1. Controller
The data controller under Regulation (EU) 2016/679 (GDPR) and Act No. 18/2018 Coll. of Slovakia is:
- Gourmandia s.r.o.
- Company ID: 53 344 308
- Address: Tomášikova 12571/50/C, 831 04 Bratislava
- E-mail: info@taxia.sk
- Phone: +421 949 313 303
You can contact us at the e-mail above for any privacy matters. We have not appointed a Data Protection Officer (DPO), as we are not required to do so by law.
2. What data we process and why
We only process data that you provide when booking a ride, requesting a quote or contacting us:
| Purpose | Categories of data | Legal basis | Retention |
|---|---|---|---|
| Handling the transfer booking | name, phone, e-mail, pick-up/drop-off, time, passengers, flight no., note | Art. 6(1)(b) GDPR – performance of contract | duration of the trip + 1 year |
| Price quote / inquiry | name, contact, trip details | Art. 6(1)(b) GDPR – pre-contractual measures | 6 months from last contact |
| Accounting and tax obligations (invoices) | billing data, company ID for B2B | Art. 6(1)(c) GDPR – legal obligation | 10 years |
| Complaints handling | communication data | Art. 6(1)(c) GDPR | 4 years |
| Marketing communication (newsletter) | e-mail, name | Art. 6(1)(a) GDPR – consent | until consent is withdrawn |
| Website security and analytics | IP address, cookies, browser data | Art. 6(1)(f) GDPR – legitimate interest / consent for optional cookies | max. 24 months |
3. Recipients and processors
Your data may be shared with the following categories of recipients, strictly to the extent required:
- hosting and infrastructure – Cloudflare, Inc. (USA / EU region)
- database and backend – Supabase / AWS (EU region)
- e-mail delivery – Resend or SMTP partner
- accountant and tax advisor
- public authorities, when required by law
All processors are bound by data processing agreements under Art. 28 GDPR.
4. Transfers outside the EU
Some providers (e.g. Cloudflare, Resend) may process data outside the EU. Such transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) under Art. 46 GDPR.
5. Your rights
Regarding the processing of your personal data, you have the right to:
- access your data (Art. 15),
- rectify inaccurate or incomplete data (Art. 16),
- erasure ("right to be forgotten", Art. 17),
- restrict processing (Art. 18),
- data portability (Art. 20),
- object to processing based on legitimate interest or direct marketing (Art. 21),
- withdraw consent at any time, where processing is based on consent,
- lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk).
Send rights requests to info@taxia.sk. We respond without undue delay, within 30 days at the latest.
6. Profiling and automated decision-making
We do not perform any automated decision-making or profiling with legal effects on data subjects.
7. Data security
Data is transmitted encrypted (HTTPS/TLS) and access is restricted and protected with credentials. We regularly review security risks.
8. Changes
We may update these terms. The current version is always available on this page with the date of the last update.