Great Transfers Ltd is the data controller for the personal data described in this policy. If you need to contact us about privacy matters (access, correction, deletion, complaints), use the contact details provided below.

We collect information you provide to us and information we obtain automatically when you use our site, apps, or services. The main categories of information we collect include:

1. Identity & Contact

   • Name

   • Email

   • Phone number

   • Billing address

   • Pickup/drop-off addresses

2. Booking & Trip Details

   • Pickup/drop-off locations and times

   • Vehicle type

   • Number of passengers

   • Fare and journey details

3. Payment & Billing

   • Payment method details processed by our payment provider

   • Note: We do not store full card numbers if using a third-party payment processor

4. Communications

   • Messages

   • Emails

   • Call recordings (where recorded for quality, training, or safety)

   • Chat transcripts

5. Device & Usage Data

   • IP address

   • Device type

   • Browser type

   • Pages visited

   • Cookies and analytics data

6. Location & GPS

   • Live location you share

   • Journey GPS data collected to provide the service

7. Security & Verification

   • Identity checks

   • Fraud prevention information

   • Any documents you provide (e.g., for dispute resolution)

We process personal data only where we have a lawful basis. The main purposes and lawful bases include:

• Providing bookings and delivering transport services — necessary to perform a contract with you (booking, dispatching drivers, route planning).

• Communicating with you about bookings, receipts, changes, or customer service — necessary for contract performance and our legitimate interests (keeping you informed).

• Payment processing and fraud prevention — necessary to fulfil the contract and comply with legal obligations (e.g., anti-fraud, anti-money laundering).

• Compliance with legal and regulatory obligations — e.g., when required by licensing authorities or law enforcement.

• Service improvement, analytics, and security — legitimate interests (improving services, preventing fraud, securing systems).

• Marketing (email/SMS offers) — where you have given consent or where lawful grounds apply; you can opt out at any time.

We use cookies and similar technologies to run our website, remember your preferences, provide analytics, and (with your consent) personalise marketing. For non-essential cookies, we will ask for your consent and provide a cookie control tool.

We may share personal data with:

• Drivers and dispatch systems — so they can collect and deliver you.

• Payment processors and banks — to process payments and prevent fraud.

• Service providers — such as mapping/GPS providers, SMS/email gateways, customer support platforms, and analytics providers.

• Regulators or law enforcement — where required by law.

• Affiliates or acquirers — if the business is sold or reorganised; buyers will be bound by confidentiality and data protection obligations.

• International transfers — where personal data is transferred outside the UK/EEA, appropriate safeguards (e.g., standard contractual clauses) will be used.

We retain personal data only as long as necessary for the purposes set out above, to comply with legal obligations, and to resolve disputes. Business and accounting records are typically retained for statutory periods — usually 6 years from the end of the relevant financial year (or longer if required).

We implement appropriate technical and organisational measures to protect personal data. Access is restricted on a need-to-know basis. While we take reasonable measures, no system can be guaranteed 100% secure. In the event of a personal data breach, we will follow our incident response plan and notify the Information Commissioner’s Office (ICO) where required, normally within 72 hours.

Under UK data protection law, you have the following rights regarding your personal data:

• The right to be informed about how we use your data

• The right of access to the personal data we hold about you

• The right to rectification of inaccurate data

• The right to erasure (in certain circumstances)

• The right to restrict processing and to object to processing (including direct marketing)

• The right to data portability, where applicable

• Rights relating to automated decision-making and profiling

To exercise these rights, contact info@greattransfers.uk. You can also complain to the ICO if you are unhappy with our response.

Our services are not intended for children under 18. We do not knowingly collect personal data from children. If you are under 18, please do not use our services without parental/guardian consent.

Our website may contain links to third-party websites. This privacy policy does not apply to third-party sites — check the privacy policies of any site you visit.

We may use automated systems for operational tasks (e.g., fraud checks). If automated decision-making has a significant effect on you, we will explain this and provide ways to challenge or request human intervention.

We may update this policy from time to time. When we make significant changes, we will update the “Last updated” date and, where appropriate, notify users.

For privacy enquiries, to exercise your rights, or to request copies of information we hold:

• Email: info@greattransfers.uk

• Post: Great Transfers Ltd, REGUS, 450 Bath Road, Longford, Heathrow, UB7 0EB

If you remain dissatisfied after contacting us, you can complain to the Information Commissioner’s Office (ICO).