LEGAL AREA

Privacy Policy for Personal Data Processing of the appTaxi Application

Last updated: October 24, 2025

(Articles 13 and 14 of EU Regulation No. 2016/679)

Dear user, we inform you that Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 "on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data" (hereinafter RUE 2016/679), came into force on May 25 2016 and became operational from May 25, 2018.

This is why APPTAXI SCRL provides you with this information pursuant to Articles 13 and 14 of the aforementioned Regulation and informs you that the processing of your personal data will be conducted in accordance with the principles of fairness, lawfulness, and transparency, with respect for confidentiality and your rights.

1. Data Controller

The Data Controller is APPTAXI SCRL with its registered office at Via Gallarate 249, 20151 Milan (MI)

Contact details: email support@apptaxi.it

2. Data Protection Officer (DPO)

Contact details: email dpo@apptaxi.it

3. Nature of personal data

The personal data that will be processed by APPTAXI SCRL, following the request for passenger transport service made through the application, relate to:

  • personal data (first and last name);
  • contact data (phone number and email address);
  • location data (geolocation);
  • identification data of your loyalty card (if any);
  • accounting data (in case of enabling in-app payments).

4. Purpose of data processing

Your personal data will be processed by APPTAXI SCRL for the following purposes:

  1. execution of passenger transport service;
  2. accounting management related to the service provided;
  3. management of in-app payments;
  4. management of loyalty cards associated by you;
  5. sending of informational/advertising material for marketing purposes only with your specific consent.

5. Methods of data processing

Your data is processed in the ways provided by law and in compliance with professional and official secrecy. The data is stored in a way that ensures confidentiality, prevents destruction or use by unauthorized third parties, and fully complies with the security measures required by current regulations.

The data is organized in "databases" whose processing is carried out, through computer and telematic supports, only by authorized personnel.

6. Legal Basis for Processing

The provision of personal data is based on Article 6, paragraph b) of Reg. EU 2016/679, as it is necessary for the provision of the requested service and relates to your personal data (first name, last name), data related to your geographical location, and contact data (phone number), in order to complete your registration by entering the OTP code you will receive via SMS or WhatsApp or Telegram message, and thus use the transport service offered by APPTAXI SCRL.

If you wish to take advantage of the additional features provided by APPTAXI SCRL, such as enabling in-app payments and associating your loyalty card, it will be necessary to provide additional personal data, for which you will be asked to give specific consent.

Activating the in-app payment service requires, in addition to the aforementioned personal data, your email address, which must be validated to use the in-app payment function .

Entering your credit card data is done on the browser of the device you use, through which your financial data is entered directly on the servers of N&TS GROUP Networks & Transactional Systems Group S.p.A, and as an additional security measure, tokenization is provided in communications between it and APPTAXI SCRL.

The "loyalty card" section within APPTAXI SCRL will allow you to use your loyalty cards by associating the personal data provided when creating your profile with the loyalty card number.

APPTAXI SCRL will communicate to the companies issuing the loyalty cards (e.g., Italo train; ITA Airways...) first name, last name, trip date, loyalty number, points number, province of the trip, email so they can be informed of the amount spent using the services offered by APPTAXI SCRL.

You will be asked to give your consent to the processing of data for the marketing purposes indicated in this information.

7. Data retention periods

The personal data you provide and collected by us will be retained by us for the time strictly necessary for the purposes for which they are collected and based on the criteria defined internally by APPTAXI SCRL, the duration of these terms is indicated in an internal document that can be made known to you upon specific request.

8. Categories of subjects to whom the data may be communicated

The communication of the acquired information is carried out by APPTAXI SCRL in order to ensure you a better user experience.

The personal data collected may be communicated to the following categories of subjects:

  1. Consortium companies providing passenger transport services (taxis).
  2. Individual taxi drivers who are clients of APPTAXI SCRL.
  3. Carriers participating in the ITN app roaming network in the areas where APPTAXI SCRL must rely on them to provide the transport service.
  4. Messaging and email service companies (Skebby, SendGrid, WhatsApp, and Telegram) used by us to complete user registration and authenticate the email address to activate in-app payments. Both services receive from APPTAXI SCRL only a numeric code not associated with the user and cannot save data related to the same. Furthermore, only for SendGrid, to manage the electronic receipt service for rides paid through the App, personal data (first and last name), data related to the departure and destination address, and payment data (amount and method) will be communicated.
  5. Banks and credit institutions for managing in-app payments.
  6. Consultants and professionals (accounting, tax, fiscal) for managing your personal data related to the provision of the requested service.
  7. Companies providing IT services.

Your personal data may also be accessed by internal and/or external parties (employees and consultants) as authorized and/or responsible parties for processing in order to fulfill the tasks and duties assigned to them in relation to the purposes previously expressed.

At any time, you can contact us to obtain updated information on the scope of communication of your data.

Your data is not intended for dissemination.

9. Data Transfer to non-EU Countries

APPTAXI SCRL may transfer your personal data consisting of personal data (first name, last name) and contact data (phone number and email address) to the United States of America if the user wishes to use the in-app payment service.

APPTAXI SCRL uses SendGrid (email sending service) to send the user an email containing an authentication code necessary to validate the email address and to enable in-app payments; if the user opts to use WhatsApp, then the user will receive the authentication code through that application and, consequently, will not receive the SMS for phone number verification.

SendGrid and WhatsApp do not have any function for storing the user's personal data; the only data stored for thirty days are statistical data related to the email sending request by APPTAXI SCRL, the actual sending by SendGrid or WhatsApp, and the reading by the recipient.

10. Consent withdrawal

In any case, you have the right to withdraw your consent to the processing of your personal data at any time, as provided by Article 7, paragraph 3 of Reg. EU 2016/679, without affecting the legality of such processing based on that consent up to the time of withdrawal.

You can exercise this revocation by writing directly to the Data Controller's email address support@apptaxi.it

11. Complaint to competent authority

If you find a violation of your rights under Reg. EU 2016/679, you have the right to file a complaint with the supervisory authority of your country of residence or the Italian data protection authority (www.garanteprivacy.it).

12. Rights of the data subject

The rights you can exercise by making a request to the Data Controller's contacts and/or following the procedure defined internally through the completion of the appropriate form are as follows (for further understanding, refer to the articles of the EU Reg. indicated below):

  1. Right of access by the data subject (Art. 15)
    The data subject has the right to obtain information about the data processed by the Controller, on certain aspects of the processing, and to receive a copy of the processed Data.

  2. Right to rectification (Art. 16)
    The data subject has the right to verify the accuracy of their data and request its update or correction.

  3. Right to erasure ["right to be forgotten"] (Art. 17)
    Under certain conditions, the data subject may request the erasure of their data by the Controller.

  4. Right to restriction of processing (Art. 18)
    Under certain conditions, the data subject may request the restriction of the processing of their data, in which case the Controller will not process the data for any purpose other than storage.

  5. Right to data portability (Art. 20)
    The data subject has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision applies when the data is processed by automated means and the processing is based on the data subject's consent, on a contract to which the data subject is a party, or on contractual measures related to it.

  6. Right to object (Art. 21)
    The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them.

  7. Right not to be subject to automated individual decision-making, including profiling (Art. 22)
    The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.