With this Privacy Policy (hereinafter the “Privacy Policy”), the anonymous company under the name “TAXIPLON SOFTWARE APPLICATIONS S.A.” and trade name “TAXIPLON HELLAS S.A.”, which has been established and operates under Greek law, with its registered office in Athens, at 20 El Alamein Street, Nea Ionia, with General Commercial Registry (G.E.MI.) number 119205701000 and Tax Identification Number (VAT) 800379413, Tax Office FAE Athinon (hereinafter the “Company” or “we” or “us”), defines and communicates the terms under which, acting as defined by the General Data Protection Regulation (hereinafter “GDPR”), as the data controller (the “Data Controller”), collects, stores, uses, and generally processes your personal data, which are collected when you visit or in any way use this website with the electronic address www.taxiplon.gr (hereinafter the “Website”) and/or when you register or in any way use the transport coordination application “Taxiplon Passenger”, which was created and is owned by the Company (hereinafter the “Application”).

The Company has been operating in the sector of transport coordination services in Greece since 2012 and is one of the dynamically growing companies in Greece, with award-winning electronic service and excellent passenger services. The Website constitutes the Company’s online presence, and the user has the ability to register and use the Application. Additionally, at the Company’s headquarters, a call center operates, allowing for telephone bookings, where call recording technology is used to ensure the quality of service and your safety. Calls are recorded, following your notification via a recorded message and after you have given your consent, and are retained for transaction security purposes for a period of two (2) months, i.e., for as long as is strictly necessary for the purpose of the commercial transaction.

This Privacy Policy also describes how your personal data are used, disclosed, and protected, as well as the choices you have regarding your personal data and how you can contact us.

The Company respects your privacy and values the relationship we have with you. Therefore, we handle your personal data responsibly and want you to be familiar with how your personal data are collected, used, and disclosed. We strive to fully comply with all rules governing the processing and protection of personal data, as applicable under Greek and European law.

We collect certain information about visitors and users of the Website and/or the Application (hereinafter “Data Subjects”) that may lead to their identification and which we process as the “Data Controller” of your data.

For matters relating to the protection of your data, you may contact us directly at the following details:
20 El Alamein Street, Nea Ionia
Tel.: +30 214 41 656 82
Fax: +30 210 27 53 088
Email: privacy@taxiplon.gr

2. Definitions

We provide below certain definitions from the GDPR to help you better understand the terms used herein:

“Personal Data”: any information relating to natural persons, such as full name, postal address, email address, telephone number, etc., which identify or can identify them (hereinafter “Personal Data” or “Data”).

“Processing of Personal Data”: any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Processor”: the natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.

“Consent of the Data Subject”: any freely given, specific, explicit, and informed indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.

“Recipient”: a natural or legal person, public authority, agency, or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities that may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of those Personal Data by those public authorities shall comply with applicable data protection rules according to the purposes of the processing.

“Third Party”: any natural or legal person, public authority, agency, or body other than the Data Subject, the Data Controller, the Processor, and persons who, under the direct authority of the Data Controller or Processor, are authorized to process Personal Data.

“Pseudonymisation”: the processing of Personal Data in such a manner that the data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.

“Filing System”: any structured set of Personal Data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

“Restriction of Processing”: the marking of stored Personal Data with the aim of limiting their processing in the future.

“Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed.

“Supervisory Authority”: an independent public authority established by a Member State pursuant to Article 51 GDPR.

“Concerned Supervisory Authority”: a Supervisory Authority concerned by the processing of Personal Data because:

1. a) the Data Controller or Processor is established in the territory of the Member State of that Supervisory Authority, or
   b) Data Subjects residing in the Member State of that Supervisory Authority are substantially affected or likely to be substantially affected by the processing, or
   c) a complaint has been lodged with that Supervisory Authority.

3. Obligation to Provide Personal Data

The provision of Data to the Company may be necessary in order to achieve the purposes defined in this Privacy Policy or may be optional.

