Processing of Carriers’ Private Data
Terms and Definitions
1. For the purpose of this policy, the following terms have the following meanings:
1.1. “Private Data” means any information directly or indirectly related to a certain natural person (private data subject).
1.2. “Mobile Application” means the software to be installed on the user's mobile phone powered by the iOS or Android operating systems, allowing the user's access to the database to be automatic.
1.3. “Website” means a package of computer software and other existing data in the information system that can be accessed via the Internet by domain names and/or network addresses. These names and addresses make the recognition of websites on the Internet possible. The address of the licensor's website is: https://taximaxim.com/driver.
1.4. “Licensor” means a person that has the right to use the website and also to use and distribute the mobile application and process the user’s private data.
1.5. “User” means a person using the mobile application under a simple (non-exclusive) license and providing the licensor with his/her private data.
1.6. “Applicant” means a person communicating his/her need to receive transport services by car, freight delivery services and loading/unloading services (hereinafter referred to as the “transport services”) to the licensor.
1.7. “Processing of Private Data” means any activity performed with private data, by means of automation or without it, including collection, recording, systematization, storage, arrangement (update, correction), retrieval, use, transfer (distribution, provision, granting access), disclosure, blocking, and deletion of private data.
1.8. “Automatic Processing of Private Data” means processing of private data by means of computer technologies.
1.9. “Provision of Private Data” means activities aimed at disclosing of private data to a person or a group.
1.10. “Blocking of Private Data” means temporary suspension of processing of private data (excluding instances when processing is necessary to identify private data).
1.11. “Deletion of Private Data” means activities that result in making the existing private data unrecoverable and/or result in eliminating the private data storage media.
1.12. “Private Data Information System” means a set of private data contained in the database and information technologies and technical instruments that make data processing possible.
1.13. “Cookies” means data sent by the website and stored on a computer, mobile phone or other devices that the applicant applies to access the website, and used to store information about the applicant’s activities on the website.
1.14. “Device ID” means unique data that allows identifying the user’s device and is provided by the device itself or the mobile application.
2. Installation of the mobile application by the user on his or her device or the use of this application by any other means, including via the website, is deemed to be the user's acceptance of this policy and his/her consent to it, including those matters governing processing of his or her private data by the licensor in all instances where such consent is required by applicable laws.
3. During processing of private data, the user is entitled to:
3.1. Receive information about processing of his/ her private data, including:
3.1.1. Confirmation of processing of private data;
3.1.2. Legal basis and purpose of processing of private data;
3.1.3. Methods and purposes used for processing of private data;
3.1.4. Information about the name and location of the person processing private data (other than the licensor's employees) that has access to private data or about the persons to which private data can be disclosed under other agreements or applicable laws;
3.1.5. Processed private data and data source unless otherwise provided for by applicable laws;
3.1.6. Duration of processing of private data and duration of data storage;
3.1.7. Information about his/her rights and methods for exercising them according to applicable laws;
3.1.8. Information about transmitting data over the borders and the instances for doing so;
3.1.9. Name, surname and address of the person in charge of processing, if there is or will be such a person;
3.1.10. Other information required by law;
3.1.11. Know, update and correct his/her personal data before the person responsible for processing or the controllers of processing;
3.1.12. Request from the person responsible for processing of data the proof of the consent granted, except when expressly exempted as a requirement for processing;
3.1.13. Be informed by the Data Controller or Data Processor, upon request, about the use of his/ her private data;
3.1.14. Submit to the Superintendence of Industry and Commerce complaints for violations of the provisions of Law 1581/12 and its regulations.
