Privacy Policy

Last updated: 2026-05-04

1. Data Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
KI-Taxi UG (haftungsbeschränkt)
Norderstraße 155, 24939 Flensburg, Germany
Email: info@taxi-ki.de
Phone: +49 155 10559409

2. General Information

The protection of your personal data is important to us. We process your data exclusively on the basis of statutory provisions (GDPR, German BDSG and TTDSG). This statement informs you about the type, scope and purpose of processing as well as your rights.

3. Booking and Contact Forms

When you use one of our booking forms (taxi, medical transport, airport transfer, city ride) or the contact form, we process the following data: name, phone number, email if provided, pickup and drop-off address, booking date/time, number of passengers and any optional notes you supply.

Purpose: handling and carrying out the requested transport, and contacting you for confirmation or follow-up questions.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures).
Transmission: form data is transmitted to our server via HTTPS and forwarded by email to our dispatch.

4. Address Autocomplete (Photon / Komoot)

As you type a pickup or drop-off address, your input is sent in real time to the Photon address search operated by Komoot GmbH (Geschwister-Scholl-Straße 71/72, 14471 Potsdam, Germany) in order to display matching suggestions. For technical reasons, your IP address is also transmitted.

Purpose: fast and accurate completion of the booking form, avoiding typos in addresses.
Legal basis: Art. 6 (1) (b) GDPR (carrying out the booking process at your request) and Art. 6 (1) (f) GDPR (legitimate interest in correct address capture). Photon is a free, OpenStreetMap-based project.

5. OpenStreetMap (Service Area Map)

On our home page we display our service area via an embedded map provided by the OpenStreetMap Foundation (St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom). When the map is loaded, your IP address is transmitted to OpenStreetMap servers.

Purpose: visualisation of our service area.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in clear presentation).
Further information is available in the OpenStreetMap Foundation Privacy Policy.

6. WhatsApp and Phone Links

Our site contains buttons that link directly to WhatsApp (Meta Platforms Ireland Ltd.) or to our phone number. No data is transmitted to WhatsApp/Meta unless you actively click such a link and open WhatsApp – this only happens at your initiative.

Legal basis: Art. 6 (1) (a) GDPR (consent through your click) or Art. 6 (1) (b) GDPR (initiating a transport request). The respective provider's privacy terms apply additionally.

7. Server Log Files

When you access our site, our hosting provider automatically collects technically required information in server log files: shortened or full IP address, date and time, requested page, browser and operating system, referrer URL.

Purpose: ensuring stable operation, detecting and defending against attacks, troubleshooting.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in IT security).
Retention: usually no longer than 14 days; longer in case of security incidents and only as necessary for investigation.

8. Abuse Protection (Rate Limiting)

To protect against spam and automated abuse, our form server stores a cryptographic hash (MD5) of your IP address together with the count of your form submissions for a maximum of 5 minutes. The entry is then automatically overwritten.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in protecting our systems).

9. Cookies and Local Storage

This website does not use any tracking or marketing cookies. We only use technically necessary browser storage (HTML local storage) for the following convenience features:

• theme – stores your selected light/dark display preference.
• kitaxi-cookie-dismissed-v1 – remembers that you have already dismissed this notice.

These entries contain no personal data and are not transmitted to any third party. They are exempt from consent under § 25 (2) (2) of the German TTDSG because they are strictly necessary for the functions you have requested. You can clear local storage in your browser at any time.

10. Analytics, Tracking and Advertising

We do not use Google Analytics, no Facebook pixel and no advertising or re-targeting tools. No data is shared with third parties for advertising purposes. Fonts and icons are served locally from our own server; no fonts or scripts are loaded from external CDNs (e.g. Google Fonts).

11. Processors and Recipients

We engage carefully selected service providers and have, where required, concluded data processing agreements pursuant to Art. 28 GDPR with them:

• Hostinger International Ltd. – website hosting and delivery of booking emails.
• Komoot GmbH – address suggestions via the Photon API (see section 4).
• OpenStreetMap Foundation – embedded map (see section 5).

We only share your personal data with further third parties when necessary to perform the contract (e.g. with the assigned driver) or where required by law (e.g. tax authorities). No data is transferred to countries outside the EU/EEA, except for calls to the OpenStreetMap servers (UK; covered by an EU adequacy decision).

12. Retention Periods

Booking and accounting data is stored for as long as required to perform the contract. Statutory retention obligations under the German Commercial Code (HGB) and Tax Code (AO) then apply – generally 6 to 10 years. Data is deleted once these periods expire.

13. Your Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR) with effect for the future

An informal message to info@taxi-ki.de is sufficient to exercise your rights.

14. Right to Lodge a Complaint

Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel, Germany
Web: www.datenschutzzentrum.de

15. Data Security

This website uses an encrypted connection (TLS/HTTPS), recognisable by the lock icon in your browser. We apply suitable technical and organisational measures to protect your data against loss, alteration or unauthorised access.

16. Changes to This Privacy Policy

We will update this statement whenever legal requirements or the technical implementation of the website change. Please check back regularly for the current version.