Privacy Policy “Passenger”

Privacy notices for passengers in accordance with the EU’s General Data Protection Regulation (‘GDPR’)
Information as of May 2018
The information we have provided below gives you an overview of our approach to processing your personal data and your rights under the provisions of data protection legislation in connection with the use of our ride-hailing app for passengers (‘Flag Passenger App’).
The personal data processed depends largely on the services or products you use in any given case.

Classification

1. Data controller and contact
2. Processing purposes and data categories
3. Provider of processing services and processing in countries outside the European Economic Area
4. Your rights
5. Data security
6. Storage period
1. Information on the data controller

Data controller under Article 4(7) GDPR for passengers in the territory of Ireland:

Flag Taxis Ireland Ltd. (‘Flag’)
48 Upper Mount Street
Dublin 2

Email address: [email protected]

2. Processing purposes and data categories

We aim to inform you about the various types of personal data we process and the purposes for which we do this below.

2.1 Ride-hailing
The Flag Passenger App enables you to hail a ride in a taxi with a taxi driver (‘driver’) through us. You must provide personal data to use our Flag Passenger App for ride-hailing, which we process to provide the given service. Additional voluntary information that may also be provided is marked accordingly (optional). In the context of the hailing service, the following personal data will be processed in accordance with Article 6(1.)(b) GDPR for the performance of the contract:
First and last name, email address and mobile phone number (master data). Your GPS location data at the time of booking, the start and destination coordinates of your ride, information on your terminal equipment (device ID) and the password you have chosen (in encrypted form) are also processed.
Your home address, work address and profile picture are optional and will be processed only if entered.
You either enter the personal data (e.g. your name) at the time of registration or we receive it directly from your terminal equipment (e.g. GPS location data). You approve the transmission of your GPS location data via your terminal equipment’s (smartphone, tablet, etc.) operating system. We need the GPS coordinates of your location so that the taxi you have ordered can find and collect you.
We will forward your GPS location data, name and profile picture (if you have provided one) to the driver who has accepted the ride you have booked for identification purposes. The driver can call you after accepting your booking and when mobile via the Flag Driver App, where the mobile phone number you provided during registration is displayed. This enables the driver to inform you of any delays, e.g. traffic jams.
After accepting your order, the driver or taxi operator will receive your name and profile picture (if you have provided one) for identification purposes and, in particular, so that she/he/it can determine that the right person is being collected. She/he/it determines this by asking you for your name when you board at the beginning of the ride. The driver cannot see your personal data in her/his Flag Driver App after the ride.
It will not be possible for you to hail taxis through us if we do not process the personal data shown above. This does not apply to optional information.

2.2 Payment
You can pay for taxi rides hailed through us in cash, by EC/credit card or with the pay-by-app function. The pay-by-app function enables you to pay without cash using the Flag Passenger App. We will then debit the amount via your specified means of payment. You can provide the details of your credit card or another source of payment (e.g. PayPal) to enable the pay-by-app function. If your credit card details are provided, they will be transmitted directly to the payment service provider engaged by us via an encrypted connection. Both payment service providers are PCI DSS certified (Payment Card Industry Data Security Standard). Only the first six and last four digits of your credit card are transmitted to us for security reasons and we store them for the purposes of identification and verification.
In the context of payment, the following personal data will be processed in accordance with Article 6(1.)(b) GDPR for the performance of the contract:
First and last name, gender, address, start and destination coordinates of your ride, country, language, email address, mobile phone number, credit card holder’s first and last name, credit card issuer, first six and last four digits of the
credit card number, credit card’s expiry date, and information about your terminal equipment (device ID, etc.).
We cannot offer you certain means of payment if we do not process these personal data. You can still pay in cash or by debit card, however.

