PRIVACY POLICY

A lot of information about privacy for the passenger

Privacy warnings for passengers, according to the EU General Data Protection Regulation (“GDPR”) for users of the app Ncc.it use for passengers. October 2020 This policy provides an overview of the processing of your personal data by us and your rights under the data protection provisions regarding the use of our app for the car booking service from rental with driver (“Ncc.it Passenger App”). The type of personal data processed basically depends on the services or products used. Sections

 

  • Information on the data controller
  • Definitions
  • Activities and purposes of data processing
  • Your rights
  • Data security
  • Retention period
  • Updates and changes

  1. Information on the data controller

Pursuant to Article 4 paragraph 7 GDPR, for passengers on Italian territory the data controller is: Ncc.it srl Via Maretto,24/26 Roma 00166 Vat Number 16313861003 E-mail address: [email protected] For any need regarding personal data write to the indicated address.

  1. Definitions

«personal data»: any information relating to an identified or identifiable natural person («data subject»); a natural person who can be identified, directly or indirectly, shall be considered identifiable; with particular reference to an identifier such as name, identification number, location data, an online identifier or to one or more elements characteristic of its physical, physiological, genetic, psychological, economic, cultural or social identity; «processing» means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organisation, structuring, the preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;

 

  1. Activities and purposes of data processing

Through the App Ncc.it you can make your travels with rental cars with driver. To use our app Ncc.it, you must provide your personal data that we will process to guarantee the respective service. Other information may be shared voluntarily, which will be indicated as “optional data”.

3.1 Award of races

With reference to services for the award of races, pursuant to Art. 6 (1) b) GDPR, to enter into our award agreement with you, and pursuant to Art. 6 (1) a) of the GDPR concerning optional information, the following personal data are processed:

3.1.1 General

You must provide the following information to register in order to use the app Ncc.it: Name and surname, e-mail address and mobile number (personal data). We will use your mobile number to verify your customer account by sending you a code via SMS. This process is necessary to perform the so-called “2-factor authentication”, so that registration cannot be made without specifying a valid mobile number. Registration will be completed only after entering the code in the app Ncc.it. We will also process the following data in connection with travel management: call time, departure and destination coordinates of the journey, and information about the end user’s device (device ID). The user can provide the starting coordinates(s) by placing a marker on the map, or by entering an address, or (ii) by transmitting the GPS coordinates. The legal basis for the processing of GPS position data is Art. 6 (1) (a) GDPR. The use of GPS location data by Ncc.it can be allowed when installing the app Ncc.it.

3.1.2 Registration/Login via Facebook Connect

In addition to all this, we offer you the opportunity to log in or register for the FREE NOW Passenger App using your Facebook user data from Social Media Facebook, a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland(“Facebook”); to do this you have to click on the Facebook Connect button. To log in you will be directed to the Facebook page, where Facebook will ask you for certain permissions to be able to log in with your Facebook user data. This will link your Facebook profile and our FREE NOW Passenger App. By virtue of this link, your data (name, surname, e-mail address, profile photo) as provided to Facebook will also become visible to us. The processing of this data by us will take place in accordance with the determinations specified in this privacy policy. For more information about Facebook Connect and privacy settings, you can consult the Facebook Privacy Policy and Terms of Use available at www.facebook.com/policy.php. If you do not want your data to be processed as defined above, you will not be able to use the Facebook Connect feature. If you have used Facebook Connect in the past, you can prevent us from further processing your data saved on Facebook, by going to ‘Settings’ in your Facebook account and deleting the Passengers FREE NOW app from the ‘Apps and websites’ category.

3.1.3 Registration/Login via Google Account.

In addition, we offer you the ability to access or register with the FREE NOW Passenger App using your Google Account login details from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, you will be transferred to the Google website, where Google will ask you for certain permissions and you can access them using your Google login details. This will link your Google profile and our FREE NOW Passenger App. Through this link, the information you provided to Google (first and last name, email address and profile photo) will become visible to us. We will process this data in accordance with the provisions of this Privacy Policy. For more information about access and registration via Google and Google’s privacy settings, please see Google’s privacy policy and terms of use at https://policies.google.com/privacy?hl=it. If these conditions do not suit you, do not use access or registration through your Google account. You can prevent us from further processing the above-mentioned data stored in your Google Account by going to.

