Privacy Policy

Company name: [COMPANY NAME S.L.]
Tax ID: [VAT NUMBER]
Registered address: [FULL ADDRESS, POSTCODE CITY, SPAIN]
Email: info@holiday2transfer.com
Phone: +34 645 49 81 79
Website: www.holiday2transfer.com

We collect the following personal data depending on your relationship with us:

• Booking data: full name, email address, phone number, transfer date and time, pick-up and drop-off locations, number of passengers.
• Payment data: processed by Stripe (we do not store card data on our servers).
• Account data: email address and encrypted password, if you create an account.
• Navigation data: IP address, browser type, pages visited, via cookies and analytics tools (Google Analytics, Microsoft Clarity).
• Communications: content of messages sent through contact forms or email.

We process your data for the following purposes:

• Management and performance of the transfer contract (legal basis: performance of a contract, Art. 6.1.b GDPR).
• Invoicing and fiscal obligations (legal basis: legal obligation, Art. 6.1.c GDPR).
• Transactional communications — booking confirmations, changes, cancellations — (legal basis: performance of contract).
• Commercial communications about our services, with your prior consent (legal basis: consent, Art. 6.1.a GDPR). You may withdraw consent at any time.
• Service improvement and usage analytics via cookies and analytical tools (legal basis: legitimate interest, Art. 6.1.f GDPR).

We retain your data for as long as strictly necessary for the provision of the service and compliance with legal obligations:

• Booking and contract data: 5 years from the transfer date.
• Fiscal data: 5 years (tax regulations).
• User account data: while the account is active. After cancellation, 1 year.
• Commercial communications data: until you withdraw consent.

Your data may be shared with the following third parties to provide the service correctly:

• Drivers and transport providers: only data necessary to execute the transfer.
• Stripe Inc.: payment processor, under their own privacy policies.
• Google LLC (Google Analytics): website usage analytics.
• Microsoft (Clarity): heatmap and session recording tool.
• Email provider (IONOS): sending confirmations and communications.

We do not sell, rent or disclose your personal data to third parties for their own commercial purposes.

Some of our providers (Google, Stripe) may transfer data outside the European Economic Area. These transfers are carried out with appropriate safeguards: standard contractual clauses approved by the European Commission or equivalent certifications.

Under the GDPR, you have the following rights:

• Access: obtain confirmation of whether we process your data and receive a copy.
• Rectification: correct inaccurate or incomplete data.
• Erasure (right to be forgotten): request deletion of your data.
• Objection: object to processing based on legitimate interest or for direct marketing.
• Restriction: request restriction of processing.
• Portability: receive your data in a structured, machine-readable format.
• Withdrawal of consent: without affecting the lawfulness of prior processing.

To exercise any of these rights, send an email to info@holiday2transfer.com with the subject "GDPR Rights Request". We will respond within one month.

You may also lodge a complaint with the competent supervisory authority in your country of residence.

We apply appropriate technical and organisational measures to ensure the security of your personal data, including HTTPS/TLS encryption, bcrypt password hashing, restricted staff access and delegation of payment processing to Stripe (PCI-DSS certified).

We use first-party and third-party cookies. For more information, please see our Cookie Policy.

We may update this Privacy Policy as necessary. We will notify you of significant changes by email or via a prominent notice on the website. The date of the last update appears at the top of this document.