Privacy Policy

Last updated: 24 June 2026

1. Controller and contact details

The controller responsible for processing personal data is:

• AirportTaxiTransferLine.COM, operating under the VIF Transfer brand
• Address: Waisenhausstrasse 9, 8820 Wädenswil, Switzerland
• Abrechnungs-Nr.: 10.047.981
• UID: CHE-289.853.146
• Commercial Register: CH-020.1.102.687-1
• Privacy and support email: info@viftransfer.com
• Telephone: +41 78 900 03 49
• Website: https://viftransfer.com

2. Scope and principles

This Policy applies to website visitors, customer-account holders, booking persons, passengers, drivers, independent carriers, business partners and people who contact us.

We process personal data transparently, for specified legitimate purposes, proportionately and securely. We do not sell personal data. We apply reasonable technical and organisational measures to prevent use outside the booking, legal, safety or other disclosed purposes.

Our principal framework is the Swiss Federal Act on Data Protection (FADP). Where we offer services to people in the European Union or European Economic Area and the relevant conditions apply, we also take account of the GDPR and other applicable foreign data-protection laws.

3. Personal data we process

4. Sources of data

• Directly from you when you create an account, book, contact support, apply as a driver or upload documents.
• From a person or corporate customer booking on your behalf, or from a fellow passenger.
• From assigned independent carriers and drivers.
• From Stripe and payment-method providers, including limited payment status, authentication and fraud signals.
• From map, address, flight, email, messaging, push-notification and infrastructure providers.
• From your device, browser and application according to permissions and settings.

If you provide another person’s data, you confirm that you are authorised to do so and have made this Policy available to that person.

5. Purposes and legal bases

Where the GDPR applies, our principal bases include Article 6(1)(a), (b), (c) and (f). We process special-category data only where necessary and legally permitted.

6. Booking and passenger data

We process booking data to calculate quotes, confirm bookings, assign vehicles and drivers, locate passengers, monitor flights, provide extras, process changes/cancellations/refunds and provide support.

If the booking person and passenger are different, the passenger’s name, telephone number, meeting details and other necessary information may be shared with the assigned driver. The driver must use it only for the relevant transfer, communication and safety.

Customer notes should not contain unnecessary sensitive data, full payment-card data, identity-document images or unrelated third-party information.

7. Payments and Stripe

Online payments and card payments collected through a driver’s Stripe Terminal are processed through Stripe. Stripe determines which cards, wallets and other payment methods are available at checkout.

Full card numbers, security codes and comparable payment credentials are processed directly by Stripe or the relevant payment-method provider and are not stored in full in VIF Transfer’s systems. We may receive limited information such as transaction ID, status, amount, currency, refund and accounting data.

Stripe may also act as an independent controller for its own legal obligations and fraud prevention. Further information is available in Stripe’s Privacy Policy.

8. Location, maps, routes and flight data

If a customer grants location permission, the current location may be used for address selection, nearby-place suggestions or journey-related features. An address can be entered manually without permission, although some location features may not operate.

When a driver is online/working or has an active assignment, the driver application may process precise location in the foreground and, where necessary, in the background for assignment, estimated arrival, live tracking, security and operational management. Permissions can be managed on the device; required work features may not be available without them.

Providers such as Google Maps Platform may be used for address search, routes and maps. They may process IP, device, search and location data under their own terms. See Google’s Privacy Policy.

Where a correct flight number is supplied, third-party flight-data services may be used to obtain flight status and actual landing time.

9. Driver and carrier data

We may collect identity, contact, language, permit, driving-licence, identity-document, vehicle, insurance, document-validity and operational data from independent drivers and carriers. We use it for eligibility checks, contracting, assignments, settlement, safety, quality and compliance.

A selfie or profile photo may be used to confirm that the account corresponds to the real person, reduce fraud, support operational security and display the driver profile to customers or administrators where appropriate. Unless separately and expressly disclosed, we do not intend to create biometric templates or perform facial recognition from the selfie.

Document access is restricted to authorised persons with a business need. Rejected, expired or post-relationship documents are deleted or blocked when no legal, insurance, security or claims-related need remains.

10. Communications, notifications and marketing

We may use email, telephone, in-app or push notifications for booking confirmation, payment, driver assignment, changes, cancellation, safety, account verification and support.

A device token may be stored with Google Firebase Cloud Messaging and in our systems for push notifications. Permission can be disabled in device settings; necessary service communications may still be sent by email or another appropriate channel.

Promotional messages are sent only with consent or where permitted by law. You can unsubscribe using the link in a message or by contacting us. Service and safety communications are not affected by marketing preferences.

