This Policy governs the manner in which the Maxim Service (hereinafter referred to as the “Service”) collects and processes personal and other confidential data of individuals using automation tools via the Internet.
1. The following terms and definitions are used throughout this document:
1.1. "Personal data" shall mean any information relating directly or indirectly to a specific or definable individual (subject of personal data).
1.2. "Service" shall mean a party that independently organizes and (or) performs the processing of personal data, as well as defines the purposes of the processing of personal data, the content of personal data to be processed, actions (operations) performed with personal data.
1.3. "Website" shall mean a set of programs for computers and other information contained in the information system, access to which is provided via the Internet by domain names, and (or) network addresses that allow to identify the Internet websites, and used by the Service to provide services to Clients. The website addresses: https://taximaxim.ru, https://taximaxim.com, https://corp.taximaxim.com.
1.4. "Mobile application" shall mean the computer program “maxim - order a taxi” installed on the Client’s device running the mobile operating systems iOS, Android, Windows Phone, integrated into the hardware and software system of the Service and allowing to automate the process of creating orders for the provision of services.
1.5. "Services" shall mean the information services provided by the Service to the Client, aimed at receiving, processing, and transferring the Client’s order to the Partner, and at informing the Client about the order fulfillment. The subject matter and procedure for the provision of the Services are determined by the terms of the public offer posted on the website.
1.6. "Client" shall mean an individual who orders services through the website, mobile application, or a call to the subscriber telephone number of the Service and provides his/her personal data for this purpose.
1.7. "Partner" shall mean a person that independently, on his/her own, provides the Client with services for transportation of passengers, delivery of goods (freight), carrying out loading and unloading operations. However, the Service is not a transport company and does not independently provide any transport services to the Client.
1.8. "Order" shall mean a request placed by the Client to provide him/her with transport services by Partners.
1.9. "Personal data processing" shall mean any action (operation) or a set of actions (operations) performed with or without the use of the automation tools, involving personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, granting access), depersonalization, blocking, deletion, destruction of personal data.
1.10. "Automated processing of personal data" shall mean the processing of personal data by means of computer technology.
1.11. "Provision of personal data" shall mean the actions aimed at disclosing personal data to a specific person or a specific group of persons.
1.12. "Blocking of personal data" shall mean the temporary suspension of the processing of personal data (except in cases where the processing is necessary for correcting personal data).
1.13. "Destruction of personal data" shall mean the actions resulting in the impossibility of the restoration of the content of personal data in the personal data information system and (or) the destruction of personal data physical media.
1.14. "Personal data information system" shall mean a set of personal data contained in the databases and information technologies and technical means ensuring its processing.
1.15. "Cookies" shall mean pieces of data sent by the website and stored on a computer, mobile phone, or another device from which the Client accesses the website, and used to store data about the Client’s actions on the website.
1.16. "Device identifier" shall mean unique data allowing to identify the Client’s device on which the mobile application is installed, and provided by the device itself or calculated by the mobile application.
2. When ordering services through the website, mobile application or a call to the subscriber telephone number of the Service, the Client agrees to the terms of this Policy, as well as gives his/her consent to the Service to process his/her personal data in cases where the provisions of the current legislation require such consent.
3. During the processing of personal data, the Client shall be entitled:
3.1. to receive information in regards to the processing of his/her personal data, also containing:
3.1.1. confirmation of the processing of personal data;
3.1.2. legal basis and purposes of the processing of personal data;
3.1.3. purposes and methods of the processing of personal data;
3.1.4. information about the name and location of the person processing personal data, information about the persons (except for the employees of the Service) that have access to personal data or to which personal data may be disclosed based on a contract with the Service or based on the current legislation;
3.1.5. personal data being processed relating to the respective subject of personal data, the source of personal data received unless otherwise provided for by the current legislation;
3.1.6. time limits of the processing of personal data, including the time limits of its storage;
3.1.7. procedure for the exercise by the Client of the rights provided for by the current legislation;
3.1.8. information on the completed or intended cross-border data transfer;
3.1.9. title or last name, first name, middle name, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person;
3.1.10. other information as provided for by the current legislation;
3.2. to require the Service to correct his/her personal data, to block or destroy it in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of the processing, as well as to take legal measures to protect his/her rights.
