This Privacy Notice sets out details of the personal data relating to you that we collect through the CarTrawler Mobility Application Software (the “Platform”), how we will process such data and to whom it may be disclosed. This notice also explains your rights under applicable data protection law, including the EU General Data Protection Regulation (“GDPR”), in relation to our processing of your data.
ETrawler Unlimited Company t/a CarTrawler with VAT number 4693898K and registered address at CarTrawler, Classon House, Dundrum Business Park, Dundrum, Dublin 14, Ireland, is the owner and operator of the CarTrawler Platforms and processes the personal data which is described in this Privacy Notice on behalf of the Data Controller. We introduce customers to ground transportation services for taxi transfers (“Transportation”) and ancillary travel related products and services. Once your personal data is transferred to the transportation provider, they become a separate data controller for their processing. You can contact us using the details at the end of this notice, or if you have any queries in relation to the processing of your personal data you can also contact our Data Protection Officer by emailing dpo@cartrawler.com.
In order for us to process your transportation booking, we will ask you for certain information, such as your name, address, email address, payment information and booking details. We also collect certain information from the device you use to access our platform, such as your IP address, what browser you use and what type of device you are using. Most of the personal data that we collect about you will be information that you have given to us.
Using our "Platform":
We will collect your name, e-mail address, phone number and payment details. We will also gather your location data, if permitted, through the use our mobile app related products when creating a booking on our system and during the physical journey to your end destination. We process your data in order to facilitate the processing of orders within our “Platform” and with the underlying service providers. This is on the basis of entering into or for the performance of a contract. Bookings:
We use your name, phone number, address, email address, location, payment information and booking details in order to process bookings with us and transportation service providers, and to let you manage your bookings through the platform. Where we process personal data for this purpose, we will do so either on the basis that it is necessary for entering into a contract or for the performance of a contract in providing our transportation booking service. Queries and Complaints:
If you contact our Customer Service team with a query or a complaint, we will record details of the query or complaint and how it is dealt with on our systems. We may also seek further details about the query or complaint from the relevant transportation or other service provider, which we will also record on our systems. Calls may be recorded for training and quality purposes on the basis of our legitimate interest. Where we process personal data in the context of a query or complaint, we will do so on the basis of our legitimate interest in resolving customer queries and complaints. If you volunteer data in relation to your health, we will process that personal data on the basis that you explicitly consent to us using it in order to resolve your query or complaint. Other ancillary products and services:
If you book or purchase any other ancillary service, we will ask you for information that we need in order to process your request. This will include your name, address, e-mail address, phone number, booking reference, IP address and payment details. This is on the basis of entering into or for the performance of a contract. Location Data: If you are using our services on a mobile device and you have enabled location services, we will record your location to help you find local transportation service providers or other services. We also use your IP address to determine what country you are in when you make a booking. This is on the basis of entering into or for the performance of a contract. Loyalty Programme Data: If you join our Loyalty Programme, we will store details of your name, e-mail address, phone number, username and password and your historic booking references. Where a loyalty programme exists, we use your personal data in order to administer the loyalty programme, to add/deduct loyalty points and to notify you of loyalty rewards. We process this data on the basis that it is necessary for the performance of our contract with you. Email/ Phone Marketing: When we collect your email address and/ or phone number we will record your preferences regarding receipt of marketing from us in relation to our own products and services and those of third parties. Where we have collected your email address and/ or phone number in the context of providing you with a service, then depending on the marketing preferences you have expressed to us, we may send you marketing about products and services that we think may be of interest to you. We send this marketing on the basis of our legitimate interests or in some instances, consent. Analysis/Reporting: We use data in relation to bookings in order to create internal reports regarding how our business is operating. We also use this data for other commercial analysis purposes, and to try to predict future trends that may affect our business. This processing is undertaken on an aggregated basis, so you are not identifiable from the reports or analysis that is produced. Advertising: We want to ensure that when you see advert it will be relevant to you and your interests, whether the advert appears on a Platform we operate, in our marketing emails or on a third-party site. We may also use the same information to show you adverts for carefully selected third-party products and services. When you are using our Platform, we use the searches you have made in order to tailor our adverts to your interests. For example, if you have been searching for a taxi in Berlin, we might use this information to display adverts to you on our Platform and on third party websites for vehicles to rent in Berlin that may be of interested to you. We may also use data about your past transactions on our Platform to tailor our advertising. We process your personal data for this purpose on the basis of our legitimate interests in ensuring that our advertising, or the advertising of third parties, is effective. Surveys: If you agree to participate in a survey, we process your name and email address on the basis of our legitimate interest in improving our services. Fraud Detection & Prevention: We may use your personal data for the purpose of preventing and detecting fraud on the basis of our legitimate interest.
