GDPR Compliance

MetroLivery.com, a website offering chauffeured transportation services, holds the privacy of its users in high regard. We understand that personal data, including names, contact information, travel preferences, and potentially financial details, is entrusted to us, and we are committed to protecting it in accordance with the General Data Protection Regulation (GDPR).

1. Data Inventory and Legal Basis:
   • Comprehensive Data Mapping:
     We have conducted a thorough analysis to identify and map all personal data we collect through various channels, including online forms, reservations, phone calls, and cookies.
   • Clear Legal Basis Definition:
     Each data type is processed based on a clearly defined legal basis, such as user consent, contractual necessity, or legitimate interests. We will provide transparent information about the legal basis for each data processing activity in our privacy policy.
   • Defined Retention Periods:
     We have established clear retention periods for each data type, considering legal and business requirements before securely deleting it. This ensures we only store data for as long as necessary.
2. Transparency and User Rights:
   • User-Friendly Privacy Policy:
     Our privacy policy is written in clear and concise language, easily accessible on our website. It explains what data we collect, why we collect it, how we use it, and how users can exercise their rights under GDPR.
   • Seamless Data Access:
     We provide users with various methods to readily access, download, and correct their personal information upon request. This includes a user-friendly online portal and dedicated support channels.
   • Data Erasure Procedures:
     We have implemented a system for users to request the erasure of their data under GDPR's "right to be forgotten" provision. We will assess and respond to such requests promptly and securely.
3. Security and Data Protection:
   • Robust Security Measures:
     We have implemented robust technical and organizational measures to protect user data, including encryption, access controls, regular security audits, and penetration testing. We continuously evaluate and update our security measures to stay ahead of evolving threats.
   • Data Protection Training:
     Our staff undergoes regular training on GDPR requirements and best practices for handling user data responsibly. They are equipped to identify and address potential data protection risks.
   • Data Breach Response Plan:
     We have a comprehensive data breach response plan in place to promptly notify users and authorities in case of a data breach. This plan outlines clear steps for containment, investigation, and remediation to minimize the impact of any incident.
4. International Transfers:
   • Safeguards for Cross-Border Transfers:
     In cases where user data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place. This may involve standard contractual clauses approved by the European Commission or other GDPR-compliant transfer mechanisms.
5. Additional Considerations:
   • Protecting Children's Privacy:
     If we collect data from children, we obtain verifiable parental consent and comply with stricter data protection rules outlined in the GDPR.
   • Transparency in Profiling and Automated Decision-Making:
     We are transparent about any profiling activities we conduct and ensure they comply with GDPR limitations. We do not engage in automated decision-making that significantly impacts users.
   • Data Protection Officer (DPO):
     We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance efforts and acting as a contact point for users and supervisory authorities.