This Privacy Policy explains what personal data Tosiu ("we", "us", "our") collects
about you, why we collect it, how we use it, with whom we share it, and the rights
you have over your data under the EU General Data Protection Regulation (GDPR) and
equivalent laws.
1. Who we are
Tosiu is a booking platform operated by PR Tosiu, a company registered
in the Republic of Serbia (PIB: 111600496, MB: 65530562), contactable at
contact@tosiu.com. PR Tosiu is the data controller.
Where this policy refers to "the platform", it means the website at tosiu.com
and any booking site we operate on your behalf.
2. Data we collect
We collect only what we need to run the service. Concretely:
Contact details — phone number, email address, and any business details you share with us when you request access, sign up, or contact us.
Account data — login credentials (hashed), company name, routes, prices, branding assets, and anything you configure inside the platform.
Booking data — when your customers book through your platform, we process their data (name, email, phone, pickup details, payment reference) on your behalf as a processor.
Technical data — IP address, browser type, device type, approximate country (from our local GeoIP database), pages visited, referrer, campaign parameters (e.g. UTM source, medium, campaign), and timestamps.
Marketing & analytics data — if you consent, anonymised interaction data collected via analytics and advertising cookies (see our Cookie Policy).
3. Why we use your data
To provide and operate the booking platform.
To respond to enquiries and provide onboarding support.
To send transactional emails (booking confirmations, account notifications).
To improve the platform — diagnosing bugs, analysing usage, measuring performance.
To protect the platform from fraud and abuse.
With your consent, to send product updates and marketing messages.
4. Legal basis (GDPR)
We process personal data on the following lawful bases:
Performance of a contract — to deliver the service you signed up for.
Legitimate interests — to secure, maintain, and improve the platform, provided your rights don't override those interests.
Consent — for analytics cookies, advertising cookies, and marketing emails. You can withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation — to comply with tax, accounting, or anti-fraud laws.
5. Sharing your data
We do not sell your data. We share it only with trusted processors who help us run the platform, each bound by a Data Processing Agreement:
Hosting and infrastructure providers — to store and serve the platform.
Payment processors — to securely handle card transactions for your bookings.
Email delivery providers — to send transactional and (if consented) marketing emails.
Analytics and advertising providers — only if you have given consent, e.g. Google Analytics, Google Ads, Meta Pixel, Hotjar.
Authorities — where required by law, court order, or to protect our legal rights.
6. International transfers
Some of our processors are based outside the European Economic Area. Where that is the case,
transfers are covered by the European Commission's Standard Contractual Clauses or an
equivalent safeguard approved under GDPR Article 46.
7. How long we keep your data
Account data — for as long as your account is active, plus up to 12 months after closure for dispute resolution.
Booking records — retained as required by applicable tax and accounting law (typically up to 10 years).
Marketing data — until you withdraw consent or unsubscribe.
Server logs — up to 6 months, for security monitoring and understanding how visitors reach the platform.
8. Your rights
Under GDPR you have the right to:
Access your personal data and obtain a copy;
Rectify inaccurate or incomplete data;
Request erasure ("right to be forgotten");
Restrict or object to processing;
Data portability — receive your data in a machine-readable format;
Withdraw consent at any time;
Lodge a complaint with your local Data Protection Authority.
To exercise any of these rights, email contact@tosiu.com
and we will respond within 30 days. You can also use the self-service form below to
export or delete your data directly.
9. Security
We protect your data using industry-standard measures: encrypted connections (HTTPS),
hashed passwords, restricted internal access, regular backups, and ongoing monitoring.
No system is 100% secure, so if you believe your account has been compromised, please
contact us immediately.
10. Children
The platform is not directed at children under 16. We do not knowingly collect data
from children. If you believe a child has provided us with personal data, please contact us.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email
or via a prominent notice on the platform. The "Last updated" date at the top always
reflects the current version.
12. Your data
You can request a copy of all data we hold about you, or have it permanently deleted.
We will send a verification email to confirm your identity before processing the request.
Check your email
13. Contact
Questions about this policy or your data?
Email contact@tosiu.com or use the
.
Get in touch
Send us a message and we’ll get back to you shortly.
Message sent!
We’ll get back to you shortly. Check your inbox for a confirmation.
Start for Free
Enter your phone number and we’ll reach out to get you started and set everything up.
Enter your phone number and we’ll get you started with everything.
No credit card. No commitment.
Almost there
A few more details before starting.
You’re in!
We’ll reach out within 24 hours to activate your platform and discuss the best strategy for your business.
We use cookies and similar tracking technologies from third parties to improve our services and show you ads that match your interests. You can accept, customize your preferences, or change your mind at any time.
