Transferhood Privacy Policy

Last Updated: December 2024

1. Introduction

1.1. This Privacy Policy explains how PTS Travel Solutions Ltd. ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our website www.transferhood.com and the Transferhood mobile application (collectively, the "Platform").

1.2. PTS Travel Solutions Ltd. is the data controller responsible for your personal data. Our registered office is located at Bulgaria, Sofia, Knyaz Boris I Street No:8 Floor:5 Office:1.

1.3. We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian data protection laws.

1.4. By using our Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Contact Information

2.1. Data Controller

The data controller responsible for your personal data is:

PTS Travel Solutions Ltd.

Bulgaria, Sofia, Knyaz Boris I Street No:8 Floor:5 Office:1

VAT Number: BG207914623

2.2. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with this Privacy Policy and applicable data protection laws. You can contact our DPO at:

Email: dpo@transferhood.com

Address: Data Protection Officer, PTS Travel Solutions Ltd., Bulgaria, Sofia, Knyaz Boris I Street No:8 Floor:5 Office:1

2.3. General Contact Information

For any questions regarding this Privacy Policy or our data processing practices, you can also contact us:

Privacy inquiries: privacy@transferhood.com

General inquiries: info@transferhood.com

Customer support: support@transferhood.com

3. Personal Data We Collect

3.1. Information You Provide Directly

When you use our Platform, we collect the following categories of personal data:

a) Account Information:

Full name (first name and surname)

Email address

Phone number

Password (encrypted)

Preferred language

b) Reservation Information:

Pick-up and drop-off locations

Travel dates and times

Number of passengers

Flight or train numbers

Special requests (child seats, pet transport, accessibility needs, extra luggage)

Notes for the carrier

c) Payment Information:

Credit/debit card details (processed securely by our payment processors)

Billing address

Transaction history

Digital wallet information (PayPal, Google Pay, Apple Pay)

d) Passenger Information:

Names of passengers (if different from the account holder)

Contact details of passengers

3.2. Information Collected Automatically

When you access our Platform, we automatically collect:

a) Technical Data:

IP address

Browser type and version

Device type and operating system

Unique device identifiers

Time zone setting

b) Usage Data:

Pages visited on our Platform

Time and date of visits

Time spent on pages

Click patterns

Search queries

c) Location Data:

General location based on IP address

Precise location (only with your explicit consent)

3.3. Information from Third Parties

We may receive personal data from:

Social login providers (Google, Apple) if you choose to register using these services

Payment service providers

Our carrier partners (regarding service delivery)

4. Purposes of Data Processing

4.1. We process your personal data for the following purposes:

a) Service Provision:

Processing and managing your reservations

Connecting you with transportation carriers

Providing customer support

Sending reservation confirmations and transport communications

Processing payments and refunds

b) Account Management:

Creating and maintaining your user account

Authenticating your identity

Managing your preferences

c) Communication:

Sending service-related notifications

Responding to your inquiries and requests

Providing updates about your reservations

Sending important notices about changes to our services or policies

d) Improvement and Analytics:

Analyzing Platform usage to improve our services

Understanding user preferences and behavior

Developing new features and services

Conducting research and analysis

e) Marketing (with your consent):

Sending promotional offers and newsletters

Personalized advertising

Conducting surveys and feedback requests

f) Legal and Security:

Fraud prevention and detection

Complying with legal obligations

Protecting our rights and the rights of others

Resolving disputes

5. Legal Basis for Processing

5.1. We process your personal data based on the following legal grounds:

a) Contract Performance (Article 6(1)(b) GDPR):

Processing necessary to perform the Transferhood Agreement and provide our services to you.

b) Legitimate Interests (Article 6(1)(f) GDPR):

Processing necessary for our legitimate interests, provided these interests do not override your fundamental rights. Our legitimate interests include:

Fraud prevention and detection to protect our customers and business

Platform security and integrity maintenance

Service improvement based on usage analysis

Carrier performance evaluation to ensure service quality

Business analytics and reporting

Enforcing our terms of service and protecting legal rights

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

c) Consent (Article 6(1)(a) GDPR):

Processing based on your explicit consent, particularly for marketing communications and location data collection. You may withdraw your consent at any time.

d) Legal Obligation (Article 6(1)(c) GDPR):

Processing necessary to comply with legal requirements, including tax and accounting obligations.

5.2. Necessity of Providing Personal Data

The provision of certain personal data is necessary to enter into and perform the Transferhood Agreement:

a) Mandatory Data:

Name, email, and phone number - required for account creation and reservation processing

Pick-up and drop-off locations - essential for service delivery

Payment information - required to process transactions

b) Consequences of Not Providing Data:

Without mandatory data, we cannot create your account or process reservations

Incomplete contact information may prevent us from sending important service communications

Without payment details, transactions cannot be completed

c) Optional Data:

Data marked as optional (such as special requests, marketing preferences) can be withheld without affecting your ability to use our core services.

6. Automated Decision-Making and Profiling

6.1. We use automated processing in the following ways:

a) Carrier Matching:

Our system automatically matches your reservation with available carriers based on location, vehicle type, and availability. This process does not produce legal effects on you but facilitates service delivery.

b) Price Calculation:

Prices are automatically calculated based on distance, vehicle type, date/time, and any additional services requested. The calculation logic is transparent and displayed during the booking process.

c) Fraud Detection:

We use automated systems to detect potentially fraudulent transactions. If a transaction is flagged, it is reviewed by our team before any action is taken.

6.2. We do not make decisions based solely on automated processing that produce legal effects or significantly affect you without human involvement.

