DDM DIGITAL SOLUTIONS LTD, a company duly incorporated and existing under the laws of the Republic of Cyprus, with registration number НЕ 418762, having its registered office at Griva Digeni, 80 SWEPCO COURT 6, 2nd floor 3101, Limassol, Cyprus (“DIGITAL SOLUTIONS” or “We”) respects your privacy and are committed to protecting your Personal Data.
At DIGITAL SOLUTIONS, we want to be transparent with You about how We collect and use Your Personal Data in making available the Application Etolls EU and providing You with various Services through the Application. We also want to make sure You know about Your data privacy rights and how the law protects You.
DIGITAL SOLUTIONS acts as a Joint Controller with NJ Travel BV, Piet Heinstraat 7, 7204 JN Zutphen (“NJ”) – a company that operates a website that allows DIGITAL SOLUTIONS to form a request (make an offer) on Your behalf to be submitted to the official body of respective EU country in order to buy a digital vignette(s) for Your use.
Personal Data does not include “anonymous data” (i.e., information where the identity of the individual has been permanently removed).
However, Personal Data does include “indirect identifiers” or “pseudonymous data” (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
1. HOW WE RECEIVE YOUR DATA?
You are signing up as a User at the Application and creating a DIGITAL SOLUTIONS Account in the Application;
You are forming a request (an offer) to buy digital vignette(s) chosen by you on your behalf in the chosen by You country-member of the EU;
You are laying out Your travel route;
You make a payment (s) under provisions of Terms;
You provide the information in Your Account, or
You provided your personal details to Us in another way.
2. LEGAL BASIS FOR PROCESSING
DIGITAL SOLUTIONS processes personal information received from You, where:
DIGITAL SOLUTIONS has Your informed, freely given consent (“Consent”),
where Your personal information is necessary for DIGITAL SOLUTIONS to provide a service under the agreement concluded between You and DIGITAL SOLUTIONS (“Contractual Necessity”), or
where DIGITAL SOLUTIONS has a legitimate interest to process Your information and that legitimate interest is not overridden by Your data protection interests or fundamental rights and freedoms (“Legitimate interest”);
In some cases, DIGITAL SOLUTIONS may have a legal obligation to process Your personal information or to process Your personal information in order to exercise, establish or defend legal claims (“Legal obligation”).
3. TYPES OF PERSONAL DATA WE PROCESS
Types of Personal Data processedWhat this meansIdentity DataGiven name; Family name. Contact DataGiven name; Family name; Phone number; Email.Vehicle DataGiven name; Family name; Vehicle plate number; Vehicle type; Mark and model of Vehicle; Country of car registration; VIN; List of vehicles.Vignette Data (already purchased or to be purchased through the Application)Country of Vignette; Start date of Vignette; End date of Vignette; PDF of Vignette (s); List of Vignettes.Trip DataLocation information; routes; dates of the trip.Behavioral DataPages visited, how long you stayed, how you entered, time of visitTechnical DataYour login data, Compatible Mobile Terminal type and version, operating system and other technology on the devices you use to access our Application, location information.Payment DataPayment card type; payment card number; billing address; Phone number; Email.Marketing and Communications Data Your preferences in receiving marketing messages from Us and Our third parties and Your communication preferences, including Your preferred language for such communications.
DIGITAL SOLUTIONS processes information when You provide it directly to DIGITAL SOLUTIONS by signing up as a User of the Application, creating the Account, making a request for digital vignette (s), adding information to the Account, accepting Terms, making payment(s).
Collected from Third Parties: DIGITAL SOLUTIONS may receive information about You from other sources, including publicly available databases or third parties, and combine this data with information DIGITAL SOLUTIONS already has about You. This helps DIGITAL SOLUTIONS to update, expand and analyze records, identify new customers, and provide information about services that may be of interest to You. If you provide DIGITAL SOLUTIONS personal information about others, or if others give DIGITAL SOLUTIONS Your information, DIGITAL SOLUTIONS will only use that information for the specific purpose for which it was provided to DIGITAL SOLUTIONS.
No Special Categories of Personal Data: We do not collect and/or process any “Special Categories of Personal Data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
4. YOUR RIGHTS RELATING TO PERSONAL DATA ABOUT YOU
Under certain circumstances, by law You have the right to:
Request access to Personal Data about You. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully processing it.
Request correction of the Personal Data that we hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
Request erasure of Personal Data about You. This enables You to ask Us to delete or remove Personal Data where there is no lawful basis for Us to continue to process it. You also have the right to ask Us to delete or remove Personal Data about You where You have exercised Your right to object to processing (see below). Please, take a note, that by removing some personal data about You on Your request (for example, Identity Data, Vehicle data) We will not be able to provide you Services, and, therefore, the agreement between DIGITAL SOLUTIONS and You will be considered terminated.
Object to processing of Personal Data about You. This right exists where We are relying on our legitimate interest as a legal basis for Our processing and, You wish to object to processing on this ground.
