Data protection policy

1. Who is responsible for your data?

Our Data Protection Policy applies to the personal data that SLG collects and uses.

References made in this Data Protection Policy to either “SLG”, “we”, “us” or “our” mean SLG S.A. (a company registered in Luxembourg with registration no. B78631 and registered office at 4, rue Laangwiss, L - 4940 Bascharage).

We determine the ways your personal data are collected and the purposes for which your personal data are used by SLG as we are “data controller” for the purposes arising from Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter « the Regulation »). Note that each legal entity within the SLG is to be considered the local “data controller” for personal data processing activities that are directly related to their function.

We are a corporate group of companies (“our Group”), which includes:

  • TravelPro S.A. with headquarters located at 430-434, route de Longwy, Luxembourg L-1940 (LU) with registration no. B44184
  • Flib Travel International S.A. with headquarters located at 4, Rue Belair, Differdange L-4514 (LU) with registration no. B177392
  • Autocars Sales-Lentz S.A. with headquarters located at 4, rue Laangwiss ZAE Robert Steichen, Bascharage L-4940 (LU) with registration no. B7475
  • SLA S.A. with headquarters located at 4, rue Laangwiss, ZAE Robert Steichen, Bascharage L-4940 (LU) with registration no. B49878
  • SL Belgium with headquarters located at Rue des Frères Wright 8, 6041, Charleroi (BE)
    with registration number 0831.920.104
  • Léonard Travel International S.A. with headquarters located at 25 Parc Artisanal de
    Blegny, 4671, Blegny (BE) with registration number 0420.348.114
  • Léonard Luxembourg with headquarters located at 4, rue Laangwiss ZAE Robert Steichen, Bascharage L-4940 (LU) with registration no. B287771
  • Keywi S.A. with headquarters located at 4, rue Laangwiss, Bascharage L-4940 (LU) with registration no. B214450
  • FlibTravel International Italy SRL with headquarters located at via Pola II CAP20124, Milano (IT) with registration no. MI-2563326

2. Personal data we collect about you

When using the term “personal data” in our Data Protection Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your booking (e.g. your booking reference number, your travel itinerary) or information on how you use our website and apps or how you interact with us.

We collect some personal data from you, for example, when you book or purchase a transport service or product with us (e.g. touristic products and local experiences, transfers,…) use our website or our app, use our services, contact us or apply for a job posting through our website, you will be redirected to the Skeeled platform. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our services), our partners when you purchase their transport-related products or services or third parties who act on your behalf, for example our agents or other parties who book a service or product for you. If you book a service or product on behalf of someone else, you must have their consent to use their personal information.

We process your personal data only when you have given your consent, when it is necessary for the performance of a contract you have concluded with us, or for the fulfilment of a legal obligation to which we are subject. We may process personal data on the basis of our legitimate interest only if this interest is not overridden by your rights.

For more information on the parties with who we may share your personal data, please see section 7 “Sharing of your personal data”  below.

Categories of data we collect

We may collect and process the following categories of information about you:

Your name and surname and your contact details
(email address, telephone number and postal address)		When you create an account on
our website
When you purchase our transport services or products
When you take part in our
competitions, or
When you choose an offer we
make available on our website
Information about your bookings and your
itinerary, if you require special assistance or if
you have specific dietary requirements. This
information may include any changes to your
bookings and travel products that relate to your
booking (for example if you purchase travel
insurance, rent a car or book a hotel along with
your travel booking)		When you book or manage your
booking
Information about your health, if you have a
medical condition that may affect your voyage
(please see section “Sensitive personal data”
below for more information)		When you provide us with this
information during your booking to express specific needs
Information about other passengers in your
booking, and the age range of any children
part of your booking		When you make a booking on
behalf of other passengers
Information about your transaction, including your
payment card details		When you purchase our transport or travel related products or services
Advance Passenger Information. This
information includes your full name, your
nationality, your date of birth, your gender (where
required),the number and type of your travel
document (e.g. passport or ID), its expiry date and
country of issue		When you check in for specific
travel routes
Information related to your booking and our
services in connection (e.g. auto-bag drop service, declaring lost luggage)		When you book a service or a product through
SLG
Information about your purchases of our partners’
travel related products and services		When you purchase such
products or services
The communications you exchange with us (for
example, your emails, letters, calls, or your
messages on our online chat service)		When you contact SLG or you are contacted by SLG
Your posts and messages on social media
directed to us		When you interact with us on
social media
Your feedbackWhen you reply to our requests
for feedback or participate in our
customer surveys
Information about how you use our website or
our mobile app, such as your searches for
voyages		When you navigate on our
website or when you use our
mobile app
Information contained within your CV/application formWhen you apply for a job posting through the SLG website

