Privacy Policy

Notes on the Protection of Passengers' Personal Data Under the EU General Data Protection Regulation (GDPR)

Updated as of: November 2023

This notice offers a summary of how our company Safety Taxi Srl (henceforth also referred to as "My Safe Place service management company") located at Via dei Monti Tiburtini 518 00157 Rome Italy (henceforth referred to as the "Data Controller") processes your personal data. As the Data Controller we manage your rights according to the data protection provisions of EU Regulation No. 2016/679 commonly known as the "GDPR" in relation to our digital services for sanitation and passenger transportation (referred to as "Transfer"). The specific personal data processed largely depends on the services or products you utilize.

SECTIONS

• 1 - Data controller and contacts
• 2 - Method of processing
• 3 - Object of processing
• 4 - Purpose of processing and categories of data
• 5 - Access to data
• 6 – Data controller
• 7 - Data subject’s rights and how to exercise them
• 8 - Data security
• 9 - Storage period

1 - Information about the data controller and contacts

Pursuant to Article 4 paragraph 7 GDPR for the Client the data controller is:

Safety Taxi srl based in Via dei Monti Tiburtini 518 00157 Rome - P.IVA and C.F. 15768851006

Email address: info@mysafeplace.it

The easiest way to contact our data protection officer is by sending an email to: info@mysafeplace.it or by writing to the above address.

The updated list of data processors and processors is kept at the office of the Data Controller.

2 - Method of processing.

The data conveyed through digital media are processed primarily by automated means solely for the purposes indicated and for the duration strictly necessary to achieve the objectives for which they were collected. Specific security measures are implemented to prevent counteract and minimize the risks of destruction or loss whether accidental of the data unauthorized access or processing that is not allowed or does not comply with the purposes of collection.

3 - Object of processing.

The Data Controller processes personal identifying and non-sensitive data (specifically first name last name email telephone number and addresses—hereinafter referred to as "personal data" or "data") which are provided during the application for request of or subscription to the service or more generally throughout non-contractual interactions.

4 - Purposes of processing and categories of data

We would like to inform you about the personal data we process and the purposes for such processing.

In accordance with Article 6(1)(b) of the GDPR we process your data for the following service-related purposes: -To manage requests and reservations for the transfer service; - To offer personalized promotions and enable you to submit the membership form; - To manage and maintain your data on the website; - To enable you to subscribe to the newsletter service provided by the Owner as well as any additional services you may have requested; - To fulfill pre-contractual contractual and tax obligations arising from our existing relationship with you; - To comply with legal obligations regulations EU legislation or an order from an Authority; - To prevent or detect fraudulent activities or abuses harmful to the website and/or our business operations; - To exercise the rights of the Data Controller such as the right to legal defense. - Additionally your data may be used to fulfill contractual obligations and responsibilities associated with our relationships with supporting banks - Accounting data related to the existing contract with our accounting office may be accessed by third parties solely for assistance with accounting programs and management of master records..

4.1 Sanitation and passenger transportation service

To utilize our services it is essential to share certain personal data which will be processed to facilitate the service you have requested. Any additional data you choose to provide will be clearly marked as optional. Concerning sanitation and disinfection services in accordance with Article 6(1)(b) of the GDPR the following personal data are processed for contractual purposes: first and last name, email address, mobile phone number, turnover, and the number of sanitation and disinfection services conducted. Optional data will only be utilized if submitted.

In the context of transfer services as per Article 6(1)(b) of the GDPR we process the following personal data to deliver the service: first and last name, email address, mobile phone number, number of passengers, quantity of luggage, pickup address, and destination address.

Personal data are provided during registration or while requesting the service (for example, your name). We are unable to provide the requested services without processing the aforementioned personal data. This requirement does not pertain to optional data.

4.2 Payment and billing

Payments may be made directly to the driver at the end of the ride using the following methods: credit card (Visa, Mastercard, American Express), debit card, cash, or at the time of booking through the operators of My Safe Place Transfer Service on the My Safe Place portal when available, or via PayPal, Stripe, or another digital payment system.

