Privacy policy

This privacy notice is intended to provide you with information on how Get By ApS (“GetByBus”, “we”, “us”, "our") collect, process, and share your personal data, which you have given to us, or we have collected from you, when you visit our website(s) [and app] (“Platforms”), purchase our products and services, and communicate and interact with us, including on social medias, and will tell you about your privacy rights.

GetByBus respects your privacy and is committed to protecting your personal data. We will only process your personal data in accordance with this Privacy Notice and applicable law to which we are subject, including the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").



1. Who is data controller? 

The data controller for the processing described in this notice is: 

Get By ApS

Klamsagervej 32

8230 Aabyhøj

CVR no. 31058724


If you have questions regarding this Privacy Notice, please contact our Data Protection Officer by email at

If you visit our Platform(s), communicate, or otherwise interact with us on social medias such as Facebook, Twitter, Tik Tok and Instagram or other platforms, please make sure to consult the specific privacy notice presented on such social medias or platforms. You should be aware that we may have a joint controllership with the publisher of the social media or platform in question.


2. The personal data we collect and how we collect it

We may collect, use, store and transfer different kinds of personal data about you, grouped as follows:  

A. Booking data includes details of bookings you have made via our Platform(s), including full name, contact details (email, phone and address), language, date and time of purchase- and travel, destination. Passenger data, including names, passenger groups (adults, students, pensioners, etc.), payment information (credit card brand, name on credit card, address, credit card issuer, time of purchase, amount paid and transaction numbers).

B. User account data includes all “Booking data” submitted in bookings registered to the same email account as the User account, your vouchers, your receipts, travel history and login details. In case of a Google authentication login, we also store a Google encrypted token.

C. Operator Reviews data includes your email, review scores, review text and your first name as well as documentation for your consent.

D. Customer service data includes any information you may submit when contacting our Customer service. However, it will usually always include your name, contact details and a potential booking reference.

E. Technical data includes IP address, session ID, browser type and version, time zone setting and location, language and currency website display settings, operating system and device type, account ID (if you are logged in), referrer info of the site you visited previously.

F. Usage data includes information on how you interact with our Platform(s). Specifically, in relation to our Platforms, it includes your search history, e.g., from-to, trip date, number of passengers and groups of passengers, demographics and derived interests and preferences.

G. Marketing and Communications data includes your preferences in receiving marketing from us and our affiliates, including your marketing consent and your communication preferences.

In most situations the information is collected directly from you when you visit our Platform(s) or interact with us on social medias, purchase our products and services, request marketing from us or otherwise communicate with us. 

When you interact with our Platform(s), we may automatically collect Technical data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and similar technologies. We may also receive Technical Data about you if you visit other websites or social medias employing our cookies. We will only apply cookies – other than strictly necessary technical cookies - if you have provided your consent. Please see our Cookie Policy and Consent banner for further details.


3. The purposes and the lawful basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

i. Where we need to execute a contract, we are about to enter- or have entered with you, including managing your booking(s), handling complaints, refunds, etc., cf. GDPR Article 6 (1) (b).

ii. Where we need to comply with a legal or regulatory obligation, e.g., for bookkeeping or immigration control purposes, cf. GDPR Article 6 (1) (c).

iii. Where you have provided your consent, e.g., in relation to publishing your Operator Reviews, cf. GDPR Article 6 (1) (a). 

iv. Where it is necessary for our legitimate interests (or those of a third party), e.g., to market our products and services towards you by combining data we have collected about you, to be able to communicate with you, to optimize our Platform(s) and troubleshoot any malfunctions or our legitimate interest in establishment, exercise or defence of a legal claim, and your interests and fundamental rights do not override those interests, cf. GDPR Article 6 (1) (f).


Please click here, if you wish to see a detailed description of which of your personal data, we process to fulfil each purpose, including which legal bases we rely on to do so. 

We have also identified what our legitimate interests and conducted appropriate balancing tests. Please contact our Data Protection Officer at, if you wish to receive more information on the balancing test.

We do not process any sensitive personal data, as defined in GDPR Article 9.

Please note that GetByBus invests reasonable efforts to check whether or not a parent/custody holder has approved any purchases made by minors (below the age of 18), taking into account the available technology.

GetByBus is committed to only retain data on minors during the period necessary to fulfil the contractual/legal obligation (all unnecessary data on minors are anonymized no later than 45 days after the contractual obligation has been concluded or no later than 45 days after the trip).


4. How we share your personal data

GetByBus is part of the Bookaway Ltd. Group. We may disclose your personal data within the Group, where required for the above specified purposes. We base this processing on our legitimate interest to transmit personal data within the Group for internal administrative purposes, such as for the purposes of using centralized IT systems and alignment of business operations and strategies.  

We may disclose personal data to third parties:

• when it is necessary for the purposes listed in section 3 above, for example when relevant booking details are shared with corresponding transportation operators, who carry out the passenger transfer.

