Last updated: April 15, 2022
Interpretation and Definitions
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Account means the account that each User must apply for to use the eCabs App to access our Services.
Application means the software program provided by the Company downloaded by You on any electronic device, named eCabs App
Company (referred to as either “eCabs”, “the Company”, “We”, “Us” or “Our” in this Agreement) refers to eCabs Company Limited (Company Registration Number C63326), 4, Salvu Aquilina Street, Mosta. For the purpose of the GDPR, the Company is the Data Controller.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Facebook Page is a public profile named ‘eCabs’ specifically created by the Company on the Facebook social network, accessible from www.facebook.com/eCabsMalta
Group Company means an entity that forms part of the eCabs Group.
Personal Data is any information that relates to an identified or identifiable individual as outlined in ‘Types of Data Collected’ below
Service refers to the Application or the Website or both. Service shall include the term ‘eCabs Services’ as defined in the Terms and Conditions.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors. This shall include third party Drivers.
User refers to anyone who downloads the eCabs App.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to www.ecabs.com.mt
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.
Collecting and Using Your Personal Data
Types of Data Collected
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address and other booking way points
- Credit Card information in order to pay for products and/or services within the Service
- Device Token and Usage Data
- Advertising identifiers from device
- Passenger information such as Name, Surname and Phone Number.
When You pay for a product and/or a service via bank transfer, We may ask You to provide information to facilitate this transaction and to verify Your identity. Such information may include, without limitation:
- Date of birth
- Passport or National ID card
- Bank card statement
- Other information linking You to an address
When a booking is confirmed, details are recorded securely on the eCabs booking system which is hosted by a third party. This data is held on the eCabs server, which is hosted by a third-party who is bound by the same data protection duties and GDPR law as is eCabs. Such data may be anonymized.
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Information Collected while Using the Application
While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:
- Information regarding your location
We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and/or a Service Provider’s server or it may be simply stored on Your device.
When you use one of Our location-enabled services, we may collect and process information about your actual location. Our services require your personal location data for the feature to work. Your consent can be withdrawn at any time by switching off the location-based services on your Device however we cannot guarantee that We will be able of offer the Service. If you require further details of how we use location-based services, you can request such information by contacting our Data Processing Officer on [email protected]
- Loyalty Scheme
When using Our Application, you benefit from our loyalty scheme (“eCabs Circle) meaning you authorise us to process and store your data necessary for the functioning of the loyalty scheme. This shall be limited to the information your supplied when signing up following the installation of the Application.
Tracking Technologies and Cookies
- Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available here.
- Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here: Cookies by TermsFeed Generator.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service and the ensuring that the content on Our site and Application are presented in the most effective manner for You and your device.
- To manage Your Account to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the carrying out of Our obligations arising from any booking you have made with Us which may include the sharing of such data with third party processors.
- To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with information, products or services that you request from us or which we feel may interest you, where (if required to do so) you have consented to be contacted for such purposes unless You have opted not to receive such information.
- To manage Your requests by creating records of bookings and to sending You booking acknowledgments, confirmations, invoices and statements.
- To deliver targeted advertising to You We may use Your information to develop and display content and advertising (and work with third-party vendors who do so) tailored to Your interests and/or location and to measure its effectiveness.
- For business transfers We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
- For other purposes We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
- For our loyalty scheme known as eCabs Circle or as renamed from time to time and for insurance purposes
- To notify you about updated and changes to Our service.
- To meet customer service requirements and for complaint handling and feedback
We will only contact you by electronic means (e-mail or SMS) with information about updates, goods and services similar to those which We have previously supplied to you. If you do not want us to use your data in this way, please let We know by contacting our Data Processing Officer on [email protected] We may also use and analyse the aggregate (collective data that relates to a group or category of services or customers, from which individual customer identities or characteristics have been removed) information collected through the analytics provision so that We can administer, support, improve and develop their business.
