- Who we are (Controller)
The Company is active in the transport coordination services sector in Greece since 2012 and is one of the dynamically developing companies in Greece with awarded electronic services and excellent passenger services. The Website is the Company’s web site and the user has the possibility to subscribe and use the Application. In addition, there is a call center operating in the registered offices of our Company so that telephone bookings are available, whereby telephone recordings technology is being used in order to ensure quality of service and your security. Telephone calls are recorded, after you have been informed by our recorded message and provided you have given your approval and are being maintained for transaction security purposes for as long as necessary taking into consideration the purpose of the commercial transaction.
The Company respects your privacy and values our relationship. Consequently, we handle your personal data responsively and we want you to be familiar with the way we collect, use and disclose your personal data. We try to fully comply with any regulation regarding personal data processing and protection, as applicable, in accordance with the Greek and European law.
We collect certain information in relation to the visitors and the users of our Website and/or Application (hereinafter the “Data Subjects”) that may identify them and we process them in our capacity as “Controller” of your data.
For any issue regarding the protection of you data, you may contact us directly: Address 20 El Alamein street, Nea Ionia, Tel: 214 41 656 82, Fax: 210 27 53 088, email: firstname.lastname@example.org.
We hereby provide you with several GDPR definitions in order to facilitate your better understanding of the terms used herein:
“Personal Data”: any information relating to natural persons, such as name and surname, post address, email address, contact number and others, which specify or might specify their identity (hereinafter “Personal Data” or “Data”).
“Personal Data Processing”: is any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor”: is the natural person or corporate entity, public authority, agency or another body processing the Personal Data on behalf of the Controller.
“Data Subjects Consent”: any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
“Recipient”: a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of those data by those public authorities shall be in compliance with the applicable Data protection rules according to the purposes of the processing.
“Third Party”: a natural or legal person, public authority, agency or body, other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.
“Pseudonymisation”: the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
“Filing System”: any structured set of Personal Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
“Restriction of Processing”: the marking of stored Personal Data with the aim of limiting their processing in the future.
“Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
“Supervisory Authority”: an independent public authority which is established by a Member State pursuant to Article 51 GDPR.
“Supervisory Authority Concerned”: a Supervisory Authority which is concerned by the Processing of Personal Data because:
(a) the Controller or Processor is established on the territory of the Member State of that supervisory authority;
(b) Data Subjects residing in the Member State of that Supervisory Authority are substantially affected or likely to be substantially affected by the processing; or
(c) a complaint has been lodged with that Supervisory Authority.
- Obligation to provide Personal Data
If you refuse to provide data marked as mandatory in the Website and/or Application, it will not be possible to achieve the main purpose for which such Data are collected and it may not be feasible for the Company to conclude the commercial contract or to provide other services made available through the Website and/or Application. Provision of further Data to the Company, other than the ones marked as mandatory, is provisional and does not affect the main purpose of Data collection, since provision thereof aims exclusively to ameliorate the quality of our services.
- What you should know about us:
Α. Which Data we process and for what reason
The Personal Data you provide us with are indicatively you name and surname, your address, your email address, your mobile phone and your landline. In addition, you provide us with internet connection information – such as time and duration of use of our services, as well as information about your location – such as GPS signal of your device or information regarding WiFi hotspots, which might be transmitted to us when you make use of our services (e.g. WiFi, Mobile Apps). Moreover, you provide us with information regarding your route and your destination (street, address, number, city) as well as the way of payment. We might process your Personal Data only when there is a reason to. As far as the Data necessary to complete a transaction is concerned, processing thereof is necessary not only in the context of our mutual relationship, as well as in accordance with the tax legislation being in force and for the purpose of securing our financial claims and rights for any legal action.
