Privacy Policy

How we collect, use and protect your data

Last updated: 6 July 2026

1. Data Controller

The controller of your personal data is the business GreekRide.gr (Dimitrios Ntalas), based in Greece.

For any matter regarding your personal data, you can contact us at: info@greekride.gr

2. What Data We Collect

We only collect the data necessary to provide our services:

2.1 When booking

  • Full name
  • Email address
  • Phone number
  • Pick-up and drop-off location
  • Date and time of the transfer
  • Number of passengers and luggage
  • Flight details (for airport transfers)
  • Payment method (we do not store card details)
  • Any notes you add

2.2 When contacting us

  • Full name
  • Email address
  • Phone number (optional)
  • Subject and content of the message
  • Preferred contact method (Viber, WhatsApp, iMessage)

2.3 Automatically collected technical data

  • IP address (for security and abuse prevention)
  • Browser type

3. Purpose of Processing

Purpose Legal Basis (GDPR)
Carrying out the booking and transferPerformance of a contract (Art. 6.1.b)
Sending booking confirmationPerformance of a contract (Art. 6.1.b)
Responding to contact messagesLegitimate interest (Art. 6.1.f)
Payment processingPerformance of a contract (Art. 6.1.b)
Protection against abuse (rate limiting)Legitimate interest (Art. 6.1.f)

4. Third-Party Service Providers

To provide our services, we share data with the following third-party providers:

Provider Purpose Data
Stripe Card payment processing Payment amount (card details are handled exclusively by Stripe)
Google Maps Route and distance calculation Pick-up/drop-off addresses
Gmail (SMTP) Sending confirmation emails Recipient's email address
Google (Tag Manager, Analytics & Ads) Traffic statistics and measuring the effectiveness of our ads (conversion tracking) Anonymised usage data, pages visited, IP address, device/browser type
Microsoft Clarity Analysis of visitor behaviour (session recordings & heatmaps) to improve the website — with automatic masking of sensitive fields (names, emails, phone numbers, card details) Anonymous interactions (clicks, scrolling, movements), IP address, device type

All the above providers are GDPR-compliant. We do not sell or share your data with third parties for advertising purposes.

5. Retention Period

  • Booking data: 5 years (tax obligations)
  • Contact messages: 1 year after completion
  • Security data (IP): 30 days

6. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Access — Request a copy of the data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Restriction — Request restriction of processing
  • Portability — Receive your data in a structured, commonly used format
  • Objection — Object to the processing of your data

To exercise any of the above rights, contact us at info@greekride.gr. We will respond within 30 days.

7. Data Security

We take appropriate technical and organisational measures to protect your data, including:

  • SSL/TLS encryption on all communications
  • Encrypted storage of passwords (bcrypt)
  • CSRF (Cross-Site Request Forgery) protection on all forms
  • SQL injection protection with prepared statements
  • Rate limiting to prevent abuse
  • Secure session management

8. Cookies & Analytics Technologies

Our website uses:

  • Strictly necessary cookies — session cookies for form security (e.g. CSRF protection). Necessary for operation and do not require consent.
  • Statistics/analytics cookies — Google Analytics/Tag Manager and Microsoft Clarity, to understand how the website is used (anonymous statistics, session recordings & heatmaps). Microsoft Clarity automatically masks sensitive fields (names, emails, phone numbers, card details).
  • Advertising measurement cookies — Google Ads, solely to measure the effectiveness of our own ads (conversion tracking). We do not use cookies for retargeting or third-party targeting.

You can control or disable non-essential cookies in your browser settings. To opt out: Google Opt-out · Microsoft Privacy Statement.

9. Minors

Our services are not directed at persons under 16 years of age. We do not knowingly collect data from minors.

10. Changes to this Policy

We reserve the right to amend this policy. Any change will be published on this page with an updated date.

11. Data Protection Authority

If you believe your rights are being violated, you have the right to lodge a complaint with:

Hellenic Data Protection Authority (HDPA)
Kifisias 1-3, 115 23 Athens, Greece
Tel.: +30 210 6475600
Website: www.dpa.gr

As an EU citizen, you may also contact your local data protection authority.