.png)
Privacy Policy and Cookie Policy
1. Scope of Application
2. Name and Contact Details of the Controller
3. Contact Details oft he Data Protection Officer
4. Data Security
5. Provision of the Websites
6. Cookies, Pixels, and Similar Technologies
7. Specific Features for the Noblelane Apps
8. Social Media/Social Networks
9. Data Processing for Registered Use of Noblelane Services and Ride Bookings
10. Payment & Fraud Prevention
11. Communication withNoblelane
12. E-Mail, Advertising, Newsletter
13. Use of Data Processors by Noblelane
14. Data Subject Rights
15. Automated Decisions
16. Data Deletion and Retention Period
17. Amendment or Update of ThisPrivacy Policy
1. Scope of Application
We, Noblelane e.U. (“Noblelane”), take the protection of your personal data seriously and protect your privacy during its processing in accordance with the applicable data protection regulations.
This Privacy Policy informs you as a visitor of Noblelane websites, as a user or customer of the online platform of Noblelane, a Noblelane app, or other services of Noblelane (collectively also “Noblelane Services”)about which personal data about you is processed by Noblelane and for what purpose. The Noblelane Services are not intended for minors.
2. Name and Contact Details of the Controller
The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
Noblelane e.U.
Dampfgasse 9/2, 1100 Vienna, Austria
Email: info@noblelane.at
Further information about Noblelane can be found in the legal notice: https://www.noblelane.at/impressum
3. Contact Details of the Data Protection Officer
Our data protection officer is:Noblelane e.U.Dampfgasse 9/2, 1100 Vienna, Austria Email: info@noblelane.atYou can contact our data protection officer confidentially by mail at the above address.
4. Data Security
Taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risks, Noblelane implements appropriate technical and organizational security measures to ensure a level of protection appropriate to the risk for personal data. The transmission of personal data between your device and Noblelane is generallyencrypted (TLS encryption). You can recognize an encrypted connection, for example, by the lock symbol in your browser’s address bar.
If you communicate with us via email, access by third parties cannot be ruled out. Even in emails, Noblelane generally uses transport encryption. However, for confidential information, Noblelane recommends sending by regular mail or fully encrypted email communication (PGP). Please inform us if you wish to correspond with usvia encrypted email so that we can provide you with the relevant addresses and public keys.
5. Provision of the Websites
When you use Noblelane websites for informational purposes only — i.e., even without registering — data about the usage process is automatically collected by your browser (hereinafter “surf data”). This includes your IP address, status code, pages visited on the Noblelane website, date and time of the server request, browser type and version, referrer (previously visited page), transferred files, and data volume. The surf data is stored in so-called log files at Noblelane. If you visit the Noblelane websites without having a Noblelaneaccount, we do not know who you are. Otherwise, your surf data will not be passed on to third parties.
The processing of surf data mainly serves to establish and maintain the technical connection during internet browsing. In addition, this data is used by Noblelane – preferably pseudonymized or anonymized – to analyze the use of our websites, tailor and improve Noblelane services to demand, detect and fix technical or process-related disruptions and issues, and to prevent unlawful use of the Noblelane Services (e.g., fraudulent booking, cyberattacks).
Stored log files are deleted or anonymized once they are no longer required to ensure the generalfunctionality of the Noblelane Services. Noblelane retains log files beyond that only if you have consented or if there are legal retention obligations.The legal basis for processing personal data when providing the websites is Art. 6(1)(f) GDPR (legitimateinterest of Noblelane). If you are a user or customer of Noblelane, the legal basis is also Art. 6(1)(b) GDPR (contract performance). If you have consented to extended use of your surf data as a user or customer of Noblelane, the legal basis is Art. 6(1)(a) GDPR (your consent).
6. Cookies, Pixels, and Similar Technologies
When using Noblelane Services, cookies, pixels, or similar technologies may be used. This is standardpractice on most major websites. Cookies are small text files and pixels are small graphic files that can be stored on the user’s device.
When you use Noblelane Services, Noblelane sets cookies that are necessary to provide you with a functionyou requested (e.g., language, login status, cookie consent).
Additionally, if you have consented, Noblelane uses its own cookies and those of third parties to analyze andimprove the use of Noblelane Services, enhance and personalize features provided to you, detect and fix technical or process-related disruptions and problems, prevent illegal use of Noblelane Services (e.g., fraudulent bookings, cyberattacks), and for marketing purposes (including the measurement, analysis, and evaluation of advertising media). Your consent to the use of cookies by Noblelane is documented electronically via a consent management tool or platform (CMP) used by Noblelane. You can revoke your consent at any time with future effect or change your cookie settings; the easiest way is to adjust your cookie preferences within the CMP as desired.