When you use our "platform", we use various technologies to automatically capture details about the device you are using and how you interact with the platform.
Device Details: We automatically collect details about the device you are using, including its IP address, its device ID, the browser you are using, and the operating system that the device uses. How You Interact With Our Platform: We record details about how you use our Platform, e.g. the date and time that you visit, what pages you visit, how long you stay on the pages, where you have clicked on a page, and details of any crashes or system bugs you may have encountered. How You Reached the Platform: Where we can, we record how you arrived on our Platform (e.g. whether you arrived from a search engine, or by clicking on one of our adverts). Where we collect data in relation to your use of our Platform and services, such as your device details and how you interact with our Platform and services, we use this data in order to deliver our services and personalise your experience. We also use the data to test new features that we are thinking about introducing, to analyse how our Platform is used, and to evaluate and improve our services. Where possible we use this data on an anonymous basis. All of this processing of your personal data is on the basis of our legitimate interests in operating improving and securing our services.
Although we mainly collect information directly from you, there are circumstances where we collect information from third party sources.
Third Parties: We operate a programme under which third parties advertise our Platform on our behalf. If you click on one of those advertisements, you are directed to our Platform using a technology that allows us to understand which third party referred you. We then track if you make a booking and if you do, we attribute that booking to the relevant third party for the purposes of paying them a commission. However, we do not provide the third party with any personal information in relation to you. Service Provider: If there are any issues with your transportation or other service provider, the service provider may contact us with information about the issue. Advertisements: When we work with third parties to display advertisements, we may use technologies like cookies or pixel tags to record details of your interaction with those advertisements. This data is sometimes sent to us through cookies and pixel tags that are set on our behalf by those third parties. If data is sent to us it will be done on an anonymised basis. Other individuals: Where you provide us with personal data on behalf of someone else, you confirm you have their consent to do so and will provide them with a copy of this Privacy Notice.
You are not obliged to provide us with any of your personal data. However, if you want to make a Transportation booking, or avail of an ancillary service, you will need to provide us with the information that is requested on our platform. If you don't provide us with this information, we will not be in a position to process your booking. Similarly, you may be required to provide certain information if you contact our customer services team with a query or complaint. We will inform you where such information is required.
In order to process your booking we have to send your details to the relevant transportation service provider. If you contact us with a query or complaint in relation to a booking we may also share details of the query or complaint with the transportation service provider so that we can resolve it. We also use a number of service providers to assist us in providing our services, some of whom will have access to your data (e.g. we use various software service providers who host our data as part of their services). Where we engage a third party to process your data on our behalf, we make sure that they respect your privacy rights and that they process data in accordance with data protection law.
Hosting Providers: We use various cloud service and co-location providers to help us host and manage our data. Payment Processors: We use third-party payment processors in order to assist us with taking payments on our Platform. Technology Providers: This includes service providers who provide services such as helping us to secure our network, systems and emails, managing customer surveys, a platform for sending text messages to confirm bookings and third-party platforms for processing customer correspondence and data subject requests. Customer Service Providers: We use a third-party service provider to provide customer service and third-party platforms for processing customer correspondence. Auditors: We have an internal and external audit function that is provided by third parties. The auditors help us to ensure that we are complying with our legal obligations, including in relation to our processing of personal data. In certain circumstances this may mean that they have access to our systems that process personal data, or that they might need to review how we have processed certain personal data. Fraud databases: We may use external fraud detection and prevention databases that are available in the industry and publicly available information to prevent and detect possible criminal activity or fraud. Law Enforcement Agencies: We may share your data with law enforcement agencies in order for them to investigate, detect or prevent possible criminal or fraudulent activity on the basis of complying with a legal obligation.