If you refuse to provide the information marked as mandatory on the Website and/or the Application, it will be impossible to achieve the primary purpose for which such Data are collected, and it may become impossible for the Company to conclude the commercial contract or to provide other services available through the Website and/or the Application. The provision of additional Data to the Company, beyond those marked as mandatory, is optional and does not affect the main purposes of Data collection, as their provision serves exclusively to optimize the quality of the services we provide.

4. What you need to know about us:

A.What Data we process and for what purpose

The Personal Data you provide to us may include your full name, address, email address, mobile phone number, and landline number. Additionally, you provide us with internet connection information – such as the time and duration of use of our service – as well as location information – such as your device’s GPS signal or information about WiFi access points – which may be transmitted to us when you use our services (e.g., WiFi, Mobile Apps). You also provide us with information related to your route and destination (address: street, number, city), as well as your method of payment. We may process your Personal Data only when we have a lawful basis to do so. With regard to Data required for the completion of a transaction, their processing is necessary both within the framework of our relationship and on the basis of applicable tax legislation and for the purpose of safeguarding our financial claims and rights in the context of legal actions.

We would like to assure you that your Personal Data are not publicly displayed and are used only by the Data Controller. Data marked as mandatory are required in order for us to provide you with services, in accordance with the relevant terms of use of the Website and/or the Application.

The Personal Data collected may be processed for the following purposes:

a) to create a user account, so that the Company can provide account functionalities and facilitate the provision of services

b) to enable the Company to conduct customer satisfaction surveys regarding the quality of its products and services, based on the Company’s legitimate interest

c) subject to your explicit consent, to contact you for commercial purposes, as well as to send advertising material regarding the Company’s services, or to conduct market research and analyze your behaviors, habits, and consumer preferences in order to improve the services provided by the Company and meet your expectations

e) to improve the user experience of the Website

f) to provide information regarding completed commercial transactions (e.g., credit card payments) and to process payments and prevent fraudulent transactions, based on our legitimate business interests and for the protection of our customers from fraud

g) to determine your geographical location

h) to store transport routes and your personal preferences regarding the provided service

i) to protect your account from fraud and other illegal activities; this includes using your Data to maintain, update, and secure your account. We also monitor browsing activity on our Website and/or Application to quickly identify and resolve potential issues and to protect the integrity of our Website within the framework of protecting our legitimate interests

j) for communication purposes; the Company uses your Data to respond to requests/inquiries you submit, refund requests, and/or complaints. The information you share with us allows us to manage your requests and respond in the best possible way. We may also keep a record of your inquiries/requests to better respond to any future communication, based on our contractual obligations, legal obligations, and legitimate interests to provide you with optimal service and improve our services based on your experience

k) to send communications required by law or necessary to inform you about changes to the services we provide, such as updates regarding changes to the services. These service messages will not include promotional content and do not require prior consent when sent via email or SMS. If we do not use your Personal Data for these purposes, we will not be able to comply with our legal obligations

We use call recording technology in our call center on a 24-hour daily basis to ensure service quality and your safety. Calls are recorded after informing you via a recorded message and after you have provided your consent, and are retained for a period of two (2) months for transaction security purposes. We may also collect and store the content of email messages exchanged with you when necessary for the performance of our services.

Data may be processed in paper form, by automated or electronic means including mail or email, telephone (e.g., automated calls, SMS, MMS), fax, and any other means (e.g., websites, mobile applications).

The legal basis for our processing is primarily the performance of a contract, our legitimate interest (e.g., safeguarding the security of our systems), or compliance with a legal obligation (e.g., disclosure of data to competent authorities).

Your Personal Data may be collected and processed only for specified, explicit, and lawful purposes, when this is strictly necessary for the intended purpose, and are retained for a period of 5 + 1 years, which is absolutely necessary for the intended purpose as well as for tax compliance reasons.

Within the framework of protecting the Data we process, we implement a series of appropriate technical and organizational measures and technologies (encryption, etc.) to safeguard your Data from any unlawful processing or malicious activity.

B. Taxiplon Contact Form and Data we process

We provide visitors of our Website with the possibility to communicate through a contact form. The data required for communication are your full name and email address.

