This Policy governs the collection and processing of private and other confidential data of natural persons via automation through the internet. This collection and processing are done by ride-hailing service “Maxim”. (Hereinafter “Service” / “Maxim Service”).
1. For the purpose of this agreement, the following terms shall mean:
1.1. "Private data": Any information directly or indirectly related to a certain person. (Private data subject)
1.2. "Service"/ “Maxim Service”: a legal entity which independently organizes or executes the processing of the private data, also states the goal of such processing and determines the combination of data to be processed and the activities executable on such data.
1.3. "Website": a complex of computer software and other existing data in the information system that can be accessed through internet address: https://taximaxim.ir/. Service uses this website to provide services to the Applicants and Users.
1.4. “maxim: order a car" is a computer software to be installed on Applicant’s mobile phone and governed by iOS, Android, operating systems integrated with Service’s software-hardware complex and makes Applicant’s access to the database automatic.
1.5. "Services": The Services are information provided to Applicant by Service, in order for Applicant’s request to be accepted, processed and transmitted to the Users and the execution of such request be communicated back to User. The subject and methods of providing services will be identified according to Work Rules of Maxim Service accessible on the link on the website: https://taximaxim.ir/en/term/offer/.
1.6. "Applicant": A natural person who has requested services via Website, mobile application, or Call-center’s Operator and has provided his private data for this purpose.
1.7. "Users": A person who independently and with his own means provides transportation services by car, cargo delivery services or loading/unloading services to Applicant. Service is not a transportation enterprise and as such does not provide transportation services.
1.8. "Request": A request for a trip made by Applicant for obtaining services from the Users.
1.9. "Processing of private data": any activity or activities done on private data, with or without automation, including collection, recording, systematizing, saving, storing, organizing (updating, correcting) abstracting, using, communicating (distributing, providing, accessing), making un-private, blocking, deleting and eliminating private data.
1.10. "Automatic processing of private data": processing private data by computer devices.
1.11. "Providing of private data": activities in order to obtain the private data of one person or a group.
1.12. "Blocking of private data": temporary halt in processing of private data (except the cases when processing is necessary to identify private data).
1.13. "Eliminating of private data": activities that result in making the existing private data unrecoverable and/or result in eliminating the private data containers.
1.14. "The private data information system": the assemblage of private data in the database, as well as information technologies and technical instruments that make the processing possible.
1.15. "Cookies": a complex of data sent by Website that is stored on a computer, mobile or other devices that Applicant uses to access Website and is used to store information about Applicant’s activities on Website.
1.16. "Device ID": unique information that identifies Applicant’s device and is provided by the device itself or the mobile application.
2. When sending a request via Website, mobile application or Call-center's Operator, Applicant agrees to this Policy, including his consent to the processing of his private data by Service in the instances when applicable laws require such consent.
3. While processing of private data, Applicant is entitled to:
3.1. Receive the information about the processing of his private data, including:
3.1.1. Confirmation of the processing of private data;
3.1.2. Legal basis and the goal of the processing of private data;
3.1.3. The methods and goals used for the processing of private data;
3.1.4. Information about the person processing the private data, information about persons (other than Service’s employees) who have access to the private data or about persons to whom the private data can be disclosed, by virtue of other agreements or applicable laws;
3.1.5. The processed private data and their obtaining source, should there be no other mechanism in the applicable law for providing them;
3.1.6. The duration of the processing of private data and the duration of their storage;
3.1.7. Knowledge of his rights and methods of enforcing them according to the applicable laws;
3.1.8. Information about the person who is in charge of the processing, if there is or there will be such a person;
3.1.9. Other information required by law.
3.2. Require Service to complete, block or eliminate the data, if they are incomplete, imprecise, obtained by illegal means or unnecessary for stated goals of the processing and also do the necessary activities required by law to protect his rights.
3.3. Request Service to stop sending marketing materials to Applicant's email.
3.4. Protect his rights, including compensation even for moral damages through courts.
4. In the processing of the private data, Service undertakes to:
4.1. Provide the following information upon the request of Applicant:
4.1.1. Confirmation of the processing of private data;
4.1.2. Legal basis and the goal of the processing of private data;
4.1.3. The methods and goals used for the processing of private data
4.1.4. Information about persons (other than employees) that have access to private data or persons to whom the private data may be disclosed due to contract or applicable law;
4.1.5. The processed private data and their obtaining source, should there be no other mechanism in the applicable law for providing them;
4.1.6. The duration of the processing of private data and the duration of their storage;
4.1.7. Knowledge of his rights and methods of enforcing them according to the applicable laws;
4.1.8. Information about the person who is in charge of the processing, if there is or there will be such a person;
4.1.9. Other information required by law.
4.2. Implement measures to prevent unauthorized access to Applicant’s private data.
5. The goal of the agreement between Applicant and Service is to collect and process Applicant’s private data.
6. Applicant’s private data is stored in electronic containers and is processed by automated systems for processing private data.
7. Service collects and processes Applicant’s following private data:
7.1. First name, last name, and the father’s name;
7.2. Date of birth;
7.3. The registered phone number;
7.4. Location address;
7.5. Email address;
8. Applicant may provide the following information to Service at his own discretion. Also, he can edit or delete them at his own discretion:
8.1. First and last name, father’s name;
8.2. Date of birth;
8.3. Location address;
8.4. Email address. Service is entitled for sending marketing materials to Applicant’s email. Applicant may refuse from receiving such materials by sending the appropriate request to Service.
