Data privacy

NOMAGO d.o.o. is aware of the importance of protecting the personal data you provide. This is why we carefully protect and manage all your personal information.

This privacy policy covers personal data protection at NOMAGO d.o.o. and informs the company's customers and website visitors about the purposes of data processing, types of processed personal data, the rights we ensure, and the foundations for the processing of your personal data.

NOMAGO d.o.o. processes personal data in accordance with the provisions of the Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR), national legislation as well as the newest guidelines and standards of personal data protection.

We will require certain personal information about you to be able to provide a suitable user experience and to ensure that our cooperation with you is successful. We will only ask for personal information that is necessary for our cooperation according to your wishes. We will use it in accordance with the purpose for which they were provided. We are obliged to process the provided personal data in a legitimate and fair manner, and we will never use your personal information for any other purpose that is not in accordance with the purpose for which they were collected.

The GDPR regulation by the EU sets high standards for collecting and storing your data and gives you the right to check your stored data, demand corrections or deletion and much more. We have prepared this explanation about the safety of your data and your rights as data subjects in accordance with the legislation and our awareness of the importance of data protection. Carefully read this explanation before agreeing to the collection and processing of your personal information.

Personal data controller

Contact information for the personal data controller:

Full name of the personal data controller

NOMAGO, storitve mobilnosti in potovanj, d.o.o.

Headquarters

Vošnjakova ulica 3, 1000 Ljubljana

VAT ID

SI 52398790

Registration number

5143373000

E-mail address

info@nomago.si

Phone number

+386 1 431 77 00

Website

www.nomago.si

 

Data Protection Officer

Contact information for the Data Protection Officer (DPO):

Phone number: +386 (0) 1 431 77 00

E-mail address: dpo@nomago.si 


Personal data


Personal data
is any information that relates to an identified or identifiable living individual. Any individual who can be directly or indirectly distinguished from others is considered identifiable, especially by specifying an identifier, such as their name, personal identification number, location data or by specifying one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

The controller processes the following kinds of personal information for specific and predetermined purposes:

  • first and last name
  • address of permanent or temporary residence
  • phone number
  • E-mail address
  • age group
  • birth details (date, place and country of birth)
  • nationality
  • data from identification documents (number, issue and expiry date, and issuer)
  • specific medical conditions
  • information about personal income
  • student or retirement status
  • GO card number
  • mobile app usage analysis
  • website usage analysis
  • e-mail response analysis
  • IP address of internet-connected device and the use of cookies on the website
  • date and time of access
  • geolocation of buses

 

Legal basis for processing personal data


The company only processes your personal data: 

  • based on your explicit consent. (GDPR Article 6, paragraph 1, bullet point a)
  • if the collection of your personal information is necessary to enter into a contract with you. (GDPR Article 6, paragraph 1, bullet point b)
  • if the applicable legislation requires the collection of personal data (such as data that is included in an issued invoice). (GDPR Article 6, paragraph 1, bullet point c)
  • when NOMAGO d.o.o. has a legitimate interest for the collection of your personal data, except where the interests or fundamental rights and freedoms of the individual outweigh the interests of the company. (GDPR Article 6, paragraph 1, bullet point f)

 

Processing personal data in accordance with legal or contractual requirements


NOMAGO d.o.o. processes personal data in accordance with contractual or legal requirements for the following purposes:

 

PURPOSE

DESCRIPTION

Conclusion of the contract: purchasing, transportation tickets, purchasing monthly or annual tickets.

We will process your information in order to fulfill contractual obligations and perform transportation based on your daily, monthly or annual ticket.

Issuing invoices for provided services

We will process your personal information in accordance with legal requirements to be able to issue invoices for the services we have provided.

Booking of excursions, travel, and accommodation

We will process your personal data for the purpose of booking excursions, travel and accommodation.

Performing customer support during the booking process and resolving potential issues

We process your personal information on a contractual basis for the purpose of resolving any problems that may arise during the performance of the contract in connection with the performance of contractual obligations and for the purpose of providing customer support during the actual transport or accommodation.

Preventing and identifying abuse and acts that could be considered criminal offenses

The company processes your personal data for the purpose of preventing abuse and identifying acts that could be considered criminal offenses, and reporting them to the competent authorities (prosecution, police…)

 

Processing personal data based on a legitimate interest

PURPOSE

PERSONAL DATA AND STORAGE PERIOD

DESCRIPTION

 

 

Improving safety and preventing intrusion into the company's IT systems

IP address

 

Our company processes your personal data for the purpose of preventing hacking attacks on the company's IT systems, attacks on the company's website and determining critical points in the company's IT infrastructure as well as improving its internal IT-security.

 

 

 

 

 

 

 

 

 

Use of cookies on company websites

Essential cookies

 

Storage period: while the company's websites are being used or until the withdrawal of consent for the use of cookies.