The Personal Data we collect might be processed for the following reasons:
- to create a user account, in order for the Company to provide you with account services and to facilitate provision of services;
- in order for the Company to conduct surveys in relation to customers’ satisfaction with regard to quality of goods and services of the Company as per its legitimate interest;
- subject to your explicit consent, in order to contact you for commercial reasons, send you promotional material in relation to the services of the Company or conduct market surveys and analysis of consumers’ behavior, habits and trends in order to ameliorate Company’s services and meet up to your expectations;
- in order to upgrade Website users’ experience;
- for information in relation to processed commercial transactions (payment by credit cards etc) and in order to process payments and prevent fraudulent transactions as per the Company’s legitimate business interest and in order to protect our clients from frauds;
- in order to locate your geographical position;
- in order to record your routes and preferences in relation to the services provided;
- in order to protect your account from frauds and other illegal activities: this includes using your Data to maintain, update and protect your account. We also track your navigation activity with our Website and/or Application in order to locate and solve quickly any problems and protect the soundness of our Website, in the context of protecting our legitimate interest;
- for communication purposes; our Company uses your Data in order to reply to your requests/queries, refund requests and/or any complaints. The information you share with us gives us the possibility to handle your requests and to address them in the best possible way. We may also keep a record of your queries/requests so that we respond better to any future communication, in accordance with our contractual obligations towards you, our legal obligations as well as our legitimate interests so that we provide you with the best possible services and in order to be in a position to improve our services based on your personal experience;
- in order to contact you as required by law or as necessary to keep you updated for any amendment to our services, such as to inform you for any change to the scope of our services. Such notifications will not include promotional material and do not require your consent when sent via email or SMS. If we do not use your Personal Data for this purpose, we will not be able to comply with our legal obligations.
We use a conversation recording technology in our call center on a daily 24hrs basis to assure quality of your service and your security. Calls are recorded, after you have been informed by a recorded message and provided you have already given your consent and are maintained for transaction security reasons. We may also collect and store content of our email exchange, when necessary to perform our services.
The Data might be processed in hardcopy, by automated or electronic means including post or email, telephone (e.g. automated calls, SMS, MMS) fax and other means (e.g. websites, mobile applications).
The legal basis of our processing is mainly the execution of the agreement or our legitimate interest (e.g. assuring security of our systems) or a legal obligation (e.g. disclosure of data to competent authorities).
Your Personal Data might be collected and processed only for specific, explicit legal reasons, when this is absolutely necessary for the intended purpose and are maintained for the minimum amount of time, as necessary for such purpose.
In the context of protecting the Data we process, we apply a series of appropriate technical and organizational measures and technologies (encryption etc), so that we protect your Data from any illegal processing or malevolent action.
B. TAXIPLON form of contact and Data we process
We provide to visitors of our Website the possibility to contact us through a form of contact. Details necessary for such contact are name, surname and email.
C. Automated Data collection
It is possible that following a visit to our Website, our server records your IP address, which constitutes Personal Data, even though we, alone, cannot identify on that basis. The reasons (legal cause and purpose) we collect your IP address, along with time and date, are:
- our legitimate interest to process such Data in order to assure security of information from random events or illegal or malevolent activities threatening the security of your Personal Data as well as to protect Company’s legitimate interest in relation to legal claims; and
- our legal obligation to store that Data in accordance with the legislative framework in force and in case these are requested by competent authorities upon legal requirements being met.
D. Place and time of Personal Data storage
Your Data are being stored in the Company’s data base, which is administered by Company’s trained personnel. Duration of storage is the minimum required and necessary in order to fulfill each time the purpose of the processing and in accordance with the Personal Data protection rules and more specifically for as long as you remain user of the Application, while when you send a message via the form of contact, your message and data will be deleted within 2 months as of the date we receive your latest message. Duration of storage varies/is adjusted accordingly based on contract enforcement and the relevant legislation. In relation to the Personal Data collected and stored based on the promotion of goods and services, your Personal Data are stored until your consent is revoked. We would like to point out that if you submit a request to ease your Data, we may keep part of them, exclusively and only for our legal obligations or for the establishment, exercise and support of our legal claims for as long as out legal claims last. Revocation of your consent/permission applies only to the future and does not have any retroactive effect.
- Data Subjects’ Rights
Each natural person is, in accordance with the GDPR, entitled to the following rights in relation to the Processing of Personal Data by our Company.
