Transferhood Privacy Policy

This Privacy Policy explains how PTS Travel Solutions Ltd. ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our website www.transferhood.com and associated mobile applications (collectively, the "Platform"). By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please contact us using the details in Section 17.

1.1 This Privacy Policy explains how PTS Travel Solutions Ltd. ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our website www.transferhood.com and associated mobile applications (collectively, the "Platform").

1.2 PTS Travel Solutions Ltd. is the data controller responsible for your personal data. We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Bulgarian data protection laws.

1.3 This Privacy Policy is designed to be read alongside our Terms and Conditions, which govern your use of the Platform. Certain references in this Policy — such as the dispute resolution provisions in Article 16 of our Terms and Conditions — form part of the wider contractual framework between you and us.

1.4 By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please contact us using the details in Section 17.

2.1 Data Controller

The data controller responsible for your personal data is:

2.2 Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with this Privacy Policy and applicable data protection laws. You can contact our DPO at:

2.3 General Contact Information

For any questions or requests relating to this Privacy Policy or our data processing practices:

3.1 Information You Provide Directly

a) Account Information:

b) Booking Information:

c) Payment Information:

d) Passenger Information:

3.2 Information Collected Automatically

a) Technical Data:

b) Usage Data:

c) Customer Service Records:

d) Location Data:

3.3 Information from Third Parties

We may receive personal data from:

4.1 We process your personal data for the following purposes:

a) Service Provision:

b) Account Management:

c) Communication:

d) Platform Improvement & Analytics:

e) Marketing (with your consent only):

Marketing communications are sent only following your explicit opt-in consent. You may withdraw consent at any time by clicking the unsubscribe link in any marketing email, updating your communication preferences in your account settings, or contacting us at privacy@transferhood.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

f) Legal Compliance & Security:

5.1 We process your personal data based on the following legal grounds under the GDPR:

a) Contract Performance (Article 6(1)(b) GDPR):

Processing necessary to perform the Transferhood Agreement and to fulfil your booking, including sharing data with assigned Carriers for service delivery.

b) Legitimate Interests (Article 6(1)(f) GDPR):

Processing necessary for our legitimate business interests, provided those interests do not override your fundamental rights and freedoms. Our legitimate interests include:

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

c) Consent (Article 6(1)(a) GDPR):

Processing based on your explicit consent — in particular for marketing communications and precise location data. Consent may be withdrawn at any time in accordance with Article 7 GDPR.

d) Legal Obligation (Article 6(1)(c) GDPR):

Processing necessary to comply with legal requirements, including tax, accounting, and regulatory obligations under Bulgarian law.

5.2 Mandatory vs. Optional Data

Certain data is mandatory to enter into and perform the Transferhood Agreement — specifically your name, email address, phone number, pick-up and drop-off locations, and payment information. Without this data, we cannot create your account or process bookings. Data marked as optional (such as special requests or marketing preferences) can be withheld without affecting your ability to use our core services.

6.1 We use automated processing in the following ways:

a) Carrier Matching:

Our system automatically matches your reservation with available carriers based on location, vehicle type, capacity, and availability. This process facilitates service delivery but does not produce binding legal effects on you as a data subject.

b) Dynamic Price Calculation:

Prices are automatically calculated based on distance, vehicle type, date, time, and any additional services requested. The calculation logic is transparent and displayed during the booking process.

c) Fraud Detection:

We use automated systems to detect potentially fraudulent transactions or account activity. If a transaction is flagged, it is reviewed by our team before any restrictive action is taken.

6.2 We do not make decisions based solely on automated processing that produce legal effects or significantly affect you without human involvement, in accordance with Article 22 GDPR.

6.3 You have the right to:

To exercise these rights, please contact us at support@transferhood.com.

7.1 We may share your personal data with the following categories of recipients:

a) Transportation Carriers — Joint Controller Relationship:

We share necessary booking details with assigned carriers to enable the provision of transport services. This includes passenger names and contact information, pick-up and drop-off details, flight or train numbers, and special requests.

For the purposes of Article 26 of the GDPR, PTS Travel Solutions Ltd. and the Transportation Carriers act as joint controllers with respect to certain personal data processing activities related to the provision of Transportation Services. As the designated contact point for data subjects, you may exercise your data protection rights by contacting us using the details in Section 17. Carriers are contractually prohibited from using Customer or Passenger data for marketing purposes or sharing it with third parties.

Data shared with Carriers is limited strictly to what is necessary for service fulfilment, reflecting the two-contract structure (Transferhood Agreement + Contract of Carriage) described in Article 4 of our Terms and Conditions.

b) Payment Processors:

Your payment information is processed by secure, PCI DSS compliant third-party payment processors, including providers of credit card processing, PayPal, Google Pay, and Apple Pay services.

c) Service Providers:

We engage trusted third-party service providers who assist us in operating the Platform under appropriate data processing agreements, including:

d) Legal and Regulatory Authorities:

We may disclose your data to competent authorities to comply with legal obligations or respond to lawful requests from public authorities.

e) Business Transfers:

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to equivalent data protection obligations.

