Privacy Policy
Last updated: 2026-05-05
This Privacy Policy describes how the operator of this website (“we”, “us”) collects, uses, stores, and shares personal data when you use the vignette route planning and order request service (the “Service”). It is intended to meet transparency expectations under the EU/EEA General Data Protection Regulation (“GDPR”) and similar laws, where they apply.
1. Data controller
The data controller is the natural or legal person operating this website. You can contact us using the email address or other contact point provided in transactional messages (for example, order or request confirmations) or on the Service itself.
2. Scope
This policy covers processing through this website and our own APIs (for example, saving a request or usage metrics). It does not govern third-party sites linked from the Service. Third-party providers (see below) have their own privacy notices.
3. Categories of personal data we process
Depending on how you use the Service, we may process:
- Route and trip data: origin and destination labels you select, travel dates, selected vignette countries, fuel type where relevant, and derived pricing breakdowns.
- Vehicle data: license plate number and country of registration.
- Contact data: email address you provide.
- Technical and usage data: browser-related events we log for product improvement (for example, page views, when a route or price estimate is reached, validation issues, when a request button is used). These events may include coarse campaign parameters (such as UTM tags or ad click identifiers from the URL), language choice, and page path.
-
Local storage on your device: we may store your form progress, language, and similar settings in
the browser (for example
localStorage) so the page can restore your input. - Approximate location (optional): we may request an approximate country derived from your IP address (via a third-party lookup) to pre-fill convenience fields (for example registration country). Your IP may be processed by that provider.
4. Purposes and legal bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Providing route and price estimates; restoring your session | Performance of a contract or pre-contract steps at your request (Art. 6(1)(b) GDPR); consent where required for non-essential storage |
| Receiving, reviewing, and fulfilling an order request; contacting you about it | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing card payments (when enabled) via a payment provider | Performance of a contract (Art. 6(1)(b) GDPR) |
| Internal notifications to our team (for example email or secure messaging) when a request is submitted | Performance of a contract; legitimate interests in operating the Service (Art. 6(1)(f) GDPR) |
| Aggregated usage metrics, debugging, abuse prevention | Legitimate interests (Art. 6(1)(f) GDPR) in securing and improving the Service, balanced against your rights |
| Marketing / analytics tags loaded through Google Tag Manager or similar | Where required by law, consent (Art. 6(1)(a) GDPR); otherwise legitimate interests or contract support depending on configuration |
If we rely on consent, you may withdraw it at any time without affecting prior processing that was lawful.
5. Recipients and processors
We use service providers who process data on our instructions, including where applicable:
- Hosting / infrastructure — server environment where the application and data files run;
- Email (SMTP) — delivery of messages to you and to our team;
- Stripe — payment processing and related fraud checks when online payment is enabled;
- Google — Maps / Places or similar APIs when enabled; Google Tag Manager / analytics as configured;
- Messaging providers — for example Telegram Bot API, if we route internal alerts to staff devices;
- IP geolocation API — for example ipapi.co or comparable, for optional country pre-selection.
Some providers may process data in countries outside the EEA. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) or rely on adequacy decisions.
6. Retention
- Order requests are stored in server-side logs (for example append-only files) for the time needed to handle your request, meet legal, tax, and accounting obligations, and resolve disputes. If you ask for deletion, we will comply unless a longer retention is required by law.
- Usage metrics are kept in aggregated or pseudonymous form for analytics; raw recent events may be rotated or trimmed over time.
- Browser storage remains until you clear site data or we clear it on logout/reset flows.
7. Security
We apply reasonable technical and organisational measures appropriate to the risk, such as access control on servers, transport encryption (HTTPS), and separation of secrets (API keys) from public code. No method of transmission or storage is completely secure.
8. Your rights
Depending on your location, you may have the right to:
- access your personal data;
- rectify inaccurate data;
- erase data (“right to be forgotten”) where conditions are met;
- restrict or object to certain processing;
- data portability for data you provided, where processing is automated and based on contract or consent;
- lodge a complaint with a supervisory authority (in the EU, typically where you live or work).
To exercise rights, contact us using the same channel as in section 1. We may need to verify your identity before disclosing or changing information.
9. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it.
10. Cookies and similar technologies
We and our partners may use cookies, pixels, or similar technologies via tag managers or embedded scripts. The exact list depends on your GTM configuration. You can control cookies through your browser settings. Where mandatory law requires a consent banner for non-essential cookies, you should configure the Service accordingly.
11. Automated decision-making
We do not use fully automated decision-making that produces legal or similarly significant effects solely by automated means. Price estimates are calculated by rules and data you provide; a human may review requests.
12. Changes
We may update this Privacy Policy by changing the “Last updated” date. Material changes may be communicated via the Service or email where appropriate.
13. Contact
Privacy-related requests: use the contact details provided in your confirmation messages or published on this site. For broader questions, see also our Terms of Service.
This Privacy Policy is for transparency and operational use. It is not legal advice. A qualified professional can adapt it to your company name, registered address, DPO appointment (if any), and actual tools you enable in production.