Privacy notice for passengers, pursuant to the EU General Data Protection Regulation ("GDPR") for users of the DDBuyer.com car rental with driver booking service.
This notice provides an overview of how we process your personal data and your rights under data protection legislation when using our service.
Pursuant to Article 4(7) GDPR, the data controller for passengers on Italian territory is the owner of this website (www.ddbuyer.com). For any enquiry, please contact info@ddbuyer.com.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
"Processing" means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure or destruction.
To provide our car-with-driver transfer service, we need to process certain personal data including your name, email address and mobile phone number. This processing is necessary for the performance of our contract with you under Art. 6(1)(b) GDPR.
In connection with journey management, we may also process journey times, departure and destination coordinates, and device information.
If you use electronic payment, your payment data will be processed by our payment service provider via an encrypted connection. Only the last four digits of your card are retained by us for identification and documentation purposes.
We may process certain data to correct operational errors and improve functionality, pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest. Where possible, we work with anonymised data.
Under the GDPR, you have the following rights:
You also have the right to lodge a complaint with a supervisory authority. All requests can be sent to info@ddbuyer.com.
We implement appropriate technical and organisational measures to protect your personal data against accidental or intentional disclosure, alteration, loss or destruction. These measures are reviewed and updated regularly. Data transmission from your device is encrypted. DDBuyer maintains the highest security standards.
Your data is retained only for as long as necessary for the purposes for which it was collected, or as required by law. We will anonymise your personal data, in principle, after three years, unless a legitimate interest in longer retention exists (e.g. accounting obligations or statutory limitation periods).
We reserve the right to update this privacy policy. In the event of material changes, we will inform you promptly and give you the opportunity to consent or refuse.