C. Automatic Data Collection

Upon visiting our Website, our server may record your IP address, which constitutes Personal Data, even if we cannot identify you solely based on this information. The reasons (legal basis and purpose) for which we collect your IP address, along with the date and time, are as follows:

a) our legitimate interest in processing such Data in order to ensure information security from accidental events or unlawful or malicious actions that may compromise the security of Personal Data, as well as to safeguard the Company’s legitimate interests in relation to legal claims

b) our legal obligation to retain such data in accordance with the applicable legal framework and, where required, to provide them to competent authorities under lawful conditions

D. Place and duration of storage of Personal Data

Your Data are stored in the Company’s database, which is managed by appropriately trained Company personnel. The storage period is the minimum required and necessary to achieve the respective purpose of processing and to ensure compliance with personal data protection rules as well as tax obligations, and specifically is retained for a period of 5 + 1 years. If you send a message through the contact form, your message and your data will be deleted within 2 months from the date of the last message we receive from you. The storage period of your Personal Data is adjusted accordingly based on the performance of the contract and applicable legislation. For Personal Data collected for the promotion of products and services, your Personal Data are retained until you withdraw your consent. Please note that even if you request the deletion of your Data, we may retain certain of them solely due to legal obligations or for the establishment, exercise, or defense of legal claims, and for as long as such legal claims persist. Withdrawal of consent applies only for the future and does not have retroactive effect.

5. Data Subject Rights

Every natural person, based on the General Data Protection Regulation, enjoys the following rights in relation to the processing of their Personal Data by our Company.

Specifically, you have the:

Right of access, i.e. to submit a request to be informed whether we process Data and, if so, which Data these are, as well as certain additional information such as the purpose of processing, the recipients, etc.
Right to rectification, i.e. to request the correction, updating, or modification of your Personal Data (either by contacting the Data Controller or through your profile)
Right to erasure, i.e. to request the deletion of your Data, particularly when we process them based on your consent or our legitimate interest, while where there is a legal obligation to process Data or a public interest, this right is subject to specific limitations or may not apply
Right to restriction of processing, i.e. to ensure, under certain conditions, the restriction of the processing of your Personal Data by us, particularly when you contest the accuracy of your Personal Data and for as long as such contestation lasts and until verification is completed, etc.
Right to object to processing, i.e. to object at any time to the processing of your Personal Data when it is necessary for the purposes of our legitimate interest or for direct marketing or profiling purposes
Right to data portability, i.e. to request the Data you have provided to us in a structured, commonly used, and machine-readable format, allowing you to access them, as well as to request that we transmit such Data to another Data Controller, where technically feasible and in accordance with the GDPR
Right to lodge a complaint before the Supervisory Authority in case of unlawful processing of Personal Data (in Greece, the Hellenic Data Protection Authority)

Data Subjects may exercise the above rights by contacting the email address info@taxiplon.gr.

We also inform you that we will make every effort to respond to your request to exercise your rights promptly and at the latest within one month. Where necessary, taking into account the complexity of your request and the Company’s workload, this period may be extended by two additional months, but we will inform you as soon as possible and in any case within one month from the submission of your request about its progress and the reason for any delay. If your requests are manifestly unfounded or excessive, particularly due to their repetitive nature, the Company may either impose a reasonable fee, taking into account administrative costs for providing the information or taking the requested action, or refuse to act on your request.

We also inform you that in the event of a Personal Data Breach, we are obliged to notify you without undue delay, given that ensuring the protection of your Personal Data is a top priority for the Company. For this reason, we reserve the right to request additional information necessary to verify your identity before exercising your rights.

6. Right to Lodge a Complaint with the Hellenic Data Protection Authority

If you believe that we do not comply with personal data protection legislation, please contact our Company for explanations and to submit complaints as described above, and in the event that we do not respond satisfactorily, you have the right to lodge a complaint with the competent Supervisory Authority, namely in Greece the Hellenic Data Protection Authority, Kifisias Avenue 1-2, Tel.: +30 210 64 75 600, Fax: +30 210 64 75 628, email: , website: www.dpa.gr.

