This Policy establishes a responsible and transparent framework for ensuring compliance with the General Regulation on Personal Data Protection.
The policy applies to all organizational parts of VIVANODA (hereinafter the DATA CONTROLLER) and to all employees, including part-time employees and temporary workers, as well as to all the external associates acting on behalf of the data controller.
The data controller is dedicated to doing business in accordance with all laws, regulations and the highest standards of ethical business.
This policy sets out the provisions for the expected treatment of employees of the data controller and external associates involved in the collection, use, storage, transfer, publication or destruction of any personal data belonging to employees, business partners of the data controller and other individuals. The purpose of the policy is to standardize the protection of the rights and freedoms of the respondent by preserving the privacy of their personal data in all aspects of the data controller's business that include personal data. This policy establishes that VIVANODA will not unauthorizedly disclose personal data to a third party, nor act in a manner that endangers them.
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation becomes effective and enforceable on the 25th May 2018. VIVANODA is fully committed to achieving compliance with the REGULATION (EU) 2016/679 GDPR even prior to the regulation’s effective date, as well as to protecting personal information which stipulates that the personal data given will not be passed on to third parties without client’s consent and will be kept in a safe manner in accordance with the requirements of the Regulation as long as there is a need or no request for withdrawal of consent, deletion, restriction or correction of data.
VIVANODA will not collect any personal information about you (such as your name, address, telephone number, or email address), unless you voluntarily choose to provide them (e.g. in surveys, query, request etc.) or give your consent or unless otherwise provided by relevant laws and regulations for the protection of your personal data.
When providing information society services directly to a child, processing of personal data of a child is lawful if the child is at least 16 years old. If a child is below the age of 16, such a treatment is lawful only if and to the extent that the parent has given or approved the parent's liability to the child. VIVANODA invests reasonable efforts to check whether or not the custody of such a parent has been or has been approved by the holder of parental responsibility for the child, taking into account the available technology.
Given the fact that VIVANODA is aware of the importance of protecting sensitive data on the minors, VIVANODA retains data on minors only during the period necessary to fulfill the contractual/legal obligation (all unnecessary data on minors are anonymized no later than 45 days after the contractual obligation has been concluded or no later than 45 days after the trip).
We will process your personal information only on the basis of legal obligation, your privacy or other legitimate grounds. Data related to you will be collected, used, inspected or otherwise processed transparently, while the deadlines and data processing purposes, the processing manager's identity data, information on how you can access your data, the process of filing complaints and updating the data are all publicly disclosed.
Your personal information will be collected for special, explicit and legitimate purposes and will not be processed in a manner that is inconsistent with these purposes. Data collected for one purpose will not be used for any other purpose or in a manner that is not in accordance with the approved purpose. For purposes of processing that is not carried out on the basis of a legal basis or contract we will ask you for a special privilege.
The personal information we collect is appropriate, relevant and limited to the purpose of processing. The processing manager and processor will not collect any personal information that is not required for processing purposes.
It is necessary that the personal information we collect and prepare is accurate and up-to-date and that is why we will take every reasonable measure to ensure that the personal data that is incorrect are deleted or removed without delay, taking into account the purposes for which they are being processed.
The deadlines for keeping your personal data are determined by positive legal regulations or by your privacy to collect and process your personal information.
In order to protect your personal information from accidental or unlawful destruction, loss or alteration, and from unauthorized disclosure or access, VIVANODA uses technical and organizational security measures.
When designing new and reviewing and expanding existing systems and personal data processing, special care will be taken to apply all these principles to maximize the privacy of respondents.
All respondents whose data are collected and processed by the controller have the following rights:
Right to access information
Each respondent has the right to a copy of the data that the controller has in their archive for the purpose of insight. In addition to the right to inspect their own data, the respondent also has the right to information:
All information should be provided to the respondent in a clear and simple language, to ensure understanding, and must be clearly indicated and visible so that the respondent does not overlook it.
There is a possibility that providing the requested information to the respondent may reveal information about another person. In such cases, it is necessary to anonymize or completely deny this information in order to protect the rights of that person.
Right to correct data
Each respondent has the right to correct inaccurate or incomplete data that the controller has in his archive.
The right to be forgotten
Respondents may request that information about them be removed from the archives. The request will be taken into consideration and will be granted if it does not contradict the legal basis for the processing of personal data.
