Privacy Policy
How we collect, use and protect your data
Last updated: 6 July 2026
Language: Ελληνικά · English · Deutsch · Italiano
1. Data Controller
The controller of your personal data is the business GreekRide.gr (Dimitrios Ntalas), based in Greece.
For any matter regarding your personal data, you can contact us at: info@greekride.gr
2. What Data We Collect
We only collect the data necessary to provide our services:
2.1 When booking
- Full name
- Email address
- Phone number
- Pick-up and drop-off location
- Date and time of the transfer
- Number of passengers and luggage
- Flight details (for airport transfers)
- Payment method (we do not store card details)
- Any notes you add
2.2 When contacting us
- Full name
- Email address
- Phone number (optional)
- Subject and content of the message
- Preferred contact method (Viber, WhatsApp, iMessage)
2.3 Automatically collected technical data
- IP address (for security and abuse prevention)
- Browser type
3. Purpose of Processing
| Purpose | Legal Basis (GDPR) |
|---|---|
| Carrying out the booking and transfer | Performance of a contract (Art. 6.1.b) |
| Sending booking confirmation | Performance of a contract (Art. 6.1.b) |
| Responding to contact messages | Legitimate interest (Art. 6.1.f) |
| Payment processing | Performance of a contract (Art. 6.1.b) |
| Protection against abuse (rate limiting) | Legitimate interest (Art. 6.1.f) |
4. Third-Party Service Providers
To provide our services, we share data with the following third-party providers:
| Provider | Purpose | Data |
|---|---|---|
| Stripe | Card payment processing | Payment amount (card details are handled exclusively by Stripe) |
| Google Maps | Route and distance calculation | Pick-up/drop-off addresses |
| Gmail (SMTP) | Sending confirmation emails | Recipient's email address |
| Google (Tag Manager, Analytics & Ads) | Traffic statistics and measuring the effectiveness of our ads (conversion tracking) | Anonymised usage data, pages visited, IP address, device/browser type |
| Microsoft Clarity | Analysis of visitor behaviour (session recordings & heatmaps) to improve the website — with automatic masking of sensitive fields (names, emails, phone numbers, card details) | Anonymous interactions (clicks, scrolling, movements), IP address, device type |
All the above providers are GDPR-compliant. We do not sell or share your data with third parties for advertising purposes.
5. Retention Period
- Booking data: 5 years (tax obligations)
- Contact messages: 1 year after completion
- Security data (IP): 30 days
6. Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Access — Request a copy of the data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Restriction — Request restriction of processing
- Portability — Receive your data in a structured, commonly used format
- Objection — Object to the processing of your data
To exercise any of the above rights, contact us at info@greekride.gr. We will respond within 30 days.
7. Data Security
We take appropriate technical and organisational measures to protect your data, including:
- SSL/TLS encryption on all communications
- Encrypted storage of passwords (bcrypt)
- CSRF (Cross-Site Request Forgery) protection on all forms
- SQL injection protection with prepared statements
- Rate limiting to prevent abuse
- Secure session management
8. Cookies & Analytics Technologies
Our website uses:
- Strictly necessary cookies — session cookies for form security (e.g. CSRF protection). Necessary for operation and do not require consent.
- Statistics/analytics cookies — Google Analytics/Tag Manager and Microsoft Clarity, to understand how the website is used (anonymous statistics, session recordings & heatmaps). Microsoft Clarity automatically masks sensitive fields (names, emails, phone numbers, card details).
- Advertising measurement cookies — Google Ads, solely to measure the effectiveness of our own ads (conversion tracking). We do not use cookies for retargeting or third-party targeting.
You can control or disable non-essential cookies in your browser settings. To opt out: Google Opt-out · Microsoft Privacy Statement.
9. Minors
Our services are not directed at persons under 16 years of age. We do not knowingly collect data from minors.
10. Changes to this Policy
We reserve the right to amend this policy. Any change will be published on this page with an updated date.
11. Data Protection Authority
If you believe your rights are being violated, you have the right to lodge a complaint with:
Hellenic Data Protection Authority (HDPA)
Kifisias 1-3, 115 23 Athens, Greece
Tel.: +30 210 6475600
Website: www.dpa.gr
As an EU citizen, you may also contact your local data protection authority.