1. Information on the data controller
Free Now Hellas Single Member Societe Anonyme, having its seat in Athens, Greece (115 Kifissias Avenue) 115 24 registered in the General Commercial Registry (GEMI) with number 155228301000 (together “BEAT”, “we”, “us”, “our”), takes your data protection rights and its legal obligations seriously.
BEAT is the data controller of your personal data.
2. Personal data we collect about you and purposes of processing
Depending on the purpose for which we may need to process your data from time to time, we will process on a case-by-case basis certain categories of personal data, which means information from which you are identifiable, and includes, but is not limited to the following:
- your basic identity data (for example your first and last name, etc.);
- your contact details relating to the services that we provide (for example phone number, email address, etc.);
- transactions information necessary for the provision of our services (for example, your payment or card data, information on the services you requested, etc.);
- connection and geolocation data (how you interact with us from within the App);
- device data (such as the names of the apps installed on the device);
- commercial information (for example, if you have subscribed to our newsletter);
- information about your tastes and preferences; and
- any other information you may voluntarily provide us with (for example, through our Customer Support service, etc.).
Remember that, when we ask you to fill in your personal data to afford you access to any functionality or service of the App, we will mark certain fields as mandatory, since these are the minimum that we need to be able to provide the service. Please take into account that, if you decide not to make such data available to us, you may be unable to complete your user registration or may not be able to enjoy those services.
Depending on how you interact with our App, we will process your personal data for the following purposes:
2.1 To manage your registration as a user of the App
If you decide to become a registered user of our App, we need to process your data to identify you as a user of the App and grant you access to it as a registered user. You may cancel your registered user account by uninstalling the App from your device.
The BEAT App enables you to hail a ride in a taxi with a taxi driver (‘driver’) through us. You must provide personal data to use our BEAT App as a passenger for ride-hailing, which we process to provide the given service. Additional voluntary information that may also be provided is marked accordingly (optional).
In the context of the hailing service, the following personal data will be processed in accordance with Article 6(1.)(b) GDPR for the performance of the contract:
First and last name, email address and mobile phone number (master data). Your GPS location data at the time of booking, the start and destination coordinates of your ride, information on your terminal equipment (device ID) and the password you have chosen (in encrypted form) are also processed.
Your profile picture is optional and will be processed only if entered.
You may either enter the personal data (e.g. your name) at the time of registration or we receive it directly from your terminal equipment (e.g. device ID, GPS location data). You approve the transmission of your GPS location data via your terminal equipment (smartphone, tablet, etc.) operating system. We need the GPS coordinates of your location so that the taxi you have ordered can find and collect you.
We will forward your GPS location data, name, phone number and profile picture (if you have provided one) to the driver who has accepted the ride you have booked for identification purposes. The driver can call you after accepting your booking. This enables the driver to inform you of any delays, e.g. traffic jams.
After accepting your order, the driver or taxi operator will receive your name and profile picture (if you have provided one) for identification purposes and, in particular, so that she/he/it can determine that the right person is being collected. She/he/it determines this by asking you for your name when you board at the beginning of the ride. The driver cannot see your personal data in her/his BEAT App after the ride.
It will not be possible for you to hail taxis through us if we do not process the mandatory personal data shown above. This does not apply to optional information.
You can pay for taxi rides hailed through us either in cash or by using the pay-by-app function (i.e. by credit card or Paypal within the App). By entering your credit card and/or Paypal account details within the App you will be able to pay for your ride without cash through the BEAT App. We will then debit the amount to your specified means of payment. If your credit card details are provided, they will be transmitted directly to the payment service provider engaged by us via an encrypted connection and without any further disclosure of credit card information to us except for the last four digits of your credit card which are transmitted to us and in a pseudonymized form for security reasons. We store such pseudonymized information for the purposes of identification and verification.
In the context of payment, the following personal data will be processed in accordance with Article 6(1.)(b) GDPR for the performance of the contract:
First and last name, address, start and destination coordinates of your ride, country, language, email address, mobile phone number, credit card key, last four digits of the credit card number, the email address of your PayPal account if applicable, and information about your terminal equipment (device ID, etc.).
We cannot offer you certain means of payment if we do not process these personal data. However, you may always pay in cash directly to the driver without any further involvement of the application.