You can also prevent the storage of cookies in your browser settings at any time and delete existing cookies. However, this may mean that some functions of the Noblelane Services may not be available or may be limited. The storage duration of each cookie varies and can be viewed in your browser.
The legal basis for processing personal data using cookies, pixels, and similar technologies is Art. 6(1)(a)GDPR (your consent) and Art. 6(1)(f) GDPR (legitimate interest of Noblelane for essential cookies, in connection with §25 TTDSG).
7. Specific Features for the Noblelane Apps
The Noblelane apps are an alternative access point to the Noblelane Services. Generally, the same type ofpersonal data processing takes place via the Noblelane apps as through the Noblelane websites or during registered use of the Noblelane Services.
When using the Noblelane apps, Noblelane may also access additional data related to the app or your device, such as device name, device manufacturer, model, operating system version, app or SDK version, and mode.
In addition, the Noblelane apps feature push notifications – messages triggered by Noblelane in your device’s app. You will only receive push notifications if you have consented to them on your device. The legal basis fordata processing is Art. 6(1)(a) GDPR (your consent).
8. Social Media / Social Networks
8.1 Social Media Appearances of NoblelaneNoblelane maintains pages on social networks, such as Twitter, LinkedIn, or Facebook. The respectiveprovider of the social network provides detailed information about which personal data is processed and how.In addition, please always note our notices on our profiles on the respective platforms.
9. Data Processing for Registered Use of Noblelane Services and Ride Bookings
Noblelane processes the following personal data provided by you during your registration and use of theNoblelane Services or when booking rides (hereinafter “Customer Data”):
· Personal data (salutation, title, first name, last name, company, address, postal code, city, country, password);
· Contact details (e.g., phone number, mobile phone number, email address);
· Contractual data (e.g., time and type of registration, status);
· Ride-related data (e.g., pickup location, destination, times, flight number, notes for the driver);
· Status (e.g., bonus program), customer history (e.g., previous rides);
· Billing (e.g., invoices, status, billing address) and payment data (e.g., last 4 digits of the credit card number).
The customer data is used for Noblelane Services, i.e., for personalized performance of the registration relationship (creation, storage, management, and maintenance of your account), for executing the bookingservice for rides, and for fulfilling your transportation contract with the service provider. Noblelane shares customer data with third parties, particularly transportation providers, as necessary for the customer to be transported according to their booking and for the ride and payment to be handled. If the customer has indicated a Noblelane-supported bonus program, the required data will be shared with the bonus program provider. Payment data collected is stored by a payment service provider and transferred to the engaged financial institutions or banks.
Personal data may be transferred to service providers in a third country outside the European Union or the European Economic Area where the ride is scheduled to take place. Noblelane generally cannot provide further information about the level of data protection in the third country. An adequacy decision (see Art. 45(3) GDPR) or appropriate safeguards (see Art. 46 GDPR) are not required, as the transfer is necessary for theperformance of a contract between the data subject and the controller or for pre-contractual measures at the data subject’s request (Art. 49(1)(b) GDPR), or because the transfer is necessary for the performance of a contract concluded in the data subject’s interest between the controller and another natural or legal person (Art. 49(1)(c) GDPR).
Customers have the option to rate a ride arranged by Noblelane. Ratings are stored in the customer profile and may be shared in anonymized form with the respective transportation provider or driver. The purpose of data processing within the rating system is to settle the ride and payment with the driver or provider and to analyze and improve Noblelane Services, e.g., to monitor proper ride execution, improve quality, and prevent or combat illegal use.
Ratings are usually stored for no more than 2 years and are then deleted or anonymized.
The legal basis for processing personal data when using Noblelane Services and booking rides is Art. 6(1)(b)GDPR (contract performance). If the data subject provides additional, voluntary information (e.g., flight number, frequent flyer program, driver notes, rating), the legal basis is your consent under Art. 6(1)(a) GDPR and our legitimate interest under Art. 6(1)(f) GDPR.