Request the restriction of processing of Personal Data about You. This enables You to ask Us to suspend the processing of Personal Data about You, for example, if You want Us to establish its accuracy or the reason for processing it.
Request the transfer of Personal Data about You. We will provide to You, or a third party You have chosen, Personal Data about You in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for Us to use or where We used the information to perform a contract with You.
Withdraw consent. This right only exists where we are relying on Consent as a legal basis to process Personal Data about You (“Consent Withdrawal”).
Right of a complaint. If You believe the processing of Your personal data is improper, You can file a complaint with the Commissioner for the Protection of Personal Data in Cyprus: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument. Address: Iasonos 1, 1082 Nicosia, Cyprus. Tel: +357 22818456; email: commissionerdataprotection.gov.cy.
You may have other rights as may be provided by the applicable legislation.
5. HOW TO EXERCISE YOUR RIGHTS
If You want to exercise any of the rights described above, please contact Us using the contact details shown here [insert email].
Typically, You will not have to pay a fee to access Personal Data about You (or to exercise any of the other rights outlined above). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if Your request is clearly unfounded, repetitive, or excessive, or, We may refuse to comply with Your request in these circumstances.
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Personal Data about You (or to exercise any of Your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.
We try to respond to all legitimate requests within one (1) month (i.e. 30 calendar days). Occasionally it may take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, we will notify You and keep You updated.
6. MARKETING COMMUNICATION PREFERENCES
You can ask Us to stop sending You marketing messages at any time by:
by changing the settings in Your Account;
Clicking the “Update your email preferences or unsubscribe” link in the footer of any marketing communications we may send You to update Your preferences accordingly; and/or
Contacting Us at any time using the email [insert].
7. HOW WE USE PERSONAL DATA ABOUT YOU AND WHY
We will only use Personal Data about You for the purposes for which We collected it as listed below unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose.
The table below sets out the purposes for which We use Personal Data, as well as the legal bases We rely on in respect of the relevant purposes for which We use Personal Data about You.
8. WHAT HAPPENS WHEN YOU DO NOT PROVIDE NECESSARY PERSONAL DATA?
Where We need to process Personal Data about You either to comply with law, or to perform the terms of the agreement We have with You, and You fail to provide that data when requested, We may not be able to perform the agreement We have or are trying to enter into with You. For example, We may not be able to provide You with the functionalities of the Application (e.g., register your Account, make an offer to buy a Vignette on Your behalf) or We may not be able to respond to or fulfill a request You make of us.
In this case, We may have to stop You from using our Application but We will notify You if this is the case at the time.
9. WHAT IS THE DURATION OF PROCESSING OF YOUR DATA?
Your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.
However, storage can take place beyond the specified time in the event of an (impending) legal dispute with You or other legal proceedings or if storage is provided for by statutory provisions to which We are subject as the responsible party. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by Us is necessary and there is a legal basis for this.
10. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In order to carry out our business operations and provide You with Services through the Application, We may grant our commissioned processors and other service providers access to Your personal data. These are service providers that are required to operate Our Application and process the data stored or transmitted by the systems (e.g. data centre services, payment processing, IT security). The legal basis for the transfer is Article 6 Paragraph 1 Letter b or Letter f of the GDPR. In addition, we may transmit Your personal data to government bodies or authorities if this is necessary to fulfill a legal obligation. This is done on the basis of Article 6 (1) (c) GDPR. A transmission also takes place to our staff personnel (e.g. employees, business customers, service providers). This is done on the basis of Your consent in accordance with Article 6 Paragraph 1 lit. a GDPR or to fulfill the contract in accordance with Article 6 Paragraph 1 lit. b GDPR.
We currently store and process Your personal data in Cyprus. We do not transfer Your personal data outside the territory of the European Union.
However, some of Your personal data may be transferred to entities located within or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection.
If We process personal data in a third country (i.e. outside the European Union (EU) or if this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill Our (pre)contractual obligations, on the basis of Your consent, on the basis of a legal obligation or on the basis of our legitimate interests. If there are no legal permissions, We only leave Your personal data in a third country if the special requirements of the Art. 44 ff. GDPR process.
We will always take steps to ensure that any international transfer of personal data is carefully managed to protect Your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other guarantees, such as standard contractual terms issued by the European Commission or certification schemes.
11. LEGAL DISCLOSURES
In certain situations, DIGITAL SOLUTIONS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. DIGITAL SOLUTIONS reserves the right to disclose your personal information as required by law and when DIGITAL SOLUTIONS believes in good faith that disclosure is necessary to protect DIGITAL SOLUTIONS’ rights and/or comply with a judicial proceeding, court order, or legal process served on to DIGITAL SOLUTIONS.
12. REPORTING ISSUES
You have a right to report grievances related to privacy with Your local data privacy supervisory authority. In Cyprus, this is the Commissioner for the Protection of Personal Data in Cyprus and the Commissioner can be reached at https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument which can also be contacted by email at commissionerdataprotection.gov.cy.
13. DATA SECURITY
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties, taking into account the state of the art and the implementation costs and the nature, scope, context, and purpose of the processing and the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.