Data Processing During Registered Use of CTP Services and Booking Rides
CTP processes the following personal data provided by you when you register and use our Services or when you book rides (hereinafter “customer data”).
- Personal master data (form of address, title, first name, last name, company, address, zip code, place, country, password);
- Contact data (e.g. telephone number, cellphone number, e-mail address);
- Contract data (e.g. time and manner of registration, status)
- Ride-related data (e.g. pickup location, destination, times, flight number, special requests).
- Status (e.g. bonus program), customer history (e.g. previous rides);
- Contract invoicing (e.g. invoices, status, invoicing address) and payment data (e.g. last 4 digits of the credit card number).
The customer data will be used for CTP services, i.e. for the personalized fulfillment of the framework agreement after registration (creation, storage, administration and support of your CTP account), for the procurement of booked rides and for the fulfillment of the contract of carriage for the benefit of the customer with the limousine service provider. CTP provides customer data to third parties, if necessary, in particular to the limousine service providers so that the customer can be transported in accordance with their booking and the transport can be processed.
Customers have the possibility to rate a ride arranged by CTP e.g. in the CTP App. Ratings are stored in the customer’s profile and can be communicated to the respective driving service or provider or chauffeur in anonymised form. The customer can view his own reviews, other customers will not see these reviews
Personal data can be transmitted to limousine service providers in a third-party country outside of the European Union or the UK in which the transport is intended to take place. CTP cannot generally provide further information on the data protection level in the third-party country.
If you use our services through your company, information provided to us by your employer. In the case of our corporate customers only, your employer may provide us with information about you when it signs up to use our services, for example your name, contact number and business email address
Technical usage information.
When you visit our website, we automatically collect the information sent to us by your device, which includes your computer, mobile phone, and tablets. This information includes:
- your IP address.
- device information including, but not limited to, identifier, name, and type of operating system (including versions);
- mobile network information.
- standard web information, such as your browser type and the pages you access on our website.
- mobile device
- hardware models, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, and device motion information.
THE LAWFUL BASIS WE USE TO PROCESS YOUR DATA
We will only ever process your information if we have a lawful basis to do so. The lawful bases we rely on are;
- Contract – This is where we process your information to fulfil a contractual arrangement, we have made with you.
- Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
- Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best service in the most secure and appropriate way.
- Legal Obligation – This is where we have a statutory or other legal obligation to process the information.
HOW WE USE YOUR INFORMATION
To perform our contract with you, we will use your information:
- to communicate with you.
- to provide you with ground transportation and/or courier services.
- to create records of bookings and to send you booking acknowledgments, confirmations, receipts, and invoices; and
- to maintain records of lost property.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our services and organisation, we will use your information:
- to detect and prevent fraud and crime.
- for reporting and data analysis purposes.
- to administer our membership and loyalty scheme(s);
- for insurance purposes.
- to comply with our legal and regulatory obligations imposed by Transport and any other licensing authority where we provide services.
- to meet customer service requirements and for complaint handling and feedback.
- to monitor and assess the quality of our service.
- to host events for our customers.
- to pass on feedback such as ratings or compliments about our drivers.
- to contact you via telephone, email, SMS.
- to identify our users.
- to personalise our services for you, for example, to provide you with an accessible vehicle where you request such a vehicle and if you have opted in to marketing, to send you promotions and offers tailored to your use of the services;
- to enforce our terms and conditions.
- if you have opted into marketing, to communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- to provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
Payment & Fraud Prevention
- All CTP bookings can be paid by credit or with debit card or through bank account or PayPal or cash. The credit card information only must be stored once upon the first booking and is protected against unauthorized access. Bank account also need one time authorization. For this purpose, a certified payment provider is used whose systems meet the applicable security standards.
- We use a combination of risk screening tools and manual intervention to ensure that customer profiles are not fraudulent. To do this, we match the personal data provided by customers against data fields such as name, email address, mobile phone number, and we use this to accept or decline bookings.
- To ensure that a payment instrument is used by its rightful owner and to prevent fraud, IP addresses, e-mail addresses, payment data and card information may be transmitted to one or more external fraud prevention service providers. This transmission may also contain additional personal data. The external fraud prevention service providers process these personal data on behalf of CTP.
SHARING YOUR INFORMATION
We do not sell, rent, or lease your personal information to others except as described in this Privacy Notice. We share your information with selected recipients. These categories of recipients include:
- cloud storage providers located in the EU, which store your personal data in and for disaster recovery services, as well as for the performance of any contract we enter into with you;
- analytics and search engine providers located in the UK, Europe and the USA that assist us in the improvement and optimisation of the Website; merchant acquirers located in the UK, Europe and USA and which store your personal data in the UK, Europe and the USA for the purpose of processing payments.
- fraud prevention tools located in the UK, Europe and the USA for the purposes of preventing fraud;
- Partner drivers based in the territory in which you request services.
- Our insurance company and claims handling companies, for the purpose of investigating and settling any insurance claims.
CTP maintains pages in social networks such as Twitter, LinkedIn or Facebook. The respective provider of the social network provides detailed information about which personal data is processed and how. In addition, please see our notes on our pages on the respective platforms.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process, or request.