There are certain circumstances where we will transfer your personal data outside of the European Union to a country which is not recognised by the European Commission as providing an equivalent level of protection for personal data as is provided for in the European Union. The most common of these is where we transfer personal data to a Transportation provider in the country you have chosen so that they can fulfil your booking. This transfer would fall under Derogation 49 1) b) where the transfer is occasional and necessary for the transportation service to be provided to the customer. Similarly some of our payment providers are based in the US and the transfer would fall under derogation 49 1) b) where the transfer is occasional and necessary so that the data subject can pay the fee associated with the transportation. We may also transfer your personal data outside of the European Union in connection with the operation of our business, namely when we use a service provider that is based in the US, Australia, Egypt or the UK. If we transfer your personal data outside of the European Union, we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under applicable data protection law. Where we transfer personal data to the US, Australia and Egypt, we enter into contracts in the form approved by the European Commission with the entity to whom we have transferred personal data.Where we transfer personal data to the UK, this is based on an adequacy decision delivered by the EU Commission, where the EU Commission decided the UK ensures an adequate level of protection for EU personal data. The following categories of data are transferred to our email security software system in the UK: Name, booking reference, telephone number, address, email address, IP Address and customer correspondence. You can find further information on this adequacy decision here: https://ec.europa.eu/info/files/decision-adequate-protection-personal-data-united-kingdom-general-data-protection-regulation_en
On 4 June 2021 the European Commission published new standard contractual clauses (SCCs) to incorporate the requirements of GDPR and the Schrems II decision. CarTrawler is updating our data protection agreements with third parties to implement the new SCCs, where we rely on this mechanism and has adopted contractual, organisational and technical measures in line with the EDPB Recommendations, including but not limited to state of the art encryption on data in transit and at rest, malicious code detection software, an intrusion detection monitoring process, network and application level scanning and penetration testing, security access controls, annual staff compliance training, Transfer Impact Assessments in place for all processing that takes place outside the EEA and a Law Enforcement Request policy in place in the event it receives a request for personal data from a law enforcement agency. CarTrawler ensures that third parties we transfer data to implement similar measures to ensure all personal data has an adequate level of protection when transferred outside the EEA. If you would like further details about the supplementary measures we have taken in relation to the transfer of your personal data, or copies of the agreements that we have put in place in relation to the transfers, please contact us using the details at the bottom of this notice.
We have taken appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction. Such measures are reviewed periodically and adapted in line with the state of the art. The transfer of your personal data from your terminal equipment (e.g. smartphone) to us is always encrypted. ETrawler is PCI DSS (Payment Card Industry Data Security Standard) certified. The "Platform" makes use of the Google Maps API. This provides functionality to use places of interest (POI) location coordinate data and map displays when searching for transportation service availability. You can view Google's terms of use at https://policies.google.com/terms?hl=en. Additional terms of use for Google Maps are available at https://www.google.com/help/terms_maps.html. Google's privacy policy is available at https://policies.google.com/privacy?hl=en. We render your GPS location data anonymous before forwarding it to Google. Identification of you personally is ruled out.
We retain your personal data in accordance with our record retention policy. The record retention policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it, and in accordance with any requirements that are imposed on us by law. This means that the retention period for your personal data will vary depending on the type of personal data.
Transaction data: We retain details of your bookings and your interaction with us in relation to such bookings for as long is necessary to facilitate your booking and resolve any issues that may arise. Where your marketing preferences are such that we are able to send you marketing messages, then such data will still be retained as per the details below. Loyalty Programme Data: We retain data relating to loyalty programmes for as long is necessary to facilitate administration of our loyalty programme. Email Marketing: We will keep a copy of personal data that is required in order to send you marketing messages for as long as necessary to facilitate your marketing preferences. As part of this we will also retain certain information in relation to your transactions in order to allow us to customise our marketing messages. Managing legal claims: When we assess how long we keep personal data we take into account whether that data may be required in order to bring or defend any legal claims. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made (which varies from 2 years to 12 years).
This Platform uses cookies. Cookies are small, simple text files that are sent from a website and stored on your computer, tablet or mobile phone when you visit a website. Important Information about Consent In circumstances where we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice. If your consent relates to receiving email marketing you can use the unsubscribe link in the email. Please note that if you withdraw your consent we may not be able to continue to provide the related service to you.
You have the following rights, in certain circumstances, in relation to your personal data: Right to access the data: You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data. Right to rectification: You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete. Right to erasure: You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten. Right to restriction of processing or to object to processing: You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes. Right to data portability: You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format. Rights relating to automated decision-making and profiling. We do not use your personal data in this. In order to exercise any of the rights set out above, please contact us by using the contact details at he bottom of this notice.
We do not knowingly collect personal information from children under the age of 16. We do not provide services for purchase by children, nor do we market to children.
We keep our privacy notice under regular review and we will place any updates on this web page.
If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details: By post: Data Protection Officer, ETrawler Unlimited Company, Classon House, Dundrum Business Park, Dundrum, Dublin 14, Ireland. By email: dpo@cartrawler.com. You also have the right to lodge a complaint with the Irish Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found at (https://www.dataprotection.ie/docs/Contact-us/11.htm) or you can call the Data Protection Commission at 353 (0)761 104 800.