Dent Transport uses appropriate technical and organizational security measures to ensure a level of protection for personal data appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and the degree of risk. The transfer of personal data between your end device and Dent Transport is generally carried out in an encrypted form (TLS encryption). You can identify an encrypted connection for example by the lock symbol in the address line of your browser.
If you communicate with us by e-mail, access by third parties cannot be ruled out. In the case of confidential information, Dent Transport therefore recommends using the mail or encrypted e-mail communication (PGP). Please let us know if you would like to correspond with us by e-mail in an encrypted form so that we can give you information on the relevant addresses and public keys.
When visiting Dent Transport websites for information purposes, i.e. even without being registered, data is automatically collected regarding the usage through your browser (hereinafter “surf data”). This includes your IP address, the status code, the Dent Transport websites visited, date and time of the server request, browser type and browser version, referrer (website visited beforehand), files transferred and data volume. The surf data is stored by Dent Transport in so-called log files. If you visit Dent Transport websites without having a Dent Transport account, we will not know who you are.
We inform you about the cookies and analysis services used by Dent Transport in section 4. Otherwise, your surf data will not be provided to third parties.
The processing of surf data is mainly carried out to establish and maintain the technical connection when surfing the internet. This data is also used by Dent Transport in a pseudonymized or anonymized form in order to analyze the use of our websites, to design and improve the Dent Transport services to meet demand, to recognize and eliminate technical or process-related disruptions and problems and to prevent illegal use of the Dent Transport services (e.g. fraudulent booking, cyberattacks).
Stored log files are erased or anonymized, provided they are no longer required to ensure the general functionality of Dent Transport services. Dent Transport retains the log files only insofar as you have consented to this or if there are legal retention obligations.
The legal basis for the processing of personal data when providing websites is Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). Insofar as you, as a Blacklane user or customer, have consented to an extended usage of your surf data, the legal basis is Art. 6 Paragraph 1 lit. a GDPR.
Dent Transport processes the following personal data provided by you when you register and use Dent Transport Services or when you book rides (hereinafter “customer data”).
The customer data will be used for Dent Transport services, i.e. for the personalized fulfillment of the framework agreement after registration (creation, storage, administration and support of your Dent Transport account), for the procurement of booked rides and for the fulfillment of the contract of carriage for the benefit of the customer with the transport service provider. Dent Transport provides customer data to third parties, if necessary, in particular to the transport service providers so that the customer can be transported in accordance with their booking and the transport can be processed. If the customer has indicated a bonus program supported by Dent Transport, the data required in this regard is transmitted to the bonus program provider. The payment data collected is stored via a payment service provider and transferred to the intermediary financial service provider or bank (see Point 6.). The legal basis for the processing of personal data during registered use of Blacklane services and booking rides is Art. 6 Paragraph 1 lit b GDPR (contract performance). If the data subject provides additional, voluntary information (e.g. flight number, frequent flyer program, special requests), the legal basis is their consent according to Art. 6 Paragraph 1 lit a GDPR and our legitimate interest according to Art. 6 Paragraph 1 lif f GDPR. In addition, Dent Transport processes customer data in order to analyze, personalize and improve the use of Dent Transport services according to the demand, to advertise Dent Transport services, to detect, limit and eliminate technical or process-related disruptions and problems, and to prevent illegal use of Dent Transport services (e.g. fraudulent booking, cyberattacks). The legal basis for the processing of personal data is, in this respect, Art. 6 Paragraph 1 lit f GDPR (Blacklane’s legitimate interest). Data is not forwarded to recipients in this respect, unless it is a Dent Transport contractor (see Art. 28 GDPR) or otherwise legally permitted.
