This policy describes how Transportes SiBo S.A. collects, uses, stores and protects the personal data submitted through the site transportessibo.com, its mobile applications and customer service channels, in accordance with Law 8968 on Protection of Persons in the Processing of their Personal Data and its Executive Regulation (Decree 37554-JP).
1. Identity of the data controller
The data controller is Transportes SiBo S.A., a Costa Rican legal entity, reachable at datos@dm-ia.com. The technological operation of the site is performed by DM IA Solutions as data processor.
2. Data we collect
Through the forms and operation of the service we may collect:
- Full name, email, phone and contact company.
- Service details: route, date, time, passenger count, luggage.
- Electronic invoicing data when the service is contracted under a tax regime.
- Flight information (airline, number, time) for airport transfers.
- Vehicle geolocation during the active service (visible to the client).
- IP address, device type and browsing data for security and analytics purposes.
3. Processing purposes
- Coordinate, execute and follow up on the requested transportation service.
- Issue electronic invoices in accordance with the Ministry of Finance.
- Manage operational communication before, during and after the trip.
- Handle inquiries, claims and suggestions.
- Comply with legal obligations (Traffic Law, CTP, MOPT and ICT regulations).
- Improve service quality through NPS surveys and aggregated, dissociated statistical analysis.
Your data is not used for third-party marketing nor commercialized.
4. Legal basis
Processing is carried out with your express consent when requesting the service or filling out a form, as well as in compliance with legal obligations and the performance of the transportation contract.
5. Transfers and processors
Your data may be shared with third parties strictly necessary for service delivery: certified affiliate drivers, payment platform, hosting providers (Amazon Web Services, region us-east-2) and authorities when there is a legal requirement. All processors sign a confidentiality agreement and meet minimum security standards.
6. Retention period
Data tied to a service is retained for five (5) years from the service date, as required by Costa Rican tax regulations for accounting records. Commercial contact data without contracting is deleted twelve (12) months after the last interaction, unless expressly stated otherwise.
7. Data subject rights (ARCO)
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Cancel data when no longer necessary.
- Object to processing on justified grounds.
- Withdraw consent at any time.
To exercise these rights, write to datos@dm-ia.com with your name, ID document and the specific request. Maximum response time is five (5) business days.
8. Security measures
We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss or alteration: TLS encryption in transit, storage in databases with authenticated access, role segregation and audit logs. No system on the internet is 100% inviolable; in the event of an incident we will notify PRODHAB and affected data subjects in accordance with the law.
9. Cookies and similar technologies
The site uses cookies strictly necessary to maintain the booking form session and anonymized analytics cookies. We do not use third-party advertising cookies.
10. Supervisory authority
The competent authority in Costa Rica is the Agency for the Protection of Personal Data (PRODHAB), before which you may file complaints when you consider your rights have been violated. Website: prodhab.go.cr.
11. Changes to this policy
We may update this policy at any time. The version in force is the one published on this site with the update date shown in the header. Substantive changes will be notified by email to active data subjects.