Data Protection Notice

Last updated: 24 June 2026

1. Controller

The controller responsible for processing personal data is:

• AirportTaxiTransferLine.COM, operating under the VIF Transfer brand
• Address: Waisenhausstrasse 9, 8820 Wädenswil, Switzerland
• Abrechnungs-Nr.: 10.047.981
• UID: CHE-289.853.146
• Commercial Register: CH-020.1.102.687-1
• Email: info@viftransfer.com
• Telephone: +41 78 900 03 49
• Website: https://viftransfer.com

2. Scope and legal framework

This Notice applies to customer-account holders, booking persons, passengers, drivers, independent carriers, business partners and website visitors.

Personal data is processed principally under the Swiss Federal Act on Data Protection (FADP). Where activities directed to people in the EU or EEA meet the relevant conditions, the GDPR is also taken into account.

We process data lawfully, fairly, transparently, for specified purposes, proportionately, accurately, for no longer than necessary and securely. We do not sell personal data.

3. Categories of personal data

4. Consequences of not providing data

If data marked as necessary for account creation, booking, payment, locating a passenger, assigning a driver or providing safe transport is not supplied, the relevant service may not be available.

Optional permissions such as customer location, push notifications, marketing or non-essential cookies are generally voluntary. Refusing them does not remove the basic right to book, although related convenience features may not work. Addresses can be entered manually.

If a driver does not provide required identity, driving licence, selfie, vehicle, insurance or location permissions, eligibility verification, assignment acceptance or online-work functions may be unavailable.

5. Purposes of processing

• Create, verify and secure customer and driver accounts;
• calculate prices and create and confirm bookings;
• collect payment and manage Stripe status, refunds and account credit;
• assign a suitable vehicle, independent carrier and driver;
• locate passengers, monitor flights and provide routes and estimated arrival;
• manage live operations, driver location, geofencing, safety and emergencies;
• provide child seats, luggage, accessibility and other extras;
• send email, telephone, in-app and push communications;
• handle support, complaints, lost property, disputes and insurance matters;
• meet accounting, tax, record, audit and official requirements;
• prevent fraud, misuse and security threats;
• improve quality, system performance and user experience;
• conduct marketing only where permitted and consented to as required.

6. Legal bases

Under Swiss data-protection law, processing is conducted transparently, proportionately, consistently with its purpose and without unlawful infringement of personality rights. Where relevant, processing is connected with steps before or performance of a contract, legal obligations, legitimate interests, vital interests, legal claims or consent.

Where the GDPR applies, principal bases include Article 6(1)(a), (b), (c) and (f). Special-category information is processed only where necessary for safe service and legally permitted.

Consent-based processing can be withdrawn at any time with prospective effect.

7. Booking and journey data

We process customer, passenger, route, flight, luggage, stop and extra-service data to create, confirm and perform a booking. If the booking person differs from the passenger, necessary passenger data may be disclosed to the assigned driver.

A person providing another individual’s data confirms that they are authorised to do so and have made this Notice available to that individual.

Customer notes must not contain full card details, passwords, identity-document images or sensitive information not needed for the transfer.

8. Payment and Stripe data

Online payments and card payments collected through a driver’s Stripe Terminal are processed by Stripe. Available cards, wallets and other methods are displayed by Stripe according to the customer’s country, currency, device and transaction eligibility.

VIF Transfer does not store full card numbers or security codes in its own systems. Limited transaction, amount, currency, status, refund, dispute, invoice and account-credit data may be retained.

Stripe may act as an independent controller for its legal obligations and fraud-prevention activities. See Stripe’s Privacy Policy.

9. Location, map and flight data

Customer location permission may be used for address selection and nearby suggestions. An address can be entered manually if permission is refused.

When a driver is online/working or has an active assignment, the driver application may process precise foreground and, where necessary, background location for assignment, estimated arrival, live tracking, safety and operations.

Google Maps Platform or similar mapping/geocoding services may process addresses, coordinates, IP and device data under their own terms. Third-party flight-data providers may be used to obtain actual landing time where a correct flight number is supplied.

10. Driver documents and selfie

Identity documents, driving licences, selfies/profile photos, vehicle and insurance documents may be processed to verify eligibility, identity, driving authority, vehicle status and insurance.

A selfie may be used to match the account to the real person, reduce fraud, support safety and, where appropriate, display the driver profile to customers or administrators. Unless separately and expressly disclosed, we do not intend to create biometric facial templates or perform automated facial recognition.

Document access is restricted to authorised persons. Documents no longer required after legal, insurance, safety or claims needs end are deleted or blocked.

11. Recipients and disclosure

Data may be disclosed, to the extent necessary, to:

• assigned licensed and insured independent carriers and drivers;
• Stripe and the chosen payment-method provider;
• hosting, cloud, database, backup, security and maintenance providers;
• Google Maps, Firebase, email, SMS/push, geocoding and flight-data providers;
• accounting, tax, legal, audit and insurance advisers;
• competent courts, authorities, law enforcement and regulators;
• parties under confidentiality in a business transfer, merger or restructuring.

We take reasonable steps to contractually bind processors to limited use, confidentiality and security.

12. International transfers

VIF Transfer is based in Switzerland. Stripe, Google/Firebase, map, cloud, notification, email and infrastructure providers may process data in Switzerland, the EEA, the United Kingdom, the United States or other countries.

Where data is transferred to a country without adequate protection, we use, as applicable, Swiss or EU standard contractual clauses, adequacy decisions, additional contractual/technical safeguards or another permitted mechanism.

13. Retention and deletion

When the applicable period ends, data is securely deleted, anonymised or blocked.

14. Automated processing

Automated rules may be used for price calculation, payment status, fraud signals, driver/vehicle suitability, assignment order, geofencing and notifications.

We do not intend to make decisions with legal or similarly significant effects solely by automated means. Where such processing is contractually necessary or legally permitted, applicable information and an opportunity for human review will be provided.

15. Your rights

Depending on applicable law, you may have rights to:

• access and receive a copy;
• correction;
• deletion or anonymisation where no retention obligation applies;
• restriction or objection;
• data portability where legal conditions are met;
• withdraw consent;
• object to direct marketing;
• human review of an applicable automated decision;
• complain to the FDPIC/EDÖB or another competent supervisory authority.

Access is generally provided free of charge within 30 days. Identity verification may be required; requests that are clearly unfounded, excessive or affect third-party rights may be restricted as permitted by law.

16. Requests, complaints and contact

Account deletion, access, correction, objection and other requests may be submitted through an available account-deletion function in the app or by emailing info@viftransfer.com.

State the email or telephone number linked to the account and the request. Do not send passwords, full card data or identity-document copies by email.

The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB). Where the GDPR applies, a complaint may also be made to the competent EU/EEA supervisory authority.

17. Security and updates

We use appropriate technical and organisational measures such as access controls, secure connections, encryption, session management, backup, logging and updates.

If a personal-data breach requires notification, we will inform the competent authority and, where required, affected individuals under applicable law.

This Notice may be updated to reflect service, technology or legal changes. In the event of inconsistency among the English, German and Turkish versions, the order of interpretive priority is English, German, then Turkish, subject to mandatory rights.