Velvore Transfers
What are personal data
Personal data means any information relating to an identified or identifiable natural person. This includes, but is not limited to: full name, telephone number, email address, flight details, pick-up and drop-off address, billing information, and any other information necessary for the provision of transfer services.
Velvore Transfers is committed to protecting your personal data and ensuring transparency regarding how they are collected and processed, in accordance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).
How we collect or obtain personal data
Velvore Transfers collects personal data:
- Through our website booking forms
- Via telephone reservations
- Through email communication
- Through partner travel agencies or third-party booking platforms
- Through cookies and similar technologies to improve website functionality
Personal data are either provided directly by customers or collected automatically when using our website.
Legal basis for processing
The legal basis for processing personal data includes:
- Performance of a contract (execution of transfer reservations)
- Compliance with legal obligations (tax and accounting requirements)
- Legitimate interests of the company, provided these do not override users’ rights
- Explicit consent (e.g., newsletter subscription)
Purpose of personal data processing
We process personal data for the following purposes:
- To manage and execute transfer bookings
- To communicate with customers regarding their reservation
- To provide customer support
- To issue invoices and comply with tax obligations
- To improve our services and website functionality
- To send promotional communications where consent has been given
- To comply with legal and regulatory requirements
Categories of personal data processed
We may process:
- Full name
- Phone number
- Email address
- Flight information (arrival/departure details)
- Pick-up and drop-off addresses
- Number of passengers
- Billing details
- IP address and browsing data (via cookies)
We do not intentionally collect sensitive personal data.
Data retention period
Personal data are retained only for as long as necessary:
- To provide the requested transfer services
- To comply with tax, accounting, and legal obligations
- Until consent is withdrawn (where applicable)
Certain data may be retained longer where required for legal claims or regulatory compliance.
Data Subject Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right to Information
You have the right to receive clear, transparent, and easily understandable information about how we collect and use your personal data.
Right of Access
You have the right to request confirmation as to whether we process your personal data and to obtain a copy of such data.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data concerning you.
Right to Erasure (“Right to be Forgotten”)
You may request the deletion of your personal data where there is no legitimate reason for us to continue processing them. This right is subject to legal and regulatory obligations that may require us to retain certain data (e.g., tax or accounting records).
Right to Restriction of Processing
You may request that we restrict the processing of your personal data in specific circumstances provided by law, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller, where processing is based on consent or contract and carried out by automated means.
Right to Object
You have the right to object to processing based on legitimate interests and to object at any time to the processing of your personal data for direct marketing purposes.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) if you believe that your data protection rights have been violated.
How to Exercise Your Rights
To exercise any of the above rights, you may contact us at:
Email: info@velvoretransfers.com
Address: Ilioupoleos 99, Dafni, Attica, Athens, Greece
We will respond to your request within one (1) month from receipt, in accordance with applicable data protection laws. The exercise of your rights is free of charge unless the request is manifestly unfounded or excessive.
We may request verification of your identity before processing your request.
Data sharing
Personal data may be shared only when necessary:
- With drivers or partner operators for the execution of the transfer service
- With accountants or legal advisors
- With public authorities when legally required
Velvore Transfers does not sell or rent personal data to third parties.
Data security
Velvore Transfers implements appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
Data Controller
Velvore Transfers
Ilioupoleos 99
Dafni, Attica, Athens, Greece
Email: info@velvoretransfers.com
The Data Controller is responsible for processing personal data either directly or through authorized processors acting on its behalf.
Changes to this Policy
This Protection of Personal Data Policy may be updated at any time. The latest version will always be available on our website.