Policy of "Maxim" service on confidential data processing
This policy governs the collection and processing of private and other confidential data of natural persons via automation through the internet. This collection and processing are done by Maxim Service (hereinafter the “service”).
1. For the purpose of this agreement, the following terms shall mean:
1.1. Private data: Any information directly or indirectly related to a certain person. (private data subject)
1.2. Service: a person who independently organizes or executes the processing of the private data, also states the goal of such processing and determines the combination of data to be processed and the activities executable on such data.
1.3. Website: a complex of computer software and other existing data in the information system that can be accessed through the internet by domain names and/or network addresses. These names and addresses make the recognition of sites on the internet possible. The “service” uses these applications to provide services to the customers. The website address is: https://taximaxim.com/ and https://id.taximaxim.com/.
1.4. “Maxim Service” is a computer software to be installed on an applicant’s mobile phone and is governed by iOS and Android operating systems and is integrated with the “service’s” software-hardware complex and makes the applicant’s access to the database automatic.
1.5. Services: The services are information provided to the applicant by the “service”, in order for the applicant’s request to be accepted, processed and transmitted to the colleagues and the execution of such request be communicated back to the applicant. The subject and methods of providing services will be identified according to the customers’ offers on the site.
1.6. The applicant: A natural person who has requested services via the website, mobile, or calling the “service’s” number and has provided his private data for this purpose.
1.7. Colleague: A person who independently and with his own means provide transportation services by car, cargo delivery services or loading/unloading activities services to the applicant. The “Service” is not a transportation enterprise and as such does not provide transportation services.
1.8. Request: A request by the applicant for obtaining services from the colleagues.
1.9. Processing of private data: any activity or activities done on private data, with or without automation, including collection, recording, systematizing, saving, storing, organizing (updating, correcting) abstracting, using, communicating (distributing, providing, accessing), making un-private, blocking, deleting and eliminating private data.
1.10. Automatic processing of private data: processing private data by computer devices.
1.11. Providing private data: activities in order to obtain the private data of one person or a group.
1.12. Blocking private data: temporary halt in processing of private data (excluding instances when processing is necessary to identify private data)
1.13. Eliminating private data: activities that result in making the existing private data unrecoverable and/or result in eliminating the private data containers.
1.14. The private data information system: the totality of private data in the database and information technologies and technical instruments that make their processing possible.
1.15. Cookies: a complex of data sent by the website that is stored on the computer, mobile or other devices that the applicant uses to access the website and is used to store information about the applicant’s activities on the site.
1.16. Device ID: unique information that identifies the applicant’s device and is provided by the device itself or the mobile application.
2. When sending a request via the website, mobile application or calling the “service’s” number, the applicant agrees to this policy, including his agreement to the processing of his private data by the “service” in the instances when applicable laws require such agreement.
3. In the processing of private data, the applicant is entitled to:
3.1. Receive the information about the processing of his private data, including:
3.1.1. Confirmation of the processing of private data
3.1.2. Legal basis and the goal of the processing of private data
3.1.3. The methods and goals used for the processing of private data
3.1.4. Information about the title and location of the person processing the private data, information about persons (other than the “service’s” employees) who have access to the private data or about p
3.1.5. Persons to whom the private data can be disclosed, by virtue of other agreements or applicable laws.
3.1.6. The processed private data and their obtaining source, should there be no other mechanism in the applicable law for providing them.
3.1.7. The duration of the processing of private data and the duration of their storage
3.1.8. Knowledge of his rights and methods of enforcing them according to the applicable laws
3.1.9. Information about transmitting those data over the borders and the instances for doing so.
3.1.10. Last and first name, the name of the father and the address of the person who is in charge of the processing, if there is or there will be such a person.
3.1.11. Other information required by law
3.2. Require the “service” to complete, block or eliminate the data, if they are incomplete, imprecise, obtained by illegal means or unnecessary for stated goals of the processing and also do the necessary activities required by law to protect his rights.
3.3. Suing the “service” for commission or omission in a tribunal with jurisdiction regarding personal privacy and personal data or in courts, should the applicant think that the “service”, in the processing of his private data has breached the legal bounds or has prejudiced his personal rights and freedom in any other way.
3.4. Protecting his rights, including compensation even for moral damages through courts.
4. In the processing of the private data, the “service” undertakes to:
4.1. Provide the following information upon the request of the applicant:
4.1.1. Confirmation of the processing of private data
4.1.2. Legal basis and the goal of the processing of private data
4.1.3. The methods and goals used for the processing of private data
4.1.4. Name and the address of its headquarters, information about persons (other than employees) that have access to private data or persons to whom the private data may be disclosed due to contract or federal legislation.
4.1.5. The processed private data and their obtaining source, should there be no other mechanism in the applicable law for providing them.
4.1.6. The duration of the processing of private data and the duration of their storage
4.1.7. Knowledge of his rights and methods of enforcing them according to the applicable laws
4.1.8. Information about transmitting those data over the borders and the instances for doing so.
4.1.9. Last and first name, the name of the father and the address of the person who is in charge of the processing, if there is or there will be such a person.
4.1.10. Other information required by law
4.2. Implement measures to prevent unauthorized access to the applicant’s private data.
5. The goal of the agreement between the applicant and the “service” is to collect and process the applicant’s private data.
6. The applicant’s private data is stored in electronic containers and is processed by automated systems for processing private data.