7.2 We do not sell your personal data to third parties.

8.1 Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers or partner carriers are located.

8.2 When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

8.3 You may request further information about the specific safeguards we have implemented for international transfers by contacting dpo@transferhood.com.

9.1 We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:

a) Account Data:

Retained for the duration of your active account. Following account closure or 24 consecutive months of inactivity, your account data will be deleted or anonymised within 30 days, in accordance with Article 2.5 of our Terms and Conditions. Where applicable legal retention requirements (such as the 7-year retention of booking and payment records) mandate a longer period, those requirements take precedence.

b) Booking and Payment Records:

Retained for 7 years after the completion of the service, as required by Bulgarian tax and accounting legislation.

c) Communications Data:

Customer service communications and written correspondence retained for 3 years from the date of the last interaction, in accordance with the Bulgarian limitation period under applicable civil law.

d) Call Recordings:

Where customer service calls are recorded, recordings are retained for a maximum of 12 months, for quality assurance and dispute resolution purposes.

e) Location Data:

Precise geolocation data is retained for a maximum of 4 months from collection.

f) Marketing Preferences:

Retained until you withdraw your consent or unsubscribe from marketing communications.

9.2 After the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with you.

10.1 Under the GDPR, you have the following rights regarding your personal data:

a) Right of Access (Article 15 GDPR):

You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data, along with information about how it is used.

b) Right to Rectification (Article 16 GDPR):

You have the right to request correction of inaccurate personal data or completion of incomplete data.

c) Right to Erasure (Article 17 GDPR):

You have the right to request deletion of your personal data in certain circumstances — the "right to be forgotten" — subject to any applicable legal retention obligations.

d) Right to Restriction of Processing (Article 18 GDPR):

You have the right to request that we restrict processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested.

e) Right to Data Portability (Article 20 GDPR):

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

f) Right to Object (Article 21 GDPR):

You have the right to object to processing of your personal data based on legitimate interests, including profiling, and to object at any time to processing for direct marketing purposes.

g) Right to Withdraw Consent (Article 7 GDPR):

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

h) Right to Lodge a Complaint:

You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) or with the supervisory authority in your country of residence within the EU. See Section 16 for CPDP contact details.

10.2 How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at privacy@transferhood.com or dpo@transferhood.com. We will respond to your request within one month of receipt. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests received. We will inform you of any such extension within the first one-month period.

We may need to verify your identity before processing your request. We will not charge a fee for exercising your rights, unless the request is manifestly unfounded or excessive.

11.1 We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

a) Technical Measures:

b) Organisational Measures:

11.2 Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to take steps to protect your own account credentials.

11.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the GDPR. We will also notify the CPDP without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.

12.1 We use cookies and similar tracking technologies to enhance your experience on the Platform. For full details, please refer to our Cookie Policy, available at www.transferhood.com/cookie-policy.

12.2 In summary, we use the following categories of cookies:

12.3 You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or by updating your settings at any time via the Cookie Preferences link in our website footer.

13.1 The Platform is not intended for individuals under 18 years of age. In accordance with Article 2.1 of our Terms and Conditions, you must be at least 18 years old to create an account or place a booking on the Platform.

13.2 We do not knowingly collect personal data from individuals under 18 years of age for the purpose of account creation or booking. If we become aware that we have inadvertently collected such data, we will take prompt steps to delete it.

13.3 Where Passengers include individuals between the ages of 14 and 17, the Customer who placed the booking is responsible for ensuring that any required parental or guardian consent has been obtained in respect of the processing of that Passenger's personal data. The Company does not independently verify the age of Passengers.

14.1 The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties.

14.2 We encourage you to review the privacy policies of any third-party websites you visit before providing any personal data to them.

15.1 We may update this Privacy Policy from time to time to reflect changes in our data processing practices or applicable laws.

15.2 We will notify you of any material changes by:

15.3 Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy. Where material changes affect the legal basis for processing or your rights, we will seek fresh consent where required.

16.1 The competent supervisory authority for data protection matters relating to our processing activities is:

16.2 You have the right to lodge a complaint with the CPDP if you believe we have processed your personal data in violation of applicable data protection law. You also retain the right to lodge a complaint with the supervisory authority in your country of residence within the EU.

16.3 We encourage you to contact us first at privacy@transferhood.com before lodging a formal complaint, so that we have the opportunity to address your concerns directly.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We are committed to addressing your concerns and will respond to all privacy-related inquiries within one month of receipt.