Privacy Policy

Privacy Policy

Lotraco s.r.o. takes your privacy and the security of your personal data seriously. Our website at can be used without providing personal data; however, if you wish to utilize our special enterprise services through the Time Slot Control online application, processing of personal data is necessary. We understand the importance of protecting the personal data collected from our users and are committed to treating it in accordance with data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679. This privacy policy is meant to inform you about how we collect, use, and secure your personal data. In utilizing our services, you consent to the practices described in this privacy policy. Please read this policy carefully to understand how we handle your personal information.

Definition of Terms

Data subject is defined as an individual person who can be identified, directly or indirectly, especially by reference to an identifier such as name, identification number, location data, network identifier, or by one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

Personal data is defined as any information relating to an identified or identifiable individual that the data processor processes on behalf of the data controller. 

Processing is defined as any operation or set of operations performed on personal data or sets of personal data to which the applicable data protection laws apply, whether undertaken with or without the aid of automated processes, such as collection, recording, organization, structuring, storage, adaptation or alteration, searching, viewing, utilization, transferal, dissemination or any other disclosure, sorting, or collation, restriction, erasure, or destruction. 

Data processor is defined as the individual or legal entity, public authority, agency, or other body that processes personal data on behalf of the data controller.

Data controller is defined as the individual or legal entity, public authority, agency, or other body that determines the purposes, conditions, and means of processing personal data.

Data recipient is defined as the individual or legal entity, public authority, agency, or other body to which the personal data are disclosed, whether or not it is a third party.

Third party is defined as an individual or legal entity, public authority, agency, or other body other than the data subject, data controller, data processor, or other individuals directly empowered by the data controller or data processor to process personal data.

Customer (tenant holder) is defined as the entity that concludes a Time Slot Control Application License Agreement with our company, Lotraco s.r.o., and thus has the right to access our software solution through their tenant and use the provided functions and services. The customer may provide access and functionality within its web application to suppliers and carriers who are also users of the system. The customer is responsible for creating and managing the user accounts and access rights of its suppliers and carriers, including activation and deactivation.

User is defined as any entity granted access to the Time Slot Control web application by the customer under the application license agreement. Users might include carriers and suppliers who have the right to use specific features and services provided by the application. A carrier is a user who interacts with the customer providing transportation services related to operations or logistics. A supplier is a user who works with the customer, providing goods or services within the scope of the customer’s business.

Name and Address of Data Controller

Lotraco s.r.o.
Prokopa Holeho 701/18
405 02 Decin IV – Podmokly
Czech Republic

Identification No. 02897253
VAT No. CZ02897253

Data Protection Officer

Pavel Novotny
Telephone: +420 732 376 206

Rights of Data Subject

Each data subject (customer, user) has specific rights under law regarding the processing of their personal data and may appeal to the data protection officer to exercise these rights at any time.

These rights include the following:

  1. The right to access to their own personal data: You have the right to gain information about what personal data we process related to you.

  2. The right to rectification of inaccurate or incomplete personal data: If you discover that your personal data is not accurate or is not complete, you have the right to request the correction or amendment of this data.

  3. The right to erasure (the right to be forgotten): If your personal data is no longer needed for the original purpose for which it was collected, or if it was processed unlawfully, you can demand that it be erased.

  4. The right to restriction of processing: In certain situations, you have the right to request that the way in which your personal data is processed be limited.

  5. The right to data portability: If you provide us with your personal data, you have the right to request the transfer of that data to another organization or company in a structured, commonly used, machine-readable format.

  6. The right to object: You may object to the processing of your personal data unless it is demonstrated that there are compelling legitimate grounds for processing that override your rights and freedoms. This right may be exercised, for example, where personal data is processed for the purpose of pursuing legal claims.

  7. The right to appeal to the data protection authority: You can appeal to the supervisory authority if you have concerns about the way your personal data is being processed.

Source of Personal Data

The data controller obtains personal data directly from the data subject via submitted forms, mutual communication, and concluded license agreements. In addition, personal data is obtained from publicly available sources, registers, and records, such as the commercial register. In addition, the data controller obtains personal data from third parties who are authorized to access and process the subject’s personal data and with whom it cooperates.