2.4 Fraud prevention and non-payment
Since BEAT bears the risk of non-payment in the event that payments made by credit card or Paypal are not honoured, and more broadly of fraud happening through its app, Beat processes Personal Data inter alia to assess fraudulent cases, as well as to assess the risk of non-payment using a software algorithm by a trust third party fraud scoring service, based on a number of personal information, payment means the use of the application and device data, so as to protect BEAT’s legitimate interests in accordance with 6(1.)(f) of the GDPR.
For this purpose, the following personal data is processed:
First and last name, pick up and drop off addresses of a ride, mobile phone number, email address, payment mean, the last four of a card, the name on the card, expiration dates of the card, the card issuer, the email address of the PayPal account (if applicable), information about the terminal equipment (device type and ID, operating system, applications installed on the device etc.), the amount of the rides and the BEAT App version installed on your device, and IP address.
This personal data is not used or processed for any other purpose. Please note that the app’s hailing functionality without the pay-by-app function is available to every user, regardless of the fraud prevention system outcome. Accordingly, if you are not offered the pay-by-app function due to the decision made fully automatically based on the score calculated, you may still use the BEAT App and make payments in cash. If you are unable to pay using non-cash payment means and believe this to be in error, please contact us.
BEAT also periodically reviews the fraud scoring manually by means of specially trained employees of BEAT.
Moreover, to protect you against overpaying for taxi rides, the driver’s mobile phone transmits GPS location data to us at short intervals during a taxi ride, enabling us to map the entire journey. We do this because we want to ensure the driver does not extend the route intentionally to earn higher remuneration.
If you believe you have paid too much, you may ask us about the route covered after a ride. The processing of your GPS location data takes place for your and our protection against fraudulent drivers and/or passengers on the basis of Article 6(1.)(f) GDPR to protect your and our interests (e.g. protection against overpayments).
2.5 Fault elimination, customer services and improvement of the functionality
To make it possible to eliminate malfunctions in the BEAT App, to answer specific customer inquiries about functionality or the hailing services, and to adapt the BEAT App to the needs of passengers, the following personal data is processed for the performance of the contract in accordance with Article 6(1.)(b) GDPR:
First and last name, email address, mobile phone number, profile picture (optional entry), your GPS location data at the time of booking, start and destination coordinates of your ride, and information about your terminal equipment (device ID, etc.).
We may also process data rendered anonymous or aggregated data rather than personal data, in cases where such data is deemed sufficient for this purpose.
2.6 News, promos and personalized offers
You will receive offers and advertising from us if you have agreed to receive news and personalized offers (advertising, vouchers, and promotions) and to the display of usage-based advertising during the registration process or subsequently by switching on the respective toggle within the BEAT App. This concerns both non-personalised (sent to all customers) and personalised (sent only to you and based on an analysis your personal data that you have either explicitly provided to us or were generated as part of your use of the BEAT app) newsletters sent electronically (email, SMS, MMS, in-app messages, push messages) to your terminal equipment (smartphone, tablet, PC, etc.). To send you personalized advertising, we will process your usage data and, where possible, other information from your device, such as other apps you may have installed in your device. Usage data logins and taxi rides. Based on this data, you may receive special offers, special content, and advertising from us. Accordingly, please take into account that this data processing implies an analysis of your profile to establish your preferences and therefore which services are most relevant to your preferences.
We will also process your personal data to organize promotional actions. By participating in any promotional action, you authorize us to process the personal data that you have shared with us depending on the promotional action and disclose them through different media such as social networks or the App itself. In each promotional action in which you participate, the terms and conditions will be available to you and will provide more detailed information about the processing of your personal data.
In this context, we will process the following personal data based on your consent in accordance with Article 6(1.)(a) GDPR:
First and last name, email address, mobile phone number, payment methods, registration date, BEAT App version, log-in details,, device ID, IDFA (Ad-ID, Apple, identifier for advertisers), IFV (Ad-ID, identifier vendor), GAID (Google advertising identifier), IP address as well as usage data (usage frequency, registrations and taxi rides, including pickup and dropoff locations thereof).
If you do not wish to receive the news and personalized offers already discussed, you can – just as easily as when you agreed to it – withdraw your consent by switching off the “News, promos and offers” toggle through your App’s Privacy & Security section.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal.
