EN
EN DE

Privacy Policy lbase Driver App  

Privacy Policy lbase Driver App

1.1 Introduction

The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG, DSG). In this privacy policy, we inform you about the most important aspects of data processing in connection with the use of the lbase Driver App.  

Responsible party and role explanation

The lbase Driver App is a B2B application from Axians ICT Austria GmbH. The responsible party within the meaning of the GDPR is generally the respective customer who uses the app to carry out their transport processes. Axians ICT Austria GmbH processes personal data exclusively as a processor in accordance with Art. 28 GDPR.

1.2 Data Protection Officer

Mlynar Vladimir - Data Protection Officer, Axians ICT Austria GmbH

1.3 Data collection

When you use the lbase Driver app, various personal data is collected and transmitted to the lbase application server.
This includes:

  • Master data
    • Driver name
  • Usage data / technical data
    • Operating system
    • Battery level
    • Device type
    • Energy saving mode
    • Device identification number
  • Location data
    • GPS
    • Tour positions
    • Time stamp
  • Tour data & operational process data
    • Tour start and end
    • Mileage
    • Stop times
    • Status messages
  • Content data
    • Photos
    • Electronic signatures from drivers and recipients

1.4 Purpose and legal basis of processing

We use the collected data to display tours in full, plan them, and process them properly. The GPS data enables us to track the route traveled and display the current driver position. When installing the app, users are informed that GPS recording will take place and that the relevant permissions are required for this. GPS recording starts automatically at the beginning of the tour and runs in the background. From this point on, the user receives a notification in the notification center; on iOS devices, an additional display appears in Dynamic Island. When the tour ends, GPS recording stops automatically. Location processing does not take place outside of active tours.

Photos, documents, and signatures are used to document pickups, deliveries, and any damage. Status messages help to map transport processes completely and comprehensibly.

Technical log and device data are used to ensure the stability of the app, analyze sources of error, and support technical support.
To provide offline capability for the app, collected information is stored in the local store until a connection to the backend is established.

Overview of processed personal data, purposes, and legal bases
Type of dataIntended useLegal basis
Driver master data (name) Identification of the driver during tour processing; assignment of tour data, status reports, photos, and signaturesArt. 6 Sec. 1 point b GDPR (performance of a contract), Art. 6 Sec. 1 point f GDPR (legitimate interest: clear assignment of processes)
Usage data / technical data (operating system, battery level, device type, energy-saving mode, device identification number)Troubleshooting, stability, security, supportArt. 6 Sec. 1 point f GDPR (legitimate interest: IT & security)
Location data (GPS, tour positions, last position, timestamp)Display of tour route, real time, location, pickup and delivery receiptsArt. 6 Sec. 1 point b GDPR (performance of a contract), Art. 6 Sec. 1 point f GDPR (legitimate interest: efficient route planning)
Tour data (tour start/end, mileage, stop times)Handling of transport processes, evidence, documentationArt. 6 Sec. 1 point b GDPR, Art. 6 Sec. 1 point c GDPR (statutory retention obligations)
Photos & documents (damage photos, delivery/collection documents)Damage documentation, proof of delivery, archivingArt. 6 Sec. 1 point b GDPR, Art. 6 Sec. 1 point c GDPR (statutory retention obligations)
Signatures of drivers and customersCreation of delivery/collection receipts, legally compliant documentationArt. 6 Sec. 1 point b GDPR, Art. 6 Sec. 1 point f GDPR ((legitimate interest: clear assignment of processes)
Status messages (names, comments, timestamps)Documentation of delivery and pickup processesArt. 6 Sec. 1 point b GDPR (performance of a contract)

1.5 Legal basis

Processing is carried out on the following legal bases:

  • Art. 6 Sec. 1 point b GDPR (performance of a contract)
  • Art. 6 Sec. 1 point a GDPR (consent)
  • Art. 6 Sec. 1 point c GDPR (legal obligation)
  • Art. 6 Sec. 1 point f GDPR (legitimate interest)

1.6 Disclosure to third parties

The data collected will only be passed on to third parties if this is necessary for the processing of logistical processes. In these cases, the following information will be transmitted to third parties in order to verify pickups, deliveries, and documentation: Actual delivery and pickup locations, signature, name, and photos taken. Data processing is carried out exclusively in accordance with the customer's data processing agreement.

No data is transferred to third countries.

1.7 Storage location and duration

Server-side storage

The data is stored in log files on the customer's application servers. Depending on the contractual agreement, these servers are either under the control of the customer or are operated in the Axians ICT Austria GmbH data center in Vienna.

The data collected in the lbase Driver App is stored in accordance with the statutory retention periods and the customer's contractually agreed deletion or archiving concept. This applies in particular to tour, documentation, and verification data that is relevant for tax or commercial law retention obligations.
In general, the following periods may be relevant:

  • Tax retention obligation pursuant to Section 132 of the Austrian Federal Tax Code (BAO): 7 years
  • Austrian commercial law retention obligation: 7 years
  • Special provisions: In certain cases (e.g., ongoing official proceedings, tax audits, or in connection with claims for damages), the retention period may be extended accordingly until the respective proceedings have been concluded.

After the applicable retention periods have expired, the data will be deleted in accordance with the customer's deletion policy so that personal information is not stored longer than necessary. Depending on the customer's agreement, the data may be anonymized or archived on a separate archive system for the agreed period.

Local storage on the end device

To ensure the offline functionality of the lbase Driver app, certain data (e.g., tour data, photos, status messages) may be temporarily stored locally on the device until it has been successfully transferred to the server.

After you have finished using the app (ended your trip) or after successful synchronization, all locally stored data is automatically deleted.
No further local storage of personal data takes place.

1.8 Technical and organizational measures

Appropriate technical and organizational measures are implemented to ensure a level of protection commensurate with the risk. These include, in particular, measures for access control, encryption, ensuring availability, and regular review of our security mechanisms.

In addition to the technical and organizational measures agreed with the customer, an ACL-based authorization system (Access Control List) can be used to further segment and secure access to data and functions.

A detailed description of these measures is included in the respective data processing agreement with our customers.

1.9 User rights (information, deletion, objection)

You have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7 Sec. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You can exercise these rights at any time by contacting us using the contact details provided below.
Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

1.10 Notes on data usage

Please note that location data (so-called metadata such as GPS information) may be stored in the photos you send. To ensure the protection of your personal data, we recommend that you only take photos of the respective shipment without recognizable persons or sensitive information and check that location data has been removed before sending.

1.1 Rights of data subjects & contacting us

Requests from data subjects must always be addressed to the respective controller (customer). Axians supports the controller in fulfilling these data subject rights within the scope of order processing.

You have the right to contact the respective controller or the data protection officer, Mr. Vladimir Mlynar at datenschutz@axians.at at any time to assert your rights. In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) if you believe that the processing of your personal data violates the GDPR.