Data protection policy

1. WHO IS RESPONSIBLE FOR YOUR DATA?

Our Data Protection Policy applies to the personal data that IT2GO S.A. collects and uses.

References made in this Data Protection Policy to either “IT2GO S.A.”, “we”, “us” or “our” mean IT2GO S.A. (a company registered in Luxembourg with registration no. 256656 and registered office at 4, rue Belair L-4514 Differdange).

We determine the ways your personal data are collected and the purposes for which your personal data are used by IT2GO S.A. as we are the “data controller” for the purposes arising from Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter « the Regulation »).

2. PERSONAL DATA WE COLLECT ABOUT YOU

When using the term “personal data” in our Data Protection Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your travel itinerary (e.g. your booking reference number) or information on how you use our website and apps or how you interact with us.

We collect some personal data from you, for example, when you book a trip with us, use our website or our app, use our services or contact us. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our services), If you book a trip on behalf of someone else, you must have their consent to use their personal information.

We process your personal data only when you have given your consent, when it is necessary for the performance of a contract you have concluded with us, or for the fulfilment of a legal obligation to which we are subject. We may process personal data on the basis of our legitimate interest only if this interest is not overridden by your rights.

For more information on the parties who may share your personal data with us, please see section 8 below.

Categories of data we collect

We may collect and process the following categories of information about you:

Your name and surname and your contact details
(email address, telephone number and postal address)
When you create an account on
our mobile application
When you book a trip
When you take part in our
competitions, or
When you choose an offer we
make available on our website
Information about your bookings and your travel
itinerary, if you require special assistance.
When you book or manage your
travel plans
Information about your health, if you have a
medical condition that may affect your trip
(please see section “Sensitive personal data”
below for more information)
When you provide us with this
information before you embark on trips
Information about other passengers in your
booking, and the age range of any children
traveling with you
When you make a booking on
behalf of other passengers
Information about your transaction, including your
payment card details
When you purchase products or services
Information related to your trips and our
services in connection with your trips (e.g.
declaring lost luggage)
When you book a trip through
LetzRide
Information about your purchases of our partners’
travel related products and services
When you purchase such
products or services
The communications you exchange with us (for
example, your emails, letters, calls, or your
messages on our mobile application)
When you contact LetzRide or you are contacted by LetzRide
Your posts and messages on social media
directed to us
When you interact with us on
social media
Your feedbackWhen you reply to our requests
for feedback or participate in our
customer surveys
Information about how you use our website or
our mobile application, such as your searches for
trips
When you navigate on our
website or when you use our
mobile app

Sensitive personal data

In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the Regulation and relevant data protection laws. We only collect this information when you have given your explicit consent and it is necessary, or when you have manifestly made it public.

For example, we may collect this information in the following circumstances:

For your safety, when you have a specific medical condition, you will need to inform us of that and –where required – provide us with a medical certificate.

If you request special assistance during a trip, this could reveal information about your health (for example if you ask for a wheelchair). Also, when you provide us with your travel document details, your nationality may imply your racial or ethnic origin.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services in accordance with this Data Protection Policy.

If you do not allow us to process any sensitive personal data, this means we may be unable to provide all or parts of the services you have requested from us.

3. HOW AND WHY WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

To manage your travel bookings and provide our services to you

When you are embarking on a trip with us, we use your information to perform our services in relation to your trip, for example to issue your tickets, check you in or take you safely to your destination. We also use it to change your travel bookings if you request such changes.

To communicate with you and manage our relationship with you

Occasionally, we may need to contact you by email and/or SMS for administrative or operational reasons, for example in order to send you confirmation of your transactions, to advise you of disruption and changes to your travels. We may also contact you through our mobile application to send you app notifications for these purposes.

Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.

We will also use your personal data if we contact you after you have sent us a request by filling in the web-form on our website.

Your opinion is very important to us, so we may send you an email or SMS to seek your feedback.

We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.

To personalise and improve your customer experience

We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience, for example, if you inform us about your preferred travel destinations.

