Privacy Statement of BetterTaxi

We attach great importance to the protection of your personal data. For this reason, we strictly adhere to the GDPR which requires us to inform you about the processing of your personal data on our website www.bettertaxi.com and in the app BetterTaxi (together referred to as “Platform”) in a generally understandable form.

We are committed to protecting your personal information and processing it solely in accordance with the principles set forth below and in compliance with applicable privacy laws.

1. Personal data

When using the Platform, personal data is collected. This is all data that relates in any way to your person. Some examples of personal information include your name, address, e-mail address, and how you behave on the Platform, such as your IP address.

Information that is collected when downloading the app

When downloading the app, certain required information will be transmitted to the Apple App Store you have selected, including, but not limited to, the username, email address, account number, time of download, payment information, and unique device ID. The processing of this data is done exclusively by the Apple App Store and is beyond our control. For more information, we refer you to Apple’s privacy policy.

These data are automatically transmitted to us for different purposes. On the one hand, we need this data in order to provide you with our service and the associated functions. The legal basis for this data processing is Art. 6 (1) lit. b GDPR, ie the processing for the fulfillment of a contract between you as the person concerned and us.

Second, we need the data to improve the features and capabilities of the app and to prevent and eliminate misuse and malfunction. This data processing is covered by Art. 6 (1) lit. f GDPR justified because we have a legitimate interest in ensuring the functionality and error-free operation of the app and to be able to offer a market and interest-oriented service. This interest outweighs your rights and interests in the protection of your personal data.

As soon as we no longer need the data for the purposes mentioned, they will be deleted.

Creation of a user account (registration) and login

To use our services through the Platform, you can book as a guest or create a user account and, if you have already done so, login. We use your access data (e-mail address and password) to grant you access to and manage your user account. However, to fully use our Platform, you will need to provide additional information to complete your user profile. Mandatory information is your full name and telephone number. If you do not provide this information, you will not be able to create a user account and will not use features of our services.

We use your e-mail address and password to authenticate you at login and to investigate requests to reset your password. The information you enter when registering or login is processed and used by us to determine your eligibility to manage the User Account, to enforce the Platform Terms of Use and all associated rights and obligations, to you to book our services to allow you to contact you for technical or legal advice, updates, status alerts about your current booking process, costs incurred in your last booking, security alerts, or other messages concerning, for example, the administration of the user account,

Voluntary information (such as special requests to the driver) will be used to display it according to your settings made on the Platform and to make it available to other users, in particular the authorized drivers, as requested.

This data processing is justified by the fact that the processing we have a legitimate interest in making our Platform as user-friendly as possible and to ensure the correct operation of the Platform. In this respect, our interest predominates here your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.

Use of the Platform

Via the app you or third parties can get taxi rides and airport transfers from us. To use the app, therefore, further personal information is processed when you enter the ordering process. This concerns the start and the destination of the trip, information about your smartphone or other device as well as your encrypted password – as well as when booking via app your GPS coordinates at the time of booking. Your name, telephone number, location and pickup and destination locations (both as address and as geo coordinates) are transmitted to your driver. You’ll be asked if you’d like to share your location, and you’ll need to actively share it with one click. However, if you do not share your location, you may not be able to use all of our services because we will not be able to provide them.

The mentioned geo-data is needed by the driver, so that he can pick you up and bring you to your destination. The name of the driver is used to identify them. The driver can call you on their phone number after he has accepted the job, for example if he cannot find you or if he is late due to a traffic jam. The legal basis for this processing is Art. 6 (1) sentence 1 lit. b GDPR. In addition, the GPS data used by drivers to comply with statutory requirements, in particular the return obligation of rental cars in occasional services under the Passenger Transportation Act. In that regard, the legal basis is Art. 6 (1) sentence 1 lit. c GDPR.

