1.Information on the processing of personal data
Your data security is important to us, and we therefore make it a high priority that your data is handled in a responsible manner. Below, you can read how CommuteApp ApS (hereafter "CommuteApp", "we", "us" or "our") process your personal data when we act as a data controller. You can also read about your rights in relation to our processing of your data.
2. Commuteapp’s Role as the data controller
In connection with our company’s operation, we process an amount of personal data. We do so in order for us to service you in the best possible way. We collect and process mostly general (non-sensitive) data.
If you have any questions about our processing of your personal data, please contact CommuteApp here:
Hobro Landvej 129
+45 40 500 720
4. What personal data we collect and for what purpose
4.1. Ordering a taxi via CommuteApp
CommuteApp process personal information about you when a hotel is ordering a taxi to you via our app. We only process non-sensitive personal information about you, including your name, e-mail, telephone number and location information related to the route.
We process your personal information in order to make the services available, including administration of taxi orders, invoicing, statistics and quality management as well as providing overall service and sales.
Our basis for processing is our legitimate interests in being able to book a taxi for you (Article 6(1)(f) of the General Data Protection Regulation).
CommuteApp deletes or anonymizes the information when it is no longer necessary for the purpose. Personal data relevant for bookkeeping is stored in 5 years in accordance with the Danish Bookkeeping Act (in Danish: Bogføringsloven).
Information about location is stored in [insert storage period], after which the information is deleted or anonymized after.
However, the information can be stored for a longer period if we have a legitimate need for longer storage, e.g., if the processing is necessary for the establishment, exercise, or defence of a legal claim.
5. Information we collect from other sources
We collect your personal data from others, including the hotel who orders the taxi on your behalf via CommuteApp.
6. Sharing yor data with others
CommuteApp may disclose your personal data internally within the group, to suppliers and/or service providers in connection with the general operation of our business. This also includes disclosing personal data to the taxa company in order to provide the services.
CommuteApp may also disclose your personal data to a public authority in situations where we are specifically bound to disclose your personal data in accordance with the laws and notification obligations to which we are subject.
We try to limit the disclosure of personal data in personally identifiable form and thus the disclosure of information that can be attributed to you personally.
CommuteApp also entrusts your personal data to data processors, e.g. in connection with the administration of our IT systems and in connection with our marketing. Our data processors process your personal data solely for our purposes and on our instructions.
7. Transfer of personal data to countries outside the eu/eea
In connection with our processing of your personal data, we may transfer the information to countries outside the EU/EEA. Data protection legislation in these countries may be less restrictive than it is in Denmark and the rest of the EU/EEA. In some countries, however, the European Commission has determined that the data protection level is in line with the level of protection in the EU/EEA.
If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside of the EU/EEA will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission or another similar transfer basis specifically designed to ensure an adequate level of protection.
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.
For further information about our transfer of personal data to countries outside EU/EEA, please contact firstname.lastname@example.org.
8. Storage period, data integrity and security
Your personal data is stored no longer than is necessary to meet the purposes for which it has been collected. When your data is no longer necessary, we will ensure that it is deleted in a safe manner.
It is our policy to protect personal data by taking adequate technical and organisational security measures.
We have implemented security measures that will ensure data protection for all the personal data we process. We regularly conduct internal follow-ups in relation to the adequacy of and compliance with policies and measures.
9. Your rights
As a data subject, you have a number of rights under the General Data Protection Regulation. Please contact us if you want to exercise your rights.
You may withdraw any consent unconditionally and at any time. This can be done by sending an e-mail to us (see the e-mail address above). Withdrawal of your consent will not have any negative impact. However, it may mean that we cannot honour specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of processing on the basis of your consent before it is withdrawn. Furthermore, it will not affect any processing performed on another legal basis.
In addition, you may – unreservedly and at any time – raise objections to our processing when it is based on our legitimate interest.
Your rights also include the following:
Right to access: You have the right to gain access to the personal data we process about you.
Right to rectification: You have the right to have incorrect personal data about yourself corrected and incomplete personal data completed.
Right to erasure (right to be forgotten): Under certain circumstances, you have the right to have your personal data erased prior to the time when we normally delete it.
Right to restriction of processing: Under certain circumstances, you have the right to have the processing of your personal data restricted. If you are entitled to restricted processing, we will from that time on only process the data – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to objection: You have the right to object to our processing of your personal data under certain circumstances – and always if the processing is for direct marketing purposes.
Right to data portability: Under certain circumstances, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit this personal data from one data controller to another.
Right to lodge a complaint: You can lodge a complaint with the Danish Data Protection Agency at any time regarding our processing of personal data. For more information, see www.datatilsynet.dk where you can also find further information about your rights as a data subject.