By opting for the PayPal or Stripe payment services, you can pay by registering your credit card details which will be transmitted to the payment service operator solely to facilitate the transaction you have requested.

Regarding payments in compliance with Article 6(1)(b) of the GDPR, the following personal data are processed to fulfill the contract: first and last names, address, coordinates, departure and arrival addresses of your ride, country, language, email address, mobile phone number, all credit card details, potential PayPal/Stripe account email address, and information about your device (device ID, etc.). Without this personal data, certain payment services cannot be provided. Customers may request an invoice at the time of booking by providing all necessary information.

For billing purposes under the "General Terms and Conditions for the Client" which may be updated periodically, and for providing sanitization and transfer services, the following personal data may be processed in accordance with Article 6(1)(b) of the GDPR: first and last names, company details, number of sanitizations and disinfections performed, revenue, payment details, and banking information.

4.3 Error resolution, customer service, and function improvement

To effectively address malfunctions in digital services, respond to individual customer inquiries regarding service operation, and address any issues experienced during service use, the following personal data may be processed in compliance with Article 6(1)(b) of the GDPR for contract performance purposes: first and last name, mobile phone number, email address, revenue, number of sanitation and disinfection services completed and interrupted rides, and data on rides conducted.

We work exclusively with anonymized or aggregated data rather than personal data as long as they are adequate for fulfilling the purpose.

4.3 (a) News and personalized offers

If you have consented to receiving news, offers, and personalized advertising via email (including email, SMS, MMS, and WhatsApp) or other electronic means (such as push notifications) on your devices (smartphone, tablet, PC, etc.), we will process the following personal data in accordance with Article 6(1)(a) of the GDPR to facilitate this service: first and last name, passenger ID/request, email address, home or work address and/or addresses in the registry (optional), mobile phone number, profile picture (optional), payment method, registration date, language preference, ride type (call, immediate ride), login credentials (username), GPS coordinates/addresses at the time of the call and at the ride's conclusion, and usage data (frequency of use, information about digital services, registrations or rides), date of registration, date of last access, push token, Firebase Token, passenger status, total number of preferred drivers, number of rides with preferred drivers, status of work address (yes/no), home address (yes/no), total number of rides, number of canceled calls, ride rating frequency, reviews, status of company credit card (yes/no), billing address (yes/no), and preferred tip amount.

Should you decide you no longer wish to be contacted for these purposes, you may withdraw your consent by emailing info@mysafeplace.it or by sending a registered letter with acknowledgment of receipt to Safety Taxi SRL Via dei Monti Tiburtini 518 00157 Rome.

4.3 (b) Newsletters

Where you have consented to receive newsletters, we may use your email address or cell phone number for direct marketing (e.g. email, SMS, MMS, WhatsApp) following the completion of a service ride unless you have opted out of direct marketing. This processing of your contact details is in accordance with Article 6 (1) f) of the GDPR. You can unsubscribe at any time without any retroactive effect by clicking the unsubscribe link at the bottom of the respective communication, such as the newsletter.

By providing your consent, you confirm that you are at least 16 years old. If you prefer not to receive newsletters, you may revoke your consent using the method mentioned above; revocation is as straightforward as giving consent. Additionally, you can reach out to us by emailing info@mysafeplace.it or sending a registered letter to Safety Taxi SRL Via dei Monti Tiburtini 518 00157 Rome. Please be aware that revocation and subsequent modifications are not retroactive and may take up to 48 hours to become effective or to be implemented after your request. Due to technical reasons, we cannot expedite this process.

4.4 Research and Surveys

If you have agreed to participate in research and/or surveys during the registration process or subsequently by selecting the relevant option, you may be invited at the end of your trip or at another time to partake in personalized research and surveys regarding the quality of the services offered. These invitations may be sent via electronic mail (e-mail, SMS, MMS, WhatsApp) or other electronic methods (such as push notifications) to your devices (smartphone, tablet, PC, etc.).

