Processing of Passengers' Private Data
This policy governs collection and processing of private and other confidential data of natural persons through an automated procedure via the Internet. These collection and processing are carried out by the Maxim car ordering service (hereinafter the "Service").
Terms and Definitions
1. For the purpose of this policy the following terms have the following meanings:
1.1. “Private Data” means any information directly or indirectly related to a certain person (private data subject).
1.2. “Service” means the person that independently organizes or performs processing of private data, also states the purpose of such processing and determines the combination of data to be processed and the activities to be performed with such data.
1.3. “Website” means a package of computer software and other existing data in the information system that can be accessed via the Internet by domain names and/or network addresses. These names and addresses make the recognition of websites on the Internet possible. The Service uses these applications to provide services to customers. The website address is at: https://taximaxim.com/.
1.4. "Maxim" means the computer software to be installed on the applicant’s mobile phone powered by the iOS or Android operating systems. It is integrated with the Service’s hardware and software package and makes the applicant’s access to the database automatic. Maxim is responsible for processing of personal data in accordance with Law 1581/2012 and its regulations.
1.5. “Services” means information services provided to the applicant by the Service, which include accepting and processing the applicant’s order and transmitting it to partners, as well as notifying the applicant about execution of the order. The subject and methods of providing the services will be identified according to customers’ offers on the website.
1.6. “Applicant” means a natural person who has requested the services via the website, mobile application, or by calling the Service’s phone number and has provided his/her private data for this purpose.
1.7. “Partner” means a person that independently and with its/his/her own means provides transportation services by car, freight delivery services or loading/unloading services to the applicant. The Service is not a transport company and as such does not provide transportation services.
1.8. “Order” means a request made by the applicant for obtaining the services from partners.
1.9. “Processing of Private Data” means any activity or activities performed with private data, by means of automation or without it, including collection, recording, systematization, storage, arrangement (update, correction), retrieval, use, transfer (distribution, provision, granting access), disclosure, blocking, and deletion of private data.
1.10. “Automatic Processing of Private Data” means processing of private data by computer technologies.
1.11. “Provision of Private Data” means activities aimed at disclosing of private data to a person or a group.
1.12. “Blocking of Private Data” means temporary suspension of processing of private data (excluding instances when processing is necessary to identify private data).
1.13 “Deletion of Private Data” means activities that result in making the existing private data unrecoverable and/or result in eliminating the private data storage media.
1.14. “Private Data Information System” means a set of private data contained in the database and information technologies and technical instruments that make data processing possible.
1.15. “Cookies” means data sent by the website and stored on a computer, mobile phone or other devices that the applicant applies to access the website, and used to store information about the applicant’s activities on the website.
1.16. “Device ID” means unique data that allows identifying the applicant’s device and is provided by the device itself or the mobile application.
2. When sending the order via the website or mobile application, or when calling the Service’s phone number, the applicant agrees to this policy, as well as gives his/her consent to processing of his/her private data by the Service in the instances when applicable laws require such consent.
3. During processing of private data, the applicant is entitled to:
3.1. Receive information about processing of his/her private data, including:
3.1.1. Confirmation of processing of private data;
3.1.2. Legal basis and purpose of processing of private data;
3.1.3. Methods and purposes used for processing of private data;
3.1.4. Information about the name and location of the person processing private data, information about the persons (other than the Service’s employees) that have access to private data or about the persons to which private data can be disclosed under other agreements or applicable laws;
3.1.5. Processed private data and data source unless otherwise provided for by applicable laws;
3.1.6. Duration of processing of private data and duration of data storage;
3.1.7. Knowledge of his/her rights and methods for exercising them according to applicable laws;
3.1.8. Information about transmitting data over the borders and the instances for doing so;
3.1.9. Name, surname and address of the person in charge of processing, if there is or will be such a person;
3.1.10. Other information required by law;
3.2. Require the Service to complete, block or delete data, if it is incomplete, imprecise, obtained by illegal means or unnecessary for stated purposes of processing and also to carry out the necessary activities required by law to protect his/her rights;
3.3. Appeal the actions or inaction of the Service to the court having special jurisdiction regarding personal privacy and personal data or to the ordinary court, should the applicant think that the Service, during processing of his/her private data, has breached legal boundaries or has prejudiced his/her personal rights and freedom in any other way;
3.4. Protection of his/her rights, including compensation even for moral damages through courts.
4. During processing of private data, the Service undertakes to:
4.1. Provide the following information upon request of the applicant:
4.1.1. Confirmation of processing of private data;
4.1.2. Legal basis and purpose of processing of private data;
4.1.3. Methods and purposes used for processing of private data;
4.1.4. Name and address of its headquarters, information about the persons (other than employees) that have access to private data or about the persons to which private data may be disclosed under a contract or applicable laws;
4.1.5. Processed private data and data source unless otherwise provided for by applicable laws;
4.1.6. Duration of processing of private data and duration of data storage;
4.1.7. Information about his/her rights and methods for exercising them according to applicable laws;
4.1.8. Information about transmitting data over the borders and the instances for doing so;
4.1.9. Name, surname and address of the person in charge of processing, if there is or will be such a person;
4.1.10. Other information required by law;
4.2. Implement measures to prevent unauthorized access to the applicant’s private data.
4.3. Publish or give unrestricted access to the document that contains the private data processing policy; as well as give access to the information on implementation of the private data processing policy.
5. The purpose of the agreement between the applicant and the Service is to collect and process the applicant’s private data.
6. The applicant’s private data is stored on electronic data storage media and processed by automated systems for processing private data.