2.3 Fraud prevention and non-payment
Since Flag bears the risk of non-payment in the event that payments made by credit card or the pay-by-app function are not honoured, an assessment of the risk of non-payment is made on the basis of a mathematic-statistical procedure (scoring) after your registration in the app, each time a new means of payment chosen by you is entered, and each time a ride is booked, so as to protect Flag’s legitimate interests in accordance with Article 6 (1.) (f) and 22(2.)(b) GDPR.
The following personal data are processed to determine the value:
First and last name, initial registration address, billing address (if provided), start and destination coordinates of your ride, mobile phone number, language, country, email address, credit card issuer, last four digits of your credit card number, credit card’s expiry date, credit card holder’s name, information about your terminal equipment (device ID), and the Flag Passenger App version.
The initial registration address is the address from which you first register for the Flag Passenger App. The collection of address data, your residential address, in particular, is not intended. However, unintentional use of the address data may occur if your initial registration takes place at your home address, i.e. if you register from at home or if the billing address possibly provided by you is the same as your home address. Using this information, our European fraud prevention agency calculates the statistical probability of non-payment and a decision as to whether you are offered the pay-by-app function in the Flag Passenger App is made fully automatically based on that. The billing address and the initial registration address are only used as a component alongside the other personal data discussed above for calculating the score. These personal data are not used or processed otherwise. The app’s hailing functionality without the pay-by-app function is available to every user, regardless of score. Accordingly, if you are not offered the pay-by-app function due to the decision made fully automatically based on the score calculated, you may still use the Flag Passenger App and make payments either in cash or by debit card. If this is the case, you will be notified by email that the pay-by-app function is not available to you immediately after this decision. Please contact [email protected] if you do not agree with the decision on implementation of the pay-by-app function. We will then have the decision reviewed by a specially trained employee, taking into account your position.
A specially trained Flag employee sometimes makes the final decision on implementation of the pay-by-app function in conjunction with the scoring. Accordingly, the decision is not made fully automatically in such cases.
Regardless of the score calculated fully automatically, we use the personal data listed above for the purposes of non-payment prevention by our own specially trained employees pursuant to Article 6(1.)(f) GDPR. This means that a specially trained employee of Flag analyses the data discussed and taking that and available empirical values as a basis can make the final decision as to whether the pay-by-app function is offered to you in the app at her/his own discretion in the event of anomalies. Where appropriate, this employee may also call the driver during a ride and inform her/him about the non-acceptance of a means of payment in such cases. Your personal data are not used otherwise. If you are not offered the pay-by-app function due to our employee’s decision, then you may still use the Flag Passenger App and make payments either in cash or by debit card. Accordingly, it is noted that you may use the Flag Passenger App and our hailing service at any time, even if the pay-by-app function has been disabled.
To protect you against overpaying for taxi rides, the driver’s mobile phone transmits GPS location data to us at short intervals during a taxi ride, enabling us to map the entire journey. We do this because we want to ensure the driver does not extend the route intentionally to earn higher remuneration.
If you believe you have paid too much, you may ask us about the route covered after a ride. The processing of your GPS location data takes place for your and our protection against fraudulent drivers and/or passengers on the basis of Article 6(1.)(f) GDPR to protect your and our interests (e.g. protection against overpayments).

2.4 Bug fixing, customer services and improvement of functionality
To make it possible to eliminate malfunctions in the Flag Passenger App, to answer specific customer inquiries about functionality or the hailing services and to adapt the Flag Passenger App to the needs of passengers, the following personal data are processed for the performance of the contract in accordance with Article 6(1.)(b) GDPR:
First and last name, email address, mobile phone number, profile picture (optional entry), your GPS location data at the time of booking, work and home address (optional entry), start and destination coordinates of your ride, and information about your terminal equipment (device ID, Ad-ID), Language, time zone.
If sufficient for the purpose, we work with data rendered anonymous or aggregated data rather than personal data.