6.3. You have the right to:

Request human intervention in automated decisions

Express your point of view regarding automated decisions

Contest automated decisions

7. Data Sharing and Recipients

7.1. We may share your personal data with the following categories of recipients:

a) Transportation Carriers:

We share necessary reservation details with our partner carriers to enable the provision of transport services. This includes:

Passenger names and contact information

Pick-up and drop-off details

Flight/train numbers

Special requests

7.1.1. Joint Controller Relationship:

For the purposes of Article 26 of the GDPR, the Company and Transportation Carriers act as joint controllers with respect to certain personal data processing activities related to the provision of Transportation Services. The respective responsibilities of the Company and Carriers are defined in the Partner Agreement. As the designated contact point, you may exercise your data protection rights by contacting us at the details provided in this Privacy Policy.

b) Payment Processors:

Your payment information is processed by secure third-party payment processors, including providers of credit card processing, PayPal, Google Pay, and Apple Pay services.

c) Service Providers:

We engage trusted third-party service providers who assist us in operating our Platform, including:

Cloud hosting providers

Email service providers

Analytics providers

Customer support tools

d) Legal and Regulatory Authorities:

We may disclose your data to comply with legal obligations or respond to lawful requests from public authorities.

e) Business Transfers:

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

7.2. We do not sell your personal data to third parties.

8. International Data Transfers

8.1. Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

8.2. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission

Adequacy decisions by the European Commission

Other legally recognized transfer mechanisms

9. Data Retention

9.1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

a) Account Data:

Retained for the duration of your account and for 18 months after account closure or inactivity, after which inactive accounts may be deleted following a 7-day notice period.

b) Reservation Data:

Retained for 7 years after the completion of the service for tax and accounting purposes.

c) Payment Data:

Transaction records retained for 7 years as required by Bulgarian tax law.

d) Communication Records:

Customer service communications retained for 3 years.

e) Marketing Preferences:

Retained until you withdraw consent or unsubscribe.

9.2. After the retention period, personal data is securely deleted or anonymized.

10. Your Rights

10.1. Under the GDPR, you have the following rights regarding your personal data:

a) Right of Access (Article 15):

You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.

b) Right to Rectification (Article 16):

You have the right to request correction of inaccurate personal data or completion of incomplete data.

c) Right to Erasure (Article 17):

You have the right to request deletion of your personal data in certain circumstances ("right to be forgotten").

d) Right to Restriction (Article 18):

You have the right to request restriction of processing in certain circumstances.

e) Right to Data Portability (Article 20):

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

f) Right to Object (Article 21):

You have the right to object to processing based on legitimate interests, including profiling and direct marketing.

g) Right to Withdraw Consent (Article 7):

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

h) Right to Lodge a Complaint:

You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection or another competent supervisory authority.

10.2. To exercise your rights, please contact us at privacy@transferhood.com or dpo@transferhood.com. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

11. Data Security

11.1. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

a) Technical Measures:

SSL/TLS encryption for data transmission

Encryption of sensitive data at rest

Secure payment processing (PCI DSS compliant processors)

Regular security assessments and penetration testing

Firewalls and intrusion detection systems

Access controls and authentication mechanisms

b) Organizational Measures:

Staff training on data protection

Confidentiality agreements with employees and contractors

Access limited to personnel who need it for their duties

Incident response procedures

Regular review of security policies

11.2. Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11.3. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the GDPR.

12. Cookies and Tracking Technologies

12.1. We use cookies and similar tracking technologies to enhance your experience on our Platform. Please refer to our Cookie Policy for detailed information about:

Types of cookies we use

Purposes of cookie usage

How to manage cookie preferences

12.2. Categories of cookies we use:

a) Essential Cookies:

Necessary for the Platform to function properly.

b) Functional Cookies:

Enable enhanced functionality and personalization.

c) Analytics Cookies:

Help us understand how visitors interact with our Platform.

d) Marketing Cookies:

Used to deliver relevant advertisements (only with your consent).

13. Children's Privacy

13.1. Our Platform is not intended for children under 14 years of age. We do not knowingly collect personal data from children under 14.

13.2. Users must be at least 14 years old to create an account and at least 18 years old to make reservations and use our services.

13.3. If we become aware that we have collected personal data from a child under 14, we will take steps to delete that information promptly.

14. Third-Party Links

14.1. Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.

14.2. We encourage you to review the privacy policies of any third-party websites you visit.

15. Changes to This Privacy Policy

15.1. We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.

15.2. We will notify you of any material changes by:

Posting the updated policy on our Platform

Sending an email notification to registered users

Displaying a prominent notice on our Platform

15.3. The "Last Updated" date at the top of this policy indicates when it was last revised.

15.4. Your continued use of the Platform after any changes constitutes acceptance of the updated Privacy Policy.

16. Supervisory Authority

16.1. The supervisory authority for data protection matters related to our processing activities is:

Commission for Personal Data Protection (CPDP)

Address: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria

Website: www.cpdp.bg

Email: kzld@cpdp.bg

16.2. You have the right to lodge a complaint with the CPDP or another supervisory authority in your country of residence.

17. Legal Framework

17.1. This Privacy Policy is governed by the laws of the Republic of Bulgaria and the EU General Data Protection Regulation (GDPR).

17.2. For any disputes related to this Privacy Policy, the provisions of Article 24 of our General Service Terms and Conditions regarding applicable law and dispute resolution shall apply.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

PTS Travel Solutions Ltd.

Bulgaria, Sofia, Knyaz Boris I Street No:8 Floor:5 Office:1

Email: privacy@transferhood.com

General inquiries: info@transferhood.com

Customer support: support@transferhood.com

We are committed to addressing your concerns and will respond to your inquiries promptly.