TransferOkay Privacy PolicyEffective date: 31.03.2026
1. Data Controller
The data controller is:Dmytro LiakhovychICO: 11787970Address: Orebitska 616/9, Prague 3, Czech RepublicPhone: +420 778 509 349Email: moc.liamg%40yakorefsnart.ofni
Website: https://transferokay.com
For any personal data inquiries, please contact: moc.liamg%40yakorefsnart.ofni
2. General Provisions
2.1. This Policy explains what personal data we collect, how we use it, who we share it with, and what rights users have.2.2. We process personal data in accordance with GDPR (Regulation (EU) 2016/679), applicable Czech legislation, and EU consumer protection laws.
3. Categories of Data We Process
3.1. Identification and contact data:
first and last name;phone number;email address.
3.2. Booking data:
pickup address and destination;date and time of the trip;trip details (number of passengers, luggage, child seats, vehicle type);comments/notes related to the booking.
3.3. Payment data:
payment status/identifier and technical transaction data;full payment card details are not stored in our systems (they are processed by the payment provider).
3.4. Communication data:
messages via messengers, email, or phone;customer support interaction history.
3.5. Technical data:
IP address, technical logs, and security/integration events (limited to what is necessary).4. Purposes of Processing, Legal Basis, and Retention Periods
4.1. Provision and administration of transportation services
Data: sections 3.1–3.3Legal basis: performance of a contract (Art. 6(1)(b) GDPR)Retention: for the duration of the contract and the necessary post-contract period.
4.2. Accounting and tax compliance
Data: part of booking and payment dataLegal basis: legal obligation (Art. 6(1)(c) GDPR)Retention: in accordance with Czech law (usually at least 10 years for accounting records).
4.3. Customer support, complaints handling, and legal protection
Data: sections 3.1, 3.2, 3.4, 3.5Legal basis: legitimate interest (Art. 6(1)(f) GDPR), and where applicable, contract/legal obligationRetention: for the duration of handling the request and the statutory limitation period.
4.4. Service-related communications (email/messengers)
Data: contact data + key booking informationLegal basis: contract performance (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f) GDPR)Retention: until the service is completed and for a reasonable period thereafter.
4.5. Marketing communications
Data: contact data and booking history (minimum necessary)Legal basis: consent (Art. 6(1)(a) GDPR), unless otherwise permitted by lawRetention: until consent is withdrawn or the stated period expires.5. Data Sharing
5.1. We may share personal data with processors/partners to the minimum extent necessary:
hosting and IT infrastructure providers;CRM systems (e.g., KeyCRM);payment providers (e.g., Stripe);messaging services (e.g., Telegram/WhatsApp gateways, email providers);accounting and audit contractors;public authorities where required by law.
5.2. We do not sell personal data to third parties.
6. Data Transfers Outside the EU
6.1. If data is transferred outside the EU, such transfer is carried out only with appropriate safeguards in place (e.g., adequacy decisions, Standard Contractual Clauses, or other lawful mechanisms).
7. Cookies and Analytics
7.1. The website may use technical cookies necessary for proper functionality.7.2. Analytical and marketing cookies are used only where a valid legal basis exists (including consent where required).7.3. More details may be provided in a separate Cookie Policy or consent management banner.
8. Automated Decision-Making and Profiling
8.1. We do not use automated decision-making that produces legal effects concerning users without an appropriate legal basis and prior notice.
9. Data Security
9.1. We implement organizational and technical security measures, including:
restricting access to data;using secure data transmission channels;access control to administrative systems;logging critical events;regular updates of software components.10. Data Subject Rights
You have the right to:
access your personal data;request correction of inaccurate data;request deletion of data (under conditions set by law);restrict processing;object to processing based on legitimate interest;receive data in a structured format (data portability);withdraw consent (where processing is based on consent);lodge a complaint with a supervisory authority.
Supervisory authority in the Czech Republic:Office for Personal Data Protection (UOOU)Website: https://www.uoou.cz
11. How to Exercise Your Rights
11.1. Send your request to moc.liamg%40yakorefsnart.ofni with the subject “GDPR request”.11.2. To protect your data, we may ask you to verify your identity.11.3. We will respond within the time limits set by GDPR (usually up to 1 month, with possible extension where permitted by law).
12. Updates to This Policy
12.1. We may update this Policy from time to time.12.2. The current version is always available on the website.12.3. Significant changes affecting user rights will be published with appropriate notice in a manner accessible on the website.