Sensitive personal data

In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the Regulation and relevant data protection laws. We only collect this information when you have given your explicit consent and it is necessary, or when you have manifestly made it public.

For example, we may collect this information in the following circumstances:

For your safety, when you have a specific medical condition, you will need to inform us of that and –where required – provide us with a medical certificate.

If you request special assistance or any accessibility requirement when booking our services or products, this could reveal information about your health (e.g. if you ask for a wheelchair). If you inform us about specific dietary requirements you may have, this could potentially indicate that you have certain religious beliefs. Also, when you provide us with your travel document details, your nationality may imply your racial or ethnic origin. By providing us with your CV/application form when you apply for a job posting on our website, we may also be able to infer information regarding your racial or ethnic origin or your religious beliefs.

By providing any sensitive personal data, you explicitly agree that we may collect and use it in order to provide our services in accordance with this Data Protection Policy.

If you do not allow us to process any sensitive personal data, this means we may be unable to provide all or parts of the services you have requested from us.

3. How and why we use your personal data

We use your personal data for the following purposes:

  • To manage your bookings and provide our services to you
    When you are booking a voyage, transfer, or any other service/product  with us, we use your information to perform our services in relation to your booking, for example to issue your tickets, check you in, issue your boarding pass, or take you safely to your destination. We also use it to change your bookings if you request such changes.
  • To communicate with you and manage our relationship with you
    Occasionally, we may need to contact you by email and/or SMS for administrative or operational reasons, for example in order to send you confirmation of your bookings and your payments, to advise you of disruption and changes to your booking. If you are using our mobile apps, we may also send you app notifications for these purposes.
    Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.
    We will also use your personal data if we contact you after you have sent us a request by filling in the web-form on our website.
    Your opinion is very important to us, so we may send you an email or SMS to seek your feedback.
    We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.
  • To personalise and improve your customer experience
    We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience, for example, if you frequently book rides to specific locations, by understanding your preferred modes of transportation. We may also collect information on how you use our website, which pages of our website you visit most, which travel destinations you search for and what products you buy, in order to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you may like.
    If you are in the process of making a booking under your account and you leave our website before your order has been placed, we may contact you in order to help you easily complete your booking.
  • To inform you about news and offers that you may like
    We may send you marketing communications for our services and products, if you have indicated that you wish to receive these, for example when you create an account on our website or make a booking with us. If you wish to receive marketing communications, we will provide you with news from us such as new products that you may be interested in or offers that you may like.
    In addition, we will also send you communications promoting our partner’s products and services that may relate to your interests or preferences, if you have indicated that you wish to receive these.
    Please note that we will not share your contact details and other personal data with these partners or other companies for marketing purposes.
    If you do not want to hear from us about our or our partners’ products and services, you can simply tell us so by choosing the relevant option before confirming your booking. You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us. If you prefer, you can also call our Customer Service team for the relevant entity of the Group and express your preference to not receive marketing communications.
  • To improve our services, fulfil our administrative purposes and protect our business interests
    The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development.
  • To comply with our legal obligations                                                                                                                    For example, to comply with our obligation to provide your information to national authorities, where necessary. We may also process your personal information in order to comply with our relevant legal obligations under the Luxembourg law of 16 May 2023 transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, when you choose to share such personal information by submitting a report through our Whistleblowing Channel. Our platform is provided by Whistleblower Software. For more information on how the platform will process your personal data, please refer to our dedicated Whistleblower Privacy Notice
  • To enter into a contract with you
    Should you apply for a job posting through our website, we will process the personal information that you provide us with (e.g. your professional data and your CV), in order to take the steps to enter into an employment contract with you. When you submit your candidature through our website, we make use of Skeeled, a talent acquisition platform, to efficiently manage candidate applications and streamline the hiring process. This platform is designed to collect and store personal information provided by job applicants securely. For detailed information on how your personal information is collected, used, and safeguarded on the platform, please refer to the Skeeled Data Protection Notice.