For this purpose, we process the following personal data in compliance with Article 6(1)(a) of the GDPR: first and last name, passenger ID/request, email address, home or work address and/or other addresses in the registry (optional), mobile phone number, profile picture (optional), payment method, date of registration, language preference, type of ride (on-demand or scheduled), username, GPS coordinates/addresses at the time of booking and at the conclusion of the trip, and usage data (including frequency of use, information about digital services, registrations, and trips) date of last login, Push-token, Firebase Token, passenger status, total number of preferred drivers, number of trips with preferred drivers, employment address (whether provided or not), residential address (whether provided or not), total number of trips, number of cancelled bookings, rate of ride evaluations, reviews, company credit card details (whether provided or not), billing address (whether provided or not), preferred tip amounts.

By consenting, you confirm that you are at least 16 years old. Should you decide to withdraw from participation in research and surveys, you may revoke your consent using the method described above; the revocation process is as straightforward as giving consent. Additionally, you can reach out to us by sending an email to info@mysafeplace.it or by mailing a registered letter with a return receipt to Safety Taxi SRL Via dei Monti Tiburtini 518 00157 Rome.

Please be aware that the withdrawal of consent and any subsequent modifications will not have retroactive effect and may require up to 48 hours from the time of your request to become effective or be implemented. Due to technical constraints, we cannot expedite this process.

4.5 Facebook Connect

Where available, we offer you the option to sign in to our services using your user data from Facebook, a service provided by Facebook Ireland Limited located at 4 Grand Canal Square, Dublin 2, Ireland. To do this, click on the "Facebook Connect" button. You will be redirected to Facebook, where you will be asked to grant certain permissions to sign in with your Facebook user data. This action will link your Facebook profile to our passenger services. Through this connection, we will have access to the information you have entered on Facebook, including your first and last name, email address, public profile, age group, gender, profile picture, time zone, and Facebook ID.

For the purpose of Facebook Connect and to identify you, we will only utilize your email address, first and last name, profile picture, and Facebook ID in accordance with Article 6(1)(f) of the GDPR. Consequently, your device type (e.g. iPhone), operating system, language, screen resolution, and time zone (e.g. Berlin/Europe) will be automatically transmitted to Facebook.

For more information about Facebook Connect and privacy settings, please review Facebook's privacy policy and terms of use at the following link: http://www.facebook.com/policy.php. If you prefer not to use the Facebook Connect feature, please do not use the functionality.

4.7 Google Accounts

Where available, we offer you the opportunity to access our services by using your login details from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") to sign in or register. For registration, you will be redirected to Google's page, where you will be asked to grant certain permissions to sign in with your Google account. Through this connection, we can access the information you have provided to Google, including your name, surname, email address, and profile picture. However, for signing in or registering with Google, we will only utilize your email address, first and last name, and your profile picture for identification purposes in accordance with Article 6 (1) f) of the GDPR.

4.8 Google Maps

Passenger transport services utilize the Google Maps application API, allowing you to view the chosen route. The portals for our transfer services employ the Google Maps API, enabling the visualization and usage of maps as well as providing auto-complete suggestions when submitting requests. This service is integral for estimating travel times, route optimization, and extracting GPS coordinates from unstructured addresses. In compliance with Article 6(1)(b) of the GDPR, your GPS coordinates are transmitted to Google in an anonymized manner, ensuring your identity cannot be ascertained.

4.9 Use of Google Ads, Floodlight, Google Analytics technology

We utilize Google services such as Google Ads, Floodlight, and Google Analytics to gather more insights into how users discover and interact with our digital offerings. These services collect, process, and use information regarding the devices users employ, their online behavior, and the specifics of the webpages they access. This includes unique identifiers like IP addresses, user agents, IDFA (Identifier for Advertisers), Android ID (on Android devices), Google Advertiser ID, and Firebase Tokens, as well as technical details like android_id, operating system and version, user agent, device model, browser language, and others.

5 - Access to data

Your data may be accessible for the purposes outlined in Section 4: to employees and associates of the Data Controller or of its affiliated companies acting as internal data processors, managers, and/or system administrators; to companies affiliated with the Data Controller (for instance for supporting activities in customer project feasibility studies, technical project management, personal data storage, etc.) or to third parties (such as providers for website management and maintenance, suppliers, financial institutions, professional firms, etc.) who perform outsourced activities on behalf of the Data Controller in their role as external data processors.