11. Cookies and similar technologies

The website may use necessary cookies for sessions, security, language, forms and payment flows. Preference, analytics or marketing cookies are used only where the relevant feature is enabled and, where required, with your consent.

• Necessary: Website, session, security, language and booking functions.
• Preference: Remembering language and user choices.
• Analytics: Measuring use and performance, only if enabled.
• Marketing: Campaign measurement and personalisation, only if enabled and permitted.

Preferences can be changed through the banner/preference centre or browser. Blocking necessary cookies may impair booking and account functions.

12. Who receives personal data?

We may disclose data, to the extent necessary, to:

• licensed and insured independent carriers and drivers;
• Stripe and the payment-method provider chosen by the Customer;
• hosting, cloud, database, backup, security and software-maintenance providers;
• Google Maps, Firebase, geocoding, flight, email, messaging and push providers;
• accounting, tax, audit, legal and insurance advisers;
• competent courts, regulators, law-enforcement and public authorities;
• parties under confidentiality in a merger, sale or transfer of the business.

We take reasonable steps to bind processors to contractual confidentiality, security and access restrictions. A recipient acting as an independent controller is governed by its own privacy policy.

13. International transfers

VIF Transfer is based in Switzerland. Some technology, payment, map, notification or cloud providers may process data in Switzerland, the EEA, the United Kingdom, the United States or other countries.

Where data must be transferred to a country without an adequate level of protection, we use, as applicable, Swiss and/or EU standard contractual clauses, additional contractual and technical safeguards, adequacy decisions or another legally permitted mechanism.

14. Retention periods

We retain data while needed for the purpose, the contractual/support relationship, legal retention duties or the establishment or defence of claims.

• Booking, invoice and accounting records: generally up to 10 years under Swiss accounting and tax requirements.
• Customer account: while the account remains active; after deletion, non-mandatory data is deleted or anonymised.
• Payment data: for transactions, refunds, disputes, fraud prevention and accounting; full card data according to Stripe’s own rules.
• Location and operations: for a limited period needed for the active assignment, safety, support and dispute resolution; then deleted, reduced or anonymised unless a longer legal need applies.
• Driver documents: during eligibility and cooperation and afterwards to the extent required by law, insurance or claims.
• Technical/security logs: for a limited period for security, fault analysis and abuse investigation.
• Marketing: until consent is withdrawn or an objection is made; a suppression record may remain to prevent further marketing.

At the end of the applicable period, data is securely deleted or irreversibly anonymised.

15. Data security

We use appropriate technical and organisational measures such as access controls, encryption, secure connections, session controls, backups, logging, updates and confidentiality obligations.

No system can guarantee absolute security. If a personal-data breach requires notification, we will notify the competent authority and, where necessary, affected people in accordance with applicable law.

16. Children’s data

Account holders and booking persons must be at least 18. A responsible adult may provide a child passenger’s name, age, height, weight or child-seat requirement only to the extent necessary for safe transport.

We do not seek unnecessary children’s data and do not intend to market directly to children.

17. Automated processing and profiling

Automated rules may be used for price calculation, payment-status verification, fraud signals, suitable driver/vehicle selection, assignment sequencing and notifications.

We do not intend to make decisions producing legal or similarly significant effects solely by automated means. Where such automation is necessary for a contract or legally permitted, we provide applicable rights, meaningful information and an opportunity to request human review.

18. Your rights

Depending on applicable law, you may have rights to:

• obtain information and a copy of data processed about you;
• correct inaccurate or incomplete data;
• request deletion or anonymisation where no retention duty applies;
• restrict or object to particular processing;
• data portability where legal conditions are met;
• withdraw consent prospectively;
• object to direct marketing at any time;
• request human review of an automated decision where applicable;
• complain to the Swiss Federal Data Protection and Information Commissioner or a competent EU/EEA supervisory authority.

We may verify your identity. We normally seek to respond within 30 days; where a request is complex or numerous, we will inform you of a legally permitted extension. Rights are not absolute; statutory retention, third-party rights, security and legal claims may justify continued retention.

19. Account deletion and requests

You may submit an account-deletion or privacy request through an account-deletion function in the application where available, or by emailing info@viftransfer.com. State the email/telephone linked to the account and the request; do not send passwords, full payment-card details or identity documents by email.

When an account is deleted, active sessions, profile and preferences are deleted or anonymised. Completed booking, invoice, payment, fraud, security and dispute records may remain under restricted access for the mandatory retention period.

20. Changes, language and contact

We may update this Policy to reflect changes in services, technology or law. Material changes will be announced through the website or app and the date above will be updated.

The English, German and Turkish versions are intended to have the same effect. In the event of inconsistency, the order of interpretive priority is English, German, then Turkish, subject to mandatory data-protection rights.