2.5 a) News and personalised offers
You will receive offers and advertising from us if you have agreed to receive news and personalised offers (advertising, vouchers and promotions) and to the display of usage-based advertising (‘retargeting’) during the registration process or subsequently in the profile of the Flag Passenger App under ‘Data protection’ and have operated the toggle accordingly. This concerns non-personalised (sent to all customers) and personalised (sent only to you and based on an analysis of the Flag Passenger App usage frequency) newsletters sent electronically (email, SMS, MMS, in-app messages, push messages) to your terminal equipment (smartphone, tablet, PC, etc.). To send you personalised advertising, we will process your usage data. Usage data are information about the number of app installations, registrations and taxi rides. Based on these data, you will then receive special offers and advertising from us.
In this context, we will process the following personal data in accordance with Article 6(1.)(a) GDPR:
First and last name, passenger ID, email address, home and/or business address (optional entry), mobile phone number, profile picture (optional entry), payment method, registration date, language set, Flag Passenger App profile (business or private customer), type of taxi ride (booking, try-out ride), Flag Passenger App version, log-in details, your GPS location data at the time of booking and at the end of the taxi ride, device ID, IDFA (Ad-ID, Apple, identifier for advertisers), IFV (Ad-ID, identifier vendor), GAID (Google advertising identifier), IP address, and usage data (usage frequency, information about the number of app installations, registrations and taxi rides), language, time zone and city.
You confirm that you are 16 years old or older when you give your consent.
If you do not wish to receive the news and personalised offers already discussed, you can – just as easily as when you agreed to it – withdraw your consent by operating the toggle discussed above accordingly. Of course, you can also contact us by sending an email to [email protected] or informal letter to Flag Taxis Ltd. (‘Flag’), 48 Upper Mount Street, Dublin 2.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.5 b) Facebook Custom Audiences
In order to be able to display individually targeted advertisements about our services within the Facebook social network, a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and on Facebook partner sites, we work with Facebook Custom Audiences. We do this so that advertisements (e.g. banners) can be tailored exactly to the possible needs of the customer. The basis of this is a marking process, wherein the Ad-ID (IDFA or GAID) from the customer’s end device (e.g. smartphone) is sent automatically or manually to Facebook via a certain interface with the involvement of a service provider selected by Flag. Flag then creates a list of customers who have carried out certain actions with the Flag Passenger App. Only certain pre-defined actions can be selected (e.g. installation of the Flag Passenger App in the last 30 days). Finally, Facebook compares the customers’ Ad-ID with the Ad-ID of people with a Facebook profile, defines certain groups (e.g. group 1: installation in the last 30 days) and displays corresponding advertisements to these groups. Customers who are not also users of Facebook cannot be compared by Facebook and advertising is not displayed to them. In the context of Facebook Custom Audiences, we will process the following data in accordance with Article 6(1.)(a) GDPR: Ad-ID (IDFA from Apple or GAID from Google).
You confirm that you are 16 years old or older when you give your consent.
If you do not wish to receive advertising in the context of Facebook Custom Audiences, you can – just as easily as when you agreed to it – withdraw your consent by operating the toggle discussed above accordingly. Of course, you can also contact us by sending an email to [email protected] or informal letter to Flag Taxis Ltd. (‘Flag’), 48 Upper Mount Street, Dublin 2.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.5 c) News
Once we receive from you for performance of our service your email address or your mobile phone number and you have accomplished a tour using our service, we may use it for electronical direct marketing by email, SMS and MMS as long as you have not revoked to our direct marketing. In this context we process pursuant to Art. 6 (1) f) GDPR the following personal data: e-mail and mobile phone number. You may revoke to direct marketing by clicking on a link at the end of an email (e.g. Opt out from newsletter) or by SMS contact with effect for the future. Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal. This is for reasons of a technical nature, which do not permit faster implementation.

2.6 Facebook Connect
We give you the option of registering for or logging in to the Flag Passenger App using your Facebook user data from the Facebook social network, a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (‘Facebook’). This requires operation of the Facebook Connect button. For logging in, you will be redirected to a Facebook page, where Facebook will request certain permissions and you can log in using your Facebook user data. This will link your Facebook profile with our Flag Passenger App. This link will allow us to view the data you have provided Facebook (first and last name, email address, public profile, age range, gender, profile picture, time zone, Facebook ID). For the purpose of Facebook Connect, we use only your email address, first and last name, profile picture, and Facebook ID for identification purposes in accordance with Article 6(1.)(f) GDPR. At the same time, the type of device (e.g. iPhone), operating system, language, time zone, resolution, app version and the location of your time zone (e.g. Berlin/Europe) are transmitted to Facebook automatically.
See Facebook’s data policy and terms of use for more information about Facebook Connect and the privacy settings: http://www.facebook.com/policy.php.
We kindly ask that you refrain from using the Facebook Connect function if this is not in accordance with your wishes.