In addition, customer data is processed by Noblelane to analyze usage, tailor and personalize the services, improve them, advertise Noblelane Services, detect and resolve technical or procedural issues, and preventunlawful use of Noblelane Services (e.g., fraudulent bookings, cyberattacks). The legal basis for such data processing is Art. 6(1)(f) GDPR (legitimate interest of Noblelane). Data is not shared with recipients unlesswith Noblelane processors (see Art. 28 GDPR) or as otherwise permitted by law.
10. Payment & Fraud Prevention
10.1 Payment
All bookings with Noblelane can be paid by credit or debit card. Card information only needs to be enteredonce during the first booking and is protected against unauthorized access. A certified payment provider is used whose systems comply with applicable security standards, such as the PCI-DSS (Payment Card Industry Data Security Standard). For recurring transactions, card data is stored with the PCI-DSS-certified payment provider. The legal basis for this processing is Art. 6(1)(b) GDPR (contract performance).
Noblelane does not store card data itself or only stores it in shortened form for analysis or fraud prevention purposes. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interest of Noblelane).
Card payments are handled by the payment provider Stripe. The privacy policy for using Stripe can be found at: https://stripe.com/at/privacy.
For information about new security and verification procedures in connection with the so-called PaymentServices Directive (“PSD2”), please refer to our payment provider Stripe.
In addition to card payments, you can also pay your bookings via PayPal in our mobile apps (Android / iOS). In this case, based on Art. 6(1)(b) GDPR, personal data such as the email address of your PayPal account and information about your mobile device (e.g., device ID) is transmitted to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. More information on PayPal's data processing is available at: https://www.paypal.com/at/legalhub/paypal/privacy-full10.2 Fraud Prevention
To ensure that a payment method is being used by the rightful owner and to prevent fraud, IP addresses, email addresses, payment data, and card information may be transferred to one or more external fraud prevention service providers. This transfer may include additional personal data. The external fraud prevention providers process this data on behalf of Noblelane. The legal basis for this processing is Art. 6(1)(f)GDPR (legitimate interest of Noblelane).
As part of cardholder authentication, it may also be necessary for individual transactions that Noblelane requests a copy of an additional identification document (e.g., ID card, passport, driver's license) or a copy of the credit card. Noblelane will ask you to black out unnecessary data (e.g., the card number except the lastfour digits). The legal basis for this is Art. 6(1)(b) GDPR (contract performance), your consent (Art. 6(1)(a) GDPR), and our legitimate interest (Art. 6(1)(f) GDPR).
11. Communication with Noblelane
If you contact Noblelane (e.g., by phone call, contact form, feedback form, chat, messenger, email, or socialmedia such as Facebook, Instagram, Twitter), the data you provide will be processed to handle your requestand respond to your inquiry. The legal bases for this are Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (contract performance and initiation).
Data collected from such contact may also be used by Noblelane – preferably in pseudonymized oranonymized form – to tailor and improve Noblelane Services, to detect and resolve technical or procedural issues, and to prevent unlawful use of Noblelane Services (e.g., fraudulent bookings, cyberattacks). The legal basis for processing personal data is Art. 6(1)(f) GDPR (legitimate interest of Noblelane).
To carry out communication with the customer, Noblelane also uses external services and tools such as messenger services or chat support tools. The legal basis for processing personal data is Art. 6(1)(f) GDPR(legitimate interest of Noblelane). Where required, data processing agreements are in place with the respective providers.
In this context, we use Intercom as a communication medium, either by email or through in-product messages. The Intercom Messenger apps and inbox products may also provide access to third-party applications such asStripe. You should consult the privacy notices of these third parties for more information about how yourpersonal data is used. As part of our service agreements, Intercom collects publicly available contact and social information about you, such as your email address, gender, company, job title, photos, website URLs, social media handles, and physical addresses, to enhance your user experience.
For more information about Intercom’s privacy practices, visit: https://www.intercom.com/terms-and-policies#privacy.
Noblelane also offers various feedback channels to customers, including via external platforms. Such feedback is likewise used to process your concern and – preferably pseudonymized or anonymized – to improveNoblelane Services, to detect and resolve technical or process-related issues, and to prevent illegal use of the services (e.g., fraudulent bookings, cyberattacks). The legal basis for data processing, if you have expressly given consent, is Art. 6(1)(a) GDPR (consent), otherwise Art. 6(1)(f) GDPR (legitimate interest of Noblelane). Where required, data processing agreements exist with the respective providers of feedback tools. The respective feedback tool may contain additional information on what data is collected and processed.