The app does not require any additional permissions beyond accessing the GPS feature. However, the version of the operating system, the country preset on the terminal and the language are automatically processed. This is done on the one hand, to be able to show you our Platform correctly, on the other hand, to be able to address you in your language. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR, as our legitimate interest in being able to offer you a good user experience is outweighed by your interest in the protection of your personal data.

2. Data Protection Officer

Responsible for their data within the meaning of Art. 4 (7) GDPR we are BetterTec GmbH (Rathochstrasse 24, 81247 Munich, represented by the managing director Hanno Beisinghoff). We operate the Platform. All questions, complaints and concerns about data protection on the Platform can be addressed in writing to this address. Of course, you can also reach us by e-mail Data privacy statement or our contact form. If you give an indication in the subject line that it concerns a privacy concern, we can process this a little faster.

You can access this Privacy Policy at any time under the menu item “Privacy Policy” within the app or on the website www.bettertaxi.com/datenschutz/.

3. Web server

The Platform is hosted on a server located in a data center in the European Union. We have concluded a contract processing contract with the operator, a German company, pursuant to Section 28 GDPR. We secure our app, our website and other systems through technical and organizational measures against loss, destruction, access, and alteration. Your data will only be transmitted encrypted. We use the coding system SSL.

Some parts of our Platform are hosted through Amazon Web Services. We have chosen to use the AWS region of Ireland to ensure that no personal data is processed outside the European Economic Area. We have also concluded a contract processing agreement with AWS in accordance with Art. 28 GDPR.

4. Contact by e-mail or form

If you contact us by e-mail or via the contact form, the data you provide to us will be stored so that we can take care of your request and, if necessary, respond to you. The stored data is your e-mail address, your name, as well as all other contact information that you provide to us, as well as your request with which you contact us. This of course affects all contact, not just those related to privacy. As soon as we do not need this information to help you, we will delete it within a few days. There is only one exception. We need to store some information because the law requires us to do so (for example, under commercial and fiscal retention requirements). On the one hand, this applies to all business correspondence, including electronic ones; on the other hand, all documents that are important for our accounting. The commercial retention obligation is 6 years, the tax 10 years. In these cases, we limit the processing and access to your data as far as possible. Please note that unencrypted e-mails are not completely protected against unauthorized access by third parties. In cases of statutory retention obligations, the legal basis of the processing is Art. 6 (1) sentence 1 lit. c GDPR, otherwise Art. 6 (1) sentence 1 lit. f GDPR. In these cases, our legitimate interest in providing a customer service outweighs your interest in protecting your personal information.

5. Data processing when used for information only

If you visit our website merely to obtain information and do not actively submit data, for example via the contact form or upon registration, we will in any case process the following data that your browser automatically transmits to our server.

These are the following data:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status / HTTP status code
  • Each transferred amount of data
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the app or browser software.

We need this information because otherwise we cannot display our website for technical reasons. We also use this information to ensure the stability and security of our website. After two months at the latest, this data will be deleted automatically. The legal basis of this processing is Art. 6 (1) sentence 1 lit. f GDPR, as our legitimate interest in the stable and secure provision of our website outweighs your interest in the protection of your personal data here.

6. Cookies set by us

When you visit the website, we also store so-called cookies on your computer. Cookies are not bad. Cookies are small text files that are stored on your hard disk and that provide certain information to the body that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

This website uses two types of cookies, which we would like to briefly explain to you:

On the one hand, we use cookies that are automatically deleted as soon as you close your browser after visiting the website (so-called “transient cookies”). These include in particular session cookies. These store a so-called “session ID”, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out of us or close the browser.

In addition, we use cookies that are not deleted every time you close your browser, but still delete themselves after a specified period of time (so-called “persistent cookies”). The exact amount of time may vary depending on the cookie, but they never stay on your machine for more than two months. On the Internet, there are always attacks on websites. We therefore use these cookies to detect and ward off such attacks. The legal basis of the processing is Art. 6 (1) sentence 1 lit. f GDPR, as our interest in the secure provision of the website outweighs your interest in the protection of your personal data. You can delete the cookies in the privacy settings of your browser at any time.