4. Security of your personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.

This means that we adhere to high security standards in order to protect your payment card details when you share such details with us.

As described in this Data Protection Policy, we may in some instances disclose your personal data to third parties. Where SLG discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however, in some instances, we may be compelled by law to disclose your personal data to a third party, and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Data Protection Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards under the Regulation are in place.

We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Data Protection Policy or in order to comply with the law. Further information about the specific retention periods are available upon request.


5. Notification in the event of a breach of your personal data

In the unlikely event there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data (such as sending personal data to an incorrect recipient, or loss of availability of personal data), we are committed to taking an informed decision on whether to notify the relevant supervisory authority within 72 hours of becoming aware of such a breach.  We commit to informing you without undue delay, in the event the personal data breach is likely to result in a high risk to your rights and freedoms,.


6. Cookies or other tracking technologies

In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website and app, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.

For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website.

We also use cookies in our website, mobile app or in our emails. Cookies are small pieces of information stored by your browser on your computer’s hard drive. They enable you to navigate on our website or app and allow us to provide features such as remembering aspects of your last search to make subsequent searches faster. You can refuse and delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website or app, most of the features will still be accessible without cookies.

• Category 1: Strictly Necessary Cookies

These Cookies enable services you have specifically asked for.

These Cookies are essential in order to enable you to move around SLG Websites and use its features, such as accessing secure areas of the website. Without these Cookies, services you have asked for, such as e-billing, may not be provided.

• Category 2: Performance Cookies

These Cookies collect anonymous information on the pages visited.

These Cookies collect information about how visitors use SLG Websites, for instance which pages visitors go to most often, and if they get error messages from web pages. These Cookies do not collect information that identifies a visitor. All information these Cookies collect is aggregated and therefore anonymous. It is only used to improve how SLG Websites work.

• Category 3: Functionality Cookies

These Cookies remember choices you make to improve your experience.

These Cookies allow SLG Websites to remember choices you make (such as your user name, language, or travel preferences) and provide enhanced, more personal features. For instance, providing you with local airport pricing or reminding you to check-in online. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.

Strictly Necessary, Performance and Functionality Cookies

We need to use these three categories of Cookie to maintain SLG Websites ‘s effectiveness, ease of use, and to provide you with a seamless experience. As such we have not provided an opportunity for these to be disabled independently, and by using our site and online services you are agreeing that we can place these types of Cookies on your PC.

• Category 4: Targeting/Advertising Cookies

These Cookies use information about your browsing in order to make advertising more relevant to you and your travel needs.

These Cookies are used to deliver adverts more relevant to you and your travel needs. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our digital advertising campaigns. They are placed by third-party advertising networks on our behalf and with SLG’s permission. They remember that you have visited SLG Websites and this is shared with other organisations such as media owners.

You can refuse the use of these cookies should you wish.

The following Websites belong to SLG:

www.slg.lu
www.nightrider.lu
www.sales-lentz.lu
www.flibco.com
www.travel-pro.lu
www.voyages-leonard.com
www.sightseeing.lu

www.dinnerhopping.lu

www.coolbus.lu

7. Sharing of your personal data

Your personal data may be shared with other companies within our Group.

