Personal Data Protection
Part 1 – Declaration about personal data protection
The protection of your personal data is important to us. At Leo Express Global a.s., with its registered office at Řehořova 4, 130 00 Praha 3, Identification Number 290 16 002, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 15847 (hereinafter referred to as Leo Express), we commit to protect the provided personal data.
Below you will find information about why, how and which data we process in Leo Express, including information on how to contact us if you have any questions regarding the processing of your personal data. We commit to handle your data in a way to prevent their abuse.
Part 2 – Basic terms and information
Personal data – personal data is every information about identified or an unidentified natural person (data subject).
Data subject – data subject is a natural person, which personal data refer to and which it is possible to identify by personal data or which is identifiable.
Personal data administrator - an administrator is a natural or legal person, which defines aims and means of personal data processing and which is primarily accountable for processing. Unless stated otherwise in these policies or terms of service, the personal data administrator is Leo Express.
Personal data processor - The processor is a natural or legal person which processes personal data on behalf of the controller on the ground of the controller’s instructions.
Processing of personal data - processing means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Which legal regulation covers personal data processing?
The processing of personal data is governed primarily by Regulation of the European Parliament and of the Council (EU) 2016/679 from 27. April 2016 about protection of natural persons with regard to the processing of personal data and to the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of personal data).
Part 3 – Processing of personal data in Leo Express
To what extent will be my personal data processed?
We will process your personal data to the extent in that they have been provided to us, namely: the name, surname, e-mail, birthdate, telephone number and home address.
For what purpose will my personal data be processed?
We will process your personal data for the purpose of providing travel services, that means for the purpose of booking tickets and additional services.
What is the legal basis for processing?
The legal basis for the processing of your personal data listed in point I is your agreement.
How long will you process my personal data?
We will process your personal data for the duration of your consent, unless your consent to the processing of your personal data is revoked, that means during your membership in the Smile Club Loyalty Program.
How and when can I revoke the consent to processing of personal data?
Your voluntary consent to the processing of your personal data may be revoked at any time free of charge by sending an email to: [email protected] or by requesting to deactivate the account and delete personal information in your Smile Club account (at www.leoexpress.com and the Leo Express mobile application). By revocation of consent is not influenced the lawfulness of processing based on consent prior during the time before revocation of consent. Revocation of consent also has no effect on the processing of personal data processed on the basis of a legal basis other than consent (that means in particular, if the processing is necessary to fulfill the contract, legal obligation or for other reasons stated in the applicable legislation).
Who will have access to my personal data?
We will have access to your personal data as an Administrator and, if applicable, third parties - processors who provide appropriate warranties and whose processing meets the requirements of applicable law and which ensures the proper protection of your rights. However, processors will only be able to access these data for as long as is strictly necessary and to the necessary extent.
Processors include companies of the Leo Express Group (namely Leo Express, s.r.o., Leo Express Polska Sp. z o.o. and SmileCar a.s.), our business partners who provide us with transport services (AD-Euro Trans, ALVA TOUR s.r.o., „Asik“ Sp. Z.o.o., ERABUS Ltd, FlixBus CZ s.r.o. & FlixMobility Gmbh, Gumdrop bus s.r.o., Grygoriy Kushch INFOBUS, Spółka Cywilna Płomiński Travel, TOURING BOHEMIA, s.r.o., TRANSDEV EUROLINES CZ, a.s., HoppyGo s.r.o.), IT services (SYMBIO Digital, s.r.o.), marketing (Avedeo, s.r.o.) and other support services and our provision sellers, whose current list you can find HERE. During such handover all such requests for the protection of your personal data are always followed, and in particular a written agreement on the processing of personal data is always in place with the relevant processor.
Will my personal data be transferred outside the EU?
Your personal data in the extent of the name and surname may be transferred to the carrier ERABUS Ltd, ID Number 39430443, only in case of purchase of a ticket for connections departing from Košice (SK) to Ukraine (outside the EU territory), eventually from Ukraine to Košice (SK).
How can I contact you as an Administrator?
To manage your personal information, please contact us on: [email protected] or in writing at the address of the administrator Řehořova 908/4, Praha 3 – Žižkov. In this case, we are entitled to request proof of your identity in order to prevent unauthorized persons from accessing your personal data. In order to increase the quality of the services and to keep records of the fulfillment of the legal duties of the administrator, all communication between you and the administrator is monitored.
What rights do I have in relation to the protection of personal data?
In relation to your personal data, you have the following rights in particular:
a) the right to revoke your consent any time
b) the right to correct or supply the personal data;
c) the right to require processing restrictions;
d) the right to object or complain against processing in certain cases;
e) the right to request the transfer of data;
f) the right of access to personal data;
g) the right to be informed about a personal data security breach in certain cases;
h) he right to delete personal data (the right to be "forgotten") in certain cases; and
i) other rights stated in General Personal Data Protection Regulation No 2016/679.
Am I required to provide my personal data? What if I do not provide my personal data?
You provide your personal data entirely voluntarily. You have no obligation to provide them. If you do not provide your personal information, there are no sanctions. The provision of personal data is a condition of membership in the Smile Club loyalty program, therefore you do lose your membership and all its benefits, including leo credits, ticket discounts.
How are my personal data secured?
All personal data you provide are secured by standard procedures and technologies. However, it is not objectively possible to fully guarantee the security of your personal data. Therefore, it is not even possible to ensure 100% that personal data provided cannot be accessed by a third party, cannot be copied, disclosed, altered or destroyed by breaking the security measures of the controller. In this context, however, the administrator warrants that it regularly checks whether the system is free from vulnerabilities and is not exposed to an attack and uses such security measures that can reasonably be required from the administrator to prevent unauthorized access to the personal data provided and which, regarding the current state of technology provides sufficient security. The security measures adopted are then regularly updated. However, each data subject is responsible for retaining its unique password and other information about any accounts in secret and for permanent control over access to its account.
What are cookies?
Cookies are small amounts of data that our servers send to your computer to make better use of our servers and customize their content to suit your needs.
Cookies are commonly used by almost all websites in the world. The goal of cookies is to increase the user-friendliness of repeatedly visited websites, so they are useful to you. If you use the same computer and the same Internet browser to visit our website, cookies help your computer memorize the pages you've visited and their site settings.
Types of cookies
There are temporary cookies and permanent cookies. The temporary ones are stored in your computer only until you close your browser and allow you to store information when you browse from one web site to another. This eliminates the need to re-enter some data and makes it easier for you to work. Permanent cookies help identify your computer in case you visit our site again. However, they do not allow you to identify yourself personally. The goal of permanent cookies is to tailor our site to your interests without identifying you personally. We store the relevant data completely anonymously and do not associate it with any other data.
Cookies are used only for technical purposes, we do not associate the data obtained through cookies with any other data. We work with cookies so that they do not allow us to identify specific people.
Through our websites, the cookies of the advertising system operators on our website may also be stored in your computer. We also use Google systems for remarketing. We only use remarketing data to segment visitors to deliver a more relevant advertising message. Segments are created based on several general patterns of visitor behaviour.