3.1.5 not applicable

3.2 Payment

If you use the payment function with Paypal, we will process the following personal data, based on Art. 6 (1) b) GDPR, for the purposes of contract execution: If you use the payment methods offered through PayPal, the data necessary for the processing of the payment will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Further information on data processing via PayPal is available at:

https:///www.paypal.com/de/webapps/mpp/ua/privacy-full. Credit card payments are made by the following service providers: (i) PayPal Braintree Inc., 22-24 Boulevard Royal, L-2449, Luxembourg, through which we will transmit your data to PayPal. The privacy policy for use of the Braintree service is available at:

https///www.braintreepayments.com/legal. (ii) Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany. For payments via wirecard, the payment data you provide will be transmitted to Wirecard. Detailed data protection information on Wirecard can be found here: https://www.wirecard.de/datenschutz/. All payment service providers are PCI DSS (Payment Card Industry Data Security Standard) certified. Your credit card details will be transmitted via an encrypted connection directly to the payment processor we use. Our payment processor will then perform an authentication process for your payment method, assigning an amount to your account. This ensures that your payment method is an active means of payment. For security reasons, we are only provided with the last four digits of your credit card, which we store for identification and documentation purposes.

3.2.1 Payment Services Directive

The new Payment Services Directive 2 (PSD2) will enter into force. The goal is to standardize security standards and reduce fraud for payments made with alternative means to cash, throughout the European Economic Area, through the recent “Strong Customer Authentication” (Strong Customer Authentication: SCA). This Regulation establishes a uniform legal framework throughout the EEA for the amounts and frequencies for which authentication is required. You must validate two of the three possible authentication factors: 1) Something the user knows, such as a password or PIN. 2) Something the user has, such as a credit card or a device. 3) Something that the user is. For example, iris scanning, fingerprints or other biometric data. The choice of authentication methods is the responsibility of the issuing bank.

3.3 Anti-fraud measures and non-payments

3.3.1 General

If you do not want to use the payment service via app, you can still use the App Ncc.it and make the payment in cash or ATM. Therefore, we remind you that you can use the Ncc.it app for passengers and our booking service ran at any time, even if you have deactivated the payment service via app. To protect you from paying more than you have to, the driver’s mobile device sends us the GPS coordinates at close intervals during the ride, allowing us to reconstruct the entire course of the ride. We want to ensure that the driver does not prolong the ride specifically to earn a higher fee. If you feel that you have paid an excessive price, at the end of the ride you can ask us about its progress. The processing of GPS coordinates serves to protect you and us from drivers and/or fraudulent passengers under the provisions of Article 6 (1) f) GDPR for the protection of your and our interests (e.g. protection against payments exceeding due).

3.4 Bug resolution (operating errors) and improvement of operation

In order to correct bugs (operating errors) and to improve the functionality of the Ncc.it app and adapt it to the needs of passengers, we process the following personal data, pursuant to Art. 6 (1) f) GDPR based on our legitimate interest: Name and surname, email address, country, mobile phone number, profile photo (optional data), GPS coordinates at the time of call (if you have allowed access), workplace and home address (optional data), departure and arrival location of the ride and information about your device (device ID, Ad ID), language and time zone. To the extent that it is sufficient to achieve the corresponding purpose, we work with anonymous data rather than with personal data.