• when required by law, we may disclose your personal data to public authorities such as tax authorities and law enforcement authorities.

• when you are entitled to a refund, etc., we may share data required for such coverage with relevant parties.  

• when you make payments on our Platforms. Your payment may be administered by a payment service provider acting as independent controller.

• on our Platform(s), cookies may be set and data collected or transferred to 3rd parties. Please make sure to consult our Cookie Policy and Cookie Consent Settings available on the Platform(s), to access more information of these third parties and the purposes for which data is collected. We will only apply cookies – other than strictly necessary technical cookies - if you have provided your (cookie) consent.

• We may assign your personal data, to any person or entity that acquires all or substantially all of our business, assets, or with whom we merge. 

• when we believe in good faith that disclosure is necessary to establish or exercise our legal rights or defend against legal claims, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In addition to providing your information to the transportation operators, we share information, including personal data, with our trusted third-party service providers that we use to provide services to us and process your data on our behalf and under our instruction, e.g. hosting of data, maintenance IT-systems, administration of sales on our Platform(s), communication, planning and displaying marketing, administration of our interests on social medias, customer support and service, payment processing, delivery of products to you, analytics and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services to us. We do not permit our third-party service providers to use the personal information that we share with them for any other purpose than in connection with the services they provide to us. We have entered into data processor agreements with our data processors.

Please note that if you click a link displayed on our Platform(s), which takes you to the website of one of our operators (for example when buying a ticket directly from the operator), it is possible that such websites also store cookies on your computer. We have no control over our operator’s use of cookies and any data collected. We strongly encourage you to carefully review their Privacy Notice and Cookie Consent and Policy.


5. Transfers to third countries

We will not transfer your personal data to recipients outside EU or EEA unless we have ensured compliance with GDPR Chapter V. 

Some of our third-party service providers and Group companies are established outside the EEA. Their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal information receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data; or by use of specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data essentially equivalent protection as it has in Europe. 

If you require further information about on our current data processors established outside the EEA and the safety measures in place to allow for the transfer of personal data, you can request it from us – please send your request to our Data Protection Officer by email at


6. Data retention

We retain the personal information we collect where we have an ongoing legitimate need to do so. When we have no ongoing legitimate need to process your personal information, we will either delete or anonymize it.

User Account data is stored until you delete your Account with us or when you have been inactive for [3] years, after which your access will be removed. However, please cf. retention periods below, which may affect certain data also held in your User Account; 

Booking data is saved to demonstrate completion of the contract we have/had with you and for bookkeeping and tax purposes for 5 full fiscal years after the expiry of the accounting period to which the purchase relates.

Consents given by you, in connection with providing Reviews of bus operators, etc., made available through GetbyBus, will be retained as proof, 5 years after the last time we relied on your consent or you withdrew it. 

Customer service data is saved until the matter has been resolved. If relevant for documentation of satisfactory fulfilment of the contract we have/had with you and for bookkeeping and tax purposes, the data is retained for 5 full fiscal years after the expiry of the accounting period to which the purchase relates.

Marketing and Communications data, data used for creating relevant marketing will be retained for 2 years. If you have consented to receive marketing, we will retain proof of your consent for 2 years after the last time we relied on your consent to send marketing or you withdrew it. We will stop sending you e-marketing when you withdraw your consent.

Technical Data will be retained for [24 months] from the collection of data.

Usage Data will be retained for 12 months from the collection of data, and thereafter may be retained only on an anonymized basis.

Data may be retained for longer period if we are legally obliged to do so, or if retention is necessary to establish, exercise or defend legal claims.


7. How to exercise your data protection rights

You have certain choices available to you when it comes to your personal information. Below is a summary of those choices, how to exercise them and any limitations.

Under certain circumstances, you have the right to:

• Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. 

• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. 

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

• Request the transfer of your personal information to another party (also known as data portability).

• Where our processing is solely based on your consent, you have the right to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the data protection rights that are available to you then please send your request to our Data Protection Officer by email at and we will action your request in accordance with applicable data protection laws.

You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. In Denmark, complaints can be lodged with Datatilsynet. You can read more about how to lodge a complaint on Datatilsynet’s website here.


8. Changes to this privacy notice

This privacy notice may be updated from time to time to reflect changing legal, regulatory, or operational requirements. We encourage you to visit our Platform(s) periodically for the latest information on our privacy practices.

If there are any material changes to this privacy notice, and you have an account with us, you will be notified by email  prior to the change becoming effective.

Annex to Get By ApS’ Privacy Notice


You can pay your tickets using credit cards

GetByAps twitter instagram facebook fax dinersCard maestroCard mastercard safety group faq printer mTicketQr arrowIcon iconChevronDown thumbsUp exclamationCircle download directions clock calendarCheck accommodation mailAlert questionCircleFull gpsIcon locationMark ferryIcon busIcon star locationPin phone email signpost unesco starFull verifiedBadge star ticketsIco reviewsIco guidesIco newsIco sightPin globe ticket