We may also collect information on how you use our website, which pages of our website you visit most, which travel destinations you search for and what products you buy, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you may like.

To inform you about news and offers that you may like

We may send you marketing communications for our trips and travel products, if you have indicated that you wish to receive these, for example when you create an account on our application or make a booking with us and you do not express a wish to not receive such communications. If you wish to receive marketing communications, we will provide you with news from us such as new products that you may be interested in or offers that you may like.

In addition, we will also send you communications promoting our partner’s products and services that may relate to your travel arrangements, if you have indicated that you wish to receive these.

Please note that we will not share your contact details and other personal data with these partners or other companies for marketing purposes.

If you do not want to hear from us about our or our partners’ products and services, you can choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us. If you prefer, you can also contact our Customer Service team and express your preference to not receive marketing communications.

To improve our services, fulfil our administrative purposes and protect our business interests

The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development.

To comply with our legal obligations

For example, to comply with our obligation to provide your information to national authorities where necessary.

4. REQUESTING ACCESS TO YOUR PERSONAL DATA

You have a right to request access to the personal data that we hold about you. This could include booking information relating to trips you have taken with us.

If you would like to request a copy of your personal data, or have any questions in relation to your personal data kindly send a mail found under section 11 ‘Contact Information’.

5. SECURITY OF YOUR PERSONAL DATA

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.

This means that we adhere to high security standards in order to protect your payment card details when you share such details with us.

As described in this Data Protection Policy, we may in some instances disclose your personal data to third parties. Where IT2GO S.A. discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however, in some instances, we may be compelled by law to disclose your personal data to a third party, and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Data Protection Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards under the Regulation are in place.

We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Data Protection Policy or in order to comply with the law. Further information about the specific retention periods are available upon request.

6. NOTIFICATION IN THE EVENT OF A BREACH OF YOUR PERSONAL DATA

In the unlikely event there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data (such as sending personal data to an incorrect recipient, or loss of availability of personal data), we are committed to taking an informed decision on whether to notify the relevant supervisory authority within 72 hours and yourself in the event the personal data breach is likely to result in a high risk or risk to your rights and freedoms, without undue delay.

7. COOKIES OR OTHER TRACKING TECHNOLOGIES

In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website and application, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.

For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website.

We also use cookies in our website, mobile application or in our emails. Cookies are small pieces of information stored by your browser on your computer’s hard drive. They enable you to navigate on our website or app and allow us to provide features such as remembering aspects of your last search to make subsequent searches faster. You can refuse and delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website or app, most of the features will still be accessible without cookies.

• Category 1: Strictly Necessary Cookies

These Cookies enable services you have specifically asked for.

These Cookies are essential in order to enable you to move around LetzRide Website and use its features, such as accessing secure areas of the website. Without these Cookies, services you have asked for, such as e-billing, may not be provided.

• Category 2: Performance Cookies

These Cookies collect anonymous information on the pages visited.

These Cookies collect information about how visitors use LetzRide Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These Cookies do not collect information that identifies a visitor. All information these Cookies collect is aggregated and therefore anonymous. It is only used to improve how LetzRide Website works.

• Category 3: Functionality Cookies

These Cookies remember choices you make to improve your experience.

These Cookies allow LetzRide Website to remember choices you make (such as your language) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.

Strictly Necessary, Performance and Functionality Cookies

We need to use these three categories of Cookie to maintain LetzRide Website‘s effectiveness, ease of use, and to provide you with a seamless experience. As such we have not provided an opportunity for these to be disabled independently, and by using our site and online services you are agreeing that we can place these types of Cookies on your PC.

• Category 4: Targeting/Advertising Cookies

These Cookies use information about your browsing in order to make advertising more relevant to you and your travel needs.

These Cookies are used to deliver adverts more relevant to you and your travel needs. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our digital advertising campaigns. They are placed by third-party advertising networks on our behalf and with IT2GO S.A.’s permission. They remember that you have visited LetzRide Website and this is shared with other organisations such as media owners.

