Privacy Notice for Users
This Privacy Notice provides an overview of who DropOff is and how DropOff collects, shares and uses personal data about you when you use the DROPOFF App for Users (the "App"). It also explains how you can exercise your rights under data protection law.
1. The controller of your personal data and how you can contact us
The controller of the personal data collected through the App is: DropOff.
DropOff office is located at 13 Xinda Str., 11141 Attica, Athens, Greece.
You can reach us via e-mail: info@dropoff.gr
2. Terms used in this Privacy Notice
2.1. “Personal data” means all information which relates to an identified or identifiable living person. This means that "personal data" includes information that identifies you directly (such as your name, postal address, e-mail address and telephone number) as well as information that allows you to be identified when it is combined with other information (such as an IP address).
2.2.“Processing“ means any operation performed on personal data, whether or not those operations are automated – e.g. collecting, organising, saving and deleting personal data are all types of processing (as well as a number of other types of activity).
2.3. “Journey” is a tour requested by a passenger through the App.
2.4. A "controller" of personal data is the organisation or person that decides how and why personal data will be processed – either alone or jointly with others.
2.5. A "processor" of personal data acts on behalf of, and on the instructions of, the data controller in relation to the personal data processing.
3. How we use your personal data.
The personal data that we collect, and how we use that data, will vary depending on how you interact with our App. In this section, we have set out the various purposes for which we use personal data collected through our App and you can be informed about the types of personal data we use for that purpose and the lawful basis that we rely on to carry out this activity.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, including how we balance our legitimate interests against your rights and freedoms where applicable, please contact us using the contact details provided under section 1 above.
3.1. To register you as a user of the App.
Where you register as a user of the App, we will ask you to provide basic personal information to set up your account and probably verify your account details via email.
Categories of personal data used for this purpose:
Identity data: Name, Surname and ID or Passport No.
Contact details: E-mail address; phone number
Optional: Profile picture
Additional driver data we store: image, father_name, residency, address,
Company information: company name, company type, company tax id, company number, company address, company tax dpt
Driver Documents: vehicle registration license number, vehicle registration license, vehicle insurance contract number, vehicle insurance contract, vehicle insurance company, vehicle insurance date of issue, vehicle insurance date of expiry, registration plate number, car model, driving license number, driving license, license category, license city of issue, license date of issue, license date of expiry, license date of renewal, identification card number, identification card, iban, iban name, iban file, bic, days online, last date online, status, bank name, driver rating, erp id, total kms, location.
Our lawful basis for processing this personal data: It is necessary to perform a contract with you. If you do not provide this information, we will not be able to register you as an App user.
Where you have chosen to provide the information listed above as 'optional', we process this on the basis of your consent – you can delete this information from the App at any time.
3.2. To procure and manage journeys you request through the App.
We will need to process information about you in order to arrange and manage the journeys that you order through the App. This includes allowing you to interact with maps using Google Maps (which is integrated into the App) so that you can pin the pick-up and drop off locations for your journey on the map or (where you have chosen to activate GPS settings) to identify your location via GPS. We use Google Maps in order to interactively show you the distance to the vehicle which will be carrying out your journey.
After you have procured a journey, your driver may contact you via chat messages about your journey (for example, to inform you about delays or ask your to clarify the pick-up location).
Categories of personal data used for this purpose:
Identity data: Name, Surname and ID or Passport No.; photo of face (optional); e-mail address; passenger/user ID; profile picture
Contact details: E-mail address; phone number
Journey data: such as the time ride was created, the time paid, the time of prebooked ride / time ride started, the time driver arrived at pickup, the time ride finished / the time ride cancelled – Your start location may be collected by you placing a pin on a map or through your GPS coordinates, depending on the settings you have enabled. Enabling collection of GPS coordinates is optional. Where you have permitted access to GPS coordinates, we will only ever be able to see these where you are logged into and actively using the App on your device, vehicle ID; trip information (like usage of minutes, distance, start and endpoint of tour); price paid; reservation and vehicle state; the areas in which journeys are available for booking; date of all trips; number of journeys and revenue for all time
Technical data: Information about your device (device ID); IP address; country code; trip ID; app version; error codes; app download date; FCM device token
Optional Financial data: Last four digits of credit card; payment transaction data: datetime, amount, email, receipt id, transaction id, payment method, card type, status id, transaction status, verified status; non-authorised transactions and payment rejection reasons
Our lawful basis for processing this personal data: It is necessary to perform a contract with you (or to take steps at your request prior to entering into a contract). If you do not provide this information, we will not be able to procure the journey you request or allow you to interact with maps via the App.
Where you have chosen to provide the information listed as 'optional', including your GPS coordinates, we process this on the basis of your consent – you can delete this information from the App at any time.