We only work with trusted partners and authorities. We only share when there is a proper reason to do so. We limit sharing to only that which is required. We do not sell your personal information.
We may share Your personal information in the following situations:
- With Third Party Providers to provide the service such as with drivers and fleet operators. These shall include services providers relating to payment processing, storage, marketing agencies, professionals, social media platform providers for our own marketing and research partners.
- For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
- With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
- With Your consent: We may disclose Your personal information for any other purpose with Your consent.
- Legally Bound to do so: if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, process or request or in order to enforce or apply our terms and conditions and/or any other agreements; or to protect the rights, property, or safety of the Company, our customers, or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
Retention of Your Personal Data
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
In order to determine the retention period of your Personal Data, we consider several criteria so that your personal data is not kept for longer than necessary. Such criteria include but are not limited to;
- the reason we hold your personal data;
- statutory obligations including the Laws of Malta and Transport Malta Regulations (we also adhere to any financial reporting obligations);
- whether we deem you to be a regular client, which classification is based on the services you request from us, whether you have chosen to receive our marketing communications and whether you have our App installed;
- whether you are no longer actively participating or engaging with us and whether you have requested Us to delete or alter your data; and
- our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
We will retain your information as follows:
In case of payment disputes, data will be retained until the claim is satisfied or the expiry date of such claims.
- your user profile and account information (including your technical usage data), for as you have an active passenger account or 3 years after you last use our services. If we close your account, user data will be deleted in terms of our retention policy, unless such data is still required to meet any legal obligation, or for accounting, dispute resolution or fraud prevention purposes.
- In case of payment disputes, data will be retained until the claim is satisfied or the expiry date of such claims.
- records of bookings, lost property and complaints for a minimum of 12 months or as per statutory requirements.
- Data required for other accounting purposes will be stored for ten years after the last journey.
- In the event of a suspected criminal offence, fraudulent activity or false information having been provided, all data will be stored for up to 10 years.
Storage & Transfer of Your Personal Data
The data that we collect from you may be stored on the eCabs servers situated inside the European Economic Area (EEA). Where necessary it may be transferred to third parties for processing in line with our agreements with such third parties. We require all third parties to whom we disclose personal data to enter into a contract with us which includes stringent confidentiality obligations.
Disclosure of Your Personal Data
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Detailed Information on the Processing of Your Personal Data
The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.
We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.
Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
Apple Store In-App Payments
Google Play In-App Payments
When You use Our Service to pay a product and/or service via bank transfer, We may ask You to provide information to facilitate this transaction and to verify Your identity.
These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies and to enable Us to:
- Measure and analyze traffic and browsing activity on Our Service
- Show advertisements for our products and/or services to You on third-party websites or apps
- Measure and analyze the performance of Our advertising campaigns
Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:
- The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
- The EDAA’s opt-out platform http://www.youronlinechoices.com/
- The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN
You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.
The third-party vendors We use are:
Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266
To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
- Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
- Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
- Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
- Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
- Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
- Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
- Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
- Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
- Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
- Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
- Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
Uninstalling the App does not mean that we will delete your data automatically. You must still request that we delete your data and such request shall be entertained limitedly to the data we are not obliged to retain.
Exercising of Your GDPR Data Protection Rights
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You can exercise any of your rights by contacting our Data Processing Officer on [email protected]
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
Data Controller for the Facebook Page
The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Page www.facebook.com/eCabsMalta, the Company and the operator of the social network Facebook are Joint Controllers.
The Company has entered into agreements with Facebook that define the terms for use of the Facebook Page, among other things. These terms are mostly based on the Facebook Terms of Service: www.facebook.com/terms.php
We use the Facebook Insights function in connection with the operation of the Facebook Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.
For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period.
Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Page and services by other companies that use Facebook services.
Links to Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
The supervisory authority is the Office of the Information and Data Protection Commissioner which can be contacted at Level 2, Airways House, High Street, Sliema SLM 1549, Malta or by telephone on (+356) 2328 7100 or by email at [email protected]