Privacy Policy

1. Data Controller

The controller of your personal data is:

For arranging and managing bookings, SNAPPY DESIGN s.r.o. acts as the primary data controller. Where a transfer is carried out by a licensed third-party driver or transport partner, certain personal data is shared with that partner so they can perform the transport service. In that case, the partner acts as an independent data controller for the data they process in order to provide the transport.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identification data — such as your name
• Contact data — such as your email address and phone number
• Booking details — pickup and drop-off locations, travel date, pickup time, flight number, route, and destination
• Passenger and luggage information — number of passengers, luggage details, child seat requests, and special requirements
• Communication data — emails, WhatsApp messages, phone-related records, and support requests
• Payment-related information — payment status and transaction references; we do not store full card details
• Technical data — IP address, browser type, device information, cookies, and website usage data

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and legal bases under Article 6 GDPR:

• Booking and service provision — managing bookings, assigning a vehicle or partner driver, performing the transfer, monitoring flight arrivals, and communicating about the service. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Operational and customer support — responding to inquiries, handling complaints, resolving service issues, and protecting our rights. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
• Legal, accounting, and tax compliance — retaining invoices, payment records, and legally required business records. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
• Website analytics — understanding website usage and improving our website and services. Legal basis: consent (Art. 6(1)(a) GDPR), where required.

We do not send marketing emails or newsletters. If this changes in the future, we will only send marketing communications where we have a valid legal basis to do so.

4. Sharing of Personal Data

We do not sell or rent your personal data. We share personal data only where necessary and proportionate for the purposes described in this Policy.

• Licensed drivers and transport partners — relevant booking details such as passenger name, phone number, pickup and destination details, timing, flight information, and special instructions. Partners act as independent data controllers for the execution of the transport.
• IT, hosting, and database providers — for website hosting, database infrastructure, technical support, and service maintenance. These providers act as processors under our instructions where applicable.
• Payment providers — for processing online payments and confirming payment status. We do not store full payment card details.
• Analytics and tracking providers — such as Google Analytics, to understand website usage and improve services.
• Communication providers — such as email providers and WhatsApp, for booking communication, support, and cancellation handling.
• Authorities and legal advisers — where required by law, regulation, legal process, or where necessary to protect our rights, safety, or property.

5. International Data Transfers

Our website is hosted in the European Union where possible. Some service providers, including providers such as Google, Meta, or WhatsApp, may process personal data outside the European Economic Area. Where such transfers occur, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

6. Cookies and Tracking

We use cookies and similar technologies to operate our website, improve functionality, analyze usage, and, if implemented in the future, measure advertising performance.

• Essential cookies — required for website functionality
• Analytics cookies — used to understand how visitors interact with the website
• Marketing cookies — used only if advertising tools such as Meta Pixel are implemented

We use Google Analytics to collect anonymized or pseudonymized information about website usage, such as page visits, time spent on pages, and general location. We may implement tools such as Meta (Facebook) Pixel in the future. Where required by law, non-essential cookies are used only with your prior consent through a cookie banner. You can manage or withdraw consent through the cookie banner or your browser settings.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy and to comply with legal obligations.

• Booking and invoice data: up to 10 years to comply with accounting and tax obligations
• Customer communication: up to 3 years after completion of the service for customer support and dispute resolution
• Operational booking records: up to 3 years unless longer retention is required
• Analytics data: retained according to configured provider settings, typically 14 months or less

Data may be retained longer where required by law, in case of disputes, or to establish, exercise, or defend legal claims.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — obtain confirmation and a copy of the data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your data where no legal basis for retention exists
• Right to restriction — request that processing of your data be limited
• Right to data portability — receive your data in a structured, commonly used, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at info@bratislavaairporttaxi.eu. We will respond in accordance with GDPR time limits.

9. Right to Lodge a Complaint

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority in your country or with the Slovak supervisory authority:

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

• Secure servers and hosting within the European Union where possible
• Access controls and authentication mechanisms
• Encrypted communication channels, including HTTPS
• Limitation of access to personal data to authorized personnel only
• Regular monitoring of systems and security practices

While we take reasonable steps to protect personal data, no system can be completely secure. We therefore cannot guarantee absolute security.

11. Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

12. Language

This Privacy Policy may be translated into other languages. In case of discrepancies, the English version shall prevail, unless otherwise required by mandatory law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page with the date of last update shown at the top.

14. Contact

For any questions regarding this Privacy Policy or the processing of your data: