Romygo Logo
Log inSign Up

Romygo GDPR Privacy Policy

Effective Date: May 13, 2026

At Romygo, protecting your personal data is a fundamental priority. As a technology company operating within Romania and the European Union, we are fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Romanian data protection laws.

This Privacy Policy explains how Romygo ("we," "us," or "our") collects, uses, shares, and protects the personal information of our Riders, Drivers, and website visitors (collectively, "Users"). By using the Romygo platform, you acknowledge the data practices outlined in this document.

1. Data Controller Information

For the purposes of the GDPR, the Data Controller responsible for your personal information is:

  • Company Name: Romygo SRL
  • Jurisdiction Country: Romania
  • Data Protection Officer (DPO) Contact: info@romygo.com

2. Information We Collect

We collect information that you provide directly to us, information generated automatically during your use of the platform, and information from third-party sources.

2.1. Information You Provide Directly
  • Account Data: Name, email address, mobile phone number, physical address, and profile picture.
  • Verification Data (Drivers): Government-issued identification, Romanian driving license, vehicle registration, and commercial insurance (RCA) documents.
  • Financial Data: Credit card details, bank account information, and billing addresses (processed securely by our third-party payment gateways).
  • Communication Data: Messages sent to customer support or in-app communications between Riders and Drivers.
2.2. Information Collected Automatically
  • Location Data (GPS): We collect precise or approximate location data from your mobile device when the Romygo app is running in the foreground or background to calculate fares, facilitate pickups, and ensure safety.
  • Usage Data: Information about how you interact with our services, including access dates and times, app features viewed, and ride history.
  • Device Data: Hardware models, device IP addresses, operating systems, unique device identifiers, and mobile network information.

3. Legal Basis and Purpose for Processing Data

Under the GDPR, we only process your personal data when we have a lawful basis to do so.

3.1. Contractual Necessity

We process your data to fulfill our Terms and Conditions and provide the rideshare service.

  • Creating and managing your Romygo account.
  • Facilitating the connection between Riders and Drivers.
  • Calculating fares, processing payments, and generating receipts.
3.2. Legitimate Interests

We process data to improve our services and protect our community, provided these interests do not override your fundamental rights.

  • Tracking vehicle locations to ensure the physical safety of Riders and Drivers.
  • Preventing, detecting, and combating fraud or unsafe activities.
  • Analyzing platform usage to improve app functionality and dispatch algorithms.
3.3. Legal Obligation

We process and retain data to comply with Romanian and EU laws.

  • Retaining financial records for Romanian tax authorities (ANAF).
  • Assisting law enforcement agencies in valid criminal investigations.

4. How We Share Your Information

Romygo does not sell your personal data. We only share your information in specific circumstances necessary to operate our platform.

4.1. Sharing Between Users

To facilitate a ride, we share the Rider's first name, pickup/drop-off location, and rating with the Driver. We share the Driver's first name, photo, vehicle details, license plate, live location, and rating with the Rider.

4.2. Third-Party Service Providers

We share necessary data with trusted vendors acting as Data Processors on our behalf.

  • Payment processing gateways (e.g., Stripe, Adyen).
  • Cloud storage and infrastructure providers (e.g., AWS, Google Cloud).
  • Background check and identity verification agencies.
4.3. Legal and Regulatory Authorities

We may disclose your data to Romanian authorities, courts, or law enforcement if required by law, or to protect the safety, rights, and property of Romygo, our users, or the public.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy.

  • Active Accounts: User profile data is kept for the lifetime of your active Romygo account.
  • Financial Records: Payment and transaction histories are retained for up to 10 years to comply with Romanian accounting and tax laws.
  • Safety Records: Data regarding user bans, severe safety incidents, or fraud investigations may be retained indefinitely to prevent banned users from accessing the platform again.

6. Your Rights Under the GDPR

As a resident of the European Economic Area (EEA), you possess comprehensive rights regarding your personal data.

  • Right to Access: You may request a copy of the personal data Romygo holds about you.
  • Right to Rectification: You may update, correct, or complete inaccurate personal data through your app settings or by contacting support.
  • Right to Erasure (Right to be Forgotten): You may request the deletion of your account and personal data. We will comply, except where data must be retained for legal compliance or dispute resolution.
  • Right to Restrict Processing: You may request that we temporarily halt the processing of your data under specific conditions.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your data for direct marketing purposes or where we rely on legitimate interests.

7. International Data Transfers

Romygo primarily stores and processes data within the European Economic Area (EEA). If we transfer your data to third-party processors located outside the EEA, we ensure strict GDPR compliance by utilizing approved safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) and binding corporate rules.

8. Security Measures

We implement advanced technical and organizational measures to protect your data against unauthorized access, loss, or alteration.

  • End-to-end encryption for payment processing and sensitive data transmission.
  • Strict role-based access controls for Romygo employees handling personal data.
  • Regular cybersecurity audits and vulnerability testing of the Romygo platform.

9. Lodging a Complaint

If you believe your data privacy rights have been violated, we encourage you to contact our Data Protection Officer first at info@romygo.com. You also have the right to lodge a formal complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP - Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) or your local EU supervisory authority.