Privacy Policy

Last updated: 25 March 2026  ·  Effective date: 25 March 2026

E Vignettes Eu com ("we", "us", or "our") operates the e-Vignettes website and provides electronic road vignette registration services for European countries. This Privacy Policy explains what personal data we collect, why we collect it, how we process it, and your rights in relation to it.

By using our website or purchasing a vignette through us, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of personal data when you place an order or contact us:

• Identity data: First name, last name, company name (if applicable)
• Contact data: Email address, phone number
• Vehicle data: License plate number, country of vehicle registration, vehicle category
• Billing data: Billing address (street, city, postcode, country)
• Payment data: Payment method type (we do not store full card numbers — payments are processed by our PCI-DSS compliant payment processor)
• Transaction data: Details of the vignette(s) purchased, validity period, order date, and order reference
• Technical data: IP address, browser type, operating system, referring URLs, pages visited, time of visit (collected automatically via server logs and cookies)
• Communications data: Records of correspondence if you contact our support team

2. How We Use Your Information

We use your personal data for the following purposes:

• Order fulfilment: To process your vignette registration with the official toll authority of the relevant European country and send your order confirmation by email
• Customer support: To respond to queries, complaints, or correction requests
• Legal and tax compliance: To maintain financial records as required by applicable law
• Fraud prevention: To detect and prevent fraudulent transactions
• Service improvement: To analyse aggregated usage data and improve our website and services
• Marketing (with consent only): To send you relevant offers or information about vignette renewals. You may unsubscribe at any time.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: Processing is necessary to fulfil your order and deliver the purchased service
• Legal obligation: Processing is required to comply with applicable financial, tax, and regulatory obligations
• Legitimate interests: We process technical and usage data to maintain website security and improve our services, where this does not override your rights
• Consent: For marketing communications, we rely on your explicit consent, which you may withdraw at any time

4. Data Sharing and Third Parties

We share your personal data only where necessary:

• Official toll authorities: Your license plate and vehicle data are transmitted to the official toll authority of the country for which you purchased the vignette (e.g. Nemzeti Mobilfizetési Zrt. for Hungary, CNAIR for Romania). This is required to register your vignette.
• Payment processors: Your payment details are processed by our PCI-DSS certified payment partner. We do not store raw card data.
• Email delivery providers: We use a third-party email service to deliver your confirmation and any subsequent communications.
• Analytics providers: We may use analytics tools (such as Google Analytics) to understand site usage. This data is aggregated and anonymised where possible.
• Legal requirements: We may disclose your data if required by law, court order, or regulatory authority.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. International Data Transfers

As a US-based company serving European customers, some of your data may be transferred to and processed in the United States and other countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection laws, including standard contractual clauses approved by the European Commission.

6. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

• Order and transaction data: retained for 7 years for financial and legal compliance purposes
• Customer support communications: retained for 3 years after the last interaction
• Technical/analytics data: retained for up to 26 months
• Marketing consent records: retained until you withdraw consent, plus 1 year

7. Cookies

Our website uses cookies to enhance your experience and analyse site usage. We use:

• Essential cookies: Required for the website and checkout process to function. Cannot be disabled.
• Analytics cookies: Help us understand how visitors use the site. Disabled until you consent.
• Marketing cookies: Used to show relevant content. Disabled until you consent.

You can manage your cookie preferences through our cookie banner or your browser settings.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data, subject to legal retention requirements
• Right to restrict processing: Request that we limit how we use your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw marketing consent at any time without affecting prior processing

To exercise any of these rights, please contact us at support@e-vignettes.eu. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. All data transmissions are encrypted via SSL/TLS. Payment processing is handled by PCI-DSS compliant third-party processors — we never store raw card numbers.

10. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated effective date. For material changes, we will notify you by email if you have an account or active order with us.

12. Contact Us

For any questions, concerns, or data requests related to this Privacy Policy, please contact: