DENT TRANSPORT Privacy and Cookie Policy

  1. 1. Scope
  2. 2. Data Security
  3. 3. Provision of the websites
  4. 4. Cookies and similar technologies
  5. 5. Data Processing During Registered of Use Dent Transport Services and Booking Rides
  6. 6. Credit/Debit Card Data and mobile money Data
  7. 7. E-mail Advertising, Newsletter
  8. 8. Rights of Stakeholders
  9. 9. Automated Decisions
  10. 10. Data Erasure and Storage Duration
  11. 11. Amendment or Update of this Privacy Policy

1. Scope

We, Dent Transport Services take the protection of your personal data seriously and protect your privacy when processing your data in accordance with the applicable data protection regulations. This Privacy Policy will inform you as a visitor to the Dent Transport websites, as the user or the customer of Dent Transport’s online platform, or other Dent Transport services (referred to as “Dent Transport Services”) as to which personal data about you is processed by Dent Transport and for what purpose. Dent Transport services are not aimed at minors.

2. Data Security

Dent Transport uses appropriate technical and organizational security measures to ensure a level of protection for personal data appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and the degree of risk. The transfer of personal data between your end device and Dent Transport is generally carried out in an encrypted form (TLS encryption). You can identify an encrypted connection for example by the lock symbol in the address line of your browser.

If you communicate with us by e-mail, access by third parties cannot be ruled out. In the case of confidential information, Dent Transport therefore recommends using the mail or encrypted e-mail communication (PGP). Please let us know if you would like to correspond with us by e-mail in an encrypted form so that we can give you information on the relevant addresses and public keys.

3. Provision of the websites

When visiting Dent Transport websites for information purposes, i.e. even without being registered, data is automatically collected regarding the usage through your browser (hereinafter “surf data”). This includes your IP address, the status code, the Dent Transport websites visited, date and time of the server request, browser type and browser version, referrer (website visited beforehand), files transferred and data volume. The surf data is stored by Dent Transport in so-called log files. If you visit Dent Transport websites without having a Dent Transport account, we will not know who you are.

We inform you about the cookies and analysis services used by Dent Transport in section 4. Otherwise, your surf data will not be provided to third parties.

The processing of surf data is mainly carried out to establish and maintain the technical connection when surfing the internet. This data is also used by Dent Transport in a pseudonymized or anonymized form in order to analyze the use of our websites, to design and improve the Dent Transport services to meet demand, to recognize and eliminate technical or process-related disruptions and problems and to prevent illegal use of the Dent Transport services (e.g. fraudulent booking, cyberattacks).

Stored log files are erased or anonymized, provided they are no longer required to ensure the general functionality of Dent Transport services. Dent Transport retains the log files only insofar as you have consented to this or if there are legal retention obligations.

The legal basis for the processing of personal data when providing websites is Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). Insofar as you, as a Blacklane user or customer, have consented to an extended usage of your surf data, the legal basis is Art. 6 Paragraph 1 lit. a GDPR.

4. Cookies and similar technologies

Cookies and similar technologies may be used when using Dent Transport services. This is common with most large websites. Cookies are small text files, which can be stored on the user’s end device. Comprehensive information on the cookies and similar technologies used by Dent Transport can be found in our Cookies Policy. When visiting the website, Dent Transport will set the required cookies, which are technically necessary, to improve the functionality or make the use of Dent Transport services more user-friendly (e.g. language, login status). Dent Transport also uses its own cookies, as far as possible in a pseudonymized or anonymized form, in order to analyze and improve the usage of Dent Transport services, to detect and remedy interruptions and technical or process-related problems and to prevent illegal usage of Dent Transport services (e.g. fraudulent booking, cyberattacks). Additionally, Dent Transport uses its own cookies or similar technologies or those from advertising partners (e.g. search engine providers, advertising networks or distribution partners) in order to improve Dent Transport services or to measure, evaluate, design and improve advertising measures. Dent Transport uses different analysis tools in this regard. The evaluation is carried out in a pseudonymized or anonymized form as far as is possible. When registering as a user of Dent Transport’s services, you agree that we may process, in personalized form, the data collected by means of the cookies and similar technologies mentioned in the Cookie Policy for the mentioned purposes in connection with your account. This consent may be revoked at any time without any additional costs and with effect for the future. You may prevent the storage of cookies at any time using your browser settings and delete any cookies present. However, this may mean that some functions of Dent Transport’s services may not be available or available only to a limited extent. The storage duration is different depending on the cookie and can be inspected in your browser. The legal basis for the processing of personal data when using cookies, pixels or similar technologies is Art. 6 Paragraph 1 lit a (your consent) and lit f GDPR (Dent Transport’s legitimate interest).

5. Data Processing During Registered of Use Dent Transport Services and Booking Rides

Dent Transport processes the following personal data provided by you when you register and use Dent Transport Services or when you book rides (hereinafter “customer data”).

The customer data will be used for Dent Transport services, i.e. for the personalized fulfillment of the framework agreement after registration (creation, storage, administration and support of your Dent Transport account), for the procurement of booked rides and for the fulfillment of the contract of carriage for the benefit of the customer with the transport service provider. Dent Transport provides customer data to third parties, if necessary, in particular to the transport service providers so that the customer can be transported in accordance with their booking and the transport can be processed. If the customer has indicated a bonus program supported by Dent Transport, the data required in this regard is transmitted to the bonus program provider. The payment data collected is stored via a payment service provider and transferred to the intermediary financial service provider or bank (see Point 6.). The legal basis for the processing of personal data during registered use of Blacklane services and booking rides is Art. 6 Paragraph 1 lit b GDPR (contract performance). If the data subject provides additional, voluntary information (e.g. flight number, frequent flyer program, special requests), the legal basis is their consent according to Art. 6 Paragraph 1 lit a GDPR and our legitimate interest according to Art. 6 Paragraph 1 lif f GDPR. In addition, Dent Transport processes customer data in order to analyze, personalize and improve the use of Dent Transport services according to the demand, to advertise Dent Transport services, to detect, limit and eliminate technical or process-related disruptions and problems, and to prevent illegal use of Dent Transport services (e.g. fraudulent booking, cyberattacks). The legal basis for the processing of personal data is, in this respect, Art. 6 Paragraph 1 lit f GDPR (Blacklane’s legitimate interest). Data is not forwarded to recipients in this respect, unless it is a Dent Transport contractor (see Art. 28 GDPR) or otherwise legally permitted.

