Privacy Policy

1. Introduction

With this Privacy Policy, provided pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR"), we wish to inform you about the ways in which your Personal Data will be processed when you visit our website, use our booking services, or contact us. This policy, together with the Terms and Conditions, establishes the basis on which your personal data will be processed.

2. Data Controller

The Data Controller of the personal data collected through this website is:

Altus Private Transfers
Email: support@altustransfers.com

For any questions regarding this Privacy Policy or the processing of your data, please contact us at the email address above.

3. Methods of Processing Personal Data

We take the utmost consideration for the right to privacy and protection of our Users' personal data, which will be lawfully processed based on the principles of correctness, lawfulness, transparency, and protection of confidentiality pursuant to current regulations.

Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated. Appropriate security measures are adopted to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

4. Personal Data Processed

When you visit the website, make a booking, or contact us, we process the following categories of Personal Data:

1. Identification and contact data: first and last name, email address, telephone number.
2. Booking data: origin, destination, date, time, number of passengers, luggage, child seats, vehicle type, flight number, additional notes, round-trip details.
3. Payment data: payment method, transaction details, billing information (processed via third-party payment providers).
4. Browsing data: IP addresses, domain names, browser and operating system parameters, cookies.
5. Usage data: information generated by visiting the website, navigation flows, and use of features.
6. Location data: geolocation data when using the booking service to identify pick-up and drop-off locations.

5. Purpose of Processing and Legal Basis

5.1 Contract Performance and Legal Obligations

• Browsing the website;
• Processing and managing bookings and reservations;
• Providing private transfer services;
• Customer support and responding to inquiries;
• Compliance with legal, tax, and regulatory obligations;
• Issuing invoices, receipts, and maintaining accounting records.

Legal basis: Execution of pre-contractual and contractual obligations (Art. 6.1.b GDPR) and fulfillment of legal obligations (Art. 6.1.c GDPR).

5.2 Legitimate Interest

• Statistical analysis to improve the website and services;
• Prevention of fraud and protection of contractual rights;
• Security of the website and services.

Legal basis: Legitimate interest of the Data Controller (Art. 6.1.f GDPR).

5.3 Marketing (with consent)

• Sending commercial communications, promotions, and newsletters;
• Personalized offers based on preferences.

Legal basis: Express consent (Art. 6.1.a GDPR). You may withdraw consent at any time.

6. Data Retention Period

Personal data will be stored for the time necessary to achieve the purposes for which it was collected:

• Contractual purposes: for the duration of the contractual relationship and for 10 years thereafter (statute of limitations);
• Tax and legal purposes: for the periods established by applicable law;
• Marketing purposes: until consent is withdrawn, and in any case for a maximum of 24 months;
• Browsing data (cookies): as specified in our Cookie Policy.

7. Communication and Dissemination of Data

Your data may be communicated to:

1. Staff involved in service delivery (administrative, operations, customer support);
2. Third-party service providers acting as Data Processors (payment processors, email services, cloud hosting, analytics);
3. Partner drivers assigned to your transfer;
4. Public authorities when required by law.

Your data will not be sold, rented, or shared with third parties for their own marketing purposes without your explicit consent.

8. Transfer of Data Abroad

Data processing takes place primarily within the European Union. Some third-party tools may process data in countries outside the EU. In such cases, transfers are governed by Standard Contractual Clauses approved by the European Commission or other appropriate safeguards under Articles 44-49 of the GDPR.

9. Cookies

This website uses cookies to improve the browsing experience, personalize content, and analyze traffic. For detailed information, please refer to our Cookie Policy.

10. Third-Party Services Used

Firebase (Google Ireland Limited)

We use Google Firebase for authentication, database management, and cloud functions. Data processed: user credentials, booking data. Privacy Policy

Resend (Resend Inc.)

We use Resend for transactional email delivery (booking confirmations, notifications). Data processed: email address, booking details. Privacy Policy

Google Maps (Google Ireland Limited)

We use Google Maps for route display and location services. Data processed: location data, IP address. Privacy Policy

Google Analytics (Google Ireland Limited)

We use Google Analytics for website traffic analysis. Data processed: cookies, IP address, usage data. You can opt out via the Google Analytics Opt-out Add-on.

Google Ads (Google Ireland Limited)

We use Google Ads for advertising and remarketing. Data processed: cookies, usage data. Privacy Policy | Opt out

11. Rights of Data Subjects

Under the GDPR, you have the right to:

• Access your personal data (Art. 15);
• Rectification of inaccurate data (Art. 16);
• Erasure ("right to be forgotten") (Art. 17);
• Restriction of processing (Art. 18);
• Data portability — receive your data in a structured, machine-readable format (Art. 20);
• Object to processing based on legitimate interest or for marketing purposes (Art. 21);
• Withdraw consent at any time, without affecting the lawfulness of prior processing;
• Lodge a complaint with the supervisory authority (Comissão Nacional de Proteção de Dados — CNPD in Portugal, or FDPIC in Switzerland).

To exercise any of these rights, contact us at: support@altustransfers.com

12. Security Measures

We adopt appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include SSL/TLS encryption, secure authentication, and access controls.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be published on this page with an updated revision date. We encourage you to review this policy periodically.

Last updated: January 2026