your rights
5.
Data Security
6.
Storage period
7.
Updates and Changes
1.
Information on the data controller
Pursuant to
Article 4 paragraph 7 GDPR, for passengers on Italian territory, the data
controller is the owner of the website on which this regulation resides
(www.ddtransfer.com). For any request please contact
info@ddtransfer.com.
2.
Definitions
"personal
data": any information relating to an identified or identifiable natural
person ("data subject"); an identifiable natural person is one who
can be identified, directly or indirectly, with particular reference to an
identifier such as a name, an identification number, location data, an online
identifier or one or more characteristic elements of his physical identity,
physiological, genetic, psychic, economic, cultural or social;
"processing": any operation or set of operations, performed with or
without the aid of automated processes and applied to personal data or sets of
personal data, such as the collection, registration, organization, structuring,
conservation, adaptation or modification, extraction, consultation, use,
communication by transmission, diffusion or any other form of making available,
comparison or interconnection, limitation, cancellation or destruction;
3.
Activities and purposes of data processing
Through the
nccgesto.com service it will be possible for you to travel with rental cars
with driver. To use our nccgesto.com service, it is necessary that you provide
your personal data which we will process to guarantee the respective service.
Other information may be shared voluntarily, which will be indicated as
"optional data".
3.1 Award
of races
With
reference to the services for the award of races, pursuant to Art. 6 (1) b)
GDPR, to conclude our procurement contract with you, and in accordance with
Art. 6 (1) a) of the GDPR relating to optional information, the following
personal data are processed:
3.1.1
General
It is
necessary to provide the following information to register in
order to use the nccgesto.com service: Name and surname, e-mail address
and mobile phone number (personal data). We will use your mobile phone number
for customer account verification by sending you a code via SMS. This process
is necessary to carry out the so-called "2-factor authentication", so
that registration cannot be carried out without specifying a valid mobile phone
number. Registration will be completed only after entering the code in the
nccgesto.com service. In connection with travel management, we will also
process the following data: the time of the call, the departure and destination
coordinates of the journey and information relating to
the end user's device (device ID). The user can provide the starting coordinates
(i) by placing a pin on the map, or entering an
address, or (ii) by transmitting the GPS coordinates. The legal basis for the
processing of GPS location data lies in Art. 6 (1) (a) GDPR. The use of GPS
location data by Ddtransfer.com can be allowed at the time of installation of
the nccgesto.com service. Through the operating system of the end user's device
(smartphone, tablet, etc.), it is also possible to give consent, at a later time, for
the use of GPS coordinates by
Ddtransfer.com or to revoke consent. In principle, the processing of GPS
coordinates only occurs if you are logged in and if the nccgesto.com service is
active, open and in use as a user interface. Without processing the aforementioned
personal data, we cannot offer you our
services as a transport company. This does not apply to optional information. Also
the profile photo, the address of the place of work and
home are optional communications will be collected and processed by us only if
they are provided to us at the time of registration or subsequently.
We use your
profile photo for your identification and to prevent fraud. To this end, your
profile photo will be temporarily displayed to the driver who is to make your
ride. The address of the pre-established places (e.g.
work and home) are used to simplify the saving of the standard routes used by
you. The processing of this personal data, provided voluntarily, takes place on the basis
of your consent, pursuant to Art. 6 (1) a)
GDPR. If you want your data, optionally communicated, to no longer be
processed, you can simply delete them from the nccgesto.com service. The driver
who will carry out the service and the company will receive the pick-up place,
together with the name and, if provided, the destination and profile photo,
which will be used for identification purposes. The driver can also proceed
with the identification by asking you for your name before the start of the
journey. After receiving the call for your ride, the driver can call you using
the nccgesto.com service. Meanwhile, the mobile phone number you provided
during registration will be displayed. In this way, you will be able to be
informed by the taxi driver about any delays (for example, traffic jams) and,
for example, you will be able to provide more details on the pick-up location.
After finishing the ride, the taxi driver will no longer be able to access your
personal information in the nccgesto.com service. The legal basis for the
transmission of the pick-up and destination locations as well as the name and
mobile phone number to the respective transport company is Art. 6 (1) b) GDPR
and, as regards optional information such as profile photo or GPS data, is Art.
6 (1) a) GDPR.