9. In the following instances Applicant’s private data will be eliminated by Service:
9.1. After three years after completion of providing services;
9.2. If Applicant retracts its consent to processing his private data.
10. The elimination of the private data will be done in such a way as to be unrecoverable.
12. Service employs the following measures to prevent unauthorized access to Applicant’s private data:
12.1. Employs staff in charge of organizing the processing of the private data;
12.2. Implement organizational and technical measures to ensure the security of Applicant’s private data. Such measures are:
12.2.1. Identifying the security threats in the system while processing the private data;
12.2.2. Employing a security system for premises that contain the information systems in a way to prevent unauthorized persons from entering said premises;
12.2.3. Providing safety of private data storage;
12.2.4. Confirming the list of persons who have access to private data by virtue of their jobs;
12.2.5. Using the necessary means to protect the private data from unauthorized access;
12.2.6. Evaluating the employed measures;
12.2.7. Making the detection of unauthorized access to private data possible;
12.2.8. Recovering the data that has been deleted or corrupted due to unauthorized access (If such recovery is possible);
12.2.9. Regulating the access to private data in the system after their processing;
12.2.10. Controling the measures employed for securing the private data and the level of security of information systems.
13. Applicant may request Service to complete, block or eliminate the data, if they are incomplete, imprecise, obtained by illegal means or unnecessary for stated goals of the processing. Also, he can retract his consent for processing of said data. This is done through sending of a written request to Service through post mail, email or by personal handing of such requests in Service’s premises. The contact information of Service is available here: https://taximaxim.ir/contacts/. Such requests shall contain the following: The number of ID document of Applicant or his representative, the issuance date of a such document, Applicant’s residence address, information confirming Applicant’s and Service’s cooperation (Applicant’s identifying number), or information that confirms in any way the processing of Applicant’s private data, the request for completion, blocking or eliminating Applicant’s private data or notice for retracting the consent to process such data, Applicant’s or his representative’s signature. Service is required to give a justified answer in 30 days since receiving of such requests or notices.
Geographical location information
14. Service obtains the geographical location of Applicant via mobile application. This information is only transmitted to Service while using mobile application. Applicant may prevent such transmitting at his own discretion through the settings in his device.
15. In order to execute the request, Service may share Applicant’s geographical location information to the Users who have accepted the request and execute the order.
16. For purpose of receiving services provided by the Users, Applicant can link a bank card to its Identifying number to pay without cash and through bank cards. This is done independently by Applicant through mobile application and by filling the following information:
16.1. Bank card number
16.2. Bank card validation duration
17. Payments without cash via bank cards are done in compliance with regulations about payment systems in Iran Central Bank of Iran and SHAPARAK according to the principles of respecting privacy and the security of payment. Filling the bank card information is done on the protected payment page of the supporting bank that facilitates such payment.
18. Service may use the following cookie files:
18.1. Very necessary cookie files. These cookies are needed to transmit and use the requested services on Website. These cookies are used when registering Applicant and entering the system. Without them, the services requested by Applicant will be unavailable. These cookies are principle files and can be either transient or persistent. Without them, Website won’t work properly.
18.2. Exploitation cookies. These cookies will collect data about Website usage statistics. They don’t collect Applicant’s private data. All data collected by them are statistical and unidentifiable. The goal of using them is to:
18.2.1. Obtain Website usage statistics.
18.2.2. Evaluating the effectiveness of advertising companies.
These cookies can be persistent and transient and they can be principal or secondary cookie files.
18.3. Operational cookies. These are used to keep the information provided by Applicant in memory. (For example, Applicant’s name, language, and location) These files use anonymous information and do not track Applicant’s activities on other sites. The goal of using them is:
18.3.1. Keeping in memory if certain services have been provided to Applicant.
18.3.2. Improving the quality of cooperation with Website, usually by saving the priorities of Applicant.
These cookies can be persistent and transient and they can be principal or secondary cookie files.
18.4. Advertising cookies. These cookies are used to limit visiting the advertisements. And to evaluate the performance of advertising agencies. These cookies are used to manage the advertising content on Website. These cookies are put on Website by third parties, for example by those who post advertisement and their agents. They can be persistent or transient. These are related to the advertisement on Website that is provided by third parties.
19. Blocking or deleting cookies, and limiting their activities can be done through Applicant’s browser’s settings.
Information about Applicant’s device
20. The information collected about Applicant’s device does not include any private data.
21. The goal of obtaining such information is to internally compute Applicants of the mobile application.
Data about telecommunication operator
22. Service obtains data about telecommunication operator which provides services to Applicant through the mobile application.
23. Such data does not include Applicant’s private data.
24. The goal of obtaining such information is to automatically fill in the information about Applicant’s country of residence of and choose the language of Applicant’s interface in the setting part of the mobile application.
25. Service saves the route records of Applicant. These records include the time of initiation of the request, the address to which the vehicle arrives, the destination address and the routes taken, the applicable tariff, payment method, and other information provided by Applicant.
26. The goal of collecting such information is to improve the quality of services through auto-filling the parameters of the request by previously provided information to shorten the request time.