Right to limit processing
Respondents have the right to limit the scope of processing, in cases where this is applicable. Right to data transmission. Respondents have the right to a copy of the data for transfer to another controller.
Right to object
Respondents have the right to object, especially in cases where the processing is based on the legitimate interest of the controller. It is then necessary to review the purpose of the processing and establish its legal basis and, where applicable, allow the respondent to withdraw consent to the processing of the data and / or to stop processing his data.
The legal basis for the collection and processing of personal data of respondents are the following:
Laws governing the business of taxpayers prescribe data sets that are necessary for the execution of a legal obligation. For the collection and processing of data prescribed by law, the controller will not seek the consent of the respondents, but will only collect data prescribed by law and will not use them for other purposes. This especially refers to the data collected on the basis of the following laws and their regulations, among which we single out:
Performance of the contractual obligation
The personal data necessary for the fulfillment of the contractual obligation will be collected by the controller without a prior consent of the respondent, to the minimum extent necessary for the performance of the obligation.
The controller will publish the legitimate interests on the basis of which he collects and processes personal data for the purpose of enabling and / or improving his services or products.
Questions and Comments
1. Automatically generated website visitor information data
We collect information and data that is automatically transmitted or generated by your browser each time you visit our website. Such information includes the IP address, the URLs of the site you visited before accessing our Web Sites (“referrer”), the browser used, the browser language, the operating system and user interface, the access device used, date and time of your access, the pages viewed on our website, and the time you spend on the Web Sites. Such data is stored for a period of two years and deleted automatically thereafter. We may use this information to investigate errors, to improve the stability and functionality of the Web Sites and the App, and to assist you in completing any interrupted bookings:
→ web page specific “parameters”
2. We collect data provided by you / user accounts
Furthermore, we also collect and use the information you provide to us about yourself, your travel companions, and about the planning of your trip by using the Web Sites or the App:
a) When you book a travel product through our Web Sites, we ask you to provide personal data, e.g. your name, your email address, phone number, billing address, payment method or credit card information. We will ask you for the data that the respective transportation provider requires to complete the booking process. Our forms show what kind of data is required for each respective booking. We cannot process your booking without provision of the required data. Credit card information will be immediately passed on to the respective payment provider. We only store truncated credit card data (e.g. “411111xxxxxx0000”) for reporting purposes. When you make a booking for someone else (e.g. your travel companion) through the Web Sites, we will request personal information about such companion. You should obtain the consent of all such individuals before providing their information to us as those individuals may not be able to independently view their information themselves if it is provided to us under your account.
We store booking-related data for a period of 10 years and thereafter keep the information required by trade and tax law for the statutory retention periods (usually ten years after the conclusion of the contract / booking).
We keep your account data as long as you keep up your user account with us. If you decide to delete your account, we delete the associated data. However, potential booking data (if that is necessary or required by the law) and related basic data will be kept as described.
b) If you contact us or our customer support (e.g. by email, telephone or contact form), we use the data you provided (usually your contact information and your inquiry) to respond. We keep your inquiries for a period of five years after answering except, where required by trade or tax law, we keep such correspondence for the statutory retention periods (usually six years).
If you object to our data processing set out under this section, and no opt-out mechanism is available to you directly please send your objection to us at: email@example.com.
The Web Sites and App are intended to be used by adults only. We do not knowingly collect personal information from children under the age of 13. In the event that we have knowledge that a child under the age of 13 has submitted any personal information to us via the Web Sites or the App, we may use the email address or other contact information provided by the child for the sole purpose of responding to the child’s question or carrying out his or her request on a one-time-only basis. We will not use the email address provided by such child for any other purpose, and we will delete such information from our records once their question has been answered or the request has been fulfilled. If we become aware that we have unknowingly collected personal contact information other than an email address from a child under the age of 13, we will delete the information immediately.
Travel information and basic buyer info (Name, phone number and email) are used to generate tickets bought on VIVANODA which are sent on your email upon purchase. This data is used only for the operating business and as such all parties involved in the passenger transfer have access to it: Vivanoda for rebooking / cancellation / customer support purposes and transport operator for allotment management and passenger validation. This category also includes your trip plans in case of bus rent, private airport transfers, excursions. All data is safely stored in the Vivanoda system and is not shared publicly.