7. Data Security – Processing Methods

The Data Controller processes users’ Data properly and in accordance with applicable legislation and takes all appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Data. The processing of Personal Data is carried out using computers, following organizational procedures and operations strictly related to the stated purposes. In addition to the Data Controller, in certain cases Data may be accessible to persons involved in the operation of the Application (administration, sales, marketing) or external parties (such as third-party technical service providers or financial institutions). The processing of Personal Data takes place at the Data Controller’s headquarters and at any other locations where the parties involved in processing are located.

Our Company implements all appropriate measures for the secure storage of Personal Data, using encryption systems and continuous and extensive checks on electronic systems for storing and processing Data, and employs experienced and properly trained personnel for this purpose.

The Website uses SSL (Secure Sockets Layer) protocol for secure online commercial transactions. In this way, all Data you provide are encrypted so that they cannot be decrypted or altered during transmission over the Internet.

Additionally, the information used to identify you as a user of the Application account consists of two elements: the Username and the Personal Secret Password. Each time you enter your credentials, you are granted access to your personal account. This process is carried out securely through encryption during transmission over the internet and the Company’s servers. Only you know your password and you are solely responsible for maintaining its confidentiality from third parties. These measures are reviewed and modified whenever deemed necessary.

8. Use of the Application and Disclosure of Personal Data to Professional Drivers of Public Use Vehicles

In order to use our Application through your registration on our Website, you will be required to provide your Personal Data, which are absolutely necessary (indicatively full name, telephone number, address, route), in order to complete the commercial transaction, and which may be recorded and processed solely for the purpose of the proper execution of the transaction. These Data will be transmitted to the driver of the vehicle who has accepted the specific route, for the purpose of identifying the customer-passenger upon boarding. The driver has the right to contact you to clarify information regarding your pickup.

The driver is not allowed to store, process, or disclose your Personal Data to third parties, and such Data will be deleted upon completion of the route.

Upon acceptance of the proposed route by the driver, a transport contract is concluded between the driver and the passenger, and the Company bears no civil or criminal liability for any improper execution of the contract. The Company bears no responsibility for any use of your Personal Data by the driver, and the driver is solely responsible, against whom you must personally take action in the event that they violate or misuse your Personal Data in any way, whether through use on personal websites, disclosure to third parties, or any other unlawful or culpable conduct. This Privacy Policy of the Company does not apply to drivers, and the Company bears no responsibility for any violation thereof by drivers, who are personally liable for any responsibility arising from breaches of Personal Data with respect to passengers.

9. Other Recipients of the Data

The Data may be processed by natural and/or legal persons acting on behalf of the Company under specific contractual obligations and located in EU Member States or in countries outside the EU. They may also be processed by employees of our Company or its partners, only with authorization from our Company and for the purpose of customer service, compliance with personal data protection regulations, the execution of commercial transactions, and the proper operation of our Company.

The Data may be disclosed to third parties in order to comply with legal obligations, such as supporting credit card payment services and use by financial institutions, as well as for the execution of orders from public authorities or the exercise of the Company’s rights before judicial authorities. Third-party partners of our Company who may process Personal Data on our behalf meet the required guarantees of security and protection in accordance with the provisions of the GDPR.

10. Social Media

Taxiplon maintains official accounts on the following social media platforms: Facebook, Twitter, Google, Instagram, LinkedIn, and YouTube. The purpose of processing all Data we collect about you through the use of these social media platforms, whether anonymized or not, is to provide updates regarding our content or to communicate with you by responding to the messages you send us. The legal basis for this processing is your consent.

Your consent is given when you like or follow our pages and may be withdrawn in the same way, i.e. by unliking or unfollowing. Please note that by providing such consent, you accept our Data Protection Policy, which is available in a visible and easily accessible location on each respective page. If you do not agree with our policy, you should withdraw your consent in the appropriate manner (unlike, unfollow). According to case law, our Company is considered a joint Data Controller of your Data together with the social media platform. The management of social media forms part of our internal personal data protection policy, and for this purpose we implement a series of appropriate technical and organizational measures, such as limiting the number of individuals who have access to manage these platforms, in order to ensure secure processing of Personal Data.