More specifically, you have:
- Access right, namely the right to file a request in order to be informed whether we process your Data and, if yes, which of them, as well as for other issues, such as e.g. the purpose of the processing, the receivers and others;
- Right to rectification, namely the right to request rectification or update or modification or your Personal Data (either by contracting the Controller or via your profile);
- Right to erasure, namely the right to request deletion of your Data and more specifically when we process them based on your consent or for our legitimate interest, whereas when there is an obligation to process them imposed by law or public interest, such right is subject to restriction or does not exist;
- Right to restriction of processing, namely to reserve, upon certain conditions, delimitations to your Data being processed by us and more specifically and indicatively, when you challenge accuracy of your Personal Data and for as long as such dispute lasts until verification etc;
- Right to object, namely to object any time to the Processing of your Personal Data, which takes place when necessary for our legitimate interest, as well as for direct marketing or commercial profiling purposes;
- Right to data portability, namely to request the Data you have provided in a structured, commonly used and machine-readable format, that will allow you to access the same and transmit those Data to another Controller, provided this is technically feasible and in accordance with GDPR;
- Right to file a complaint before the Supervisory Authority, in case of illegal Processing οf your Personal Data (in Greece, the Hellenic Data Protection Authority).
Data Subjects might exercise the aforementioned rights by means of email.
In this context, we inform you that we shall use our best efforts to respond to your request regarding the exercise of your rights, immediately and within one month the latest. In case this is necessary, taking into consideration the complexity of your request as well as the workload of our Company, this deadline might be extended for two months, however, we shall inform you the soonest possible and in any case within one month from filing your request for any update and of the reason of this delay. In case your requests are manifestly unsubstantiated or unreasonable, especially due to them being submitted repeatedly, the Company may impose a reasonable charge, taking into consideration the administrative burden and cost to provide you with said information or to perform said action or may refuse to respond to your request.
We also notify you hereby that in case of a of a Personal Data Breach, we have the obligation to inform you without undue delay, given that ensuring the protection of your Personal Data is of the highest priority for the Company. For this reason, we have the right to request provision of additional information, which are necessary to verify your identity before exercising your rights.
- Right for complaint before the Hellenic Data Protection Authority
In case you consider that we do not comply with the Personal Data protection legislation, please refer to our Company for clarifications and in order to file your complaints as above and in the unexpected case we do not reply to your requests, you have the right to file a complaint with the Supervisory Authority Concerned, namely in Greece the Hellenic Data Protection Authority, 1-2 Kifisias Avenue, tel: 210 64 75 600, fax: 210 64 75 628, email: , website: www.dpa.gr.
- Data security – Means of processing
The Controller processes users’ Data in a proper way and in accordance with the provisions of the legislation in force and takes with diligence all necessary security measures to prevent any unauthorized access, disclosure, modification or non-approved erasure of the Data. The Personal Data Processing is performed by using electronic computers and following the organizational procedures and operations relating strictly to each purpose. Besides the Controller, in some cases, the Data may be accessible by supervisors taking care of the operation of the Application (administration, sales, marketing) or third parties (like third party providers of technical services – financial institutions). The Personal Data Processing takes place in the central offices of the controller and in any other place of the third parties involved with the processing.
Our Company applies all proper measures to store the Personal Data securely, by using encryption and continuous, extensive controls in the electronic systems of storage and collection – processing of Data that we have in our Company, having experienced and trained personnel thereto.
The Website uses SSL (Secure Sockets Layer) protocol for secure online commercial transactions. That way, all Data you provide are being encrypted, so that they cannot be deciphered or changed while transmitted through the Internet.
In addition, in order to identify you as the account user of the Application the following two hints are used: the username and the password. Each time you insert your hints, you gain access to your personal account. This process is securely achieved by means of encryption while being transferred through the internet and the Company’s servers. The only one knowing the password is you and your exclusively liable to maintain secrecy thereof against third parties. Such measures are reviewed and reassessed, when necessary.
- Use of the Application and Disclosure of Personal Data to professional commercial motor passenger vehicles drivers
In order to make use of the Application by subscribing through our Website, you will be requested to disclose your Personal Data, as absolutely necessary (indicatively name and surname, telephone, address, route) so that the commercial transaction is processed and which might be stored and processed only for the purpose of the proper operation of the commercial transaction. These Data will be forwarded to the driver of the vehicle who has accepted said route in order to identify the customer – passenger during its boarding. The driver has the right to contact you to clarify information regarding your boarding. The driver does not store or process or disclose your Personal Data to third parties, which shall be erased upon termination of the route.
