Privacy policy

This Privacy Policy describes how CAMINA LAB, SL. (hereinafter, “Drivania”) processes personal data collected through the domains drivania.com, accounts.drivania.com, booking.drivania.com, and suppliers.drivania.com, in compliance with Regulation (EU) 2016/679 (GDPR).

1. Data Controller

CAMINA LAB, SL
Tax ID: B64265408
Address: Jesús Serra Santamans, 2. bajos 08174 Sant Cugat del Valles (Barcelona)
Email: gdpr@drivania.com
Website: drivania.com
Telephone: +34 93 176 0215

Drivania acts as the controller of the personal data collected, determining the purposes and means of processing.

2. Data Collected and Purposes

Drivania collects and processes personal data for the following purposes, depending on the domain:

Responding to requests and queries: Managing requests made through contact forms or chatbots on websites and applications, to respond to queries or requests about our private chauffeur services.
Data: Name, email, telephone number, message (depending on the form).

Sending commercial communications: Sending newsletters and bulletins about Drivania’s services, promotions, and news, including personalized information based on interest and preference profiles.
Data: Email (drivania.com); name, email, company (accounts.drivania.com, booking.drivania.com).

Manage user registrations: Register and manage B2B user accounts at accounts.drivania.com, allowing access to platforms, personalization of services, and sending communications about activities.
Data: Email, first name, last name, phone number, company name, tax ID number, address, type of company, language, company size, frequency of use, referral code (some optional).

Process service reservations: Manage private driver reservations (transfers and hourly arrangements) at booking.drivania.com, including billing and coordination with suppliers.
Data: Name, tax ID number, billing address, reservation details (dates, destinations, preferences).

Manage suppliers: Coordinate contracts, services, and payments with drivers and fleets at suppliers.drivania.com.
Data: Name, tax ID number, bank details, fleet details, licenses.

Improve the browsing experience: Use analytical data to optimize the functionality and usability of websites, based on the use of cookies.
Data: Browsing data (e.g., pages visited, time spent on site) collected through cookies.

Create profiles for personalization: Analyze preferences, booking history, and usage data to offer services and communications tailored to the user’s interests.
Data: Booking data, interests, preferences, analytical data.

Manage social media: Interact with users on social media and send information about Drivania’s services and activities.
Data: Name, email, data provided in social media interactions.

Improve customer service: Record customer service chat interactions (available on websites and apps) to analyze and improve service quality, train our agents, understand the most frequently asked questions, and optimize our support processes.
Data: Name, email address, chat content.

3. Legal basis for processing

Data processing is based on:

Explicit consent (Art. 6.1.a GDPR): Subscription to newsletters (drivania.com) and use of analytical or advertising cookies.

Execution of a contract (Art. 6.1.b GDPR): Management of reservations (booking.drivania.com), accounts (accounts.drivania.com), and contracts with suppliers (suppliers.drivania.com).

Legal obligation (Art. 6.1.c GDPR): Compliance with tax, labor, or legal regulations.

Legitimate interest (Art. 6.1.f GDPR): In the case of recording customer service chat interactions, Drivania’s legitimate interest lies in improving the quality of the services offered through this channel, optimizing customer service efficiency, training our agents, and resolving queries effectively. Also for the improvement of services, statistical analysis, and sending communications related to contracted services, unless the data subject objects.

4. Recipients of the Data

Drivania shares personal data with third parties only when necessary to provide services, comply with legal obligations, or with the consent of the data subject.

Recipients include:

Data processors:

• Hosting provider: Amazon Web Services (AWS), which hosts the data on secure servers, with possible international transfers (see section 8). See privacy policy.
• Billing tool: Etendo (Openbravo), to process invoices and payment data.
• Email marketing tools: Mailchimp and Active Campaign, to send newsletters and commercial communications.
• Analysis tools: Google Analytics, PowerBI, and Looker Studio, to analyze website usage and generate statistical reports.
• Chatbots: we work with DIGITAL & TECH CONSULTING, S.L., its website helping.es as providers of chatbot services integrated into websites and applications, for customer support and lead capture.

All data processors are subject to contracts that guarantee compliance with the GDPR, including confidentiality and security clauses.

Other recipients:

• Private chauffeur service providers (e.g., chauffeurs and fleets at suppliers.drivania.com) to coordinate transfers and schedules.
• Public authorities, when required by law (e.g., Tax Agency).
• Payment platforms, to process transactions on booking.drivania.com.

Camina Lab, S.L. does not share, sell, or transfer personal data to third parties for commercial purposes unrelated to the private transportation services described, unless there is express consent from the interested party, a legal obligation, or it is necessary for the execution of the contracted services, in which case the appropriate guarantees will be applied in accordance with the General Data Protection Regulation (GDPR) and applicable regulations. For more information, please see our Privacy Policy.