All bookings with Dent Transport may be paid by credit/Debit card and mobile money. The credit/Debit card information only has to be stored once upon the first booking and is protected against unauthorized access. For this purpose, a certified payment provider is used whose systems meet the applicable security standards, such as for example PCI-DSS (Payment Card Industry Data Security Standard). The credit/Debit card data is stored by the contracted PCI DSS-certified payment provider for recurring transactions. The legal basis for the processing is, in this respect, Art. 6 Paragraph 1 lit b GDPR (contract performance). Dent Transport itself does not store credit/Debit card data or only in abbreviated form for analysis purposes or to prevent fraud. The legal basis for this is Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). In order to ensure that the credit card is used by the legitimate owner and to prevent cases of fraud, payment data and credit card information is transferred to one or more external payment security services. This transfer may also include additional personal data. The external payment security services are processing personal data on behalf of Dent Transport. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest of Dent Transport).
If you have agreed to receiving advertising or if Dent Transport otherwise has the right, we will use your customer data to send you personalized advertising or general newsletters. The following data is mainly affected: Form of address, name, e-mail address. The purpose of the data processing is for Dent Transport to inform you regarding current offers and to draw attention to features of Dent Transport services. E-mail advertising and newsletters may contain pixels. In this case, a graphic file is inserted into the e-mail sent in HTML format, based on which a statistical evaluation may be carried out. By using pixels, Dent Transport can detect whether and when e-mails have been opened and links contained therein clicked. The legal base for the data processing is, insofar as you have separately and expressly consented, Art. 6 Paragraph 1 lit a GDPR (consent) and otherwise Art. 6 Paragraph 1 lit f GDPR (Dent Transport’s legitimate interest). Blacklane has the right, in context of legal permission according to Section 7 Paragraph 3 UWG, to use the e-mail address, which you have provided regarding a chargeable booking, to directly advertise its own, similar products or services. If you do not wish to receive advertising from Dent Transport for similar products or services, you may at any time revoke the corresponding use of your e-mail address without incurring any costs other than the transmission costs in accordance with the base tariffs. To this end, you can use the unsubscribe link contained in any mail or you can write an e-mail to us using the above-mentioned e-mail addresses (see section 2.).
If your personal data is processed by Dent Transport, you are the data subject (Art. 4 No. 1 GDPR). As the data subject, you have the following rights in relation to the personal data affecting you:
The data subject has the right to obtain a confirmation from the controller as to whether personal data is processed; if this is the case, they have a right of information about this personal data and further information on the data processing.
The data subject has the right to obtain from the controller without undue delay the rectification or completion of inaccurate personal data.
The data subject has the right to demand from the controller the erasure of personal data without undue delay and the controller is obliged to erase personal data without undue delay, provided the data is no longer required, the data subject revokes their consent or lodges an objection to the processing, the personal data was processed unlawfully or there is otherwise a ground for erasure within the meaning of Art. 17 GDPR and the controller does not have the right to object to erasure.
The data subject has the right to demand from the controller the restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies, namely the accuracy of the personal data is contested by the data subject or the processing is unlawful and the data subject opposes the erasure of the personal data.
Insofar as the data processing is based on a legitimate interest from our side (Art. 6 Paragraph 1 lif f GDPR) or is direct advertising, the data subject has at any time the right to lodge an objection to the processing of personal data affecting them for the reasons mentioned in Art. 21 GDPR. The controller will then no longer process the personal data, unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defense of legal claims.
The data subject has the right within the meaning of Art. 20 GDPR to receive the personal data, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided.
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.
In the case of Dent Transport, you are only subject to an automated decision process (see Art. 22 GDPR) in exceptional cases if you re-enter a payment method via which a payment has already previously failed or when current indications justify the suspicion that it is a fraudulent booking. In these cases, your request to book a ride with Dent Transport will be refused. Such an automatic decision is required to conclude the contract (Art. 22 Paragraph 2 lit a GDPR). The data subject has the option of contacting us using the mentioned contact data (see section 2) in order to have an explanation or an intervention by a person or to express their point of view.
We will erase your personal data as soon as the legal basis for its processing lapses. However, legal bases may also exist in parallel or a new one may intervene with the lapsing of a legal basis, such as for example the duty to store determined data to fulfill a legal retention obligation (e.g. according to commercial or tax law).
Issued: March 30, 2020