Privacy Policy
This Privacy Policy explains how C-Wave International d.o.o. collects, uses, stores and protects personal data when TaxiST.app is used through the website, Android application, QR vehicle pages and related services.
1. Data controller
The data controller is C-Wave International d.o.o., Ulica gardijskih brigada 52, 21217 Kaštel Stari, Republic of Croatia, OIB: 20817300177. Privacy contact: support@taxist.app .
2. Scope
This Privacy Policy applies to TaxiST.app website, Android app, app WebView, QR vehicle pages, rider accounts, driver accounts, support tools, notifications and related platform services.
3. Account data
We may process name, email address, phone number, password hash, user role, account status, language preference, login history, verification status and account security information.
4. Driver and vehicle data
For drivers, we may process vehicle data, licence or taxi driver identification data, company details, plan status, pricing settings, QR vehicle data, online/offline status and other information needed to operate driver features.
5. Ride and location data
We process pickup and destination data, coordinates, driver location while online or during active rides, route estimates, ride status, ride history, messages, ratings, receipts and related operational records. Location data is used to provide platform functions and should not be used as emergency or safety-critical data.
6. Support, communication and technical data
We may process support tickets, rider-driver messages, email communication, push-notification tokens, device type, IP address, browser, WebView user agent, logs, security events and anti-spam information.
7. Purposes of processing
creating and managing accounts;connecting riders and drivers;showing nearby vehicles, routes, estimates and ride status;providing QR ordering, messaging and support;sending operational notifications;preventing fraud, spam and security abuse;managing paid driver plans and platform features;complying with legal, accounting and dispute obligations.
8. Legal bases
Personal data is processed on the basis of contract performance, legitimate interests, legal obligations and consent where required. Legitimate interests include platform security, fraud prevention, service improvement, dispute handling and reliable operation of rider and driver services.
9. Advertising and AdSense
TaxiST.app may use Google AdSense or similar advertising technologies. Where required by law, consent may be requested before non-essential advertising cookies or personalised advertising technologies are used. Google and advertising partners may process data according to their own policies.
10. Data sharing
Data may be shared between the rider and driver where needed for a ride. Data may also be shared with hosting providers, email providers, notification providers, map and routing services, analytics or advertising providers, IT support, professional advisers, courts, regulators or authorities where necessary. We do not sell personal data.
11. International transfers
Some providers may process data outside the European Economic Area. Where this occurs, appropriate safeguards such as adequacy decisions, standard contractual clauses or equivalent mechanisms should be used where required by GDPR.
12. Retention
Data is kept only as long as necessary for the purposes described in this Policy. Account, ride, invoice, support, security and dispute data may be retained for different periods depending on operational, legal, accounting and limitation-period requirements.
13. Security
We use reasonable technical and organisational measures, including access controls, session protection, secure connections where available, backups and security monitoring. No digital system is completely secure and users must also protect their devices and passwords.
14. User choices
Users can update certain account data in their profile. Browser and device settings may allow control over cookies, notifications and location permissions. Disabling some permissions may prevent parts of TaxiST.app from working correctly.
15. Children
TaxiST.app is not intended for children. Users must have legal capacity to use the Platform. We do not knowingly provide accounts to children where parental or legal authorisation would be required.
16. GDPR rights
Users may request access, correction, deletion, restriction, portability, objection and withdrawal of consent where applicable. More details are available on the GDPR Rights page.
17. Supervisory authority
Users may lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or another competent EU data protection authority if they believe their rights have been violated.
18. Changes and contact
We may update this Privacy Policy to reflect legal, technical or operational changes. For privacy requests contact: support@taxist.app .