5. Data Storage Duration

Drivania retains personal data for the time strictly necessary to fulfill the purposes described, according to the following criteria:

drivania.com:

• Newsletters and commercial communications: Emails and associated data are retained as long as the user does not revoke their consent by clicking on the unsubscribe link or contacting gdpr@drivania.com. Subsequently, they are blocked for a minimum of 3 years to comply with possible legal responsibilities (e.g., Law 34/2002, LSSI-CE).
• Queries via form or chatbot: The data is kept for the time necessary to resolve the request and for a minimum of 3 years, in accordance with legal deadlines for possible claims.

accounts.drivania.com:

• B2B accounts: Registration data (email, name, tax ID, etc.) is kept for as long as the contractual relationship is in force. After termination, it is blocked for a minimum of 5 years, in accordance with the General Tax Law (Art. 66), for tax and accounting purposes, or longer if necessary to resolve disputes.

booking.drivania.com:

• Reservations: Reservation data (name, tax ID number, billing details) is retained for the duration of the service and for a minimum of 5 years thereafter, in accordance with the legal deadlines for billing and tax liabilities (General Tax Law). Analytical data for profiles is retained until the user revokes consent, with a minimum block of 3 years.

suppliers.drivania.com:

• Suppliers: Driver and fleet data (name, tax ID number, bank details) are kept for the duration of the contractual relationship. After termination, they are blocked for a minimum of 5 years, in accordance with tax and contractual deadlines, or longer if necessary to comply with legal obligations.

Navegación y atención al cliente:

• Cookies and browsing data: These are kept until the user deletes the cookies or revokes consent, with a minimum blocking period of 3 years to comply with legal responsibilities.

Customer service chat:

• Records are kept until they are evaluated to improve the service and for a minimum of 3 years, according to legal deadlines.

Social media and profiles:

• Data related to interactions on social media or personalized profiles is retained as long as the user does not revoke their consent, with a minimum retention period of 3 years to comply with possible legal responsibilities.

Deletion and anonymization: Once the retention period has ended, the data is securely deleted or anonymized for statistical analysis, unless it is necessary to comply with legal obligations (e.g., court orders) or resolve contractual disputes. During the blocking period, the data is only used for legal purposes and not for other purposes.

6. Rights of Data Subjects

In accordance with the European Union’s General Data Protection Regulation (GDPR), and depending on the local regulations applicable in other jurisdictions, users have the following rights in relation to their personal data:

• Access: To know what personal data is processed, for what purpose, and how it is processed.
• Rectification: To correct inaccurate or incomplete data.
• Erasure: To request the deletion of data when it is no longer necessary for the purposes for which it was collected.
• Objection: To object to the processing of data based on legitimate interests, including the sending of commercial communications.
• Restriction: To restrict the processing of data in certain circumstances.
• Portability: Receive the data in a structured, commonly used, and machine-readable format, or transfer it to another controller when technically possible.
• Withdrawal of consent: Revoke the consent given for data processing at any time, without affecting the lawfulness of the previous processing.

To exercise these rights, you can contact us by sending an email to gdpr@drivania.com.

Drivania will respond to your request within a maximum period of one month, except in cases of particular complexity, where you will be informed of any necessary extension. If you reside in the European Union, you have the right to lodge a complaint with the data protection authority in your country of residence or in the place where you consider that an infringement has occurred. For users outside the EU, additional rights and procedures may apply in accordance with local legislation.

7. Security Measures

Drivania implements advanced technical and organizational measures to protect personal data, including:

• Segmentation by VPCs: Virtual private networks (VPCs) to isolate data and systems, minimizing the risk of unauthorized access.
• Role-based systems: Role-based access control (RBAC) to limit access according to employee roles.
• Encrypted and immutable backups: Backups encrypted with robust algorithms and protected against modification, ensuring secure recovery.
• Antivirus and anti-malware: Updated software to detect and neutralize threats on devices.
• USB device control: Restrictions to prevent the introduction of unauthorized devices.
• Disk encryption: Full Disk encryption on devices to protect data in case of loss or theft.
• VPN for data access: Use of secure Virtual private networks to remotely access sensitive systems and data.
• Cybersecurity training: Regular programs for employees on phishing prevention, best practices, and regulatory compliance.

In the event of a security breach, Drivania will notify the Spanish Data Protection Agency within a maximum of 72 hours and those affected if it is likely to pose a risk to their rights and freedoms.

8. International Data Transfers

Camina Lab SL (Drivania Chauffeurs) may transfer personal data outside the European Economic Area (EEA) due to the services of our data processors. These transfers are carried out with safeguards that protect the rights of data subjects, in accordance with Regulation (EU) 2016/679 (GDPR).

Providers and Safeguards

• Amazon Web Services (AWS) – Hosting:
  • Location: Servers in the EEA (France, Germany), with possible transfers to the US.
  • Safeguards: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), data encryption, opposition to non-compliant government requests.
• RouteOne – Customer management (own):
  • Location: Hosted on AWS (EEA, possible transfers to the US).
  • Safeguards: Same as AWS (DPF, SCC, encryption); priority configuration in the EEA.
• Mailchimp, Active Campaign – Email marketing:
  • Location: Servers in the US.
  • Safeguards: DPF, SCC, AES-256 encryption, SOC 2 audits.
• Google Analytics, PowerBI, Looker Studio – Analysis:
  • Location: Global servers, mainly US.
  • Guarantees: DPF, CCT, data anonymization, encryption, ISO 27001 certifications.

Drivania measures

• Priority to the EEA: we configure services to process data in the EEA whenever possible.
• Contracts: All suppliers sign agreements in accordance with Art. 28 of the GDPR.
• Assessments: we carry out impact Assessments to mitigate risks.
• Security: Encryption, access controls, and audits reinforce protection.

9. Consent for Commercial Communications

At drivania.com, consent for newsletters is obtained through unchecked checkboxes on forms. It can be revoked at any time via the unsubscribe link in the communications or by contacting gdpr@drivania.com.

At accounts.drivania.com and booking.drivania.com, communications related to contracted services are based on the contractual relationship with the option to opt out at any time.

10. Contact

For questions about this Privacy Policy, please contact:

Email: gdpr@drivania.com

Last updated: April 24, 2025