You can refuse the use of these cookies should you wish.

8. SHARING YOUR PERSONAL DATA

Your personal data may be shared with or obtain from the following categories of third parties:

Credit and debit card companies. IT2GO S.A. shares some of your personal data, which includes information about your method of payment and trip booking, to the credit or debit card company that issued the card you used to make your booking. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.

From time to time, we make certain third party offers available through our website or we publish competitions co-organised by third parties. If you choose to purchase products or services offered on our websites by third parties, accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party. As such, if you purchase their products or services, your information may be collected by or transferred to such parties. Note: Our partners have their own privacy policies and terms of use over which IT2GO S.A. does not have control. Whilst IT2GO S.A. carefully selects these partners, it has no responsibility or liability for their privacy policies, terms of use or the way they process your personal data. Please ensure that you review the relevant privacy policies and terms of use of these partners prior to purchasing their goods or services, using their websites, apps or services or providing any personal data to them.

Joint Controller Agreement with our independent transport Operators. IT2GO has entered into a joint responsibility agreement pursuant to Art. 26 GDPR with Independent transport companies, all located in the Grand-Duchy of Luxembourg . In these agreements the parties have jointly determined the order in which personal data will be processed for each processing step.

The purpose of these agreements is to execute the booked transport, to enhance our service level, and to improve the processing of customer inquiries. The parties have jointly agreed on what obligations each party will fulfil under the GDPR.

Despite the existence of a joint controllership, the Parties fulfil the obligations under data protection law in accordance with their respective competences. The Parties shall provide any information referred to in Articles 13 and 14 GDPR to you free of charge in a concise, transparent, intelligible and easily accessible form, using clear and plain language. For this purpose, each Party shall provide the other Party with all necessary information relating to their respective operating range. The Parties shall immediately inform each other about the exercise of your rights and provide the other Party with all necessary information referred to the right of access. Pursuant to Articles 15 through 22 GDPR, you may exercise your rights under the GDPR in respect of and against each of the Parties. However, to speed up the response, we would kindly ask you to contact IT2GO to exercise your rights at https:// fleetlab.com.

Authorities. We may disclose your personal data when this is required by the law of any jurisdiction to which IT2GO S.A. may be subject. Through our website we provide links to third party websites which are subject to separate privacy policies. Please be aware that this Data Protection Policy does not apply to such websites and IT2GO S.A. is not responsible for your information that third parties may collect through these websites.

9. YOUR RIGHTS

To summarise, you are entitled to the following rights granted to you by the Regulation, namely:

We shall endeavour to respond to your request promptly and within one month of receipt of the request. Depending on the complexity of the request and the number of requests to handle, we have the ability to extend this response time by two months. You shall be notified of such an extension and of the reasons for the delay within one month of receipt of the request. We reserve the right to reject the request if, on the basis of said request, we are unable to identify you or if the request is deemed excessive or unfounded. You shall be notified of the reasons for refusal within one month of receipt of the request. We may also require the payment of reasonable fees in the case of unfounded or excessive requests, especially if they are repetitive.

You can exercise your rights (e.g. request the deletion of all your personal data from our database) by sending an e-mail to the relevant business entity’s e-mail address, which can be found in section 11 “Contact information”.

If you are not satisfied with the handling of your request, you may file a complaint with the Commission Nationale pour la Protection des Données (information available on the website www.cnpd.public.lu). If you are not satisfied with the processing of your personal data, you may submit a complaint by sending a message, email or letter to the relevant business entity found under section 11 ‘Contact Information’.

10. UPDATES TO OUR DATA PROTECTION POLICY

We may periodically update this Data Protection Policy to reflect changes in our data protection practices or relevant laws.

This Data Protection Policy has last been updated on: 14/05/2024.

11. CONTACT INFORMATION

Questions, comments and requests regarding this Data Protection Policy shall be addressed to our Data Protection Officer at [email protected].