Products and legal entities
GDPR Compliance Statement
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation becomes effective and enforceable on the 25th May 2018. Get By Aps. - GetByBus is fully committed to achieving compliance with the REGULATION (EU) 2016/679 GDPR even prior to the regulation’s effective date, as well as to protecting personal information which stipulates that the personal data given will not be passed on to third parties without client’s consent and will be kept in a safe manner in accordance with the requirements of the Regulation as long as there is a need or no request for withdrawal of consent, deletion, restriction or correction of data.
Get By Aps. - GetByBus will not collect any personal information about you (such as your name, address, telephone number, or email address), unless you voluntarily choose to provide them (e.g. in surveys, query, request etc.) or give your consent or unless otherwise provided by relevant laws and regulations for the protection of your personal data.
Personal data of children
When providing information society services directly to a child, processing of personal data of a child is lawful if the child is at least 16 years old. If a child is below the age of 16, such a treatment is lawful only if and to the extent that the parent has given or approved the parent's liability to the child. Get By Aps. - GetByBus invests reasonable efforts to check whether or not the custody of such a parent has been or has been approved by the holder of parental responsibility for the child, taking into account the available technology.
Lawfulness, fairness and transparency
We will process your personal information only on the basis of legal obligation, your privacy or other legitimate grounds. Data related to you will be collected, used, inspected or otherwise processed transparently, while the deadlines and data processing purposes, the processing manager's identity data, information on how you can access your data, the process of filing complaints and updating the data are all publicly disclosed.
Your personal information will be collected for special, explicit and legitimate purposes and will not be processed in a manner that is inconsistent with these purposes. Data collected for one purpose will not be used for any other purpose or in a manner that is not in accordance with the approved purpose. For purposes of processing that is not carried out on the basis of a legal basis or contract we will ask you for a special privilege.
The personal information we collect is appropriate, relevant and limited to the purpose of processing. The processing manager and processor will not collect any personal information that is not required for processing purposes.
Accuracy and integrity of data
It is necessary that the personal information we collect and prepare is accurate and up-to-date and that is why we will take every reasonable measure to ensure that the personal data that is incorrect are deleted or removed without delay, taking into account the purposes for which they are being processed.
The deadlines for keeping your personal data are determined by positive legal regulations or by your privacy to collect and process your personal information.
Integrity and confidentiality
In order to protect your personal information from accidental or unlawful destruction, loss or alteration, and from unauthorized disclosure or access, Get By Aps. - GetByBus use technical and organizational security measures.
Questions and Comments
What data is collected?
Travel information and basic buyer info (Name and email) are used to generate tickets bought on GetByBus which are sent on your email upon purchase. This data is used only for the operating business and as such all parties involved in the passenger transfer have access to it: GetByBus for rebooking / cancellation / customer support purposes and bus operator for allotment management and passenger validation. This category also includes your trip plans in case of bus rent, private airport transfers, excursions. All data is safely stored in the GetByBus system and is not shared publicly.
Once you have traveled by a bus operator available through GetByBus, you will get an email containing review instructions. The review data is shared publicly, that being only the review scores, review text and buyer’s first name. Reviewer’s email, full name and other personal info is never shared outside the GetByBus team.
User’s IP address and request logs are collected and processed using 3rd party software by GetByBus team. This data is used only for fraud prevention and performance optimizations, and is accessible only by GetByBus team.
Cookies are used to improve our page performances and provide analytics about the page usage. You can learn more about the types of cookies and their purpose by clicking on the cookies link in the footer.
All data sent towards GetByBus or sent by the GetByBus system towards your client are sent securely through encrypted channel using SSL encryption and can not be monitored or decrypted by 3rd parties to plain format.
Emails sent by GetByBus system are also sent through SSL encrypted channel towards your email client.
The entire GetByBus system and database is hosted by Amazon Web Services cloud accessible only by having complex access keys and passwords available to and safely stored by GetByBus team.
Data is safely stored in the GetByBus system for as long as the user has the account on GetByBus opened and has not requested for his data to be deleted under the Federal privacy right.
Review data can be publicly posted on GetByBus.com, that being only the ratings, comment text and first name (does not uniquely identify the reviewer).