Personal Data Processing for Customers and Users with an Account for Use of the Time Slot Control Web Application

When concluding the Time Slot Control Application License Agreement and the related creation of customer and user accounts, the data controller processes the data defined in the below Data Categories section for the purpose of providing services in fulfillment of the license agreement concluded with the customer (tenant owner), in order to maintain and manage the customer and user accounts, to enable the use of the Time Slot Control application as a communication platform between the customer and the user and to provide the related functionalities. The legal basis for the processing of personal data therefore lies in the performance of the contract between the customer and the data controller.

Data Categories

Account data: Login name, user name and password, user role

Personal data: Name, surname, position

Contact data: Telephone number, email address

Credentials: Times and technical information for registration, confirmation, and cancellation; data you filled in upon registering

Access data: Date and time of visit to our service; pages accessed during use; identification data (session ID); and information from the accessing computer system about the Internet Protocol address (IP address) used

Embedded content: Information about data entities (e.g. transports, alerts, time slots) created within the Time Slot Control application

Location data: Physical location of the user or carrier obtained from the mobile GPS unit for purposes of tracking transport status; tracking of location data can be used if the customer (tenant holder) uses the Track & Trace plug-in module for vehicle tracking under the Time Slot Control license

<4>Contact form

You may contact us via the contact form available on subpages. We will only use the data obtained via contact forms (name, surname, company, telephone, email address, street address, city, postcode) and your message to answer your enquiry. We will delete the data once we have finished processing it. Only within the framework of the statutory archiving of email communications (emails are considered business letters) are the data stored for a maximum of 10 years.

However, we will store your data if you enter into a contract with us as a result of contacting us. In this case, the processing of the data is necessary for the performance of the contract or the implementation of pre-contractual measures. We delete your data if the storage of your data is no longer necessary after the performance of the contract, unless we are legally obligated to keep your data for a longer period of time.

We only pass on your data to third parties if we are required to do so by law.

Making contact by email sent to employees

You may contact us by email. Email messages may be sent, for example, to or to the direct email address of an employee. Data we receive via email sent by you (e.g. your name, email address, the body of the message) will be used only for the purpose of answering your question. We will delete the data once we have finished processing it. Only within the framework of the statutory archiving of email communications (emails are considered business letters) are the data stored for a maximum of 10 years.

We only pass on your data to third parties if we are required to do so by law.

We cannot guarantee complete data security when communicating by email, so for information that must be kept confidential, we recommend that you send it by regular post.


For subscriptions to our email newsletter service, in addition to your informed consent, we also need your name and surname and the email address to which the newsletter will be sent. Any additional information (such as salutation) is used to allow us to contact you personally to modify the content of the newsletter and to clarify any confusion regarding your email address.

We generally use the double opt-in method for newsletter subscription, which means that we will only send you the newsletter if you confirm your subscription via the link in a confirmation email you will have received for this purpose. This is to ensure that only you, as the owner of the specified address, can subscribe to the newsletter. Your confirmation must be made as soon as possible after receipt of the confirmation email, otherwise your newsletter subscription will be deleted from our database.

You may cancel your newsletter subscription at any time by following the unsubscribe link at the end of the newsletter.


We use cookies on our website. Cookies are small text files that our web server sends to your browser when you visit our website and that your browser stores on your computer for later use.

This website uses the following cookies:

  • Transient cookies

  • Persistent cookies

  • Third-party cookies

  • Flash cookies

Transient cookies are automatically deleted when you close your browser. These include session cookies. They hold the session ID, which helps your browser assign different queries to a common session. This allows your computer to recognize when you return to a web page. Session cookies are deleted as soon as you log out or close your browser.

Persistent cookies are automatically deleted after a set period of time that can vary between different cookies. You can erase cookies at any time in your browser’s security settings.

You can configure your browser settings as you wish. For example, you can set it to refuse to accept third party cookies or all cookies. Please note, however, that you may not be able to use all the features of this website if you do so.