You can also configure your browser settings to suit your needs. For example, you can decline the acceptance of third-party cookies or all cookies. Please be aware that for technical reasons you consequently may not be able to use all features of this website.

7. Other features and offers

You can also use other services on the Platform than just informing yourself. To do this, you will generally need to provide additional personal information that we use to provide the service and for which the above-mentioned data processing principles apply.

It may also happen that we use external service providers to process your data. We have carefully selected and commissioned them, they are bound by our instructions and are regularly controlled.

Europe has the highest data protection standards worldwide. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer. However, you can be sure that even in these cases, European data protection standards will be adhered to.

E-mails for discount promotions and news

With your permission, you can subscribe to discount promotions and news emails to let you know about new features, products and promotions, or to contact you for service purposes.

To register for these e-mails, we use the so-called “double opt-in procedure”. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive such e-mails. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. The legal basis in this respect are Art. 6 (1) lit. a and lit. c GDPR.

Obligatory indication for sending the e-mails is your e-mail address alone. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you these e-mails. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR.

You can revoke your consent to the sending of emails for discount campaigns and news at any time and unsubscribe from such emails. You can declare the cancellation by clicking on the link provided in each e-mail, by e-mail to Data privacy statement or by sending a message to the contact details stated in the imprint.

If you have signed up for such emails, the data processor ActiveCampaign processes your data on our behalf. We have a contract data processing agreement with ActiveCampaign. ActiveCampaign is a certified provider under the US Privacy Shield. We can not exclude that ActiveCampaign itself processes personal information from you when you open our e-mails, whether through cookies or through small image files that could connect to the ActiveCampaign servers if you use this e-mail. Open mails. Most e-mail clients today offer the ability to prevent reloading external content. We recommend that you configure your settings so that external content is not reloaded. The Privacy Policy of ActiveCampaign can be viewed here.

Google Maps

Our Platform uses Google Maps. This allows us to show you interactive maps directly on the Platform, allowing you to conveniently use the map feature.

By visiting the Platform, Google receives the information that you have accessed the corresponding subpage of the website or the map function of the app. In addition, your current location, the pick-up location and the destination location (both as an address and as geo coordinates) will be transmitted to Google. This happens regardless of whether you own a user account on Google that you are logged in to or not. When you’re logged in to Google, your data will be assigned directly to your account. A deactivation of the transmission is not possible, since this data processing is necessary for the rendering of our service. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. In particular, such an evaluation will be made (even for non-logged-in users) to provide on-demand advertising and to inform other Google users about your activity on our website. You have a right to object to the formation of these user profiles. Please contact Google to do so.

For more information on the purpose and scope of Google’s data collection and processing, please see its privacy policy. There you will also find further information about your rights and settings options for the protection of your privacy. Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

Spam Protection

If you want to send us information through forms on our website, you must first use the Google Inc. reCAPTCHA service, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, (“Google”). In this way, we can distinguish whether the use of the form is by a human or abusive by automated machine processing.

To our knowledge the Referer-URL, the IP address, the behavior of the website visitors, information about operating system, browser and duration, cookies, presentation instructions and scripts, the input behavior of the user and mouse movements in the area of ​​the “reCAPTCHA” checkbox to “Google ” transfer.

The legal basis for this is GDPR Art. 6 (1) sentence 1 lit. f. Our legitimate interest in spam prevention outweighs your interest in protecting your personal information.

Google uses the information obtained in this way, among other things, to digitize books and improve the street name recognition of its services Google Maps or Street View.

If you’re logged in to your Google Account at the time you use the reCAPTCHA plugin, Google may merge the reCAPTCHA-supplied IP address with other Google data. We do not know if you can prevent this by logging out of Google before using our Platform and using the reCAPTCHA plugin, or if Google also merges your data if you are not logged in.

For more information, please refer to the Google privacy policy.

Payment Service

On our website we offer Payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Likewise, you can pay through the service provider Stripe (Stripe Inc., 185 Berry Street, 94107 San Francisco, United States).

