Privacy Policy

Data Controller Information

Company Name: Comfort Elite Transfers
General Commercial Register (GEMI): ELGEMI.184511750000
Location: Zoniana Village, Mylopotamos 74051, Rethymno, Crete, Greece
Email: [email protected]
Phone: (+30) 698 2166 794
Data Protection Officer: [email protected]

What Personal Data We Collect

Booking Information We collect the following data when you make a reservation:

• Full name and contact details (phone number, email address)
• Pickup and drop-off locations
• Travel dates and times
• Number of passengers
• Flight details (for airport transfers)
• Special requests and preferences
• Communication history related to your booking

Website Usage Data When you visit our website, we automatically collect:

• IP address and browser information
• Pages visited and time spent on site
• Device type and operating system
• Referring website information
• Cookies and similar tracking technologies

Communication Data We store records of:

• Contact form submissions
• Email correspondence
• Phone call logs (when applicable)
• Customer service interactions
• Feedback and reviews

Why We Collect Your Data (Legal Basis)

Contract Performance We process your personal data to:

• Fulfill our transfer service obligations
• Process bookings and payments
• Provide customer support
• Send booking confirmations and updates

Legitimate Interests We may process your data for:

• Improving our services and website functionality
• Marketing our services (with your consent)
• Fraud prevention and security
• Business analytics and reporting

Legal Compliance We process data to:

• Comply with Greek and EU transportation regulations
• Maintain required business records
• Respond to legal requests from authorities

How We Protect Your Data

Technical Safeguards

• SSL encryption for all data transmission
• Secure servers with regular security updates
• Access controls and authentication systems
• Regular security audits and monitoring
• Encrypted data storage

Organizational Measures

• Staff training on data protection
• Confidentiality agreements with employees
• Regular review of data processing activities
• Incident response procedures
• Privacy by design principles

Third-Party Services

Stripe Payment Processing We use Stripe to process payments securely. Stripe handles all payment card data according to PCI DSS standards. We do not store or have access to your payment card information. Stripe’s privacy policy governs their data processing: https://stripe.com/privacy

Google Maps API We use Google Maps to provide location services for pickup and drop-off points. Google may collect data about your use of their mapping services. Google’s privacy policy applies: https://policies.google.com/privacy

Email Service Providers We use email services to send booking confirmations, reminders, and communications. These providers process your email address and message content according to their privacy policies.

WordPress Hosting Our website is hosted on WordPress servers. Our hosting provider processes website data according to their privacy standards and our data processing agreement.

Cookies and Tracking Technologies

Essential Cookies These cookies are necessary for website functionality:

• Session management and user authentication
• Shopping cart and booking form functionality
• Security and fraud prevention
• Load balancing and performance optimization

Analytics Cookies With your consent, we use analytics cookies to:

• Understand website usage patterns
• Improve user experience
• Measure marketing effectiveness
• Generate anonymized statistics

Managing Cookies You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. You can withdraw consent for non-essential cookies at any time through our cookie preference center.

Data Retention

Booking Data We retain booking information for:

• 7 years for accounting and tax purposes (Greek legal requirement)
• 3 years for customer service and dispute resolution
• Until you request deletion (where legally permissible)

Communication Records

• Email correspondence: 3 years
• Customer service records: 2 years
• Marketing communications: Until you unsubscribe

Website Analytics

• Anonymous usage data: 26 months
• Cookie data: As specified in our cookie policy

Your Rights Under GDPR

Right to Access You can request a copy of all personal data we hold about you, including how it’s being processed.

Right to Rectification You can ask us to correct any inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten) You can request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing You can request that we limit how we process your data in certain circumstances.

Right to Data Portability You can request a copy of your data in a structured, machine-readable format.

Right to Object You can object to processing based on legitimate interests or for marketing purposes.

Right to Withdraw Consent Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

Contact Methods To exercise your rights, contact us at:

• Email: [email protected]
• Phone: (+30) 698 2166 794

Response Timeline We will respond to your request within one month of receipt. Complex requests may take up to three months, and we will inform you of any delay.

Identity Verification We may request additional information to verify your identity before processing certain requests.

Data Transfers

EU Data Protection As we are based in Greece (EU), your data is processed within the EU under GDPR protection.

Third-Party Transfers Some of our service providers may process data outside the EU. We ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard contractual clauses
• Other appropriate safeguards as required by GDPR

Marketing Communications

Opt-In Consent We will only send marketing emails with your explicit consent, obtained during booking or through separate opt-in.

Unsubscribe Options Every marketing email includes an unsubscribe link. You can also contact us directly to opt out.

Marketing Content Our marketing may include:

• Special offers and promotions
• New service announcements
• Travel tips and destination information
• Customer satisfaction surveys

Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

Data Breach Procedures

Breach Response In case of a data breach, we will:

• Contain and assess the breach within 24 hours
• Notify the Greek Data Protection Authority within 72 hours (if required)
• Inform affected individuals if there is high risk to their rights
• Take measures to prevent future breaches

Updates to This Policy

Policy Changes We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Email notification to registered users
• Prominent website notice
• Updated “last modified” date

Effective Date This policy is effective as of [Date] and replaces all previous versions.

Supervisory Authority

Data Protection Authority If you have concerns about our data processing that we cannot resolve, you have the right to lodge a complaint with:

Hellenic Data Protection Authority
Address: 1-3 Kifisias Ave., 11523 Athens, Greece
Phone: +30 210 6475600
Email: [email protected]
Website: www.dpa.gr