2.7 Studies and surveys
If you have agreed to receive studies and surveys during the registration process or subsequently by switching on the respective toggle within the BEAT App, then we will contact you after a taxi ride or at any other time in the context of non-personalised or personalised (sent only to you and based on an analysis of the BEAT App usage frequency) studies and surveys sent electronically (email, SMS, MMS, in-app messages, push messages) and request your participation. If you access our App, we inform you that we will treat your usage data for analytical and statistical purposes, i.e., to understand the manner in which users interact with our App and thus be capable of introducing improvements in the App. In addition, we occasionally perform quality surveys and actions to know the degree of satisfaction of our App’s users and detect those areas in which we may improve. To this end, we will process the following personal data pursuant to Article 6(1.)(a) GDPR:
First and last name, email address, mobile phone number, profile picture (optional entry), payment method, registration date, BEAT App version, your GPS location data at the time of booking, during the ride, and at the end of the taxi ride, and usage data (usage frequency, registrations and taxi rides) as well as information installed in your device, such as the list of apps downloaded in your device.
If you do not wish to be contacted, you can – just as easily as when you agreed to it – – withdraw your consent by switching off the “Surveying” toggle through your App’s Privacy & Security section.
Please note that the withdrawal and ensuing changes are valid only for the future and will be effective or implemented by no later than 48 hours from withdrawal.
2.8 Facebook Connect
We give you the option of registering for or logging in to the BEAT App using your Facebook log-in information, a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). This requires the operation of the Facebook Connect button. For logging in, you will be redirected to a Facebook page, where Facebook will request certain permissions and you can log in using your Facebook user data. This will link your Facebook profile with our BEAT App. This link will allow us to view the data you have provided Facebook (first and last name, email address, public profile, age range, gender, profile picture, time zone, Facebook ID). For the purpose of Facebook Connect, we use only your email address, first and last name, profile picture, and Facebook ID for identification purposes in accordance with Article 6(1.)(f) GDPR. At the same time, the type of device (e.g. iPhone), operating system, language, time zone, resolution, app version and the location of your time zone (e.g. Europe/Athens, etc.) are transmitted to Facebook automatically.
We kindly ask that you refrain from using the Facebook Connect function if this is not in accordance with your wishes.
2.9 Google Maps
2.10 Rating drivers and favorite drivers
You can provide your feedback on your experience in a specific ride by rating drivers and vehicles publicly via the BEAT App. When you submit a rating, it is assigned to a specific ride and considered in the average rating of the driver and vehicle in question. It does not involve the transmission of your personal data to the driver.
You can also enter your favorite drivers in your BEAT App profile. This involves you marking those drivers as your favorite by tapping twice on the 5-star rating soon after the ride is over. Your personal data is not transmitted to the driver.
2.11 Web tracking
a) Google Analytics
The BEAT App uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
For this purpose, a cookie is installed on your device. The information generated by the cookie about your use of the App (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the App, compiling reports on App activity for App operators and providing other services relating to App activity and internet usage to the App’s provider. Google will not associate your IP address with any other data held by Google. For further information on how Google uses your data, please refer to https://policies.google.com/privacy?hl=el#infocollect.
Objection to data collection:
Besides changing your browser settings, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en
b) Facebook Custom Audience Program
We participate in Facebook’s Custom Audience program which enables us to communicate with people that have already installed our application, or exclude people that are already using our application from seeing our advertisements. To this end, we share your email address or phone number in a hashed format with Facebook, in order to allow it to identify you, if you are a Facebook user.
Objection to data collection:
You can adjust your ad preferences through your Facebook settings if you do not want to receive interest-based ads on Facebook.
3. Disclosure of your personal data to drivers and other third parties
We disclose some of your personal data to the taxi drivers using the BEAT Driver App.
- financial institutions,
- anti-fraud detection and prevention entities,
- technology service providers,
- providers of customer support related services,
- advertising and marketing related partners and service providers,
who assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analyzing data, providing support services or performing other tasks, from time to time.
Your personal data will be accessible by BEAT’s authorized personnel and service providers acting on our behalf,on a need-to-know basis.
For service efficiency purposes, some of these providers are located in territories outside the European Economic Area that do not offer a level of data protection comparable to that of the European Union.