7. The Service collects and processes the following private data:
7.1. Names and surnames;
7.2. Date of birth;
7.3. Registered phone number;
7.4. Residence address;
7.5. E-mail address.
8. The applicant may provide the following information to the Service at his/her own discretion. Also, he/she can edit or delete it at his/her own discretion:
8.1. Name and surname;
8.2. Date of birth;
8.3. Residence address;
8.4. E-mail address.
9. In the following cases, the applicant 's private data will be deleted by the Service:
9.1. Three years after completion of providing services;
9.2. In case the applicant withdraws his/her consent to processing of his/her private data.
10. Private data will be deleted in such a way as to make it unrecoverable.
11. Only the persons that directly relate to providing the services may have access to private data. The Service may not disclose the applicant’s private data. Furthermore, it does not grant access to third parties, except in cases where applicable laws require such disclosure to governmental authorities.
12. The Service employs the following measures to prevent unauthorized access to the applicant’s private data:
12.1. The Service employs specially trained employees responsible for organizing processing of private data;
12.2. It implements organizational and technical measures to ensure the security of the applicant’s private data. Such measures are:
12.2.1. Identifying security threats in the system during processing of private data;
12.2.2. Employing a security system for the premises containing information systems in a way to prevent unauthorized persons from entering the said premises;
12.2.3. Ensuring safety of private data storage media;
12.2.4. Confirming the list of persons that have access to private data by virtue of their jobs;
12.2.5. Using the necessary means to protect private data from unauthorized access;
12.2.6. Evaluating the employed measures;
12.2.7. Detecting possible unauthorized access to private data;
12.2.8. Recovering the data that has been deleted or corrupted due to unauthorized access (if such recovery is possible);
12.2.9. Regulating access to private data contained in the private data processing system;
12.2.10. Controlling the measures employed for securing private data and the level of security of information systems.
13. The applicant may request the Service to complete, block or eliminate the data, if the data is incomplete, imprecise, obtained by illegal means or unnecessary for the stated purposes of processing. Also, the applicant can withdraw his/her consent to processing of the said data. This can be done by sending a written request to the Service by registered mail with the possibility of confirming the delivery or by means of delivery of such requests by hand at the Service’s office. The address of the Service’s office is specified on the website. Such requests shall contain the following: the number of the principal identifying document of the applicant or his/her representative, information regarding the issuance date of such document and its issuing organization, the applicant’s residence address, information confirming cooperation between the Service and the applicant (identification number of the applicant), or information confirming in any way processing of the applicant’s private data, the request for completion, blocking or elimination of the applicant’s private data or notice of withdrawal of consent to processing of such data, the applicant’s signature or that of his/her representative. The Service is required to give a justified response within 30 days of receipt of such requests or notices.
Geographical Location Data
14. The Service obtains the geographical location of the applicant via the mobile application. This data is transmitted to the Service only during the use of the mobile application. The applicant may prevent such transmitting at his/her own discretion through the settings on his/her device.
15. For the applicant’s order to be performed, the Service may share the applicant’s geographical location data with the partner that has accepted the order to perform it.
16. For the purpose of paying for the services provided by the partner, the applicant can link a bank card to his/her identification number to make cashless payment with a bank card. This is done in the mobile application by the applicant filling in the following information:
16.1. Bank card number;
16.2. Bank card expiration date;
17. Cashless payments via bank cards are made in accordance with the regulations of international payment systems and the Central Bank of Colombia and the Superintendency of Banks and Financial Institutions (SBIF) in accordance with the principle of respect for privacy and payment security. The security of the applicant’s information is guaranteed by the Payment Card Industry Data Security Standard and nobody, not even the Service, can receive it. Filling the bank card information is done on the protected payment page of the supporting bank that facilitates such payment.
18. The Service may use the following cookie files:
18.1. Strictly necessary cookie files. These cookies are needed to navigate the website and use the requested services. These cookies are used when the applicant registers and logs into the system. Without them, the services requested by the applicant will be unavailable. These cookies are essential files and can be either temporary or persistent. Without them, the website won’t work properly.
18.2. Performance cookies. These cookies collect data about website usage statistics. They don’t collect the applicant’s private data. All data collected by them is statistical and unidentifiable. The purposes of using them are the following:
18.2.1. Obtaining website usage statistics;
18.2.2. Evaluating the effectiveness of advertising campaigns.
These cookies can be persistent and temporary and they can be essential or third-party cookie files.
18.3. Functionality cookies. These are used to keep the information provided by the applicant in memory (for example, applicant’s name, language, and location). These files use anonymous information and do not track the applicant’s activities on other websites. The purposes of using them are the following:
18.3.1. Keeping in memory whether any services have been provided to the applicant;
18.3.2. Improving the quality of interaction with the website, usually by saving the priorities of the applicant.
These cookies can be persistent and temporary and they can be essential or third-party cookie files.
18.4. Advertising cookies. These cookies are used to limit viewing of advertisements, as well as to evaluate the effectiveness of advertising campaigns. These cookies are used to manage the advertising content on the website. These cookies are placed on the website by third parties, for example by advertisers and their agents. They can be persistent or temporary. These cookies are related to advertisements on the website that are provided by third parties.
19. The applicant can block or delete cookies, and also limit their functioning by means of browser settings.
Data on Mobile Network Operator
20. The Service obtains data on the mobile network operator which provides mobile phone (cellular) services to the applicant.
21. Such data does not include any private data of the applicant.
22. The purpose of obtaining such data is to automatically determine the mobile application settings on the applicant’s country of residence and the language of the application interface.
23. The Service keeps the applicant's route records. These records include the time of initiation of the order, the address to which the vehicle arrives, the destination address and the routes taken, the applicable rate, payment method, and other information provided by the applicant.
24. The purpose of collecting such data is to improve the quality of the services by automatic filling in the order information through the use of the previously obtained data, which reduces the order creation time.