3.3. To respond to your enquiries and send you service-related communications..
You can contact DropOff via e-mail: info@dropoff.gr. Whenever you get in touch with DropOff, we process your personal data so that we can manage and respond to your enquiry or comment. We will also contact you from time to time with service communications (e.g. to provide a receipt for a journey you have taken or to notify you of updates to our T&Cs).
Categories of personal data used for this purpose: Depending on how you choose to contact DropOff, we will process the following types of personal data:
Identity data: Name and Surname
Contact details: E-mail address; postal address; phone number
Location and related data: Language; country and city
Communications data: chat messages; content of your messages
Journey data: Relevant information about your journey or booking
Technical data: Usage data e.g. log-in time and log-out times
Usage data e.g. the last log-in time and log-out times.
Our lawful basis for processing this personal data: Where you contact us to enter into or enforce a contract between you and DropOff, our lawful basis will be that the processing is necessary to perform a contract with you and/or to take steps at your request prior to entering into a contract.
In all other cases, we process this personal data as it is necessary for our legitimate interest in responding to passenger enquiries and in managing our relationship with customers and potential customers.
3.4. To take payment for your journey.
Where you pay for your journey directly via the App, we will process payment-related information about you.
Categories of personal data used for this purpose:
Identity data: Name and Surname
Contact details: E-mail address; phone number
Journey data: Start/end location of your journey; type of service; time and date of the booking/journey; distance; duration
Location and related data: Language (only EN-US); country (fixed to GR)
Financial data: Currency (only EUR)
If you have provided a credit card as a means of payment: the card type (e.g. Visa, MasterCard etc.)
If you pay via PayPal: the e-mail address of your PayPal account
If you pay with Apple or Google Pay: the e-mail address of your account.
If you pay with VivaWallet: the e-mail address of your account
Technical data: Information about your device
Communications data: Content of any optional comments you provide (where relevant)
Our lawful basis for processing this personal data: In all cases, we process this personal information on the basis that it is necessary to perform a contract with you.
3.5. To fix bugs and improve the functionality of the App
In order to fix issues, improve App functionality, and adjust the App to suit the needs of our passengers, we carry out technical analysis of how users interact with our App. Where possible, we will anonymise the personal data we use in order to carry out this activity. We use Sentry for troubleshooting of errors/bugs - sentry.io/privacy/
Categories of personal data used for this purpose:
Identity data: Name and Surname; profile photo (where provided)
Contact details: E-mail address; phone number
Location and related data: Country; language; time zone; GPS coordinates at the time of booking (where provided)
Journey data: Start/end location
Technical information: Information about your device
Usage data: Information about your usage of our App
Data that Sentry collects: os theme, android version, kernel version, rooted, timezone, locale, language, device id, battery temperature, connection type, cpu architectures, storage size, screen resolution, screen dpi & density, screen orientation, device connection status, device model, model id, model name, memory size, manufacturer, free storage, phone family, charging status, brand, battery level, dart version, app lifecycle state, accessiblity settings, ip address, downloaded from, root status, app version, user id
Our lawful basis for processing this personal data: It is necessary for our legitimate interests in improving the functionality and features of our App.
3.6. To send you news and personalised offers.
Where we are permitted to do so, we will send you news and personalised offers relating to products and services offered by DropOff and/or our third-party partners that we think may be of interest to you. You can withdraw your consent to receiving these marketing messages at any time (see section 7 (Your privacy rights) to find out how you can object to marketing messages).
Categories of personal data used for this purpose:
Identity data: Name and Surname; passenger ID; profile picture (where provided); App profile type (business or privacy customer); registration status
Contact details: E-mail address; phone number; home address or business address (where provided)
Financial data: Method of payment; incentives
Journey data: Type of journey; journey status; GPS location data at the time of the booking and at the time of the end of the journey (where you have provided access) or pickup and destination locations
Technical information: Information about your device including the version of the App you are using; device ID, GAID (Google Advertising Identifier), IP address; usage data (usage frequency, information relating to the download of the App); login information
Location and related data: Language; time zone; city
Our lawful basis for processing this personal data: Where we are permitted to do so by law, we process this information on the basis that it is necessary for our legitimate interest in marketing our services and providing relevant information to our customers and potential customers that we think will be of interest to them. In all other cases, we process this information on the basis of your consent.
3.7. To analyse the success of our marketing campaigns and advertise our services online.
We place non-targeted adverts for our services on third-party websites. We also evaluate and analyse the performance of our marketing campaigns and channels to understand how users become aware of our App, how they respond to specific ad campaigns and how they use the App. To do this, we collect and process certain information about the devices used by our users, their online behaviour and the content of websites they visit. The personal data we collect for this purpose are aggregated by our advertising partner and anonymised shortly after collection. Our service providers therefore cannot identify an individual from the personal data they receive.