3.3. to appeal the actions or omissions of the Service to an authorized body for the protection of the rights of subjects of personal data, or in court, in case the Client believes that the Service processes personal data in violation of the requirements of the current legislation or otherwise violates his/her rights and freedoms.
3.4. to the protection of his/her rights and legitimate interests, including compensation for damages and (or) compensation for moral damages in court.
4. During the processing of personal data, the Service shall:
4.1. provide the Client with the following information at his/her request:
4.1.1. confirmation of the processing of personal data;
4.1.2. legal basis and purposes of the processing of personal data;
4.1.3. purposes and methods of the processing of personal data;
4.1.4. its title and location, information about the persons (except for employees) that have access to personal data or to which personal data may be disclosed based on a contract or based on a federal law;
4.1.5. the Client’s personal data being processed and its origin, unless otherwise provided for by the current legislation;
4.1.6. time limits of the processing of personal data, including the time limits of its storage;
4.1.7. procedure for the exercise by the Client of the rights provided for by the current legislation;
4.1.8. information on the completed or intended cross-border data transfer;
4.1.9. title or last name, first name, middle name, and address of the person processing personal data on behalf of the Service, in case the processing is or is to be assigned to such a person;
4.1.10. other information as provided for by the current legislation;
4.2. ensure the adoption of measures for the prevention of unauthorized access to the Client’s personal data;
4.3. publish or otherwise provide unrestricted access to the document defining the policy on the processing of personal data, as well as to the information about the requirements being implemented for the protection of personal data.
5. The purpose of collecting and processing the Client’s personal data is the conclusion of a contract between the Client and the Service for the provision of services to the Client.
6. The Client’s personal data shall be stored on electronic media and processed using automated personal data processing systems.
7. The Service shall collect and process the following personal data of the Client:
7.1. last name, first name, middle name;
7.2. date of birth;
7.3. subscriber telephone number;
7.4. location address;
7.5. e-mail address.
8. The Client may provide the Service with the following personal data at his/her discretion, and may also modify and/or delete it at his/her discretion:
8.1. last name, first name, middle name;
8.2. date of birth;
8.3. location address;
8.4. e-mail address.
9. The Client’s personal data shall be destroyed by the Service in the following cases:
9.1. upon the expiry of three years from the date of completion of the Services;
9.2. in case of withdrawal by the Client of his/her consent to the processing of his/her personal data.
10. Destruction of the Client’s personal data shall be carried out without the possibility of its subsequent restoration.
11. Only persons directly related to the provision of the Services may have access to the Clients’ personal data. In other cases, the Service shall not disclose the Client’s personal data, nor shall it provide access to third parties without the Client’s prior consent, except for cases when personal data is provided at the request of authorized state bodies in accordance with the current legislation.
12. The Service shall implement the following measures for the prevention of unauthorized access to the Client’s personal data. The Service shall:
12.1. appoint the employees responsible for the organization of the processing of personal data;
12.2. implement organizational and technical measures to ensure the security of the Client’s personal data, namely:
12.2.1. identify security threats to personal data in the course of its processing in the personal data information systems;
12.2.2. organize a security regime for the premises in which the information system is housed, hindering the possibility of uncontrolled entry or occupancy of the premises by persons lacking the right to access such premises;
12.2.3. ensure the safety of personal data storage media;
12.2.4. approve the list of persons having access to personal data as necessary for them to perform official (job) duties;
12.2.5. use means of information protection necessary to prevent unauthorized access to personal data;
12.2.6. assess the effectiveness of measures taken to ensure the security of personal data;
12.2.7. ensure the detection of unauthorized access to personal data and take appropriate measures;
12.2.8. restore personal data modified or destroyed due to unauthorized access (if such restoration is technically feasible);
12.2.9. establish rules for access to personal data being processed in the personal data information system;
12.2.10. control the measures implemented to ensure the security of personal data and the security level of the personal data information systems.
