Privacy Policy
& Impressum

Impressum · Mentions légales · Legal Notice

1. What data we collect

When you book a transfer or interact with EasyTransfer Transport, we collect the minimum data needed to deliver the service:

• Identification: name, email, phone number.
• Booking: pickup & dropoff addresses, date, time, vehicle preference, passenger count, luggage, flight number (if applicable).
• Payment: handled by Stripe (PCI-DSS compliant); we never store card numbers.
• Technical: IP address, browser, language preference, basic visit analytics — for fraud prevention & service improvement.
• Optional: notes, special requirements, accessibility needs.

2. How we use your data

• Confirm and operate your transfer (driver dispatch, ETAs, communication).
• Issue invoices and receipts (Swiss law: 10-year retention required).
• Send transactional emails (booking confirmation, payment receipt, transfer updates).
• Send marketing emails only with your consent — one-click unsubscribe always available.
• Improve our service quality, fleet performance and customer support.
• Comply with Swiss tax, transport and data protection laws.

3. Legal basis (GDPR Article 6)

• Contract: to deliver the transfer you booked.
• Legal obligation: tax records, transport licensing, audit trail (Swiss nDSG).
• Legitimate interest: fraud prevention, service security, brand protection.
• Consent: marketing emails, optional analytics — revocable any time.

4. Who we share data with

We never sell your data. Limited sharing with:

• Drivers: name, pickup, dropoff, phone — needed to deliver the service.
• Stripe (payments): card data goes directly to Stripe, never touches our servers (PCI-DSS).
• Google Maps (routing): pickup & dropoff addresses only.
• AirLabs (flight tracking): flight number only, when applicable.
• Hosting infrastructure (Switzerland-based): encrypted at rest and in transit.
• Swiss authorities: only when legally required (court order, tax audit).

5. Cookies

We use cookies for:

• Essential session cookies (HttpOnly, Secure, SameSite=Strict) for login and security — required, no consent banner can disable.
• Functional cookies for language preference, dark mode — convenience only, no tracking.
• No third-party advertising cookies. No Facebook Pixel. No Google Ads tracking by default.

You can clear cookies any time in your browser settings.

6. Retention

• Booking records: 10 years (Swiss commercial law).
• Invoices: 10 years (Swiss tax law).
• Login audit logs: 90 days.
• Marketing email lists: until you unsubscribe.
• Web analytics: 14 months aggregated, then anonymised.

7. Your rights (Swiss nDSG & GDPR)

You have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data (subject to legal retention requirements above).
• Restrict processing.
• Portability: receive your data in a machine-readable format.
• Object to processing based on legitimate interest.
• Withdraw consent at any time (does not affect prior lawful processing).
• Unsubscribe from marketing emails with one click.
• Lodge a complaint with the Swiss Federal Data Protection Commissioner (FDPIC) or your national authority.

To exercise these rights, email info@easy-transfers.ch — we respond within 30 days.

8. Security

• HTTPS (TLS 1.2+) for all traffic.
• HSTS preload-ready, strict CORS, X-Frame-Options DENY.
• Cookies HttpOnly + Secure + SameSite=Strict (XSS-safe sessions).
• Password hashing with bcrypt cost 12.
• Brute-force lockout after 5 failed attempts per IP.
• Audit log of every login (IP, user-agent, success/failure) — 90 days.
• Daily DB backups, encrypted at rest.
• API requests with optional HMAC SHA-256 signing for B2B partners.

9. Contact & complaints

For any privacy question, request, or complaint:

10. Changes

We may update this policy from time to time. Material changes will be communicated by email to active customers. The current version date is shown at the top of this page.