Our company uses cookies to ensure the smooth operation of the website based on the first paragraph of Article 6, bullet point f of GDPR. Cookies allow us to tailor the site to your needs and make it easier to use and display content that is important to you and not to display content that is not relevant to you or is inappropriate in any way.

By using the website you agree to the use of essential cookies. Essential cookies are necessary for the functioning of the website. They do not store any personal data; they are used solely to ensure that the website works correctly and properly. Optional cookies that are required for the functioning of various interfaces are only saved after you provide your consent.

Market research, analytics, and improvement of our services

Logos, IP address of the website user, movement of the user through web pages. Cookies that are required to perform basic Google Analytics features. The data is processed anonymously.

 

Storage period: We will process the data for the purpose of market research and improving our services solely until we need it for the purpose of market research and identifying relevant facts for the improvement of our services.

We use your personal information to analyze the ways in which we could improve our services, identify potential errors in our systems and websites, determine the performance of our websites, and improve the quality of our services and websites. Our company processes general statistics data (basic Google Analytics) about the general behavior of customers and their orders. The processing of personal data is done in a way that prevents the identification of individuals.

Advertising and marketing of products and services to existing customers

First and last name, phone number, address, email address

 

Storage period: We will store the data for the purpose of marketing to existing customers for as long as necessary to achieve the purpose of advertising and marketing activities or until you withdraw your consent to the processing of your personal data for marketing purposes.

Marketing and advertising to existing customers includes mostly:

  • Displaying customized content on the company's website based on your age and preferences.
  • Participation in sweepstakes and promotional activities of the company:
  • sending useful tips, useful information, and advice regarding transportation, accommodation, sights, ...

Determining the geolocation of the bus and the user of the application so we can provide accurate information on arrivals and departures from stations and the current location of buses in the NOMAGO Intercity app.

Resolution of complaints and damages claims.

Geolocation of buses

Location information of your mobile device.

Elektronski naslov

Phone number

 

Storage period: The data is stored 5 years from the time the complaint or damages claim was filed or until the legal dispute is resolved.

NOMAGO d.o.o. enables you to track the geolocation of your bus using the Intercity app in your mobile device. The app provides accurate arrival and departure times for buses and enables you to track the current location of your bus. The information about your location and the location of your bus will also be used if you file a complaint or damages claim. You can decide if you want to allow the app to track your geolocation.

     

Processing of personal data based on your consent

PURPOSE

PERSONAL DATA AND STORAGE PERIOD

DESCRIPTION

Processing personal data for customizing web content and messaging

First and last name, IP address, address, email address, phone number

 

Storage period: Until you withdraw consent for the processing of your personal data or you request that we delete it.

NOMAGO d.o.o. uses your personal data with your consent to monitor your behavior while you use the website. The data which is collected with your approval is primarily used for communicating with you and improving our services. This way we can avoid sending notification about student cards to referees or sending local summer vacations to world travelers. We also try to figure out which parts of our offer might be overlooked because it might not be adequately visible on our website.

 

Sending news, advertising and marketing materials as well as service offerings to individuals who are not our customers

First and last name, IP address, address, email address, phone number

 

Storage period: We will store the data for the purpose of marketing to for as long as necessary to achieve the purpose of advertising and marketing activities or until you withdraw your consent to the processing of your personal data for marketing purposes.

Marketing and advertising to existing customers includes mostly:

  • Displaying customized content on the company's website based on your age and preferences.
  • Participation in sweepstakes and promotional activities of the company.
  • sending useful tips, useful information, and advice regarding transportation, accommodation, sights, ...

 

Personal data acquisition

NOMAGO d.o.o. will acquire your data:

  • from yourselves: if you provide us with your personal information for a specific processing purpose;
  • from third parties: if a third party provides your personal information. (A passenger may, for example, buy a ticket in the name of 4 friends and gives us their names, a father may book a journey for the whole family and enter the personal information of all family members...)

Storing your personal data

Personal information obtained from you either through the use of the NOMAGO d.o.o. website or upon your express consent will be stored in an electronic or physical database of personal data (depending on the form of the personal information that we obtained). The databases employ all necessary technical, organizational and logistical safety measures. Databases can be only accessed by persons that are properly authorized by NOMAGO d.o.o.

The personal data that you send in a digital format is saved on servers in our company headquarters or in headquarters of our service providers. Our e-mail service provider saves e-mail addresses for example. Nomago d.o.o. only uses service providers who can assure us that they have no rights to access any of the data that they save on our behalf. We also check whether they have adequate data safety mechanisms and whether they can provide assurances that they will never use any of our customers’ data.

 

Contractual processing of personal data


Due to the nature of our business, we may have to share your personal data with our partnering contractors and data controllers. 

