KAROOT MOBILITY SERVICES IKE (Private Company) is committed to protecting your
privacy and handling your personal data (hereafter Personal Data) in an open and
transparent manner and in accordance with the definitions and requirements of
Regulation (EU) 2016 /679 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data (General Data
Protection Regulation, hereinafter GDPR) and Greek Law 4624/2019 as in force each
time.
The collection and processing of personal data depends on the service that has been
assigned or agreed upon, on the case-by-case contractual relationship connecting us
with the Personal Data subject, on the legal obligations imposed on us and the legal
rights granted to us by the applicable legislation, as well as on the subject’s express
consent as the case may be.
Such data are processed within the expressly defined purposes, based on the principles
of lawfulness, fairness and transparency; purpose and storage limitation; data
minimisation; accuracy, integrity and confidentiality, and within the framework of
necessity and proportionality governing each processing operation. At the same time,
this ensures “by design and by default” the taking of technical and organisational
security measures to comply with the above system of principles, as well as its periodic
review and update.
“KAROOT MOBILITY SERVICES IKE” has its corporate seat in the Industrial Area of Sindos in Thessaloniki and is registered in the General Commercial Register (G.E.MI.) under G.E.M.I. No. 157085505000 (hereinafter referred to as “KAROOT”) and acts as controller of your personal data thekarootapp@thekaroot.com.
This document defines the status of protection of personal data in the context of their processing by the company and describes the system of rules based on which this processing is carried out, as well as the way of use of your personal data which are collected through the “KAROOT” application (hereinafter “KAROOT Application”, “Application”, “App”).
In the context of this document, the GDPR definitions are used, indicatively the
following:
personal data” means any information relating to identified or identifiable natural
persons (“data subjects”), i.e. persons who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural
person.
“personal data processing” means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not by automated
means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or
destruction. Finally,
“controller” means the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data; where the purposes and means of such processing are
determined by Union or Member State law, the controller or the specific criteria for its
nomination may be provided for by Union or Member State law.
Depending on the purpose for which we may be required to process your data, we will process on a case-by-case basis certain categories of personal data, which are indicatively the following:
We remind you that every time we ask you to fill in your personal data in order to
access any function or service of the Application, we will mark certain fields
as
required, since this is the basic information we need to be able to provide you with
the service. Please note that if you do not provide us with such data, you may not be
able to complete your registration or take advantage of the relevant services.
Depending on how you interact with the Application, we will process your personal
data for the following purposes:
If you decide to register as a user of the Application, we must process your data to identify you as a user of the Application and ensure that you can access it as a registered user. You can cancel/delete the account in question by selecting it through the Application on your device.
The Application enables you to call a taxi with a taxi driver (“Taxi Operator”) for your ride. You will have to disclose your personal data in order to use the application as a passenger who wishes to be transported by calling a taxi, and this data is subject to our processing for the purpose of providing the specific service. In the context of this service, the following personal data will be processed in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of executing the contract:
In the context of the payment, the following personal data will be processed in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of executing the contract:
We are unable to offer you certain means of payment if we do not process the personal
data in question. However, you can always pay cash directly to the Taxi Operator
without any further involvement of the application.
For payments through the KAROOT Software using the Passenger’s credit/debit card
(“payments via Application”), KAROOT has entered into and maintains in force a
Contract with a licensed electronic payment service provider for the acceptance and
receipt of electronic payment services.
You will only receive offers and advertisements from us if, during the registration
process, you consented to the receipt of news and personalised offers (advertising,
coupons and offers) and to the display of usage-based news. This applies to both non-
personalised (sent to all customers) and personalised (sent only to you and based on
an analysis of your personal data that you have expressly provided to us or that
resulted from your use of the Application) newsletters that are sent electronically
(email, SMS, in-App messages, promotional messages) to your terminal equipment
(smartphone, tablet, PC, etc.).
We will also process your personal data in order to organise promotional activities. By
participating in any promotional activity, you authorise us to process the personal data
you have shared with us in relation to the promotion and to disclose them through
different means or through the Application itself.
If you do not wish to receive the news and personalised offers mentioned above, you
may withdraw your consent by means of a written statement to the Company.
Please note that the withdrawal and subsequent changes are only valid for the future
and will take effect or be implemented no later than 48 hours from the time of
withdrawal.
In the course of fulfilling our contractual and legal/regulatory obligations, your
personal data may be given to third parties for purposes related to the necessity of
data processing, in accordance with the respective contractual/regulatory framework
and against which the necessary provisions for the protection and lawful processing of
your personal data have been taken, under the supervision of the legal representative
of the controller. All third parties to whom the Personal Data are disclosed undertake
to observe the principle of confidentiality and to operate with a view to protecting such
data in accordance with domestic law and the principles of the GDPR. Similarly, all
processors appointed by us to process personal data on our behalf are contractually
bound to comply with the provisions of the GDPR.
In particular, we disclose your necessary personal data to taxi drivers using the
Application in order to fulfil your requirements.
Furthermore, in order to achieve the purposes described in this Privacy Policy, we may
disclose or grant access to your personal data to third parties who provide us with
support in the services we provide to you, such as:
partners and service providers involved in advertising and marketing. We will also disclose your personal data when required by law or when we believe that disclosure is necessary to protect our rights and/or to comply with a legal process, court order, request from a regulatory authority, or any other legal process notified to us.
We will retain your personal data for the duration of our transactional or other contractual relationship with you, or for the duration provided for by your legal consent, or for the duration required by fiscal and other laws of the state or the exercise of our legal right and the serving of legitimate interests, or for the duration specified by the instructions of the competent data protection authority.
In the context of the application of the GDPR, you maintain the following rights, which you can exercise electronically or in writing:
Each of your requests regarding the Personal Data that concern you and the exercise
of your relevant rights shall be submitted in writing to the e-mail address or to the
postal address of the data controller or in person (or through a third party, with an
authorisation certified for the authenticity of the signature) at the company’s corporate
seat.
The company responds to your requests free of charge, without undue delay and
within a month of their receipt, except in special cases where the above deadline can
be extended by two more months, if required, given the complexity or volume of the
requests. In the latter case, the company informs you of the extension and the reasons
for the delay within one month of receiving the request. If the controller considers that
your request is manifestly unfounded or excessive, the company reserves the right to
impose a reasonable fee for processing it, taking into account the costs for its
satisfaction, or even to refuse to proceed with it.
In the event that your request cannot be satisfied, then the company will inform you
without delay and within one month of its receipt, regarding the relevant reasons and
your right to file a complaint with the competent supervisory authority for GDPR
implementation issues, namely the Hellenic Data Protection Authority (DPA– 1-3
Kifisias St., Post Code 11523, Athens, tel.: 210-64.75.600 or e-mail: contact@dpa.gr),
with which you reserve the right to file a complaint if you consider that the processing
of your personal data is in breach of the applicable legislation, but also regarding your
right to appeal to the competent judicial authorities.
We review this Privacy Policy regularly and reserve the right to revise this Privacy Policy
regularly and make changes at any time. If we take the above actions, we will notify
you by various procedures through the Application or by means of a notification to
your email address.
We recommend that you check this Privacy Policy from time to time in case minor
changes have been made or in case we make any interactive improvement, taking
advantage of the opportunity to always find it as a permanent point of information on
our Website and in our Application.
If you have any questions about this Policy or about the way in which we handle your Personal Data, or if you wish to exercise your rights, please contact KAROOT’s Data Protection Officer at the email address below thekarootapp@thekaroot.com.