2.7 Google Maps
The Flag Passenger App makes use of the Google Maps API. This enables us to display maps in your Flag Passenger App and you to use those maps. Our Flag Passenger App cannot function without the Google Maps API. You can view Google’s terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google’s privacy policy is available at https://policies.google.com/privacy?hl=en. After you have given your approval via your operating system, we use Google Maps to calculate the estimated fare for your ride and show you the distance of the taxi you have booked interactively. This involves us processing your GPS location data in accordance with Article 6(1.)(b) GDPR. We render your GPS location data anonymous before forwarding it to Google. Identification of you personally is ruled out.

2.8 Rating drivers and regular drivers
You can rate drivers and vehicles publicly via the Flag Passenger App. When you submit a rating, it is assigned to a specific ride and considered in the average rating of the driver and vehicle in question. It does not involve transmitting personal data to the driver.
You can also enter regular drivers in your Flag Passenger App profile. This involves you storing selected drivers in your profile. Personal data are not transmitted to the driver.

3. Provider of processing services and processing in countries outside the European Economic Area
In some cases, we arrange for external service providers to process your data (e.g. troubleshooting, creation of mailings). This makes it necessary for us to transmit your personal data to our external service providers for a specified purpose (confined to the purpose in question). We have selected our service providers carefully and commissioned them in writing. They are bound by our instructions and we have obtained information about their technical and organisational measures for the secure processing of personal data. We also require that our service providers comply with the applicable data protection regulations. We work with service providers from the EU and other EEA countries. We have concluded processing contracts with our external service providers in accordance with Article 28(3.) GDPR, EU standard contractual clauses in accordance with Article 28(7.) GDPR or the transmission is based on a decision of the EU Commission in accordance with Article 45 GDPR (e.g. Privacy Shield).
We store all our data with a cloud service provider within the EU or in IT infrastructures and systems (employee computers) at our sites within the EU.
We work with IT service providers that facilitate the ride-hailing services in accordance with point 2.1, as well as the fault elimination, customer services and improvement of functionality in accordance with point 2.3. We also work with payment service providers that facilitate payment processing in accordance with point 2.2. Moreover, we work with a fraud prevention service provider to protect us against non-payment in accordance with point 2.3. If you have agreed to receive news and personalised offers (point 2.5) and to be contacted by us for studies and surveys (point 2.6), then we work with marketing agencies and service providers. Please do not hesitate to contact us at [email protected] if you would like to know more about the service providers we engage.
We do not sell personal data to third parties.
However, we do reserve the right to disclose information about you if we are legally obliged to or if we are required to surrender it by administrative or law enforcement bodies (e.g. police or public prosecutors).

4. Your rights
You have the right to request information from us at any time about your personal data we have stored and the origin, recipients or categories of recipients to whom these data are forwarded or otherwise disclosed, the purpose of the storage and processing, the planned storage period, our automated decision-making procedure, the right to data portability, the existence of a right to rectification, erasure, restriction of or objection to processing, and any existing right to lodge a complaint with a supervisory authority.
You also have the right to rectification of incorrect data and, in cases where the legal requirements are met, to blocking and erasure, as well as to restrict the processing of data.
You may also send requests for information, withdrawals of consent, objections and other concerns regarding data processing by email to [email protected] or to the address stated in the introduction.

5. Data security
We have taken appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction. Such measures are reviewed periodically and adapted in line with the state of the art. The transfer of your personal data from your terminal equipment (e.g. smartphone) to us is always encrypted. Flag is PCI DSS (Payment Card Industry Data Security Standard) certified.

6. Storage period
In principle, we process and store your data for the duration of our contractual relationship. In addition, we are subject to various retention and documentation requirements. The required periods, e.g. from tax law, can be up to 10 years. Moreover, special statutory provisions can make a longer retention period necessary, e.g. evidence in the context of statutory periods of limitation.
If data are no longer required for compliance with contractual or statutory requirements, they are regularly deleted, unless their limited further processing is necessary for the purposes listed above.