Privacy Policy

Last Updated 19 July 2023

1. GENERAL

N.T. RESCUE LINE AUTO SERVICES LIMITED (hereinafter also referred to as the “Company” or “Rescue Line” or “We” or “Us”) is registered under the laws of the Republic of Cyprus, with registration number ΗΕ 40655. The Company provides Road Assistance, Accident Care and other related services as these are disclosed on its website from time to time (each, a “Service”, and collectively, the “Services”). The Company provides 24 hours support, through its internal call-center unit.

This Policy has been updated to comply with the requirements of the Data Protection regulation 679/2016/EU, which came into force on 25 May 2018 and the applicable local legislation.

At Rescue Line we respect your privacy, and we are committed to safeguarding the privacy and security of your Personal Data that we collect and/or process while using our websites, products or services.

This Policy intends to summarize the Company’s data protection practices and to help our associates, customers, prospective customers, job applicants, employees, website visitors and other third parties, understand our Personal Data collection, usage and disclosure practices to the extent that may be applicable to them. This Privacy Policy applies to all personal information that we collect and/or process.

Definitions:

“Personal Data”: (Article 4 of the GDPR) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Data Controller”: (Article 4 of the GDPR) this means the person or company that determines the purposes and the means of processing Personal Data.

“Data Processor”: (Article 4 of the GDPR) means a natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the controller.

2. APPOINTMENT OF A DATA PROTECTION OFFICER

The Company has appointed a Data Protection Officer who oversees compliance with data protection laws and regulations and acts as a point of contact for data subjects including clients, employees, associates and the Cyprus Data Protection Commissioner’s Office.

3. CONTACT DETAILS

If you have any questions or concerns about this policy, please contact the Data Protection Officer.

The Data Protection Officer for N.T Rescueline Auto Services Ltd can be contacted as per the below details:

4. PERSONAL DATA PROTECTION PRINCIPLES

We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:

  • Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
  • Collected only for specified, explicit and legitimate purposes (Purpose Limitation).
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimization).
  • Accurate and where necessary kept up to date (Accuracy).
  • Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).
  • Processed in a manner that ensures its security using appropriate technical and organizational measures to protect against unauthorized or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
  • Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
  • Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests).

We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).

5. THE TYPE OF PERSONAL INFORMATION WE PROCESS

We offer different services and may consequently hold different roles when we process Personal Data: 

  • as 'data controller': the Company acts as the Data Controller for the Personal Data you provide to us directly through our website, or other direct interactions, like a new hire application or requesting to receive our services, and we are processing such Personal Data on our behalf and for our own purposes. This means situations in which the Company determines the purposes and the means of such processing at its own discretion.
  • as 'data processor': the Company acts as the data processor for the Personal Data that is provide to us by any third party customer including, Insurance Companies, Car Rental Agents and other Organizations, and you become eligible to use our service or products or software in accordance to an agreement between the Company and any such third party customer. When the Company acts as the data processor, all processing of your Personal Data by the Company will be governed by a data processing agreement between the Company and the third party, and this data processing agreement will constitute the Company's legal basis for the processing. In such cases, the Company shall process your Personal Data on behalf of and based on the specific instructions given by our customer as the Controller. The subject-matter and duration of the processing, the nature and purposes of the processing, the type of Personal Data and categories of data subjects, together with the rights and obligations of the parties with respect to such processing will be covered by a data processing agreement (or equivalent terms) agreed between the Company and our customer.

Personal Data you provide to us

This personal information is typically provided directly by you when you apply for, or receive a quotation for one of our products or services.

Information will also be collected in relation to any other additional members or beneficiaries of our product or service. Please ensure that any beneficiaries are made aware of this privacy notice and ensure you obtain their permission before providing their information.

