English
Français
Deutsch
Nederlands
ItalianoPrivacy Policy
Data Controller
Cabsy, Rue de la gare 5 bte 18, 4960 Malmedy, Belgium. Contact: <a href='mailto:privacy@cabsy.be'>privacy@cabsy.be</a><br><br><strong>Data Protection Contact</strong>: Franco Marcato, Manager — <a href='mailto:privacy@cabsy.be'>privacy@cabsy.be</a>
Processing Purposes
Respond to your contact requests, manage your MyCabsy account and provide our taxi services.
Legal Basis
Contract execution or pre-contractual measures (bookings and requests), legitimate interest (responding to messages) and your consent where applicable.
Data Collected
Identity and contact details, message content, booking history, payment information, geolocation data (for route calculation) and technical browsing data.
Retention Periods
In accordance with the principle of storage limitation (Article 5.1.e GDPR), we retain your data only for as long as necessary for the purposes for which it was collected:
| Data type | Retention period | Legal basis |
|---|---|---|
| Contact emails | 12 months after last exchange | Legitimate interest |
| Booking data | 2 years (active) + 5 years (archive) | Legal obligation (accounting, tax) |
| Payment data | 13 months maximum | Legal obligation (fraud prevention) |
| Customer accounts (MyCabsy) | Until deletion request or 3 years of inactivity | Contract performance |
| Geolocation data | Duration of trip + 24h (then deleted) | Contract performance |
| Access logs (security) | 12 months | Legitimate interest (security) |
| Consent cookies | 13 months maximum | Legal obligation (GDPR) |
Archiving: After the active retention period, some data is archived with restricted access to comply with our legal obligations (accounting, tax, legal).
Deletion: At the end of the retention periods, your data is securely and permanently deleted.
Recipients
Our hosting (OVHcloud) and messaging providers, strictly for service delivery.
Sub-processors and Data Transfers
In accordance with Article 28 of the GDPR, we work with the following sub-processors for the provision of our services. All have signed a Data Processing Agreement (DPA) ensuring the protection of your data.
| Sub-processor | Service | Data location | Safeguards |
|---|---|---|---|
| OVHcloud | Web hosting and databases | European Union (France) | ISO 27001 certified, GDPR compliant |
| Mollie | Online payment processing | European Union (Netherlands) | PCI-DSS and GDPR compliant |
| Google Maps | Mapping services | USA (with EU standard contractual clauses) | EU standard contractual clauses |
| Google Analytics 4 | Website statistical analysis | USA (with EU standard contractual clauses) | Google Consent Mode v2, EU standard clauses |
Data Transfers Outside the European Union
For providers located outside the EU (Google Maps, Google Analytics 4), we have implemented standard contractual clauses approved by the European Commission in accordance with Article 46 of the GDPR.
These clauses guarantee a level of protection equivalent to that of the European Union, particularly following the invalidation of the Privacy Shield by the Court of Justice of the EU (Schrems II ruling, 16 July 2020).
Data Processing Agreements (DPA)
All our sub-processors have signed a Data Processing Agreement (DPA) defining:
- The subject matter and duration of processing
- The nature and purpose of processing
- The types of data processed
- The categories of data subjects
- The sub-processor's obligations (confidentiality, security, assistance)
- Procedures in case of data breach
- Conditions for further sub-processing
These agreements are available upon request at: privacy@cabsy.be
Third-Party Services
Mollie for payments; Google Maps for maps; Lemon Pie for cookie consent management. Authentication is handled internally on our own European servers, without relying on an external provider. These third-party providers process data according to their own policies.
Your Rights
Access, rectification, erasure (Art. 17 GDPR), restriction, portability and objection. Contact: privacy@cabsy.be. Complaints can be filed with the APD/GBA.
Right to Lodge a Complaint with the Supervisory Authority
If you believe your data protection rights are not being respected, you may lodge a complaint with the Belgian supervisory authority:
Data Protection Authority (APD/GBA)
Rue de la Presse, 35
1000 Brussels
Belgium
Phone: +32 2 274 48 00
Email: contact@apd-gba.be
Website: https://www.autoriteprotectiondonnees.be
Online complaint form:
https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte
Languages: French, Dutch, German
You may also lodge a complaint with the supervisory authority of your country of residence if you reside in another EU Member State.
European Online Dispute Resolution platform:
https://ec.europa.eu/consumers/odr
Cookies and Local Storage
Essential cookies for session, authentication (cabsyClientToken, 7-day duration) and user experience. Lemon Pie records your GDPR consent preferences (accepted/rejected categories and consent timestamp). Analytics cookies (Google Analytics 4) may be placed only after your explicit consent via our cookie manager (tarteaucitron).