Your initial login credentials will be emailed to your personal email client with instructions for changing your password. GetByBus is generating, but not storing your initial generated password in plain format.
Upon a successful purchase, your ticket data is used to generate a PDF ticket and will be emailed to your personal email.
Ticked data is shared with the corresponding bus operator in order for the ticket to be verified upon entering the bus, and for the bus operator to perform yield management.
Data is accessible for the bus operator through GetByBus operator interface
In some cases, data is also sent to the bus operator’s email
In some cases, data is also sent to the bus operator’s IT system
Your personal data is not used for marketing purposes by the GetByBus team, unless you have signed up for Newsletter when the email contents are shared with Mailchimp (but not used for any other purposes), or in the case you get a review email.
Server access logs are available to GetByBus team only, however they are processed and securely stored by 3rd parties software used only by GetByBus team.
GetByBus nor its payment partner Corvus llc (Buzinski prilaz 10, 10010 Zagreb, Croatia) does not store any of the credit card data - the credit card data is sent from Corvus to the corresponding Bank in order to authorise the transactions and is thereafter deleted.
Both the payment provider Corvus and GetByBus are storing the transaction data (payed amount, credit card owner name and address, credit card type and the first and last four numbers of the credit card number and IP address of the user) for confirmation and safekeeping.
Any mentioned payment data is visible only to the internal customer support and is not used for other purposes.
In case you accept to receive GetByBus promotional newsletters, your travel data, email and full name will be used to generate a personalized Newsletter email. Newsletter email is sent to your personal email through Mailchimp system.
3rd party software used for processing data
Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) is used to improve sites user experience. Hotjar measures and records users interactions on the site (mouse movements, clicks, times between actions, browser information, key entries, mouse scroll actions etc.). You can read more about Hotjar data processing here: https://www.hotjar.com/privacy, or you can disable Hotjar tracking for your device here: https://www.hotjar.com/opt-out.
Google Analytics, a website analytics tool developed by Google Inc. ("Google"). Google analytics is the most popular visitor analytics tool used on the web, and based on implementing a cookie in visitors browser to track the way he uses a specific website. Google analytics uses a IP anonymization tool and does not use your anonymized IP to correlate with the rest of the gathered data. As such, Google Analytics provides a broad, group based analytics and does not personalize users. In case you do not want to provide GetByBus with the anonymous usage data collected through Google Analytics, you can opt out by installing a browser plugin from http://tools.google.com/dlpage/gaoptout
Block facebook plugin using 3rd party browser plugins: https://www.comparitech.com/blog/vpn-privacy/stop-facebook-tracking/
Block Twitter plugin using 3rd party browser plugin such as: http://noscript.net/
Block Google +1 plugin using 3rd party browser plugin such as: http://noscript.net/
Retargeting software (by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") is used to create pseudonymized profiles of GetByBus visitors in order to track their website usage for marketing purposes of GetByBus. Cookies could be used in the users browser in order to track reoccuring visits on the page and in order to present web advertisements for products of GetByBus on 3rd party websites. You can disable this feature under https://www.google.com/settings/ads, and read more about this feature on http://www.google.com/policies/technologies/ads/.
TheRootCause (https://therootcause.io/, Mäster Samuelsgatan 36, Stockholm, Sweden, Europe) is used to improve sites user experience. TheRootCause tracks errors happened on some subpages of site and stores those errors. In case that an error gets stored, several user data will be stored as well (site screen in time error occured, mouse click, user operating system information, user browser information, etc.). You can read more about TheRootCause data processing here: https://therootcause.io/privacy-policy/.
Right to information and Right to appeal
Under the Federal privacy right, you are entitled to request information about your stored data in the GetByBus system as well as to have your data erased from the GetByBus system. In such a case, all of the data GetByBus has about you will be irreversibly anonymised. Such request should be made to Get By aps., Sønderholt 37, 9560 Hadsund Denmark or via email to firstname.lastname@example.org.
All payments will be done in the currency kuna. The amount of your credit card will be debited through the conversion price in euros or dollars into Croatian kuna according to the current exchange rate of the Croatian National Bank.
When charging your credit card, the same amount is converted into local currency at the exchange rate of credit card associations. As a result of this conversion there is a possibility of a slight difference from the original price stated on our web site: www.getbybus.com