6. Credit/Debit Card Data and mobile money Data

All bookings with Dent Transport may be paid by credit/Debit card and mobile money. The credit/Debit card information only has to be stored once upon the first booking and is protected against unauthorized access. For this purpose, a certified payment provider is used whose systems meet the applicable security standards, such as for example PCI-DSS (Payment Card Industry Data Security Standard). The credit/Debit card data is stored by the contracted PCI DSS-certified payment provider for recurring transactions. The legal basis for the processing is, in this respect, Art. 6 Paragraph 1 lit b GDPR (contract performance). Dent Transport itself does not store credit/Debit card data or only in abbreviated form for analysis purposes or to prevent fraud. The legal basis for this is Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). In order to ensure that the credit card is used by the legitimate owner and to prevent cases of fraud, payment data and credit card information is transferred to one or more external payment security services. This transfer may also include additional personal data. The external payment security services are processing personal data on behalf of Dent Transport. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest of Dent Transport).

7. E-mail Advertising, Newsletter

If you have agreed to receiving advertising or if Dent Transport otherwise has the right, we will use your customer data to send you personalized advertising or general newsletters. The following data is mainly affected: Form of address, name, e-mail address. The purpose of the data processing is for Dent Transport to inform you regarding current offers and to draw attention to features of Dent Transport services. E-mail advertising and newsletters may contain pixels. In this case, a graphic file is inserted into the e-mail sent in HTML format, based on which a statistical evaluation may be carried out. By using pixels, Dent Transport can detect whether and when e-mails have been opened and links contained therein clicked. The legal base for the data processing is, insofar as you have separately and expressly consented, Art. 6 Paragraph 1 lit a GDPR (consent) and otherwise Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). Blacklane has the right, in context of legal permission according to Section 7 Paragraph 3 UWG, to use the e-mail address, which you have provided regarding a chargeable booking, to directly advertise its own, similar products or services. If you do not wish to receive advertising from Dent Transport for similar products or services, you may at any time revoke the corresponding use of your e-mail address without incurring any costs other than the transmission costs in accordance with the base tariffs. To this end, you can use the unsubscribe link contained in any mail or you can write an e-mail to us using the above-mentioned e-mail addresses (see section 2.).

8. Rights of Stakeholders

If your personal data is processed by Dent Transport, you are the data subject (Art. 4 No. 1 GDPR). As the data subject, you have the following rights in relation to the personal data affecting you:

8.1 Right to information (Art. 15 GDPR)

The data subject has the right to obtain a confirmation from the controller as to whether personal data is processed; if this is the case, they have a right of information about this personal data and further information on the data processing.

8.2 Right to rectification (Art. 16 GDPR)

The data subject has the right to obtain from the controller without undue delay the rectification or completion of inaccurate personal data.

8.3 Right to erasure (Art. 17 GDPR)

The data subject has the right to demand from the controller the erasure of personal data without undue delay and the controller is obliged to erase personal data without undue delay, provided the data is no longer required, the data subject revokes their consent or lodges an objection to the processing, the personal data was processed unlawfully or there is otherwise a ground for erasure within the meaning of Art. 17 GDPR and the controller does not have the right to object to erasure.

8.4 Right to the restriction of data processing (Art. 18 GDPR)

The data subject has the right to demand from the controller the restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies, namely the accuracy of the personal data is contested by the data subject or the processing is unlawful and the data subject opposes the erasure of the personal data.

8.5 Right to objection (Art. 21 GDPR)

Insofar as the data processing is based on a legitimate interest from our side (Art. 6 Paragraph 1 lif f GDPR) or is direct advertising, the data subject has at any time the right to lodge an objection to the processing of personal data affecting them for the reasons mentioned in Art. 21 GDPR. The controller will then no longer process the personal data, unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defense of legal claims.

8.6 Right to data portability (Art. 20 GDPR)

The data subject has the right within the meaning of Art. 20 GDPR to receive the personal data, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided.

8.7 Right to lodge a complaint (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.

9. Automated Decisions

In the case of Dent Transport, you are only subject to an automated decision process (see Art. 22 GDPR) in exceptional cases if you re-enter a payment method via which a payment has already previously failed or when current indications justify the suspicion that it is a fraudulent booking. In these cases, your request to book a ride with Dent Transport will be refused. Such an automatic decision is required to conclude the contract (Art. 22 Paragraph 2 lit a GDPR). The data subject has the option of contacting us using the mentioned contact data (see section 2) in order to have an explanation or an intervention by a person or to express their point of view.

10. Data Erasure and Storage Duration

We will erase your personal data as soon as the legal basis for its processing lapses. However, legal bases may also exist in parallel or a new one may intervene with the lapsing of a legal basis, such as for example the duty to store determined data to fulfill a legal retention obligation (e.g. according to commercial or tax law).

11. Amendment or Update of this Privacy Policy

Dent Transport may update and amend this Privacy Policy at any time. Users of Dent Transport services will be informed and may be requested to provide consent again.

Issued: March 30, 2020