Important note: We are not responsible for the way or means by which each of the above platforms processes your Data. You should consult their respective privacy policies through the relevant links: Facebook, Twitter, Google, Instagram, LinkedIn, YouTube.

Additionally, we do not control the content of comments submitted by users on these platforms; however, we make efforts to ensure a safe online environment and, for this purpose, we reserve the right to remove any type of content or comment deemed to violate the Website’s terms of use, such as abusive, obscene, pornographic, threatening, promotional content, or content that infringes intellectual property rights or contains false statements regarding a user’s identity, while also reserving the right to block users who submit such content.

11. Cookies

Our Website and Application use cookies and similar technologies during your access and browsing. Cookies are small text files stored on the hard drive of the computer or other electronic device used by the user to access the Website and the Application. Cookies are unique to each web browser (e.g. Google Chrome, Mozilla Firefox, etc.) and contain anonymized information regarding the websites you visit and the devices you use.

12. Age Restriction

Our content and services are intended exclusively for individuals over the age of 18, and we do not knowingly collect any information concerning individuals below this age unless verified parental or guardian consent has been provided. As it is not technically feasible to effectively verify your age in all cases, we undertake, if it is reported and confirmed that personal data relating to minors have been submitted, to immediately delete all such information, without prejudice to any of our legal rights. In the event that parents or guardians become aware of the use of the Application by minors, they are requested to contact us immediately.

13. Payment Policy

Payment for the completed route may be made in the following ways: a) directly to the driver in cash without using the Application, b) through the Application’s payment functionality. In the event that payment is made through the Application’s payment functionality, Personal Data may be collected and stored by the respective payment service provider for the completion of the transaction. The payment provider becomes responsible for the security of your Personal Data and has implemented all necessary protective measures in compliance with Greek legislation. Our Company stores only the strictly necessary information within the framework of the payment, solely for the purpose of verifying the commercial transaction.

14. Advertising and Newsletter Policy

By registering for and using our service, you may receive newsletters or promotional material at the email address you provide. In every newsletter or promotional communication you receive, you have the option to unsubscribe via a relevant link at the end of the email, while also having the option to opt out at the time of registration from receiving marketing communications, or to unsubscribe via the relevant link at the end of the email. By participating in any promotional or advertising activity, you authorize us to process your Personal Data solely for that specific purpose. The Company will make every effort to ensure the proper functioning of newsletters and other promotional activities; however, technical or organizational issues may occasionally arise. For any issue that may arise, as well as for any information regarding the operation of newsletters or other promotional activities, please contact us.

15. Changes and Amendments to the Privacy Policy and User Notification

The effective protection of your Personal Data requires the continuous monitoring of our policies and procedures. A priority of our Company is the continuous provision of improved services, which means an ongoing effort to enhance our practices with respect for your Personal Data.

For this reason, this Personal Data Protection Policy may be modified at any time and without prior notice. Guided by the principle of transparency, we are committed to informing you of any significant changes to our policy. In any case, however, you should regularly review our policy, as the use of our services implies your acceptance of it. The Company reserves the right to modify, in whole or in part, the Personal Data Policy, or simply to update its content (e.g. as a result of changes in applicable law), and any such modification will be posted on this Website.

16. Applicable Law

The applicable law is Greek law, as shaped in accordance with the GDPR and, in general, the applicable national and European legislative and regulatory framework for the protection of Personal Data. The courts of the city of Athens shall have exclusive jurisdiction for the resolution of any dispute arising in relation to the protection of your Personal Data.

17. Questions / Contact

If you have any questions regarding the Privacy Policy or the way we process your Personal Data in general, you may contact us either in writing at 20 El Alamein Street, Nea Ionia, or by telephone at our Company’s numbers: +30 214 41 65 682, Fax: +30 210 27 53 088 (contact hours: 11:00 – 17:00, Monday to Friday), or via email by sending a message to: privacy@taxiplon.gr

18. Privacy Policy Updates

This Privacy Policy applies to the Website and/or the Application. Any changes will take effect from the moment they are posted on the Website. In the event that such changes are substantial, we will send you a relevant notification and obtain your consent where required by applicable law.

This Privacy Policy has been in effect since December 2018.