Once you have traveled by a transport operator available through Vivanoda, if you have given us the consent, you will get an email containing review instructions. The review data is shared publicly, that being only the review scores, review text and buyer’s first name. Reviewer’s email, full name and other personal info is never shared outside the VIVANODA team.
3. Cookies and User behavioral data analysis
Cookies are small text files that are stored by your browser on your computer or mobile device and which allow re-identification of your computer or mobile device, potentially across numerous websites, including our Web Sites. These cookies contain no personal data. Some of the cookies we use are automatically deleted upon expiry of your session, that is, when you close your browser (these are referred to as session cookies). Other cookies remain stored on your device and allow us to recognize your browser during subsequent visits (persistent cookies).
Our use of User behavioral data analysis allows us to collect information about our users in order to provide simpler and more convenient access to our Web Sites, or to enable us to provide certain services at all.
We use User behavioral data analysis for the following purposes:
If you click a link on the Web Sites that takes you to the website of a provider (for example when making a booking or to buy a ticket from a partner), it is possible that such other websites also store cookies on your computer. We have no control over these providers’ cookies and the data collected in this way and we cannot accept any responsibility for our providers’ websites or their tracking practices. We encourage you to carefully review the privacy policies of any website that you visit.
We use different categories of cookies for different purposes (see below)
Mandatory for Use: We use strictly necessary cookies that are essential for You to browse the website properly and use its core features. As such they do not require Your consent. These cookies will generally be first-party cookies.
Purpose: Infrastructure cookies are first-party cookies that are necessary for you to browse the website properly and use its core features. They are essential for Us to provide You with the services You expect, such as using our platform to search and book travel services.
Purpose: Security cookies are necessary to ensure an adequate level of security of our website such as user authentication for secure payment and fraud prevention. These may include third-party cookies, e.g. security cookies from the payment provider You selected when You are redirected to the payment page.
Purpose: Core functionality cookies are necessary to ensure the proper functioning of our website and its essential features, such as travel service bookings and ticket issuance. These may include third-party cookies from our transportation providers when you are redirected to their website to finalize your booking.
Category: Performance and Statistics
Purpose: Performance & Statistics cookies are used to help understand personal and statistical use of our website to improve your user experience. As such they may include third-party cookies and similar technologies like analytics services. It allows us to gain important insights about the use of our websites and how different settings affect your user experience.
Purpose: Marketing cookies are used to assist our marketing efforts and improve online advertising performance. They allow us to track your online activity in order to place personalized and relevant advertisements from third-party Ads partners. We may upload your user identifiers received from these cookies to our Ads partner platform such as Facebook, Google and others to help improve the personalization of the advertisements.
Our Web Sites may use what are known as retargeting tags for presentation of interest-related advertising on third-party websites.
5. Conversion tracking
We use advertising partners to advertise our offers on third-party websites. We also use marketing tools to determine the success of our advertising measures (“Conversion Tracking”). We intend to show you advertising relevant to your interests, to optimize our website, and to achieve a fair calculation of advertising costs.
We do not collect or use personal data in the advertising campaigns ourselves. Our advertising partners only provide us with statistical data, which allows us to identify effective advertising campaigns. We do not receive additional data, in particular no data that would allow us to identify our users.
Due to the Conversion Tracking tools, your browser automatically connects to the server of the advertising partners. We have no influence on the scope and further use of data collected by the Conversion Tracking tools of our advertising partners. The advertising partners receive the information that you have visited certain pages on the Web Sites or clicked on one of our ads. If you are a registered user of the advertising partner (e.g. if you have a Google or Facebook account), the advertising partner can relate your visits to such account data. Even if you are not a registered user with the advertising partner, or are not logged into your account, the advertising partner may collect and store your IP address.
6. Web analytics and statistics / Google Analytics
You can prevent the installation of cookies by changing the settings of your browser. Please note, however, that this may prevent some of our services’ features from working correctly. Alternatively, you can prevent the collection of cookie data and your website usage data (including your IP address) by Google and the processing of such data by Google by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.
Google has incorporated the EU Standard Contractual Clauses, https://policies.google.com/privacy/frameworks?hl=en-US.
Cookies are used to improve our page performances and provide analytics about the page usage. You can learn more about the types of cookies and their purpose by clicking on the cookies link in the footer.