12. Email, Advertising, Newsletter
If you have agreed to receive advertising or if Noblelane is otherwise permitted to do so, we use your customerdata to send you personalized advertising or general newsletters. This typically includes: salutation, name, and email address. The purpose of data processing is to inform you of current offers and highlight features of the Noblelane Services.
Email advertising and newsletters may include pixels. A graphic file is embedded into the HTML-formattedemail, allowing statistical analysis. These pixels enable Noblelane to see if and when emails were opened and whether links within were clicked.
The legal bases for processing are Art. 6(1)(a) GDPR (consent) if you have expressly consented, or otherwise Art. 6(1)(f) GDPR (legitimate interest of Noblelane) in conjunction with § 7(3) UWG. Under § 7(3) UWG, Noblelane is permitted to use the email address you provided during a paid booking for direct advertising of its own similar products or services. If you do not wish to receive advertising for similar products or services, you can object at any time at no cost other than standard transmission charges. You can use the unsubscribe link in each email or write to us at the email address provided above (see Section 2).
13. Use of Data Processors by Noblelane
Where Noblelane engages third parties in data processing – such as technical service providers or other Noblelane branches – this is always on behalf of Noblelane and only if these data processors provide sufficient guarantees that appropriate technical and organizational measures are implemented to ensure dataprocessing complies with data protection laws, especially under Art. 28 GDPR, and safeguards the rights of data subjects. If data processors are located in third countries, the data protection requirements for international transfers under Art. 44 et seq. GDPR are met. Suitable safeguards in third countries are usually ensured through an adequacy decision (Art.45(3) GDPR) or through standard contractual clauses (Art. 46(2)(c) GDPR in conjunction with Art. 93(2) GDPR).
14. Data Subject Rights
If your personal data is processed by Noblelane, you are a data subject (Art. 4 No. 1 GDPR). As a datasubject, you have the following rights regarding your personal data:
14.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed; if so, you have a right to access that data and further information about the processing.
14.2 Right to Rectification (Art. 16 GDPR)
You have the right to obtain the immediate rectification or, if necessary, completion of inaccurate personal data concerning you.
14.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the immediate deletion of personal data concerning you, and the controller is obligated to delete such data immediately if the data is no longer necessary, if you withdraw consent or object to the processing, if the data was unlawfully processed, or if there is another ground for deletion under Art. 17GDPR, and the controller is not otherwise entitled to refuse deletion.
14.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing if one of the conditions in Art. 18 GDPR applies, forexample, if the accuracy of the personal data is contested by you or the processing is unlawful and you oppose erasure.
14.5 Right to Object (Art. 21 GDPR)
If data processing is based on our legitimate interest (Art. 6(1)(f) GDPR) or for direct marketing purposes, you have the right to object at any time, based on the reasons stated in Art. 21 GDPR. We will then no longerprocess your personal data unless we can demonstrate compelling legitimate grounds or the processing serves the establishment, exercise, or defense of legal claims.
14.6 Right to Data Portability (Art. 20 GDPR)
Under Art. 20 GDPR, you have the right to receive the personal data concerning you that you provided to acontroller in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller without hindrance.
14.7 Right to Lodge a Complaint (Art. 77 GDPR)
Every data subject has the right to lodge a complaint with a supervisory authority under Art. 77 GDPR, without prejudice to other legal remedies.
14.8 Withdrawal of Consent (Art. 7(4) GDPR)
If data processing is based on your consent, you have the right to withdraw that consent at any time. For example, you may send an email to info@noblelane.at
Withdrawal of consent does not affect the legality of processing carried out before the withdrawal.
15. Automated Decisions
At Noblelane, you are only subject to automated decision-making (see Art. 22 GDPR) in exceptional cases – for example, if you re-enter a payment method that previously failed, or if there are actual indications of a potentially fraudulent booking. In these cases, your booking request will be declined by Noblelane. Such automated decisions are necessary for concluding the contract (Art. 22(2)(a) GDPR). You may contact us (see Section 2) to request an explanation, human intervention, or to present your viewpoint.
16. Data Deletion and Retention Period
We delete your personal data as soon as the legal basis for its processing ceases to exist. In some cases,legal bases may exist in parallel, or a new legal basis may apply once one lapses – such as the obligation to store certain data to comply with legal retention requirements (e.g., under commercial or tax law).
17. Amendment or Update of This Privacy Policy
Noblelane reserves the right to update or amend this Privacy Policy at any time without stating reasons, ifrequired by developments in legislation, case law, regulatory actions, or technical advances.