3.5 News and personalised offers

3.5.1 General

You will receive offers and advertising from us, if, during the registration process or at a later time, in the profile of the App Ncc.it under “Privacy” you have consented to the sending of news and personalized offers (advertising, vouchers and offers) and to display usage-based advertising (“Retargeting”) and have enabled the corresponding option. The service consists of sending personalized advertising via email (email, SMS, MMS) or other electronic means (in-app notifications, push notifications) to your device (smartphone, tablet, PC, etc. ). In this regard, we process the following personal data, pursuant to Art. 6 (1) a) GDPR, to the extent that you have given us the corresponding consent: Name and surname, passenger ID, e-mail address, home or workplace address (optional), mobile phone number ,profile photo (optional), payment method, registration date, language set, profile of the Ncc.it App (corporate or private customer), type of ride (booking, flight), version of the Ncc.it App, access data, GPS coordinates at the time of the call and at the end of the ride, or place of take and destination, Device ID (Device ID), GAID (Google Advertising ID), IP address and usage data (frequency of use, number of app installations, registration and ride status), language, time zone and city. If you don’t wish to receive the above news and personalized offers, you can revoke your consent by disabling the corresponding option; the revocation operation is as easy to exercise as the one of consent. You can also contact us by writing an e-mail to [email protected] Please note that the revocation and subsequent changes will not have retroactive effect and may be necessary up to 72 hours from the request before they are implemented. For technical reasons, we cannot act more quickly.

3.5.2 Direct advertising for existing customers

Once you have received your email address or mobile number for the provision of our service and once you have completed a ride using our service, We may use this data for direct advertising for our products and services via email (email, SMS and MMS), unless you have refused the direct advertising service. For this purpose, we process your email address or mobile number in accordance with Art.6 (1) f) GDPR. Our legitimate interest lies in intensifying the relationship with the customer, offering him adequate and interesting information about the products. You can cancel the service at any time by clicking on the appropriate link at the bottom of the respective email (e.g. unsubscribe from the newsletter) or by contacting us via SMS, without retroactive effect. Direct advertising sent by us is not personalized. Recall that the revocation and subsequent changes will not have retroactive effect and can be implemented no later than 72 hours from the request. For technical reasons, we cannot act more quickly.

3.6 Presence on social media

3.7 Facebook

When you view our Facebook page (via a link from our website, our newsletter or directly), you access the technical platform set up and the services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Please note that the use of the Facebook site and its functions is your responsibility. This applies in particular to the use of interactive features (e.g. comments, sharing, evaluation). When you visit our Facebook page, Ncc.it collects personal identification data only if you interact with us through our Facebook page, e.g. if you comment something, click on a “Like” button or if you send us a message. The legal basis for the processing of such data by Ncc.it is different according to the way you use the features of our Facebook page. If you send us e.g. a contractually relevant request, the processing of your data by us is based on art. 6, par. 1, lett. b) of the GDPR. In addition, the processing of data may also take place on the basis of consent pursuant to art. 6, par. 1, lett. a) of the GDPR, e.g. if you click on “Like”, comment on one of our publications/posts or upload content to our Facebook page. You can revoke your consent at any time with effect for the future by deleting the comment or its content. Any revocation does not affect the legality of the processing carried out on the basis of consent until the moment of revocation. In addition, we analyze the accesses made and interactions on our Facebook page. To this end, Facebook creates user profiles and provides us with anonymized data exclusively in the form of Page Insights (“Page Insights”). The Insights on the page are summarized data that help us better understand how visitors interact with our Facebook page. Further information is available from Facebook at the following link: de-de.facebook.com/help/pages/Insights. Please note that when you use and access our Facebook page, we also process your personal data by Facebook as well as by Ncc.it. For the processing of Insights data, Ncc.it and Facebook are jointly responsible. The respective responsibilities of Ncc.it and Facebook in relation to the processing of data by Insights are set out in the Insights appendix of the Page, available at the following address:

https:///www.facebook.com/legal/terms/page_controller_addendum. How Facebook uses Insights data from the Facebook page visit for its own purposes, to what extent activities on the Facebook page are associated with individual users, How long Facebook stores such data and whether the data of a visit to the Facebook page is transmitted to third parties, for all this the exclusive responsibility is of Facebook. With regard to the processing of data through our Facebook page, you have the opportunity to assert your rights as a data subject (see also point 4 “Your rights”) both against Ncc.it and against Facebook. For more information, please see Facebook’s “Data Policy” available at de-de.facebook.com/about/privacy. In addition to the processing described above, Facebook also processes your data for analysis purposes and advertising purposes or to display personalized advertising. At the same time, according to our knowledge, Facebook also uses cookies, pixels or other techniques that store user behavior (including on different terminal devices). In this way, Facebook can display targeted advertising both in the context of its platform and on third-party websites. The data collected about you in this context is transmitted by Facebook in the United States and other countries outside the European Union. The Facebook Data Policy explains in general terms what information Facebook receives exactly and how it is used. There you will also find information about Facebook contact data and setting options for advertisements. The data usage guidelines are available at the following link: de-de.facebook.com/about/privacy. The full version of the Facebook Data Policy is available here: https:///de-de.facebook.com/full_data_use_policy.