Categories of personal data used for this purpose:
Technical data: IP address; user agent; advertising IDs; operating system of the device; device model; information about your journey; device information and settings; applications; downloads; website hits; information about how you use your device and your in-App behaviour; network carrier; as well as original device and attributed media sources
Location and related data: City; language
Consent data: Opt outs for advertising measures
Our lawful basis for processing this personal data: It is necessary for the purpose of our legitimate interests in advertising our services and understanding the effectiveness of, and improving, our marketing campaigns.
3.8. To handle accident reporting.
Unfortunately, accidents sometimes happen. If you or your driver is involved in an accident during a journey, we will use some of your personal information in order to carry out internal reporting, provide information to our insurers and other relevant third parties, and comply with our legal obligations.
Categories of personal data used for this purpose:
Identity data: Name and Surname
Contact details: E-mail address; phone number
Journey data: Details of the accident, including information your journey location, vehicle type, and journey time
Health data: if anyone has been injured during the accident
Our lawful basis for processing this data: It is necessary for the purpose of our legitimate interests in maintaining internal records about accidents that take place, notifying our mobility service providers of incidents in accordance with our contractual obligations, and processing insurance claims. We will also process your personal information on the basis that it is necessary for compliance with a legal obligation to which we are subject, where this is the case. In limited instances, we will process this information to protect the vital interests of you or someone else.
4. Who we share your personal data with
We share your data with the following categories of recipients.
Third party services providers and partners who provide data processing services to us or who otherwise process personal information for purposes that are described in this Privacy Notice. We work with the following categories of third party service providers:
- Transportation companies and drivers to provide journeys that you request through the App. To be able to provide these services, these providers receive your:
Identity data: name and surname; ID or Passport No; profile picture (if you have chosen to upload this to the App). Drivers will only be shown the aforementioned identity data.
Journey data: Journey booking information including the start/end location;
Your driver will be able to text you about your journey (e.g. to warn you of traffic jams).
Aggregated driver rating.
- Third parties that help enhance the security and functionality of our App so that we can better tailor it to our customers' needs.To be able to provide these services, these providers receive the personal data set out under section 3.7 above. We also use a provider of multi-factor authentication when you register on the App.
- Payment service providers and travel expense tool providers (where you choose to connect your account with a travel expense tool).To be able to provide these services, these providers receive the personal data set out under section 3.4 above.
- Mapping software providers (such as Google Maps) so that we can allow you to interact with maps on the App. To be able to provide these services, these providers receive your:
- GPS location data (in an anonymised form so they cannot identify you)
- Our advertising services and analysis partners.To be able to provide these services, these providers receive the personal data set out under section 3.9.
You may exercise your rights under the GDPR in respect of and against each of the parties (either DropOff or our third-party service mobility provider). However, to speed up the response, we would kindly ask you to exercise your rights via email: info@dropoff.gr
5. Cookies and similar tracking technology
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to serve interest-based advertising.
6. Your privacy rights
You have the following data protection rights. You can exercise these rights by sending us a message via email:
- You have the right to access, correct, update or request deletion of your personal data;
- you can ask us to restrict processing of your personal information or object to processing;
- you can request portability of your data;
- you have the right to opt-out of marketing communications we send you at any time (you can also exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you). We will implement your opt-out as soon as possible (due to technical reasons, this will be within 48 hours);
- if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent;
- • you may at any time lodge a complaint with the Hellenic data protection authority if you are unhappy with how we have used you data. The Hellenic DPA address is:
Hellenic Data Protection Authority
Kifissias 1-3, PC 115 23, Athens, Greece,
Telephone: +30-210 6475600
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
7. How we keep your personal data secure
We have taken appropriate technical and organisational measures to keep your personal data secure (in particular to protect your personal data against unauthorised access by third parties, as well as accidental or intentional modification, loss or destruction). We review these measures periodically and change them in line with state of the art security processes.
The transfer of your personal data from your device (e.g. smartphone) to us is always encrypted.
8. How long we retain your data
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or it to comply with applicable legal, tax or accounting requirements), which means maximum for 30 days. In particular, inactive accounts are deleted after 5 years of inactivity. Even in such a case, we retain some personal information, like profil, rides, payments-transactions, ratings, promotions etc.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
9. External providers Privacy Policy
We use the services of the following external providers, who are responsible for how they handle some user data, as follows:
- Viva Wallet: vivawallet.com/gr_en/privacy-policy
- Google: policies.google.com/privacy?hl=en-US
- Firebase (notifications): firebase.google.com/support/privacy
- Apple: apple.com/legal/privacy/en-ww/
- ERP: go.prosvasis.com/privacy-policy/
- Sentry (for error/bugs reporting): -> sentry.io/privacy/
10. Updates and changes to this Privacy Notice
We may modify this Privacy Notice from time to time in the future in accordance with applicable data protection laws and regulations or in response to changing technical or legal developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.