If you select the payment via PayPal or Stripe, the payment data you have entered will be transmitted to the respective service provider.

The transmission of your data to PayPal is based on Art. 6 (1) lit. b GDPR (processing to fulfill a contract).

The extent to which Paypal and Stripe process your personal data about pure payment processing, for marketing purposes, for example, is unknown to us. If you want to know how our payment service providers handle personal information, we refer you to their privacy policy. The privacy policy of PayPal can be found here, by Stripe here.

PayPal and Stripe may store cookies on your computer. We have no control over it. You can change the privacy settings of your browser so that it does not accept all or certain cookies. However, if you decline certain necessary cookies, you may be unable to use certain parts of our Platform for technical reasons.

Both companies are located outside the European Economic Area in the USA. It can therefore not be ruled out that your data will also be processed outside the European Economic Area (EEA) in the course of payment processing. However, both PayPal and Stripe are certified under the EU-US Privacy Shield, giving a data protection standard comparable to that of the EEA.

We have entered into a contract processing contract with both companies which complies with the strict standards of Art. 28 GDPR.

Customer Service

In order to provide you with first-class customer service, we rely on the services of Desk.com. Desk.com is a solution from Salesforce.com, The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (“Salesforce”). The Privacy Statement of Salesforce can be found here. When you use our customer service, you submit your name, e-mail address, IP address, all browser data, and your message and subject to Salesforce.

The legal basis of this processing is Art. 6 (1) sentence 1 lit. f GDPR. Our interest in providing you with a first-class customer service outweighs your interest in the protection of your personal data.

Salesforce uses cookies we have no control over. We recommend that you adjust your browser settings if you do not want to.

Salesforce is based outside the European Economic Area in the United States. Therefore, it cannot be ruled out that your data will also be processed outside the European Economic Area (EEA) as part of your support request.

Contact via SMS

In order to contact you by text message or push message so that we can pass on the status of the journey and provide the contact details of the dispatcher and driver as well as vehicle information, we use the Twilio service of Twilio Inc. (“Twilio”), 645 Harrison St # 3rd Floor, San Francisco, CA 94107 USA.
Your mobile number will be sent to Twilio where it will be stored until you delete your BetterTaxi user account. In this case, we will promptly delete your mobile phone number from Twilio. The legal basis for the use of Twilio is Art. 6 (1) sentence 1 lit. b GDPR.
The legal basis of this processing is the execution of a contract with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.
With Twilio, we have concluded a contract processing contract pursuant to Art. 28 GDPR. Twilio processes your personal information outside the EEA, but is certified under the EU-US Privacy Shield. More information about privacy at Twilio can be found here.

Accounting

For our bookkeeping we use u.a. Xero Xero Ltd cloud solution, XERO ONE, 19-23 Taranaki St, Te Aro, Wellington 6011, New Zealand (“Xero”). Personal data will be transmitted and processed by Xero on our behalf.

The legal basis of this processing is the execution of a contract with you in accordance with Art. 6 (1) sentence 1 lit. b GDPR.

We have concluded a contract processing agreement with Xero in accordance with Art. 28 GDPR. New Zealand is outside the EEA. However, the EU Commission certifies that New Zealand has a level of protection comparable to that of the European Union. To the extent that data processing takes place via subcontractors both outside New Zealand and the EEA, Xero claims to safeguard this level of protection through standard data protection clauses authorized by the EU Commission.

Further information on data protection at Xero can be found in their privacy policy.

Google Analytics

We also use the web analytics tool Google Analytics. Google evaluates the user behavior on this website on our behalf. Therefor we can understand how long a visitor stays on our website and which pages he’s visited. We can see which of our sites are the most popular and which we can maybe do even better. Also pseudonymous user profiles may be created. For these purposes, Google uses cookies, with the help of which usage information is transmitted to the Google servers in the United States. Before that, however, your IP address will be shortened on our website via a special script (the last digits will be deleted). This truncated IP address is sent to Google servers in the United States, but can not be associated with you. Although the IP address is also cut by Google, but only in exceptional cases in the US. As a rule, the reduction takes place on servers within the EU or other parties to the Agreement on the European Economic Area. According to Google, the complete IP address will not be merged with other data that Google owns.