7. The “service” collects and processes the following private data:
7.1. First name, last name, and the father’s name.
7.2. Date of birth
7.3. The registered phone number
7.4. Residence Address
7.5. Email address
8. The applicant may provide the following information to the “service” at his own discretion. Also, he can edit or delete them at his own discretion:
8.1. First and last name, father’s name
8.2. Date of birth
8.3. Residence address
8.4. Email address
9. In the following instances the applicant’s private data will be eliminated by the service:
9.1. After three years after completion of providing services
9.2. If the applicant retracts its agreement to processing his private data.
10. The elimination of the private data will be done in such a way as to be unrecoverable.
11. Only those who have a direct relation to providing services have access to the private data. The “service” may not disclose the applicant’s private data. Also, it does not grant access to the third parties except, for instances, when the applicable laws require such disclosure to governmental authorities.
12. The “service” employs the following measures to prevent unauthorized access to the applicant’s private data.
12.1. Employs staff in charge of organizing the processing of the private data.
12.2. Implement organizational and technical measures to ensure the security of applicant’s private data. Such measures are:
12.2.1. Identify the security threats in the system while processing the private data.
12.2.2. Employ a security system for premises that contain the information systems in a way to prevent unauthorized persons from entering said premises.
12.2.3. Provide for storage of private data containers.
12.2.4. Confirms the list of persons who have access to private data by virtue of their jobs.
12.2.5. Uses the necessary means to protect the private data from unauthorized access.
12.2.6. Evaluates the employed measures.
12.2.7. Makes the detection of unauthorized access to private data possible.
12.2.8. Recovers the data that has been deleted or corrupted due to unauthorized access (if such recovery is possible).
12.2.9. Regulates the access to private data in the system after their processing.
12.2.10. Control the measures employed for securing the private data and the level of security of information systems.
13. The applicant may request the “service” to complete, block or eliminate the data, if they are incomplete, imprecise, obtained by illegal means or unnecessary for stated goals of the processing. Also, he can retract his agreement for processing of said data. This is done through sending of a written request to the “service” with registered mail with the possibility of confirming the delivery or by personal handing in of such requests in the “service’s” premises. The address for the “service’s” offices is provided in the website. Such requests shall contain the following: The number of the principal identifying document of the applicant or his agent, information regarding the issuance date of such document and its issuer organization, the applicant’s residence address, information confirming the applicant and “service’s” cooperation (applicant’s identifying number), or information that confirms in any way the processing of the applicant’s private data, the request for completion, blocking or eliminating the applicant’s private data or notice for retracting the agreement to process such data, the applicant’s signature or that of his agent. The “service” is required to give a justified answer in 30 days since receiving of such requests or notices.
Geographical location information
14. The service obtains the geographical location of the applicant via the mobile application. This information is only transmitted to the service while using the mobile application. The applicant may prevent such transmitting at his own discretion through the settings in his device.
15. In order to execute the request, the service may share the applicant’s geographical location information to the colleagues who have accepted the request, in order to execute it.
16. For purpose of receiving services provided by the colleagues, the applicant can link a bank card to its Identifying number to pay without cash and through bank cards. This is done independently by the applicant on the mobile application and by filling the following information:
16.1. Bank card number
16.2. Bank card validation duration
17. Payments without cash via bank cards are done in accordance with regulations of international payment systems, Bank Indonesia and Financial Services Authority of Indonesia (Otoritas Jasa Keuangan) according to the principles of respecting privacy and the security of payment. The security of applicant’s information is ensured by payment card industry data security standard and nobody, not even the “service”, can receive them. Filling the bank card information is done on the protected payment page of the supporting bank that facilitates such payment.
18. The “service” may use the following cookie files:
18.1. Very necessary cookie files. These cookies are needed to transmit and use the requested services on the website. These cookies are used when registering the applicant and entering the system. Without them, the services requested by the applicant will be unavailable. These cookies are principle files and can be either transient or persistent. Without them, the site won’t work properly.
18.2. Exploitation cookies. These cookies will collect data about website usage statistics. They don’t collect the applicant’s private data. All data collected by them are statistical and unidentifiable. The goal of using them is to:
18.2.1. Obtain the site usage statistics.
18.2.2. Evaluating the effectiveness of advertising companies.
These cookies can be persistent and transient and they can be principal or secondary cookie files.
18.3. Operational cookies. These are used to keep the information provided by the applicant in memory. (For example, applicant’s name, language, and location) These files use anonymous information and do not track the applicant’s activities on other sites. The goal of using them is to:
18.3.1. Keeping in memory if certain services have been provided to the applicant.
18.3.2. Improving the quality of cooperation with the site, usually by saving the priorities of the applicant.
These cookies can be persistent and transient and they can be principal or secondary cookie files.
18.4. Advertising cookies. These cookies are used to limit visiting the advertisements. Also to evaluate the performance of advertising agencies. These cookies are used to manage the advertising content on the site. These cookies are put on the site by third parties, for example by third parties and their agents. They can be persistent or transient. These are related to the advertisement on the site that is provided by third parties.
19. Blocking or deleting cookies, and limiting their activities can be done through the applicant’s browser’s settings.
Information about applicant’s device
20. the information collected about the applicant’s device does not include any private data.
21. The goal of obtaining such information is to internally compute the applicants of the mobile application.
Data about telecommunication operator
22. The “service” obtains data about telecommunication operator which provides services to the applicant through the mobile application.
23. Such data does not include applicant’s private data.
24. The goal of obtaining such information is to automatically fill the information about the country of residence of the applicant and choosing the language of the applicant’s interface in the setting part of the mobile application.
25. The service saves the route records of the applicant. These records include the time of initiation of the request, the address to which the vehicle arrives, the destination address and the routes taken, the applicable tariff, payment method, and other information provided by the applicant.
26. The goal of collecting such information is to improve the quality of services through auto-filling the parameters of the request by previously provided information to shorten the request time.