  • Membership details including your title, name, home address, email address and telephone contact details (including home and mobile telephone numbers)
  • Date of birth, age, or age range;
  • Name and contact details relating to any additional members or beneficiaries, for example family members covered by car breakdown cover;
  • Financial information including bank details, payment card information;
  • Vehicle details: make, model, color and vehicle registration number;
  • CV, driver’s license, ID, Social Insurance Number – (applicable to employees & job applicants).

It is important that any information you provide directly to us is accurate and correct, we recommend letting us know immediately if you need to change anything on your policy or your contact details. Providing false or inaccurate information in order to obtain a product or service may also result in services being restricted or cancelled.

Personal Data We collect

When you download and enable the use of our application ‘Driver APP’ (available only for employees) which is accessible through Play Store we collect the following data:

  • Geo-Location Data
    We may request access or permission to track location-based information from your mobile device, either continuously or while you are using the Application, to enable the effective exchange of information and performance of services. If you wish to change our access or permissions, you may do so in your device's settings and you can enable or disable location services when you use our Application at any time by way of your device settings.
  • Mobile Device Data
    Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you consent to provide.
  • Mobile Device Access
    We may request access or permission to certain features from your mobile device, including your mobile device's Bluetooth, camera and location. If you wish to change our access or permissions, you may do so in your device's settings.
  • Push Notifications
    We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device's settings.

Special types of personal information

We do not routinely require you to provide special types of personal information but there may be circumstances where you may need to provide this information to us, for example:

  • provide us with important health or wellbeing information when you request roadside assistance or accident care services;
  • provide us with information to allow us to provide extra help to those who are vulnerable;
  • provide us with information disclosed when using our Accident Care Helpline services;

This information will not be shared or used for any purpose other than to provide the product or service requested by you, and will only be processed where applicable data protection laws and regulations allow us to do so.

6. OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION

As a Road Assistance Company providing towing, accident care and call center services we have a legitimate business interest to use and collect your personal information necessary to offer an effective service and carry out our business activities.

Please see below the lawful bases for processing your personal data. At least one of these must apply whenever we process your personal data:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

7. HOW WE COLLECT YOUR INFORMATION

We collect personal information about you whenever you:

  • contact us to request our products or services (whether services provided directly by us or contractors acting on our behalf);
  • sent an inquiry through our website;
  • use our call-center;
  • are entering into an agreement with us;
  • apply for a job position within the Company;
  • interact with us via email or by phone;
  • use our application ‘Driver APP’ (available only for employees) which is accessible through Play Store.

In addition, we may receive Personal Data and information about you from third parties, such as insurance companies, car rental companies, trusted partners and other organizations, contracted with us to provide you with our services.

Trusted partners - remote support services
At RescueLine, to be able to provide you with remote support services, we have connected and use the technology services of Acty Icona Srl, which processes the personal data that may be processed strictly in accordance with the provisions of the Data Protection Policy of Acty Icona Srl .

Accordingly, if you wish, we can provide remote support services in the event of an accident or vehicle preview.

To be able to provide this remote service, we send you a text message (SMS), to the phone number that you will indicate to our operator. Through the SMS we provide you with a 'one time link'. If you agree to press it, you will allow the RescueLine responsible employee to see through your mobile phone camera, with a live connection "Live View", what will be recorded during your connection and which you will be asked to show with respect to your vehicle. You can terminate the connection immediately whenever you want, by ending the call. The RescueLine responsible employee can neither prevent the termination of the connection nor restore it, except by sending a new SMS that will contain a new link, as the use of the previous link is automatically canceled permanently by ending the call and its reactivation is not feasible.

The video, including the content and data that will be recorded, is collected for and on behalf of your insurance company and will be sent to it to have the required processing / analysis by it according to the needs and basis of which it has been collected. For any further information and/or clarifications, you may contact the Data Protection Officer in accordance with the details provided in point 3 of this Policy, entitled "CONTACT DETAILS"

Call Recordings
Calls, both inbound and outbound, may be recorded and monitored for training and quality purposes, to verify information, prevention of fraud, to manage complaints and to improve customer satisfaction.