13. The Client shall be entitled to require the Service to correct (update) his/her personal data, block or destroy it, in case the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to withdraw his/her consent to the processing of personal data by sending the appropriate request to the Service and (or) demand in writing by registered mail with notification of delivery or personal delivery at the address of the Service. The addresses of the Service subdivisions are provided in the corresponding section of the Website. The specified request/demand shall include the number of the main identifying document of the Client or his/her representative, the date of issue of the specified document and the name of the issuing authority, the address of the Client’s place of residence, information confirming the Client’s relationship with the Service (number of the contract, date of conclusion of the contract, conditional verbal designation and (or) other information), or information that otherwise confirms the processing of personal data by the Service, request to correct, block or destroy the Client’s personal data, or notice of withdrawal of consent to the processing of personal data, signature of the Client or his/her representative. The Service shall give a reasoned response on the merits of the Client’s request/demand within 30 calendar days from the date of its receipt.
14. The Service receives the data on the location of the Client (geolocation data) through the mobile application. Geolocation data is transmitted to the Service only during the use of the mobile application. The Client, at his/her discretion, can prohibit the transmission of geolocation data by changing the corresponding settings of his/her mobile device.
15. To fulfill the Order, the Service shall provide the Client’s geolocation data to its Partners that accept the Order for fulfillment.
16. In order to be able to pay for transport services provided by Partners by cashless payment using bank cards, the Client can bind a bank card to his/her subscriber phone number. The Client shall bind the bank card independently in the mobile application by providing the following data:
16.1. bank card number;
16.2. bank card expiration date;
16.3. bank card holder full name;
16.4. bank card security code.
17. Cashless payment using bank cards shall be carried out in accordance with the international payment systems rules on principles of confidentiality and security of payment. The security of the data provided by the Client shall be ensured by the compliance of the procedures with the requirements of the Payment Card Industry Data Security Standard, and no one, including the Service, can obtain it. Bank card data shall be entered on the secure payment page of the acquiring bank providing the option of cashless payment for services.
18. The Service can use the following types of cookies:
18.1. Strictly necessary cookies. They are necessary to navigate the website and use the requested services. Cookies of this type are used when the Client registers and logs in. The services requested by the Client become unavailable without them. These cookies are essential and can be either persistent or temporary. Without the use of this type of cookies, the website does not function properly.
18.2. Performance cookies. They collect website usage statistics. These files do not access the Client’s personal information. All information collected by these cookies is statistical and anonymous. The purposes of using these cookies are:
18.2.1. obtaining the website usage statistics;
18.2.2. evaluating the effectiveness of advertising campaigns.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
18.3. Functional cookies. They are used to memorize information provided by the Client (such as username, language, or location). These files use anonymized information and do not track the Client’s actions on other websites. The purposes of using these cookies are:
18.3.1. memorizing information about whether any services were previously provided to the Client;
18.3.2. improving the quality of online experience in general by memorizing the preferences selected by the Client.
These cookies can be persistent or temporary and can relate to both essential and third-party cookies.
18.4. Advertising cookies. They are used to manage advertising materials on the website, limit the number of times an ad is viewed by a user, as well as to evaluate the effectiveness of advertising campaigns. Advertising cookies are placed by third parties, for example, advertisers and their agents. These files are associated with advertising on the website provided by third-party companies. They can be either persistent or temporary.
19. The Client can use the settings of the browser used by him/her in order to block or delete cookies, as well as to limit their functioning.
20. The data collected about the device identifier does not contain the Client’s personal data.
21. The purpose of collecting information about the device identifier is the internal accounting of users of the mobile application.
Data on a Mobile Operator
22. The Service, through the mobile application, receives data on the operator that provides the Client with mobile phone (cellular) services.
23. The data collected on the mobile operator does not contain personal data of the Client.
24. The purpose of collecting data on the mobile operator is to automatically determine in the mobile application settings the data on the Client’s country of residence and the language of the application interface.
25. The Service retains the information about the Client’s ride history, namely, the time of creation of the Order, the address of the pick-up point, the intermediate and drop-off points of the route, the rate applied, the payment method and other data specified when creating the Order.
26. The purpose of collecting information on the history of Orders is the improvement of the quality of provided services by automatic filling in the Order information using the previously obtained data, which reduces the Order creation time.