Data Processing Information (GDPR)
This document provides detailed information on how personal data is processed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
Important: By using the application, you acknowledge that your personal data may be processed as described below.
← Back to legal page
1. Data Controller
Name: Robert Mersits
Contact: robertmersits@gmail.com
2. Nature of the Service
The application is a digital platform that enables users to connect and organize travel-related activities.
The operator does not provide transportation services and does not act as a contractual party between users.
3. Categories of Personal Data
3.1 Account Data
- Name or username
- Email address (if applicable)
- Phone number
- Profile information
3.2 Location Data
- Current location (only when required)
- Route-related information
3.3 Communication Data
- Messages between users
- User connections
3.4 Technical Data
- Device information
- IP address (limited use)
- Push notification token
- Log data and diagnostics
3.5 Payment-Related Data
- Payment status
- Transaction identifiers
Payment card details are not processed or stored by the data controller.
4. Purpose of Processing
- Account creation and management
- Providing application functionality
- Connecting users and facilitating trips
- Communication between users
- Sending notifications
- Fraud prevention and security
- Improvement of services
5. Legal Basis (Article 6 GDPR)
- Art. 6(1)(b) – performance of a contract (use of the application)
- Art. 6(1)(a) – consent (e.g. location data)
- Art. 6(1)(f) – legitimate interest (security, system integrity)
- Art. 6(1)(c) – legal obligations (if applicable)
6. Data Processors
The application uses third-party processors:
- Google Firebase (authentication, database, messaging)
- Google Cloud services
- Stripe (payment processing)
These processors act under their own data protection policies and agreements.
7. International Data Transfers
Personal data may be transferred outside the European Economic Area.
Such transfers are safeguarded by appropriate measures, including Standard Contractual Clauses (SCCs).
8. Data Retention
- Data is stored while the account is active
- Deleted upon user request
- May be retained if legally required
9. Automated Decision-Making
No automated decision-making or profiling with legal effects is performed.
10. Data Sharing
- No sale of personal data
- No marketing-based data sharing
Data may be shared with:
- Technical service providers
- Authorities when legally required
11. User Responsibility
Users are solely responsible for the personal data they share within the application.
The data controller does not verify the accuracy of user-provided data.
12. Location Data Handling
- Not continuously tracked
- Used only when necessary
- Controlled via device permissions
13. Communication Data
Messages are stored to provide functionality and are visible only to participants.
Access may occur if required for security or legal reasons.
14. Data Security
- Encrypted communication (HTTPS)
- Secure infrastructure
- Access restrictions
15. User Rights
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
Requests will be handled within 30 days.
16. Right to Lodge a Complaint
Users have the right to lodge a complaint with a supervisory authority in their country of residence.
17. Children's Data
The application is not intended for individuals under 16 years of age.
18. Changes to this Policy
This document may be updated at any time.
19. Contact
robertmersits@gmail.com