Navette
Navette • Privacy

Privacy Policy

This policy explains how Navette collects, uses, and protects your personal data, in accordance with the GDPR and applicable French/EU law.

Last updated: Feb 25, 2026
This privacy policy aims to provide clear and transparent information on how Navette collects, uses, stores, and protects your personal data. It also outlines your rights under the General Data Protection Regulation (GDPR) and how you can exercise them. Navette is committed to processing your data in accordance with principles of lawfulness, transparency, and security.

1. Who is the data controller?

The data controller is Navette (“Navette”), which determines the purposes and means of processing carried out via www.navette.com and, where applicable, related application areas used to deliver the service.

  • Company / legal name: Navette (to be completed).
  • Address: (to be completed).
  • Contact: (to be completed).
  • Data Protection Officer (DPO): (if applicable) (to be completed).

2. What data do we collect?

Depending on how you use the service, Navette may collect the following categories of personal data:

  • Identification data: name, surname, title (if used), account identifier.
  • Contact data: email, phone number.
  • Booking data: pickup and drop-off addresses, schedule, passenger count, requests (options and preferences), service notes.
  • Billing data: information required to issue invoices, company details where relevant.
  • Payment data: Navette does not store card numbers; payments may be processed by a provider (e.g., Stripe) acting as a processor or separate controller depending on the arrangement (to be specified).
  • Technical data: logs, technical identifiers, browsing data (cookies/trackers subject to consent), device type, security information.
  • Communications: messages sent to support/concierge, requests, complaints.

3. Why do we use your data (purposes)?

  • Deliver the service: account creation and management, bookings, and ride fulfillment.
  • Customer relationship: support, concierge, complaints handling, service quality.
  • Business management: quotes, corporate offers, B2B contracting.
  • Billing and accounting: invoices, supporting documents, legal obligations.
  • Security: fraud prevention, account and system security, logging.
  • Improvement: usage analytics where permitted, product and website improvement.
  • Marketing: commercial communications where applicable (under consent/opt-out rules).

4. What are the legal bases?

Processing is carried out under one or more of the following legal bases, depending on the context:

  • Contract performance / pre-contractual measures: handle a booking, provide an estimate, deliver the service.
  • Legal obligation: accounting/tax obligations, retention duties, fraud-related requirements where applicable.
  • Legitimate interests: security, abuse prevention, service improvement (subject to balancing test).
  • Consent: certain cookies/trackers and some marketing communications, depending on your choices.

5. Mandatory vs optional data

Some data is required to provide the service (e.g., contact details, booking information). If not provided, Navette may be unable to process your request or deliver the service.

6. Who can access your data (recipients)?

Access is limited to authorized persons on a need-to-know basis:

  • Navette internal teams (support, concierge, operations, billing).
  • Drivers/partners authorized to fulfil the service (only data needed for the ride).
  • Technical vendors (hosting, maintenance, email/SMS, payments) acting as processors under contract.
  • Competent authorities where legally required or to defend Navette’s rights.

7. Transfers outside the EU/EEA

Navette prioritizes processing within the EU. If some vendors process data outside the EU/EEA, Navette uses appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) in accordance with the GDPR.

8. Retention periods

Navette retains data for as long as necessary for the stated purposes, then archives or deletes it in line with legal obligations and limitation periods. Indicatively (to be adjusted):

  • Customer account: for the active life of the account, then deletion/archiving per internal policy.
  • Bookings and billing: retained as required by accounting and tax laws.
  • Support and complaints: retained for handling, then archived per limitation periods.
  • Security logs: limited retention proportionate to the security purpose.

9. Cookies and trackers

The website may use cookies/trackers for essential operation, analytics and/or personalization. Non-essential cookies require your consent. See the “Cookies” page for details (purposes, durations, consent management).

10. Your rights (GDPR)

Under the GDPR, you have rights including:

  • Right of access.
  • Right to rectification.
  • Right to erasure (within legal limits).
  • Right to object (including to direct marketing).
  • Right to restriction of processing.
  • Right to data portability where applicable.
  • Right to withdraw consent at any time (where processing is based on consent).

To exercise your rights: contact Navette at (email/contact form to be completed). Proof of identity may be requested when necessary. Navette responds within regulatory timeframes.

You may also lodge a complaint with the CNIL (France).

11. Security

Navette implements appropriate technical and organizational measures to protect your data (access controls, session security, logging, backups, etc.).

12. Children’s data

The service primarily targets adults. If children-related data is processed (e.g., child seat needs), it is limited to what is strictly necessary to deliver the service.

13. Policy updates

Navette may update this policy. The applicable version is the one published online on the date you consult it.

Privacy Policy (GDPR) — Navette