3.2. Withdraw his/her consent and/or request deletion of private data when the processor does not respect the constitutional and legal principles, rights and guarantees;
3.3. Require the licensor to complete, block or delete data, if it is incomplete, imprecise, obtained by illegal means or unnecessary for the stated purposes of processing and also to carry out the necessary activities required by law to protect his/her rights;
3.4. Appeal the actions or inaction of the licensor to the court having special jurisdiction regarding personal privacy and personal data or to the ordinary court, should the user think that the licensor, during processing of his/her private data, has breached legal boundaries or has prejudiced his/her personal rights and freedom in any other way;
3.5. Protection of his/her rights, including compensation even for moral damages through courts.
4. During processing of private data, the licensor undertakes to:
4.1 Provide the following information upon request of the user:
4.1.1. Confirmation of processing of private data;
4.1.2. Legal basis and purpose of processing of private data;
4.1.3. Methods and purposes used for processing of private data;
4.1.4. Name and address of its headquarters, information about the persons (other than employees) that have access to private data or about the persons to which private data may be disclosed under a contract or applicable laws;
4.1.5. Processed private data and data source unless otherwise provided for by applicable laws;
4.1.6. Duration of processing of private data and duration of data storage;
4.1.7. Information about his/her rights and methods for exercising them according to applicable laws;
4.1.8. Information about transmitting data over the borders and the instances for doing so;
4.1.9. Name, surname and address of the person in charge of processing, if there is or will be such a person;
4.1.10. Other information required by law;
4.2. Implement measures to prevent unauthorized access to the user’s private data.
4.3. Publish or give unrestricted access to the document that contains the private data processing policy; as well as give access to the information on implementation of the private data processing policy.
5. The objective of the agreement (second-order agreement) between the user and the licensor is to collect and process the user’s private data. The licensor does not pursue any objectives other than the one set out.
6. The user's private data is stored on electronic data storage media and processed by automated systems for processing private data.
7. The licensor collects and processes the following private data:
7.1. Names and surnames;
7.2. Date of birth;
7.3. Registered phone number;
7.5. Series, number and date of issue of the document confirming the right to use a vehicle;
7.6. License plate number of a vehicle;
7.7. The user's private data will be deleted by the licensor within 24 hours from the moment of registration in the mobile application. After registration of the user, his/her private data will not be saved or used anymore. The licensor does not store, process or use private data as the licensor is not a private data processing operator.
8. Private data will be deleted in such a way as to make it unrecoverable.
9. The following user data is stored and used by the licensor. This data is not private and does not identify the user:
9.1. Vehicle brand, model and colour;
9.2. Vehicle registration number;
10. Only employees of the licensor may have access to private data. The licensor may not disclose the user's private data. Furthermore, the licensor does not grant access to third parties, except in cases where applicable laws require such disclosure to governmental authorities.
11. The licensor employs the following measures to prevent unauthorized access to the user’s private data:
11.1. The licensor employs specially trained employees responsible for organizing processing of private data;
11.2. It implements organizational and technical measures to ensure the security of the user’s private data. Such measures are:
11.2.1. Identifying security threats in the system during processing private data;
11.2.2. Employing a security system for the premises containing information systems in a way to prevent unauthorized persons from entering the said premises;
11.2.3. Ensuring safety of private data storage media;
11.2.4. Confirming the list of persons that have access to private data by virtue of their jobs;
11.2.5. Using the necessary means to protect the private data from unauthorized access;
11.2.6. Evaluating the employed measures;
11.2.7. Detecting possible unauthorized access to private data;
11.2.8. Recovering the data that has been deleted or corrupted due to unauthorized access (if such recovery is possible);
11.2.9. Regulating access to private data contained in the private data processing system;
11.2.10. Controlling the measures employed for securing private data and the level of security of information systems.
12. The user may request the licensor to complete, block or eliminate the data, if the data is incomplete, imprecise, obtained by illegal means or unnecessary for the stated purposes of processing. Also, the user can withdraw his/her consent to processing of the said data. This can be done by sending a written request to the licensor by registered mail with the possibility of confirming the delivery or by means of delivery of such requests by hand at the licensor's office. The address of the licensor's office is specified on the website. Such requests shall contain the following: the number of the identification document of the user or his/her representative, information regarding the issuance date of such document and its issuing organization, the user’s residence address, information confirming cooperation between the licensor and the user (identification number of the user), or information confirming in any way processing of the user's private data, the request for completion, blocking or elimination of the user's private data or notice of withdrawal of consent to processing of such data, the user's signature or that of his/her representative. The licensor shall provide a justified response within 10 working days of receipt of such requests or notices, and within 15 working days of receipt of requests or notices of termination, blocking or deletion of personal data.