3.1.4
Google Maps Integration
The
nccgesto.com service uses the Google Maps API provided by Google Ireland
Limited Gordon House, Barrow Street Dublin4 (“Google”). In this way, you can
view the maps on the nccgesto.com service and have the possibility to interact
with these maps. Without the Google Maps API application, the nccgesto.com
service will not work. The terms of use for Google Maps can be found at:
https://www.google.com/help/terms_maps.html. There, you will also find a notice
regarding Google's privacy policy: https://policies.google.com/privacy?hl=de.
We use Google Maps to calculate the estimated cost of the trip and to
interactively show you the distance of the vehicle that will make your trip. In
this context, if you have consented to such use, your GPS location data will be
processed in accordance with Art. 6 (1) a) GDPR. Your GPS location data will
only be provided to Google in anonymous form. Identification of you, as a
person, is impossible.
3.1.5 not
applicable
3.2 Payment
If you use
the payment function with Stripe, we will have to process the following
personal data on the basis of Art. 6 (1) b) GDPR, for
the purpose of contract execution: If you use the payment methods offered via
PayPal, the data required for payment processing will be transmitted to Stripe.
Further information on data processing via Stripe can be found at:
https://stripe.com/gb/privacy. Your credit card details will be transmitted via
an encrypted connection directly to the payment processor we use. Our payment
process manager will then carry out an authentication process of your payment
method, assigning an amount to his account. This ensures that your payment
method is an active means of payment. For security reasons, only the last four
digits of your credit card are sent to us, which we save for identification
purposes and for the necessary documentation.
3.2.1
Payment Services Directive
The new
regulation relating to the Payment Services Directive 2 (PSD2) will enter into
force. The goal is to standardize security standards and reduce fraud for
payments made with alternative instruments to cash, throughout the European
Economic Area, through the recent "Strong Customer Authentication"
(SCA). This regulation puts in place a uniform legal framework across the EEA
for the amounts and frequencies for which authentication is required. You need
to validate two of the three possible authentication factors: 1) Something the
user knows, like a password or PIN. 2) Something the user has, like a credit
card or a device. 3) Something the user is. For example, iris scan, fingerprint or
other biometric data. The choice of the
relevant authentication methods is the responsibility of the issuing bank.
3.3
Evaluation of drivers and passengers
Through the
nccgesto.com service, you can provide public evaluations of the Drivers and
cars. If you provide a rating, it will be associated with a particular trip and
will be taken into account in the context of the
average rating of the corresponding driver and vehicle. None of your personal
data will be passed on to the driver. The processing of personal data by
Ddtransfer.com is carried out on the basis of your
consent pursuant to Art. 6 (1) a) GDPR, which you offer by leaving a rating. In
addition to this, the respective Driver has the opportunity
to rate you positively as a passenger, but also to inform us about any
problems. Star ratings range from one to five, with five being the highest
point value. Drivers are invited to leave a rating based on the kindness and
behavior of the passenger. Ratings are only viewable from Ddtransfer.com. The
processing of this data takes place on the basis of
our legitimate interest in accordance with Art. 6 (1) f) GDPR, in the further
development and improvement of the quality of our services.
3.4
Anti-fraud measures and non-payments
3.4.1
General
If you do
not want to use the app payment service, you can still use the nccgesto.com
service and pay in cash or by debit card. Therefore, we remind you that you can
use the nccgesto.com service for passengers and our ride booking service at any
time, even if the app payment service has been deactivated. To protect you from
overpayments for the journey, during the journey the driver's mobile device
sends us the GPS coordinates at short intervals, allowing us to reconstruct the
entire journey. In fact, we intend to ensure that the driver does not
deliberately extend the journey to earn a higher fee. If you think you have
paid an excessive price, at the end of the journey you can ask us for
information on its progress. The processing of the GPS coordinates serves to
protect you and us against fraudulent drivers and/or passengers in accordance
with Article 6 (1) f) GDPR for the protection of your and our interests (e.g.
protection against overpayments due).
3.5 Bug
fixes (operational errors) and improvement of operation
In order to
correct bugs (operating errors) and to improve the functionality of the
nccgesto.com service and adapt it to the needs of passengers, we process the
following personal data, pursuant to Art. 6 (1) f) GDPR on the basis of our
legitimate interest: First and last name, e-mail address, country, mobile phone
number, profile photo (optional data), GPS coordinates at the time of the call
(if you have allowed access ), work and home addresses (optional), start and
finish locations for your ride, and information about your device (Device ID,
Ad ID), language, and time zone. Insofar as it is sufficient to achieve the
corresponding purpose, we work with anonymous data rather than personal data.