We may also share your personal data with third parties in connection with the potential or actual sale of our company or any of our assets, or those of any associated company, in which case personal data held by us about our users may be one of the transferred assets.
We will also respond to requests for personal data where required by to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
4. Your rights
You have the following rights with respect to your personal data:
- Right to withdraw consent – where applicable, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. For example, if you wish to opt-out of receiving marketing communications, you can change your settings by switching off the respective toggle through your App’s Privacy & Security section, use the “unsubscribe” link provided in our emails or otherwise contact us directly and we will stop sending you communications.
- Right of access, rectification, and erasure – you have the right to request access to any of your personal data that we may hold, to request correction of any inaccurate data relating to you and, under certain circumstances, to request the deletion of your personal data. You can see and update most of this data yourself online.
- Right of data portability – Under certain conditions, you have the right to receive all such personal data which you have provided to us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to restriction of processing – you have the right to restrict our processing of your personal data where:
- you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
- the processing is unlawful but you do not want us to erase the data;
- we no longer need your personal data for the purposes of the processing, but you require such data for the establishment, exercise or defence of legal claims; or
- you have objected to processing justified on legitimate interest grounds (see below) pending the verification as to whether we have overriding compelling legitimate grounds to continue the processing.
Where personal data is subject to restrictions in this way, we will only process it with your consent or for the establishment, exercise or defense of legal claims.
- Right to object to the processing – provided that the conditions of the law are met, you have the right to object to the processing of your personal data. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In Greece that is the
Hellenic Data Protection Authority,
1-3 Kifissias Ave., 115 23 Athens, Greece
Phone: +30-210 6475600
Fax: +30-210 6475628
For further information regarding your rights, to exercise any of your rights, or if you have any questions regarding the processing of your personal data please contact privacy@theBEAT.co
Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.
5. Minimum Age
Protecting the safety and privacy of children is very important to us. We do not accept registrations submitted by, and will not knowingly collect or use personal data from anyone under the age of sixteen (16) years. By downloading and registering on the App, you confirm that you have reached sixteen (16) years of age.
6. Data security
BEAT uses appropriate technical, physical, legal and organizational measures, which comply with data protection laws to keep your personal data secure.
As most of the personal data we hold is stored electronically we have implemented appropriate IT security measures to ensure this personal data is kept secure, including the use of strong encryption, access restriction and extensive logging and auditing functionality in our production systems. We have procedures in place at our premises to keep any hard copy records physically secure. We also train our staff regularly on data protection and information security.
When BEAT engages a third party as a data processor (including our service providers) to collect or otherwise process personal data on our behalf, such processor will be selected carefully and required to use sufficient guarantees, in particular in terms of expert knowledge, reliability and resources as well as appropriate technical and organisational measures which will meet the requirements of the General Data Protection Regulation, including those referring to the security of processing.
Unfortunately, no data transmission over the Internet or any electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any personal data you might have sent to us has been compromised), please immediately notify us.
7. Retention period
We will retain your personal data for as long as is necessary for the purposes for which we collect it during the performance of our contract, always taking into consideration each time applicable statute of limitations.
- where we hold your personal data to comply with a legal obligation (including your security and avoidance of fraudulent behavior), we will keep the information for at least as long as is required to comply with that obligation;
- where we hold your personal data in order to provide you with a service (such as in order to ensure at all times that our App is properly functioning), we will keep the information for at least as long as we provide the service, and for a number of years thereafter, as appropriate.
We will retain your data for a period of five years after termination of the contractual relationship at your request or by us for cause (e.g. non-payment). Moreover, statutory provisions (e.g. retention periods under tax legislation) require that we retain data for six years and under conditions, up to twenty years.
Should we do so, we will notify you by various procedures through the App (for example, through a banner, a pop-up or a push notification), or we may even send you a notice to your e-mail address.
9. Contact us – One Point of Contact for all Privacy Issues
For further information regarding your rights, to exercise any of your rights, or if you have any questions regarding the processing of your personal data please send an email to firstname.lastname@example.org.
BEAT has appointed Platis – Anastasiadis & Associates / EY Law (Antonios Broumas, Manager) as Data Protection Officer to oversee compliance with this Notice. If you have any questions about this Notice or how we handle your Personal Data, or you wish to exercise your rights, please send an email to email@example.com.