Privacy policy
Privacy policy
Last updated: 15 January 2026
Controller: LionsTravel s.r.o., Štúrova 37, 023 54 Turzovka, Slovakia, Company ID 46 285 913, Tax ID 2023318472, VAT ID SK2023318472, registered in the Commercial Register of the District Court Žilina. Data protection contact: info@lionstravel.sk, +421 918 473 422.
We process personal data under Regulation (EU) 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll. on personal data protection. This document sets out which data we process, on what legal basis, how long we keep it and what rights you may exercise against us.
What data we process
- Booking data: name and surname, date of birth, permanent address, travel document number, phone number, e-mail address, and any health limitations you choose to disclose to us because of the tour programme.
- Payment data: bank account number, payment reference, amount and date of payment. We neither process nor store card details.
- Contact form data: name, e-mail, phone and the text of your message.
- Newsletter data: e-mail address and the date consent was given.
- Technical data: IP address, browser type and cookie data as described in our separate cookie policy.
Legal basis and purpose
Data contained in the travel contract is processed under Article 6(1)(b) GDPR, that is, performance of a contract. Without it we cannot deliver the tour, as we must pass it to the carrier, the accommodation provider and the insurer. Accounting records are kept under Article 6(1)(c) GDPR, a legal obligation arising from Act No. 431/2002 Coll. on accounting. Newsletters are sent solely on the basis of your consent under Article 6(1)(a) GDPR, which you may withdraw at any time with one click in the footer of any e-mail.
Who we share data with
We share your data only with parties without whom the tour could not take place: the carriers providing transport, the accommodation providers at the destination, Union poisťovňa for travel and insolvency insurance, and, for tours outside the European Union, embassies where a visa regime requires it. We also work with an external accountant and a web hosting provider, who act as our processors under a contract concluded in line with Article 28 GDPR. We never sell data to third parties for marketing purposes.
Transfers to third countries
For tours to countries outside the European Economic Area, such as Georgia or Albania, we pass your name, surname and travel document number to accommodation providers and local partners to the extent required by local law for registering foreign guests. Such a transfer is necessary for the performance of the contract under Article 49(1)(b) GDPR.
How long we keep data
- Travel contracts and related correspondence: 10 years from the end of the tour.
- Accounting records: 10 years under the Accounting Act.
- Contact form messages that did not lead to a booking: 1 year.
- Newsletter e-mail addresses: until consent is withdrawn, and at most 3 years from the last interaction.
Your rights
You have the right of access to your data, and the rights to rectification, erasure, restriction of processing, data portability, and to object to processing. Consent to newsletters may be withdrawn at any time without giving a reason. Send your request by e-mail to info@lionstravel.sk or in writing to our office address. We respond within 30 days of receipt. If you disagree with how we handle it, you may lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava.
Photographs taken on tour
We photograph the group and the places we visit. Photographs in which an individual is recognisable are published on our website or social media only with that person’s consent. We ask for it on the spot or by e-mail after the trip, and you may withdraw it at any time; we then take the photograph down within 5 working days. Wide shots of landscapes or crowds in which nobody is identifiable are used without consent.
Automated decision-making
We use no automated decision-making or profiling that would produce legal effects. A booking is accepted by a member of the office staff, not by a system.
Security
Paper contracts are kept in a locked cabinet at our office at Štúrova 37. Electronic data is stored on servers within the European Union; four employees have access, each with their own password and two-factor authentication. Passenger lists are sent to guides in encrypted form and deleted from the guide’s device once the tour ends. The database is backed up daily and backups are kept for 30 days.
This policy was last updated on 15 January 2026. Any change will be published on this page with a new date, and clients with an active travel contract will be notified by e-mail.