Geographical Location Data
13. The licensor obtains the geographical location of the user. This data is transmitted to the licensor only during the use of the mobile application. The user may prevent such transmitting at his/her own discretion through the settings on his/her device. But such a decision may prevent the application from being used normally.
14. For transportation services to be provided to the applicant, the licensor may share the user's geographic location data with the applicant.
15. For the purpose of paying the fee for the service without cash and by means of bank cards, the user can link a bank card to his/her identification number. This is done in the mobile application by the user filling in the following information:
15.1. Bank card number;
15.2. Bank card expiration date;
16. Cashless payments via bank cards are made in accordance with the regulations of international payment systems and the Central Bank of Colombia and the Superintendency of Banks and Financial Institutions (SBIF) in accordance with the principle of respect for privacy and payment security. The security of the user’s information is guaranteed by the Payment Card Industry Data Security Standard and nobody, not even the licensor, can receive it. Filling the bank card information is done on the protected payment page of the supporting bank that facilitates such payment.
17. To withdraw money from the private account, the user provides the licensor with information about his/her account opened with a financial institution and other relevant information needed for the money transfer, including the user's private data, namely:
17.1. Financial institution identification number;
17.2. Recipient's account number with the financial institution
17.3. Recipient's name and surname;
17.4. Bank card number.
18. The information provided to the licensor by the user to withdraw money from the personal account does not grant the licensor any other permission except to transfer money to the user's account.
19. The licensor may use the following cookie files:
19.1. Strictly necessary cookie files. These cookies are needed to navigate the website and use the requested services. These cookies are used when the user registers and logs into the system. Without them, the services requested by the user will be unavailable. These cookies are essential files and can be either temporary or persistent. Without them, the website won’t work properly.
19.2. Performance cookies. These cookies collect data about website usage statistics. They don’t collect the user’s private data. All data collected by them is statistical and unidentifiable. The purposes of using them are the following:
19.2.1. Obtaining the website usage statistics;
19.2.2. Evaluating the effectiveness of advertising campaigns.
These cookies can be persistent and temporary and they can be essential or third-party cookie files.
19.3. Functionality cookies. These are used to keep the information provided by the user in memory (for example, user’s name, language, and location). These files use anonymous information and do not track the user´s activities on other websites. The purposes of using them are the following:
19.3.1. Keeping in memory whether any services have been provided to the user;
19.3.2. Improving the quality of interaction with the website, usually by saving the priorities of the user.
These cookies can be persistent and temporary and they can be essential or third-party cookie files.
19.4. Advertising cookies. These cookies are used to limit viewing of advertisements, as well as to evaluate the effectiveness of advertising campaigns. These cookies are used to manage the advertising content on the website. These cookies are placed on the website by third parties, for example by advertisers and their agents. They can be persistent or temporary. These cookies are related to advertisements on the website that are provided by third parties.
20. The user can block or delete cookies, and also limit their functioning by means of browser settings.
Data on Mobile Network Operator
21. The licensor obtains data on the mobile network operator which provides mobile phone (cellular) services to the user.
22. Such data does not include the user's private data.
23. The purpose of obtaining such data is to automatically determine the mobile application settings on the user’s country of residence and the language of the application interface.
24. The licensor keeps the user's application records. These records include the time of initiation of the order, the address to which the vehicle arrives, the destination address and the routes taken, the applicable rate, payment method, and other information provided by applicant.
25. The purpose of collecting such data is to improve the quality of the services by automatic filling in the order information through the use of the previously obtained data, which reduces the order creation time.