In addition, Facebook offers Facebook members the possibility to object to certain types of data processing. Information about this and opt-out possibilities are available at: https:///www.facebook.com/settings?tab=ads.

3.7.1 Links to social networks Instagram, Youtube

On our website and in our newsletters, we also integrate links to our other profiles in social networks Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, California, 94025, USA; “Instagram”), Youtube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Youtube”) via the respective social network logo. If you click on the link or directly access the contents of Ncc.it on these platforms, you will be on the websites of the respective social media providers. The general terms and conditions of the respective social media provider apply. Please note that we are not aware of the content and extent of data processing by the respective service providers. Information on the use of your personal data by the respective social media providers can be found in the respective information on the processing of personal data of these services:

  • for Instagram: instagram.com/about/legal/privacy/
  • for Youtube: https://policies.google.com/privacy?hl=de&gl=de We process data via our social media profiles to the extent that users of social media platforms use our profile to send messages or comments directly to us.

The legal basis for the processing of data is therefore the consent of the respective user pursuant to art. 6, par. 1, lett. a) GDPR or, in the case of contractually relevant requests, art. 6, par. 1, lett. b) of the GDPR. Eventually, we will share your content on our site if this is permitted by a feature of the social media platform and we communicate with you via the social media platform. The legal basis for this is Art. 6, par. 1, sentence 1, lett. f) of the GDPR. In this case, the processing of data takes place on the basis of our legitimate interest in public relations and communication. The legal basis for the processing of data is therefore the consent of the respective user pursuant to art. 6, par. 1, lett. a) GDPR or, in the case of contractually relevant requests, art. 6, par. 1, lett. b) of the GDPR. Eventually, we will share your content on our site if this is permitted by a feature of the social media platform and we communicate with you via the social media platform. The legal basis for this is Art. 6, par. 1, sentence 1, lett. f) of the GDPR. In this case, the processing of data takes place on the basis of our legitimate interest in public relations and communication.

  1. Your rights

If your personal data is processed, then you are a so-called interested party, in the sense specified by the GDPR and therefore you have the following rights in front of Ncc.it: You can, at any time and free of charge, request information relating to the scope, the origin and recipient of the stored data, such as the purpose of the storage of such data (Art. 15 GDPR). You may, at any time, request the rectification of incorrect data (Art. 16 GDPR). In addition, you may request that your personal data be provided to you in a structured, common and machine-readable format (Art. 20 GDPR). You may object to the future use of your personal data (Art. 21 GDPR). You can also request a partial or complete deletion (Art. 17 GDPR), a limitation of processing or a blocking (Art. 18 GDPR) of your personal data. We will consider such requests and, if there is no legal basis to continue processing such data, we will comply with your requests. We will inform you about the decisions taken. Regardless of any other administrative or judicial recourse, you have the right to lodge a complaint concerning the processing of your personal data with a supervisory authority. All requests for information, access, revocation of consent, opposition and any other kind of data protection can also be sent by e-mail to [email protected]

 

  1. Data security

We take appropriate technical and organisational measures to ensure data security, in particular to protect your personal data and prevent it from being disclosed to third parties, accidentally or premeditated, lost or destroyed. These measures are regularly reviewed and updated to the latest state of the art. The transmission of your personal data from your device (e.g. smartphone) is generally encrypted. Ncc.it maintains the highest security standards.

  1. Retention period

The data you provide to us is stored only for the time necessary for the respective purposes for which you have transmitted your data, or to the extent required for compliance with legal or official requirements. We will anonymize your personal data, in principle, after three years, unless we may have a legitimate interest in a longer retention period (e.g. accounting obligations or statutory limitation periods).

 

  1. Updates and amendments

We reserve the right to change this privacy policy in the future. Should we change this policy, we will promptly notify you of the changes and give you the opportunity to give your consent or refuse it.