Our scheduling and booking software is GDPR compliant.

Scheduling and booking software regularly processes personal data such as names, contact details, booking information or working hours of customers and employees. This data allows natural persons to be clearly identified and is therefore subject to protection under the General Data Protection Regulation (GDPR). Without appropriate technical and organisational measures, there is a high risk that this sensitive information will be viewed, altered or misused without authorisation.

Sensitive data and the GDPR

The GDPR obliges companies to process personal data lawfully, for specific purposes and to the extent necessary. If software is used that does not meet these requirements, this constitutes a data protection violation – regardless of whether the cause lies with the software provider or the user. Companies are responsible for the systems they use and must be able to demonstrate at all times that data protection requirements are being met.

Any scheduling or booking software that does not comply with the GDPR may therefore result in legal consequences, regulatory action and substantial fines.

Furthermore, the protection of stored data plays a central role. GDPR-compliant software ensures that personal information is effectively protected through access restrictions, encryption and logging.

These measures minimise the risk of data loss, cyber attacks or internal data protection breaches and ensure that sensitive booking and scheduling data is treated confidentially and securely at all times.

1. German Limousines’ understanding of roles according to the GDPR

Our company acts as the controller for the processing of personal data within the meaning of Art. 4 No. 7 GDPR. The limousine service software used acts as a processor in accordance with Art. 28 GDPR.

2. Legal jurisdiction and data processing

The software we use, 2S LimouERP, is a European system whose data processing takes place exclusively within the European Union.

  • Server location: EU (no third countries)
  • Supplier: EU company
  • Legal basis: GDPR, no US legislation
  • No transfer to third countries pursuant to Art. 44 et seq. GDPR required
  • This means, in particular, that the following no longer apply:
  • the risk arising from the US CLOUD Act
  • dependence on standard contractual clauses (SCC)
  • additional transfer impact assessments (TIA)

3. Data Processing Agreement (DPA)

A data processing agreement in accordance with Art. 28 GDPR is in place and regulates, among other things:

  • Purpose and duration of processing
  • Nature and purpose of data processing
  • Categories of personal data
  • Technical and organisational measures (TOMs)
  • subcontracting arrangements
  • Duties of support and cooperation

4. Technical and organisational measures (TOM)

The software used meets the requirements of Art. 32 GDPR, in particular:

  • Access controls (role-based)
  • Encryption of data transmissions
  • Logging and traceability
  • client separation
  • Data backup and recovery mechanisms
  • Regular system and security updates

In this context, we refer to our privacy policy, which was created and is monitored by Datenschutzkonzept GmbH.

5. Type of data processed

Only data necessary for business operations is processed, including:

  • Contact details (name, telephone number, email address)
  • Booking and journey details
  • Billing-related information
  • Status and position data during service provision
  • The data will not be used for any other purpose or passed on to third parties.

6. Customer and data subject rights

The software used supports the implementation of data subject rights in accordance with the GDPR, in particular:

  • Information (Art. 15)
  • Correction (Art. 16)
  • Deletion (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)

7. Evaluation

By choosing an EU-based, GDPR-compliant ERP solution, we ensure that:

  • personal data remains within the European legal area
  • there is no structural third-country risk
  • the processing is transparent, controllable and auditable
  • This meets the requirements of corporate, executive and security-conscious customers in particular.
  • Note on data processing by third-party providers

Book with us and be GDPR compliant

When booking chauffeur and limousine services, personal data is regularly processed, including contact details, travel routes and time-based movement profiles.

Not all systems available on the market operate within the European legal area.

When you book with us, you are GDPR compliant and your data is secure.

The German Limousines recommendation:


A lack of or limited GDPR compliance can lead to legal, security-related and data protection risks – especially in the case of business, confidential or security-sensitive journeys.

We therefore recommend that customers and bookers also consciously inform themselves about which software is used by other limousine service providers, where data is processed and whether the processing is fully GDPR-compliant.

As of January 2026
Responsible: German Limosines

Scroll to Top
Call Now Button