The purpose of collecting your personal data is to
The purpose of collecting data on our website usage and traffic is to
Further more about the data we collect:
1.Purpose of collecting data: fulfillment of contractual obligations
Legal grounds: Processing is necessary for the execution of a contract you are a party to
Category of personal data: Full name, financial data, contractual data
2.Purpose of collecting data: Communication with you, which includes processing for the purposes of:
Category of personal data:
3.Purpose of collecting data: Sending promotional content via newsletters
Legal grounds: Your consent
Category of personal data: Full name, e-mail address
4.Purpose of collecting data: Protection of our websites from cyber-attacks and other threats
Legal grounds: Legitimate interest – increasing the Company's level of security and preventing fraud
Category of personal data: Technical data (IP address, operating system information, information regarding visits to our website)
5.Purpose of collecting data: Meeting our legal obligations
Legal grounds: Processing is necessary to meet the legal obligations of the data controller;
Category of personal data: Full name, financial data, information on concluded contract
6.Purpose of collecting data: Performance and organization analysis of our business
including processing for the purpose of drafting reports and management analysis. We also process your personal data for internal management purposes, conducting business audits, implementing business controls...
Legal grounds: Legitimate interest
Category of personal data: IP address, language, city, country, currency, device information, browser information, OS information, trip information, search type information, landing pages information, information on your transactions,...
All data sent towards VIVANODA or sent by the VIVANODA system towards your client are sent securely through encrypted channel using SSL encryption and can not be monitored or decrypted by 3rd parties to plain format.
Emails sent by VIVANODA system are also sent through SSL encrypted channel towards your email client.
The entire VIVANODA system and database is hosted by Alwaysdata accessible only by having complex access keys and passwords available to and safely stored by VIVANODA team.
Data is safely stored in the VIVANODA system for as long as the user has the account on VIVANODA opened and has not requested for his data to be deleted under the Federal privacy right.
Your initial login credentials will be emailed to your personal email client with instructions for changing your password. VIVANODA is generating, but not storing your initial generated password in plain format.
Upon a successful purchase, your ticket data is used to generate a PDF ticket and will be emailed to your personal email.
Your personal data is not used for marketing purposes by the VIVANODA team, unless you have signed up for Newsletter when the email contents are shared with MailChimp (but not used for any other purposes), or in the case you get a review email.
Server access logs are available to VIVANODA team only, however they are processed and securely stored by 3rd parties software used only by VIVANODA team.
VIVANODA does not store any of the credit card data - the credit card data is sent to the corresponding Bank in order to authorize the transactions and is thereafter deleted.
Both the payment provider and VIVANODA are storing the transaction data (payed amount, credit card owner name and address, credit card type and the first and last four numbers of the credit card number and IP address of the user) for confirmation and safekeeping.
Any mentioned payment data is visible only to the internal customer support and is not used for other purposes.
In case you accept to receive VIVANODA promotional newsletters, your travel data, email and full name will be used to generate a personalized Newsletter email. Newsletter email is sent to your personal email through MailChimp system.
Google Analytics, a website analytics tool developed by Google Inc. ("Google"). Google analytics is the most popular visitor analytics tool used on the web, and based on implementing a cookie in visitors browser to track the way he uses a specific website. Google analytics uses a IP anonymization tool and does not use your anonymized IP to correlate with the rest of the gathered data. As such, Google Analytics provides a broad, group based analytics and does not personalize users. In case you do not want to provide VIVANODA with the anonymous usage data collected through Google Analytics, you can opt out by installing a browser plugin fromhttp://tools.google.com/dlpage/gaoptout
Retargeting software (by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") is used to create pseudonymized profiles of VIVANODA visitors in order to track their website usage for marketing purposes of VIVANODA. Cookies could be used in the users browser in order to track reoccuring visits on the page and in order to present web advertisements for products of VIVANODA on 3rd party websites. You can disable this feature unde rhttps://www.google.com/settings/ads, and read more about this feature on http://www.google.com/policies/technologies/ads/.
Under the Federal privacy right, you are entitled to request information about your stored data in the VIVANODA system as well as to have your data erased from the VIVANODA system. In such a case, all of the data VIVANODA has about you will be irreversibly anonymised. Such request should be made to VIVANODA via email to firstname.lastname@example.org.
Under data protection law, you have rights including:
Please contact us at email@example.com if you wish to make a request.
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org