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof
- detect, prevent, or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
THE SECURITY OF YOUR PERSONAL DATA
CTP uses appropriate technical and organizational security measures to ensure a level of protection for personal data appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and the degree of risk.
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website, over email or via our contact centres; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access, or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
HOW LONG DO WE STORE YOUR PERSONAL DATA
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for no longer than is necessary or appropriate. These criteria include:
- the purpose for which we hold your personal data.
- our legal and regulatory obligations in relation to that personal data
- whether our relationship with you is ongoing, for example, you have an active account, you continue to receive marketing communications.
- whether you are no longer actively participating or engaging with our brand, for example, you do not open our emails, visit our website, or share user generated content.
- any specific requests from you in relation to the deletion of your personal data; and
- our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
YOUR RIGHTS AS A DATA SUBJECT
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. We have described these situations below, as well as how you can exercise your rights. To exercise any of your rights, please contact us at email@example.com
- Access: You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
- Correction: You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
- Portability: Where you have provided your personal data to us under contract, you have the right to ask us to share (port) this data to another data controller in a structured, commonly used and machine-readable format.
- Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.
- Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data, save for storage.
- Objection: In certain circumstances, the right to restrict or object to our processing of your personal information (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data while your request is considered). You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or company trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Special Features for CTP
CTP channels, apps are another access point to CTP services. Similar processing of personal data is generally carried out via the CTP apps as via the CTP websites or in the case of registered use of the CTP Services.
When using the CTP apps, CTP may also access additional data in relation to the app or to your end device, such as e.g. the device name, device manufacturer, model, operating system, app or SDK version, mode.
There are also push notifications in the CTP apps, i.e. notifications provided by CTP in the app of your end device. You will only receive push notifications if you have given your consent to this on your end device.
Application of partners or chauffeurs
Personal data provided will be processed as part of your application, in order to determine your suitability for chauffeur services for CTP end customers. This includes information about whether a partner or chauffeur is appropriately qualified, licensed, experienced, sufficiently cleared by criminal background checks (if required or permitted by local law), capable of performing the chauffeur services and whether he fully complies with any and all guidelines or other requirements of CTP.
Your data are necessary for the conclusion of a partner or transportation contract, otherwise we cannot process your application or offer you requests for transportation services.
CTP will collect the following personal data about you while you provide services to us:
- identity information such as title, full name, date of birth, photograph, private hire licence, drivers licence details, or proof of eligibility to enter the driver contract.
- contact details such as home and work address, phone number(s), email address(es), emergency contacts.
- data with respect to the driver contract, including commencement date, participation in driver training programmes, background checks (including criminal records, directorship, and credit checks), membership of professional bodies and data relating to complaints.
- data regarding the location of the vehicle, rate of travel and other similar information transmitted from GPS trackers, and similar devices which are fitted to the vehicle, whether the vehicle is being used for the provision of passenger services or personal
- financial data, including payments for bookings, your bank or building society account details and tax numbers.
- information about your physical or mental health or condition.
- your racial or ethnic origin or religious or similar beliefs to monitor compliance with equal opportunities legislation
- information relating to any background check, any criminal proceedings in which you have been involved or the commission of any potential criminal or civil offence for insurance or trust purposes, or when we have been notified of any relevant potential vehicle or driving offences or where there is an allegation of parking, speeding, toll or other traffic-related
Information provided to us by a third party and/or collected from public records in the case of fraud or suspected fraud. In the case of fraud or suspected fraud, we may obtain information from third parties and from public records to prevent and detect fraud.
We also receive information from other sources, such as from our group companies, from fraud prevention tools in the case of fraud or suspected fraud, from analytics companies in the case of in car Wi-Fi data usage and in the case of telematics data (including crash/impact detection, GPS location data, vehicle usage/driving style data and odometer readings), from third party data validation tools and information you post online.
COOKIES & marketing
are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many websites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. Cookies may be distinguished according to their operating life between session cookies, which are deleted automatically after ending the browser session or permanent cookies, which are stored beyond the individual browser session and enable subsequent recognition of the end device. A distinction is also made between CTP own cookies and those of third parties.
You may prevent the storage of cookies at any time using your browser settings or delete any cookies present. However, this may mean that some functions of CTP services may not be available or available only to a limited extent. The storage duration is different depending on the cookie and can be inspected in your browser.
We use the following cookies:
- Strictly necessary/technical cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, book our services or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting/commercial cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them below:
Strictly necessary/technical cookies
We use strictly necessary/technical cookies:
- To enable you to book our services digitally
- Enable the site to work
- Help keep your details secure
We use analytical cookies:
- understand how our website or apps are used so we can improve customer experience
- understand what errors or issues occur so we can fix them
- measure the performance of our website or apps
- test different versions of our website
- understand what technologies we should design our website or apps to work with
- track trends to help us plan for the future
We use functionality cookies:
- store preferences that you select, such as font size or volume level
- make it easier for you to use the websites by remembering information that you’ve entered or choices that you’ve made so you don’t have to enter it again
- remember if we’ve asked you to fill in our online survey
At any time, you have the right to object to our processing of data about you in order to send you marketing communications, including where we build profiles for such purposes, and we will stop processing the data for that purpose.
We manually carry out customer segmentation for marketing purposes based on journey history. We use this to make our advertisements more relevant for market segments, such as promoting relevant journey types.