  • Hotels and other accommodation providers
  • Contractual processes that develop IT services, safety systems and apps for NOMAGO d.o.o.
  • Cloud service providers
  • Contractual operators of buses and other transportation services for Nomago d.o.o.
  • Airlines
  • Contractors who sell tickets for NOMAGO d.o.o.
  • Contractors who provide tourist services and accommodation
  • Contractors who provide payment services and payment systems
  • Insurance companies
  • Contractual tour guides

NOMAGO d.o.o. cooperates only with verified contractors who can ensure the proper security of your personal data by providing appropriate technical and organizational measures, and will process your personal data in accordance with the General Data Protection Regulation.

The Provider will not share your personal information with unauthorized third parties.

The contractors may only process personal data according to the instructions of the data controller and may not use it to pursue any self-interest.


Security of personal data processing

The data controller strives to ensure the proper security of its day-to-day personal data processing by constantly updating and upgrading safety systems that ensure the security of the data processing process. Your personal data is protected from loss, destruction, unauthorized access and access by unauthorized persons during the entire processing process.


Sending data to third countries or international organizations

When you travel to third countries with NOMAGO d.o.o., we will have to forward your data to different contractual processors in those countries, such as accommodation providers (hotels, apartments), transportation providers (airlines) and others.

NOMAGO d.o.o. works only with third country providers who can ensure adequate personal data protection.


Rights of individuals in connection to personal data processing

NOMAGO d.o.o. ensures the following rights in connection to personal data processing:


1. The right to withdraw consent

Any individual that consents to personal data processing for one or more purposes has the right to withdraw his/her consent at any time.

The data controller will immediately stop processing your personal data for one or more purposes upon receiving the withdrawal of consent.

Withdrawal of consent for the processing of personal data does not affect the lawfulness of your personal data that was processed prior to receiving the cancellation, nor does it affect the use of such personal data for statutory or contractual purposes.

2. The right to access personal data processed in connection with you

The data controller must notify you upon request whether they process any of your personal data. They must also provide access to your personal data as well as the following information: the purpose of processing, the type of your personal data, users of your personal data, estimated storage period of your personal data, and the source of your personal data.

3. The right to rectification of inaccurate personal data

You have the right to demand that the data controller corrects or updates your personal data if it is incorrect or incomplete.

The data controller will notify you without delay when your personal data is corrected.

4. The right to limit the processing of your personal data

You can demand at any time that the controller limits the processing of your personal information if it is inaccurate, illegal or the purpose for its processing no longer exists. You may also object to such processing.

5. The right to deleting personal data (»the right to be forgotten«)

You have the right to request that the controller deletes the personal data that they process in connection with you without any undue delays.

If your personal data is deleted upon your request, the data controller will notify you about it.

The right to object

In addition to the right to withdraw consent, you may demand in writing that your personal data is no longer processed for informational or marketing purposes if they are being used for such purposes. If you object to processing for marketing and advertising purposes, the data controller will immediately stop processing your data for such purposes.

7. The right to transfer your data

You have the right to transfer any personal data that the data controller processes to a different controller where technically feasible.

Exercising your rights

You can exercise any of the rights in this statement based on a claim to exercise such individual rights. A claim can be filed as a physical or electronic document. You can mail your request for exercising your rights to storitve mobilnosti in potovanj, d.o.o., Vošnjakova ulica 3, 1000 Ljubljana or email it to info@nomago.si or dpo@nomago.si

The right to file a complaint

If your personal data protection rights have been violated, you have the right to file a complaint to your competent supervisory authority by writing to the following address: Informacijski pooblaščenec, Zaloška 59, 1000 Ljubljana or send an email to: gp.ip@ip-rs.si.

Personal data protection risks


Perfect safety is unfortunately impossible no matter how hard we try to protect data. There is always a chance that our systems will be breached or that an unforeseeable error threatens the security of your personal data.

If the safety of your personal data is compromised and if there is a chance that such safety breeches could jeopardize your rights and liberties, we will immediately notify you.

If the safety of personal data protection is compromised, we will notify the competent authorities about this fact immediately or no later than in 72 hours.

Validity of this policy


We reserve the right to amend this privacy statement or update it due to changes in legislation without prior notice. The currently valid version is always published here.

Any changes in this privacy policy will be posted on this website

Version: 2.0 dated 17/09/2019

NOMAGO, storitve mobilnosti in potovanj, d.o.o.
Vošnjakova ulica 3
1000 Ljubljana

email: info@nomago.si
phone no.: +386 1 431 77 00

Related content

Be informed

Don't miss the next special offer or important notice!

Are you an adventurous traveler or a daily commuter? In either case, we offer you up-to-date, interesting and useful travel and transit information, delivered through our social media channels. Follow us!