- Other Data Receivers
The Data may be processed by natural persons and/or corporate entities, having their seat in or outside EU member- states, acting on behalf of the Company and according to specific contractual obligations. Moreover, they may be processed by our Company’s employees or affiliates, only upon our Company’s permission and in order to serve our clients and comply with Personal Data protection regulation and in the context of the commercial transaction and the operational qualification of our Company.
The Data may be disclosed to third parties in the context of complying with legal obligations, such as to perform payment services by credit cards and other financial institutions as well as to execute order by public authorities or to exercise Company’s rights before judicial authorities. Third Parties of the Company that might process on our behalf Personal Data, comply with the security and protection requirements, in accordance with the GDP
10. Social network
Taxiplon operates official accounts in the following social networks: Facebook, Twitter, Google, Instagram, Linkedin, Youtube. The reason for processing all the Personal Data we collect for you by using the aforementioned social networks (social network platforms), whether anonymous or not, is to provide updates with regard to our content or to contact you by replying to your messages. The legal basis of this process is your consent.
Your consent is given when you click like or follow to our pages and may be revoked by the same way, namely by clicking unlike or unfollow. By giving your consent, you accept our Data protection policy, which is displayed on a visible and accessible point at each page. If you do not agree with our policy, you shall revoke your consent accordingly (by unlike or unfollow). Our Company is considered to be a Controller jointly with the social network platform. Administering social network is part of our Personal Data protection internal policy and, thus, in order to protect them we apply a series of appropriate technical and organizational measures, such as to delimit the people having access to social network administration, so that we ensure secure processing of your Data.
Important note: we are not responsible for the way or the means each of these platforms process your Data. Keep yourself updated for such platforms policy by the relevant links: Facebook, Twitter, Google, Instagram, Linkedin, Youtube.
12. Age limit
Our content and services are addressed exclusively to people over 18 years old and we do not knowingly collect any information for persons below this age limit, unless with proven guardian’s approval. Given that it is not technically possible to effectively verify your age in all cases, we commit that, in case a submission of Personal Data relating to a minor is reported and checked, we shall immediately delete all relevant information, without prejudice to any legal right. In case that any parent or guarding is aware of minors using the Application, please contact us immediately.
13. Payment Policy
Payment of the route having been carried out takes place as follows: a) by cash directly to the driver, without using the Application, b) by means of the payment service of the Application. In case the payment has been processed through the payment service of the Application, it is possible that Personal Data be collected – stored in order for the commercial transaction to be processed by the payment service provider, who is thereby responsible for the security of your Personal Data and has taken all measures necessary to protect them by fulfilling all the criteria and prerequisites set by the Greek legislation. Our Company stores only what is absolutely necessary in the context of the payment and in order to identify the commercial transaction.
14. Promotions and newsletter policy
By subscribing to our services and making use thereof, it is possible that you receive newsletters or promotional material to the email address you provide. In every newsletter or promotional letter you receive you are given the possibility to unsubscribe by means of a link at the end of the email, having the possibility to declare your contradiction thereto while subscribing to our services or to unsubscribe by means of a relevant link at the end of the email. By taking part to any of our advertising-promotional actions, you authorize us to process your Personal Data for this reason. The Company shall use its best efforts for the proper operation of our newsletters and other promotional actions, however, it is always possible that technical or organizational problems arise. For any issue that may arise as well as for any information in relation to our newsletters or other promotional action, please contact us.
The effective protection of your Personal Data requires systematic monitoring of our policies and procedures. Our Company’s priority is the constant provision of better services, meaning a solid effort to improve our practices, always with respect to your Personal Data.
16. Governing Law
The governing law is Greek law, as applicable in accordance with GDPR and the applicable national and European legislative and regulatory framework in relation to Personal Data protection. The courts of Athens shall have exclusive jurisdiction to settle any dispute that may arise may arise out of or in relation to your Personal Data protection.