6 - Data Controller

We partially engage external service providers for data processing tasks such as troubleshooting and preparing mailings. It is sometimes necessary to share your personal data with these providers strictly as needed for the specific case at hand. We have meticulously chosen these providers, formally engaged them in writing, and ensured they are committed to following our directives. We have also verified their technical and organizational security measures for data processing. Furthermore, we mandate all our service providers to adhere to the relevant privacy legislation. The management and storage of personal data occur on servers within the European Union operated by the Data Controller and/or third-party companies designated as Data Processors. These servers are presently situated in Italy and data will not be transferred outside the European Union. However, should the need arise, the Data Controller reserves the right to relocate the server within Italy, the European Union, or to non-EU countries. In such instances, the Data Controller guarantees that any data transfer outside the EU will conform to legal standards, possibly by establishing agreements to ensure adequate protection or by implementing the standard contractual clauses as prescribed by the European Commission.

Should you wish to learn more about our service providers, please contact us via email at info@mysafeplace.it. We do not sell any personal data to third parties. Nonetheless, we reserve the right to disclose your information if legally compelled or requested by governmental or law enforcement agencies (e.g., police or the prosecutor's office).

7 - Data subject’s rights and how to exercise them

As an interested party in accordance with Article 15 of the GDPR, you have the following rights:

• To obtain confirmation as to whether or not personal data concerning you exists, regardless of its registration status, and to have such data communicated to you in an intelligible form.
• To receive information about: a) the origin of your personal data; b) the purposes and methods of its processing; c) the logic involved in any electronic data processing; d) the identity of the owner, the managers, and the appointed representative under Article 27 of the GDPR; e) the entities or categories of entities to whom your personal data may be communicated or who may become aware of it as appointed representatives in the State's territory, or as managers or agents.
• To obtain: a) updates, corrections, or where interested, integrations to your data; b) the deletion, anonymization, or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c) a statement that the operations in letters a) and b) have been notified, also concerning their content, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves a disproportionate effort compared to the right that is to be protected.
• To object in whole or in part: a) on legitimate grounds to the processing of personal data concerning you, even if it is relevant to the purpose of its collection; b) to the processing of personal data concerning you for the purposes of sending advertising materials, direct selling, or for carrying out market research or commercial communication through the use of automated calling systems without operator intervention, email and/or through traditional marketing techniques by telephone and/or mail.

Please note that the right to object as detailed in point iv(b) for direct marketing purposes applies to both automated and traditional methods. Nonetheless, you retain the right to partially exercise your right to object, meaning you may choose to receive communications exclusively through traditional means, only automated means, or to opt-out of both types of communication.

Where applicable, you also possess the rights under Articles 16-21 of the GDPR (Right to Rectification, Right to be Forgotten, Right to Restriction of Processing, Right to Data Portability, Right to Object) as well as the right to lodge a complaint with a Supervisory Authority.

Requests for information, access, consent revocation, objections, and any other type related to data processing may be sent via email to info@mysafeplace.it or by registered mail with return receipt to Safety Taxi Srl registered office at Via dei Monti Tiburtini 518, 00157 Rome.

8 - Data security

We implement suitable technical and organizational measures to ensure the security of data processing, particularly to protect your personal data against unauthorized disclosure, accidental or deliberate alteration, loss, or destruction. These measures are regularly reviewed and updated to reflect the latest advancements in technology. The transmission of your personal data from your device (e.g., smartphone) is typically conducted in an encrypted manner.

9 – Storage period

In principle, we process and store your data for the duration of our contractual relationship. In accordance with the principle of data minimization, since we are subject to various retention and documentation obligations, the retention period may extend up to ten (10) years to comply with tax requirements. In other cases, your data will be retained for 24 months. Once the data is no longer needed for fulfilling contractual or legal obligations, it will be regularly deleted unless further limited processing is required for the purposes mentioned above.