We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:

  • Airports, government authorities, law enforcement bodies and regulators when this is necessary to get you to your destination or is required by law. For example, for specific travel routes we are required by law to provide border control agencies with information that relates to your travel documents and to your travel itinerary. This information is known as “Advance Passenger Information”.
  • Credit and debit card companies. SLG shares some of your personal data, which includes information about your method of payment and voyage booking, to the credit or debit card company that issued the card you used to make your booking. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.
  • Our partners who offer travel related products and services on our website, promote offers or co-organise competitions on our website.
    From time to time, we make certain third party offers available through our website or we publish competitions co-organised by third parties. If you choose to purchase products or services offered on our websites by third parties, accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party. As such, if you purchase their products or services, your information may be collected by or transferred to such parties. Note: Our partners have their own privacy policies and terms of use over which SLG does not have control. Whilst SLG carefully selects these partners, it has no responsibility or liability for their privacy policies, terms of use or the way they process your personal data. Please ensure that you review the relevant privacy policies and terms of use of these partners prior to purchasing their goods or services, using their websites, apps or services or providing any personal data to them.
  • Our hotels and cruise operators partners

We might share your personal data with hotels and cruise operators to organize your stay and ensure you receive an optimal experience.

  • Authorities
    We may disclose your personal data when this is required by the law of any jurisdiction to which SLG may be subject. Through our website we provide links to third party websites which are subject to separate privacy polices. Please be aware that this Data Protection Policy does not apply to such websites and SLG is not responsible for your information that third parties may collect through these websites.

8. Your rights

To summarise, you are entitled to the following rights granted to you by the Regulation, namely:

  • right to access your personal data supplied and, where applicable, obtain a copy of these data
  • right to request that your data is rectified or corrected if you find them incomplete or incorrect
  • right to have your data deleted, unless there is a compelling legitimate reason to justify storing them
  • right to object at any time to the processing of your data including the possibility to opt-out, unless a legitimate reason prevails over your interests and rights and freedoms
  • right to request that the processing of your data be limited
  • right to the portability of some data, i.e. the right to receive them in a structured format that is commonly used and machine readable so they may be sent to another “data controller”

We shall endeavour to respond to your request promptly and within one month of receipt of the request. Depending on the complexity of the request and the number of requests to handle, we have the ability to extend this response time by two months. You shall be notified of such an extension and of the reasons for the delay within one month of receipt of the request. We reserve the right to reject the request if, on the basis of said request, we are unable to identify you or if the request is deemed excessive or unfounded. You shall be notified of the reasons for refusal within one month of receipt of the request. We may also require the payment of reasonable fees in the case of unfounded or excessive requests, especially if they are repetitive.

You can exercise your rights (e.g. request the deletion of all your personal data from our database) by sending an e-mail to the relevant business entity's e-mail address, which can be found in section 11 "Contact information", below.

If you are not satisfied with the processing of your personal data, you may submit a complaint by sending a message, email or letter to the relevant business entity found under section 11 ‘Contact Information’. If you are not satisfied with the handling of your request, you are also entitled to file a complaint with the Commission Nationale pour la Protection des Données (information available on the website www.cnpd.public.lu) or with the competent supervisory authority at your normal place of residence.,

9. Updates to our Data Protection Policy

We may periodically update this Data Protection Policy to reflect changes in our data protection practices or relevant laws.

This Data Protection Policy has last been updated on: 27/09/2024.

10. Contact information

Questions, comments and requests regarding this Data Protection Policy shall be addressed to our Data Protection Officer at gdpr@slg.lu.

Please refer to the table below for specific requests that solely address the business entity in question:

TravelPro S.A.gdpr@travel-pro.lu
FlibTravel International S.A. (flibco.com)  gdpr@flibco.com
Autocars Sales-Lentz S.A.gdpr@sales-lentz.lu
SLA S.A.gdpr@sales-lentz.lu
SL Belgium SA (flibco.com)  gdpr@flibco.com
Léonard Travel International S.A.gdpr@voyages-leonard.be
Keywi S.A.gdpr@sightseeing.lu
FlibTravel International Italy SRL (flibco.com)  gdpr@flibco.com