3.6 News
and personalized offers
3.6.1
General
You will
receive offers and advertising from us, if, during the registration process or at a later
time, in the profile of the nccgesto.com service
under the heading "Privacy" you have consented to the sending of
personalized news and offers (advertising, vouchers and offers) and the display
of usage-based advertising (“Retargeting”) and has activated the corresponding
option. The service consists in sending personalized advertising via email
(email, SMS, MMS) or other electronic means (in-app notifications, push
notifications) to your device (smartphone, tablet, PC, etc.). In this regard,
we process the following personal data in accordance with Art. 6 (1) a) GDPR,
insofar as you have given us the corresponding consent: Name and surname,
passenger ID, e-mail address, home or work address (optional data), mobile
phone number, photo profile (optional data), payment method, registration date,
language set, nccgesto.com service profile (business or private customer), type
of trip (booking, flight trip), version of the nccgesto.com service, data
login, GPS coordinates at the time of the call and at the end of the ride, or
pick-up and destination, device ID (device identifier), GAID (Google
advertising identifier), IP address and usage data (frequency of use number of
app installs, registration and ride status), language, time zone, and city. If
you do not wish to receive the above personalized news and offers, you can
revoke your consent by deactivating the corresponding option; the revocation
operation is as simple to exercise as that of consent. You can also contact us
by writing an e-mail to [email protected] We remind you c he revocation and
consequent changes will not have retroactive effect and it may take up to 72
hours from the request before they are implemented. For technical reasons, it
is not possible for us to act any faster.
3.6.2
Direct Advertising to Existing Customers
Once we
have received your email address or mobile phone number for the provision of
our service and once you have completed a ride using our service, we may use
this data for direct advertising for our products and services via email
(email, SMS and MMS), unless you have declined the
direct mail service. For this purpose, we process your e-mail address or mobile
phone number in accordance with Art.6 (1) f) GDPR. Our legitimate interest lies
in intensifying the relationship with the customer, offering him adequate and
interesting information on the products. You can cancel the service at any time
by clicking on the appropriate link at the bottom of the respective email (e.g.
unsubscribing from the newsletter) or by contacting us
via SMS, without retroactive effect. The direct advertising
we send is not personalized. We remind you that the revocation and the
consequent changes will not have retroactive effect and can be implemented no
later than 72 hours from the request. For technical reasons, it is not possible
for us to act any faster.
4. Your rights
If your
personal data is processed, then you are a so-called interested party in the
sense specified by the GDPR and therefore have the following rights before
Ddtransfer.com: You can, at any time and free of charge, request information
regarding the scope, origin and to the recipient of the stored data, such as
the purpose of the storage of this data (Art. 15 GDPR). You can, at any time,
request the rectification of incorrect data (Art. 16 GDPR). In addition, you
can request that your personal data be provided to you in a structured, common,
and machine-readable format (Art. 20 GDPR). You can object to the future use of
your personal data (Art. 21 GDPR). You can also request a partial or complete
deletion (Art. 17 GDPR), a restriction of processing or a blocking (Art. 18
GDPR) of your personal data. We will investigate such requests and, if there is
no legal basis for continuing to process such data, we will comply with your
requests. We will inform you about the decisions taken. Regardless of any other
administrative or judicial appeal, you have the right to lodge a complaint
regarding the processing of your personal data with a supervisory authority.
All requests for information, access, withdrawals of consent, oppositions and
any other type relating to data protection can also be sent by e-mail.
5. Data
Security
We take
appropriate technical and organizational measures to ensure data security, in particular
to protect your personal data and prevent it
from being disclosed to third parties, accidentally or intentionally changed,
lost or destroyed. These measures are regularly reviewed and updated to the
most current state of the art. The transmission of your personal data from your
device (e.g. smartphone) is usually encrypted.
Ddtransfer.com maintains the highest security standards.
6. Storage
period
The data
you provide to us is only kept for as long as is necessary for the respective
purposes for which you have transmitted your data, or to the extent required
for compliance with statutory or official requirements. We will anonymize your
personal data, in principle, after three years, unless we may have a legitimate
interest in a longer retention period (e.g. accounting
obligations or statutory limitation periods).
7. Updates
and Changes
We reserve
the right to change this privacy statement in the future. In
the event that we need to modify the information, we will promptly
inform you of the changes and we will give you the possibility to give your
consent or to refuse it.