Data Processed

Registration Data: Email address, username, year of birth (for user identification and profile creation). Registered as either passenger or driver.
Driver-Related Data: Additionally, drivers can provide vehicle type, license plate, and color (necessary to provide services to passengers).
Communication Data: Messages exchanged between driver and passenger during a trip are stored in a database to ensure service provision and handle complaints.
Location Data: The app collects and processes GPS-based location data during navigation for real-time trip planning and ride facilitation. These data are collected both in foreground and background to ensure seamless navigation functionality.
Automated Profiling and Decision-Making Data: Data on user and driver preferences, habits, and needs, used to optimize services and offer personalized recommendations.

Purpose and Legal Basis of Data Processing

User Identification: Data are used for user identification (GDPR Article 6(1)(b)).
Service Provision: Data are used to ensure the platform functions properly and for navigation (GDPR Article 6(1)(b)).
Payment Transactions: Stripe processes credit card data, which is not stored by the app. Data processing aims to ensure secure transactions and settlement (GDPR Article 6(1)(b)).
Complaint Handling: Handling user complaints, with a response within 3 business days (GDPR Article 6(1)(c)).
Automated Profiling and Decision-Making: The app provides personalized recommendations and optimizes driver-passenger matching using automated algorithms (GDPR Article 6(1)(f)).

Data Storage and Retention

Messages and Location Data: In-app messages and location data are stored until the end of the trip or the legally required retention period. Data processing aims to fulfill accounting and complaint handling obligations under the EU General Data Protection Regulation (GDPR) and Hungarian accounting laws.
Complaint Data: Messages left by users on the chat wall for complaint processing are retained for the necessary period. Data are handled with appropriate data protection measures to fully ensure user rights.
Data Storage Location: Data are stored within the European Union, ensuring that all personal data processing and storage comply with GDPR requirements, particularly security and data protection standards.
Retention Period: Data are stored as long as necessary for contract fulfillment and legal obligations (e.g., accounting requirements). This ensures handling potential claims and fulfilling settlement obligations.

Data Transfer and Sharing

Stripe: All payment transactions and related data are processed through Stripe Connect. Stripe processes and retains data in accordance with GDPR requirements.
Service Partners: Third-party partners (e.g., Google Maps) are engaged for certain app functionalities, such as location tracking and navigation, with their privacy policies available on their respective websites.
Authorities: Data are only shared with competent authorities in compliance with legal obligations.
International Data Transfer: If data are transferred to a third country, Iterli ensures that the transfer complies with GDPR requirements, including providing appropriate safeguards.

Data Security

Security Measures and Regular Audits: We employ advanced technological solutions to protect data and ensure the secure operation of our service, including data encryption, access restrictions, and regular data security audits.
Reporting Data Breaches: Iterli applies strict internal rules in the event of a data breach and will notify users and relevant authorities as soon as possible if the breach affects user data.

User Rights and Remedies

Right of Access: Users are entitled to receive information about the data we process about them.
Right to Rectification: We will correct or update inaccurate data upon request.
Restriction of Data Processing: In certain cases, users may request data processing restrictions.
Data Portability: Users have the right to receive their personal data provided to us in a structured, widely used, machine-readable format.
Objection to Profiling and Automated Decision-Making: Users have the right to object to automated decision-making, including profiling, which could significantly impact them.
Data Download and Deletion Options: Users may download or delete all data about them within the app or through customer service, in accordance with legal provisions.

Personalized Advertising and Analytics

Marketing Analysis: Iterli analyzes user behavior to provide personalized recommendations and optimize advertising campaigns. Users have the right to object to data processing for marketing purposes.
Advertising Partners: With user consent, Iterli may share data with advertising partners for targeted advertising. These partners use the data strictly in compliance with GDPR requirements.

Data Controller Information
Data Controller: Róbert Mersits Sole Proprietorship (Tax ID: 90581540-1-38),
HU - 9730 Kőszeg, Vadvirág Street 6, info@iterli.com

Impressum

Service Provider: Róbert Mersits Sole Proprietorship
Registered Office: HU - 9700 Kőszeg, Vadvirág Street 6
Managing Director: Róbert Mersits
Email Address: info@iterli.com
Phone Number: +36 20 320 9661
Registration Number: 59829335
Tax ID: 90581540-1-38
Website: www.iterli.com