Privacy Policy

In accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679), French Law No. 78-17 of January 6, 1978 as amended (Data Protection Act), and CNIL recommendations regarding cookies and other trackers, this policy informs you about the processing of personal data implemented by BookCab.

1. Data Controller

The data controller for personal data collected on this site is:

  • Company name: BookCab 360
  • SIRET: 80868542400034
  • Registered office: 20 AVENUE PIERRE LEFAUCHEUX 92100 BOULOGNE-BILLANCOURT
  • DPO Contact: rejeb.zorgani@gmail.com

2. Personal Data Collected (legal basis: art. 6 GDPR)

We only collect data necessary to provide our transport booking services, in accordance with the principle of data minimization (art. 5.1.c GDPR):

  • Identification data: Last name, first name, email address, phone number
  • Booking data: Departure and arrival addresses, trip date and time, number of passengers, desired vehicle type, flight information (if applicable)
  • Payment data: Credit card information (securely processed by our provider Stripe, PCI-DSS certified). We do not have access to your complete card data.
  • Navigation data: IP address, browser type, pages visited, visit duration (via analytical cookies with your consent)
  • Communication data: History of exchanges by email or phone with our customer service

3. Legal Basis for Processing (art. 6.1 GDPR)

Your data is processed on the following legal bases:

  • Contract performance (art. 6.1.b): Processing your booking, communication regarding your trip, billing
  • Legal obligations (art. 6.1.c): Invoice retention (10 years), tax and accounting obligations
  • Legitimate interests (art. 6.1.f): Service improvement, fraud prevention, anonymized statistics
  • Consent (art. 6.1.a): Analytical cookies, newsletter (if applicable), sending commercial offers

4. Data Recipients (art. 13.1.e GDPR)

Your data may be shared with the following categories of recipients:

  • Authorized personnel: Our employees and partner drivers strictly within the scope of their duties
  • Technical subcontractors: Host (OVH, European Union), payment provider (Stripe Inc., Privacy Shield and SCCs certified), email service
  • Public authorities: Upon judicial request or legal obligation only

Guarantees: All our subcontractors are bound by standard contractual clauses (SCCs) compliant with GDPR requirements. For transfers outside the EU, we apply the European Commission's standard contractual clauses.

5. Data Retention Period (art. 5.1.e GDPR)

In accordance with the storage limitation principle, your data is retained for the following periods:

  • Booking data: 3 years from the last service
  • Billing data: 10 years (legal accounting obligation)
  • Customer contact data: 3 years after last contact
  • Analytical cookies: 13 months maximum (in accordance with CNIL recommendations)
  • Connection logs: 1 year (legal obligation)

6. Data Security (art. 32 GDPR)

We implement appropriate technical and organizational measures to ensure the security of your data:

  • SSL/TLS encryption for all data transmissions
  • Secure hosting on certified servers (ISO 27001) located in the European Union
  • Data access restricted to authorized persons with strong authentication
  • Regular encrypted backups
  • Data breach notification procedures (art. 33-34 GDPR)

7. Your GDPR Rights (Chapter III of GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (art. 15 GDPR): Obtain confirmation that your data is being processed and access it, as well as information relating to this processing.
  • Right to rectification (art. 16 GDPR): Have inaccurate data corrected or incomplete data completed.
  • Right to erasure (art. 17 GDPR): Obtain the deletion of your personal data under certain conditions (right to be forgotten).
  • Right to restriction of processing (art. 18 GDPR): Request the restriction of processing of your data in certain circumstances.
  • Right to data portability (art. 20 GDPR): Receive your data in a structured, commonly used and machine-readable format, and transmit it to another controller.
  • Right to object (art. 21 GDPR): Object to the processing of your data for reasons related to your particular situation or for direct marketing purposes.
  • Rights related to automated decisions (art. 22 GDPR): Not be subject to a decision based solely on automated processing producing legal effects concerning you.
  • Right to define post-mortem directives: Define directives regarding the fate of your data after your death.

8. Cookies and Similar Technologies (ePrivacy Directive)

In accordance with Article 82 of French Law No. 78-17 of January 6, 1978 as amended and Directive 2002/58/EC known as "ePrivacy", we use cookies and similar technologies:

  • Strictly necessary cookies: Essential for website operation (authentication, cart, security, language preferences). These cookies do not require your prior consent.
  • Analytical cookies: Google Analytics to measure audience and improve our services (anonymized data, truncated IP). Retention period: 26 months maximum.
  • Performance cookies: Microsoft Clarity to analyze user behavior and optimize experience (pseudonymized data).
  • Managing your preferences: You can accept, refuse or configure the use of cookies via our consent banner or your browser settings. Refusal does not affect essential navigation.
  • Consent revocation: You can change your choices at any time by clicking "Manage cookies" at the bottom of the page or by deleting cookies from your browser.

9. Contact and Exercising Your Rights

9.1. Data Protection Officer (DPO)

For any questions regarding the processing of your personal data or to exercise your GDPR rights, you can contact our Data Protection Officer:

  • Email: rejeb.zorgani@gmail.com
  • Mail: 20 AVENUE PIERRE LEFAUCHEUX 92100 BOULOGNE-BILLANCOURT
  • Subject: "Exercise of GDPR rights" or "Data Protection"

9.2. Rights Exercise Procedure

  • Response time: We are committed to responding within one month from receipt of your request.
  • Supporting documents: A copy of ID may be requested to verify your identity.
  • Free of charge: Exercising your rights is free, except in case of manifestly unfounded or excessive requests.

9.3. Recourse in Case of Data Dispute

In case of disagreement regarding the processing of your personal data, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):

  • Website: www.cnil.fr
  • Phone: 01 53 73 22 22
  • Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

10. General Provisions

10.1. Policy Modification

We reserve the right to modify this privacy policy at any time. Changes take effect upon publication on the site. We will inform you of any substantial modification by email or notification on the site.

10.2. Applicable Law

This privacy policy is subject to French law and the GDPR. In case of dispute relating to data protection, French courts shall have jurisdiction after an attempt at amicable resolution.

Last update: December 2024
Version: 2.0
This privacy policy can be viewed and downloaded at any time on our website.