whatsapp-icon

Privacy Policy

Pegasus Transfer, operating at pegasustransfers.gr based in Hersonissos, Heraklion, Crete, Greece, is committed to protecting the personal data of our customers and website visitors in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our transfer services or visit our website.

1. Data Controller

The data controller responsible for your personal data is:

Pegasus Transfer
70014 Piskokefalo, Hersonissos, Heraklion, Crete, Greece
Phone: (+30) 6909 038 096
Email: info@pegasustransfers.gr
Website: www.pegasustransfers.gr

2. Categories of Personal Data We Collect

In the course of providing our transfer and tour services, we may collect and process the following categories of personal data:

  • Identification data: full name, nationality
  • Contact details: email address, telephone number
  • Booking information: pick-up and drop-off locations, flight number, date and time of transfer, number of passengers
  • Payment information: billing details (we do not store full card numbers; payments are processed securely)
  • Special requirements: child seat needs, wheelchair accessibility, extra luggage specifications
  • Communication records: emails, SMS correspondence, and call recordings (for quality assurance purposes)
  • Website usage data: IP address, browser type, pages visited, and cookies (see our Cookie Policy on our website)

3. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

  • Booking & Contract Execution: To confirm your reservation, assign the appropriate vehicle, and carry out your transfer or tour service. Legal basis: Performance of a contract.
  • Customer Communication: To send booking confirmations, updates, and answer your queries. Legal basis: Performance of a contract / Legitimate interests.
  • Flight Monitoring: To track any delays or schedule changes that may affect your pick-up time, at no extra cost to you. Legal basis: Performance of a contract.
  • Invoicing & Tax Compliance: To issue receipts and comply with Greek and EU tax legislation. Legal basis: Legal obligation.
  • Marketing & Newsletter: To send you offers or promotional material about our services. Legal basis: Your explicit consent (which you may withdraw at any time).
  • Quality Assurance & Safety: To monitor call interactions and ensure service quality and passenger safety. Legal basis: Legitimate interests.
  • Legal Claims: To establish, exercise, or defend legal claims when necessary. Legal basis: Legitimate interests / Legal obligation.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Booking and transactional data is retained for the duration of our contractual relationship with you and for as long as required by applicable Greek tax and commercial law (typically up to 10 years).
  • Marketing data is retained until you withdraw your consent.
  • Call recordings are retained for the shortest period necessary and deleted once the quality assurance purpose is fulfilled, unless required for legal proceedings.
  • Data related to pending legal claims may be retained until the applicable limitation period has expired.

5. Sharing of Personal Data

We do not sell your personal data to third parties. We may share your data with:

  • Our drivers and operational staff, strictly for the purpose of performing your transfer or tour.
  • Payment processors, operating under strict data security standards.
  • IT and system providers who support our booking platform, bound by confidentiality agreements.
  • Greek public authorities or courts, where we are required to do so by law.

All third parties who process data on our behalf are required to comply with GDPR and our internal data protection policies.

6. International Transfers

Your personal data is processed within the European Economic Area (EEA). Should any transfer outside the EEA become necessary, we will ensure adequate safeguards are in place in accordance with GDPR Articles 46 and 47.

7. Your Rights Under GDPR

As a data subject, you have the following rights, all of which are exercisable free of charge:

  • Right of Access: To obtain confirmation of whether we process your data and to receive a copy of it.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): To request deletion of your data where it is no longer necessary for the original purpose, subject to legal retention obligations.
  • Right to Restriction of Processing: To request that we limit the processing of your data under certain circumstances.
  • Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: To object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@pegasustransfers.gr. We will respond to your request within 30 days of receipt.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure. These include:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments of our systems and procedures
  • Confidentiality agreements with all employees and partners who handle personal data

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant authorities and, where required, inform you directly without undue delay.

9. Cookies

Our website uses cookies to improve user experience and analyse website traffic. You may manage your cookie preferences through your browser settings. For more information, please refer to our Cookie Policy available on our website.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted prominently on our website and, where appropriate, communicated to you directly. The effective date of the current version is shown at the top of this document.

11. Contact Us

For any questions, requests, or concerns regarding your personal data or this Privacy Policy, please contact:

Pegasus Transfer
70014 Piskokefalo, Hersonissos, Heraklion, Crete, Greece
Phone: (+30) 6909 038 096
Email: info@pegasustransfers.gr
Website: www.pegasustransfers.gr