8. RETENTION OF YOUR INFORMATION

We will keep your information for as long as is necessary to provide the services or products you have requested, for our own legitimate interests and to meet our statutory and legal obligations. Your information will always be kept in accordance with our internal retention policy and in compliance with the applicable legal and regulatory requirements.

For example, where you request road assistance services we will keep the information related to the incident so that we can fulfil the specific service arrangements you have requested and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the incident.

The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive quality services.

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. If you stop interacting with us as a customer, we will permanently delete and/or anonymise your information after 5 years.
In certain cases, personal Information may need to be retained for longer period necessary to meet legal, regulatory, and business requirements. Retention periods may be extended if we are required to preserve your Personal Data in connection with litigation, investigations, and proceedings.

9. LINKS TO OTHER SITES

Please be aware that our websites may contain links to other sites that are not governed by this Privacy Policy but by other privacy statements. We encourage users to review the privacy policy of each website visited before disclosing any personal information.

10. YOUR RIGHTS TO YOUR PERSONAL INFORMATION

Upon submission of a written ‘data subject access request’ by electronic mail to the appointed Data Protection Officer (DPO) at DPO@resculine.com.cy, you remain the rights to your personal information:

  • Right to be informed individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive information on how we process your personal data and a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Lodge complaints with the Data Commissionaire.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

11. WHO YOUR INFORMATION MAY BE SHARED WITH

We do not sell or share your personal information and/or data to third parties for third party direct marketing purposes.

In order to be able to provide you with our products and services we may need to share your information with:

  • Third parties instructed by us to provide services and products to us or to you on our behalf, such as:

    • external IT Service providers for website hosting and administration and IT management of our internal systems;
    • subcontractors who provide breakdown and recovery services during busy periods;
    • subcontractors and other specialists who help us provide products and services;
    • other professionals, external consultants and service providers such us:

      • Fraud detection and crime prevention consultants;
      • Regulatory Consultants;
      • Internal Auditors;
      • External Auditors;
  • Regulators and financial organisations: necessary for meeting our mandatory reporting requirements, financial organisations such as banks that allow us to make or receive payments, our professional advisors and any regulatory or governmental body, or any other supervisory body with rules and/or codes of practice to which we are subject, which requests or requires access to your information.

12. HOW WE KEEP YOUR INFORMATION SECURE

In line with the requirements of the Data Protection Regulation 679/2016/EU we have developed and implemented all necessary processes and procedures and we apply a range of measures both technical and organizational to keep your information safe and secure from unauthorized loss, misuse, alteration, or destruction.

Measures we take to keep your data secure include, but are not limited to:

  • making regular backups of files;
  • protecting company file servers and workstations with advance virus scanning software;
  • using a system of passwords so that access to data is restricted;
  • allowing only authorised staff into certain computer areas in the company;
  • using data encryption techniques to code data where required;
  • ensuring that staff are only given sufficient rights to any systems to enable them to perform their job function;

We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

13. COMPLAINTS

For any complaints that you may have relevant to your personal information you can contact the Data Protection Officer as per the details provided under point 3 of this Policy, titled ‘CONTACT DETAILS’.

We are committed to handle your information responsibly and to take all reasonable measures to resolve any concerns that you may have in a timely manner. However, if you are unhappy about the way we handle your concerns or your personal information, you have the right to contact the Cyprus Data Protection Commissionaire at commissioner@dataprotection.gov.cy to address your concerns or complaints.

14. CHANGES TO THE PRIVACY POLICY

Please be informed that we may modify or update our Privacy Policy from time to time to reflect our current privacy practices. When we make changes to this Policy the new version will be uploaded on our website and the date at the top of this page will be accordingly revised. We encourage you to visit our website regularly to ensure you are aware of any changes to the policy which are relevant to your personal information.