Flash cookies are not recorded by your browser, but by your Flash plug-in. These cookies store necessary data independently of the browser and do not have an automatic expiry date. If you do not want Flash cookies to be processed, you must install the appropriate software, e.g. Better Privacy for Mozilla Firefox or Adobe Flash Killer Cookie for Google Chrome.

In this context, we do not collect or store any personal data in cookies. We also do not use any techniques that link the information collected by cookies to user data.

Web Analysis

It is important to us that our website be attractive and optimally designed for our visitors. Therefore, we need to know which parts of the website our visitors like the most. For this purpose, we use the technologies below.

Conversion Tracking

Conversion tracking allows us to target advertising outreach on Google, Facebook, Microsoft, and LinkedIn to a concrete audience. Our customers can then be better informed on social networks about our offerings.

To track conversions, encrypted user data (e.g. name, email address, postal address, customer specific identifiers) is shared with the relevant platform operator. In doing so, we create lists of existing contacts and upload them to the platform operators via our respective accounts with them. Before uploading, the list is cached locally in the browser and only then transferred.

If a user registers on our website and a cookie is active, we and the platform operator can see that the user has clicked on an advertisement and has been redirected to that page. However, we do not collect any information that would allow us to personally identify users. We only receive statistical evaluations from the relevant platform operator that are used to measure the success of our advertising media.

The legal basis for the processing of personal data using conversion tracking is your consent under Article 6(1)(a) GDPR.

You can find further information about the services of the platform operators here:

Google Ads Enhanced Conversions and Google Ads Offline Conversions
Service provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
See the Google privacy policy.

Facebook Ads Offline Conversions
Service provider: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA
See the Facebook privacy policy

Microsoft Ads
Service provider: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399, USA
See the Microsoft privacy statement

LinkedIn Ads Offline Conversions
Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
See the LinkedIn privacy policy

Conversion Tracking with Google AdWords

As a Google AdWords customer, we also use conversion tracking, a complementary analytics service from Google, Inc. If you access our online shop via a Google advertisement (AdWords ads are located above or next to the Google search results), an additional cookie called a “conversion cookie” is stored on your computer. This cookie does not serve to identify you personally, but allows us to match the link from Google ads to our website and the resulting purchase decision for our products.

Google does not currently offer an opt-out cookie for this type of cookie. You can deactivate the storage of the conversion cookie by adjusting your browser settings or by using additional browser plug-ins.

Google Tag Manager

Google Tag Manager is a tool for inserting and running measurement code snippets that collect data. Google Tag Manager does not have access to this data. If you have triggered a deactivation at the domain or cookie level, this applies to all measurement codes that have been implemented with Google Tag Manager.

Google Analytics

We use Google Analytics, Google's web analytics service, on our website. Google Analytics uses cookies placed on your computer to allow us to analyse your use of the website. The information collected by the cookie about your use of our website is generally transmitted to a Google server in the USA and stored there. We have activated IP anonymization on our website. As a result, for member states of the European Union and other contracting states of the Convention on the European Economic Area, Google will truncate your IP address. Google uses this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services related to website and internet usage. The IP address transmitted by your browser in the context of Google Analytics will not be associated with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent the collection of the data generated by the cookie (including your IP address) and the processing of this data by Google by downloading and installing a Google Analytics opt-out browser add-on. Using alternative plug-ins or deactivating all cookies in your browser settings will also prevent analysis of your use of the website.

Note: If you delete your cookies, this will also result in the deletion of the opt-out cookie, which you must then reactivate if necessary.

Service provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
See the Google privacy policy.

Embedded services

We embed the following external services in for our website design and to provide additional information.

All of these services can be deactivated using special plug-ins, thus breaking the necessary connection to the corresponding servers. Remember, however, that the use of such tools can reduce ease of use and the site may not work as you would ordinarily expect.


LinkedIn features are embedded on our website. Every time you open our website to a page that contains LinkedIn features, a connection to the LinkedIn servers is established. LinkedIn thus learns that you have visited our website with your IP address. If you click on the Share button of LinkedIn and are connected to your LinkedIn account, LinkedIn can associate your visit to our website with you and your account. Please note that we, as the website operator, do not know the content of the data transmitted or how it is used by LinkedIn.

Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
See the LinkedIn privacy policy


We use plug-ins and other methods to connect to the YouTube platform on our site. If you visit a page on our website with a plug-in or follow a YouTube link, a connection to the YouTube servers will be established. In this way, the YouTube provider will know which of our pages you have visited.

If you are also logged in to a YouTube account, YouTube will know what pages you are viewing. If you do not wish this, please log out of your YouTube account first. Please note that we, as the website operator, do not know the content of the data transmitted or how it is used by YouTube.

Service provider: YouTube, LLC, 901 Cherry Ave., San Bruno, California 94066, USA
See the YouTube privacy policy

Legitimate Use

The data that your browser provides us with automatically is processed in order to be able to display our website to you.

  • Article 6(1)(f) GDPR


Our newsletters are sent on the basis of your personal consent.

  • Article 6(1)(a) GDPR

You can withdraw your consent at any time and thus unsubscribe from the newsletter.

Web Analytics, Targeted Online Advertising, and External Services Integration

We analyze our visitors’ user behavior for ourselves for advertising purposes, market research or for the purpose of adapting the website to your needs.

  • Article 6(1)(f) GDPR

This legal basis applies to Google Analytics, eTracker, Google AdWords, Bing Ads, Facebook Remarketing/Retargeting, LinkedIn analysis (online usage-based advertising).

Online Social Media Presence

Users’ personal data is processed on the basis of our legitimate interest in effectively informing customers and communicating with users in accordance with Article 6(1)(f) GDPR. Insofar as individual operators require users to consent to data processing (i.e. to express their consent, e.g. by ticking a box or clicking an icon), the legal basis for processing is Article 6(1)(a) and Article 7 of the GDPR.

Data Security

We have also taken technical and organizational security measures to protect the personal data we collect, in particular against accidental or intentional manipulation, loss, or destruction and against attack. Our security measures are continuously improved as technology develops.

The transmission of your personal data using the contact forms is encrypted using SSL (https) to prevent access by unauthorized third parties.

Personal Data Security

By adopting appropriate technical, organizational and security measures, we ensure that your personal data is protected from unauthorized access, loss, misuse or damage.

Our security measures include encryption of data transmission, regular backups and ensuring that only authorized company employees have limited access to personal data.

Access to the personal data of Time Slot Control Users is strictly limited by the customer to authorized employees who have been assigned the role of administrator. The specific definition of administrators and their permissions is entirely within the control of the customer, who determines which employees will have access to specific personal data.

Time Period for Processing Personal Data

Personal data is processed for the duration of the Time Slot Control License Agreement. This processing period is precisely defined and limited by the validity of this contract between our company and the customer. In the event of termination of this license agreement, all data on customers and Users is deleted within 30 days of the termination date to ensure the protection of personal data. In such case, the deletion in accordance with data protection and security regulations is documented and confirmed upon request in written or text form to the customer, indicating the date of deletion.

Recipients of Personal Data

External Hosting

Our data processing is carried out with the participation of a Microsoft Azure hosting provider, which provides us with storage space and processing capacity in its data centers, but does not have access to the content of the encrypted data as such. This service provider processes data exclusively within the territory of a member state of the European Union, specifically Dublin, Ireland, and Amsterdam, the Netherlands.

See the Microsoft privacy policy 

Microsoft data centers meet the most demanding ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2, 3 standards. Inside the datacenter, Time Slot Control uses state-of-the-art data security tools such as encryption of system disks, databases, and individual selected SQL database table columns. Data is backed up to multiple regions within Microsoft Azure in case of a fatal data center outage.

General Provisions

The data controller reserves the right to modify this privacy policy from time to time without prior notice, in particular to ensure adequate protection of personal data and to respond to changes in legislation or generally accepted practice. In view of this, the data controller recommends that you regularly check the website, where the current version of the privacy policy is always available.

© 2024 Time Slot Control

Developed by Number One Digital Agency Number One Digital Agency core1