We’d like to refer to Google’s privacy policy for more details.

You can prevent the storage of cookies by Google Analytics by prohibiting the setting of cookies in the settings of your browser or the app. This can happen in modern browsers and devices exclusively for the Platform. For exact settings, please consult the Help and Support section of your browser provider or smartphone. There are also two other ways that you can tell Google Analytics not to store cookies with you. On the one hand, you can download and install a free browser plugin. However, this only works if you visit this page via a desktop browser. When you visit us on a mobile, you can also set an opt-out cookie, which also prevents the tracking. Keep in mind, however, that you will need to do this again on every device from which you visit, and every time you’ve deleted your cookies.

8. Disclosure of the data

A disclosure of your personal data without your prior consent will be only be made, in addition to the cases explicitly stated in this Privacy Policy, if it is permitted or required by law. This can be the case when processing is necessary to protect the vital interests of the user or other natural persons.

Prosecution

If required to investigate any unlawful or improper use of the Platform or for the prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, as appropriate, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal rights. We are also required by law to provide information to certain public authorities upon request. These are law enforcement agencies, authorities prosecuting fines and the tax authorities.

Any transfer of personal data is justified by the fact that (1) the processing is necessary to fulfill a legal obligation, which we have to fulfill in accordance with Art. 6 (1) lit. f GDPR or (2) we have a legitimate interest in disclosing the data to us if any indications of improper conduct or the enforcement of our Terms of Use, other terms or legal rights, and your rights exist and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR do not prevail.

Further development of the Platform

As our business evolves, the structure of our business may change, changing its legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, the customer information may be shared with the part of the business to be transferred. Each time we disclose personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form as required by economic and legal circumstances and protecting your rights and interests in the protection of your personal data in accordance with Art. 6 (1) lit. f GDPR do not prevail.

9. Period of data storage

We will delete or anonymize your personal information as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the use or the contractual relationship via the Platform plus a period of seven days, during which we retain backup copies after the deletion, insofar as this data is not used for the prosecution or for securing, Assertion or enforcement of legal claims will be required longer.

Specific information in this Privacy Policy or legal requirements for the storage and deletion of personal data, especially those that we have to keep for tax reasons, remain unaffected.

10. Your rights

The basic data protection regulation of the European Union gives you various important rights in connection with your personal data, which we would like to comply with. In detail, this is the

  • right to information,
  • right to rectification or deletion,
  • right to restriction of processing,
  • right to object to the processing,
  • Right to data portability.

To assert these rights is free of charge for you. We mentioned that earlier, but we would like to point out once again: If you want to assert your rights, just get in touch with us. The quickest way to help you is to make it clear in the subject matter that this is a privacy concern.

We make every effort to ensure that you have no reason to do so, but you also have the right to complain to us about the processing of your personal data by a data protection supervisory authority.

11. Opposition and revocation against the processing of your data

If you have consented to the processing of your data on the Platform, you can of course revoke this consent at any time. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.

In some cases, we base the processing of your personal data on a balance of interests. This is especially the case if we have good reasons to process the data, but processing is not absolutely necessary to fulfill a contract with you. In these cases, you can object to the processing. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.

Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. About your advertising conflict you can inform us under the following contact details:

BetterTec GmbH, Rathochstr. 24, 81247 Munich, Data privacy statement, contact form.

12. Changes to this Privacy Policy

We always keep this Privacy Policy up to date. Therefore, we reserve the right to change it from time to time and to make changes in the collection, processing or use of your data. The current version of the Privacy Policy is always available at https://www.bettertaxi.com/datenschutz/ and “data privacy” within the app.

As of: 21.06.2018