Legal

Privacy Policy

Transparency matters. Here is how we protect your data.
As of: Dec 31, 2025

01. Controller

Yasin e.U.

Waagner-Biro-Straße 69a, Door 1

8020 Graz, Austria

Phone: +43 699 140 33 959 Email: office@shuttletransfer.at

General Information on Legal Bases

We process personal data exclusively if at least one of the following bases applies:

Contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
Legal obligation (Art. 6 para. 1 lit. c GDPR)
Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Consent (Art. 6 para. 1 lit. a GDPR)

Hosting, Website Provision, Domain

Provision/Hosting: The website is technically delivered via Vercel (e.g., website retrieval, technical logs). Vercel provides a Data Processing Agreement (DPA) for this purpose.

Domain/DNS: Domain management is carried out via Hetzner Online GmbH; Hetzner also provides a DPA.

Processed Data: IP address, date/time, accessed page/file, referrer URL, browser/OS, status codes, data volume.

Purpose: Delivery of the website, IT security, error analysis, fraud prevention.

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR).

Storage Period: Server logs are stored only as long as necessary for the mentioned purposes.

Contact Form & Communication

When you contact us via contact form, email, or phone, we process in particular: Name, email, phone number, message, desired route/pickup location/destination, requested date/time, and any other voluntary information.

Purpose: Processing the inquiry, creating offers, booking/execution.
Legal Basis: Art. 6 para. 1 lit. b GDPR (pre-contractual/contract) and Art. 6 para. 1 lit. f GDPR (efficient communication).
Storage Period: As long as necessary for processing, execution, and documentation; beyond that, in accordance with statutory retention obligations.

Technical Note (EmailJS): We use the EmailJS service for the technical transmission of form data. The data is transmitted securely to the service provider.

Google Analytics (with Consent)

We use Google Analytics for reach measurement and website improvement. Google Analytics uses cookies or similar technologies for this purpose.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR). Google Analytics is only activated after consent via the cookie/consent banner.

Recipient: Google (in Europe typically Google Ireland Limited according to Google Analytics Terms).

Third Country Transfer: It cannot be ruled out that data is transferred to third countries (e.g., USA). Standard Contractual Clauses (SCC) are considered suitable guarantees.

Revocation: You can revoke or change your consent at any time via the cookie settings on the website.

Stripe (Payment Processing)

We use Stripe for online payments. Payment and transaction data are transmitted to Stripe (e.g., name, email, amount, currency, payment status; payment information is processed directly by Stripe).

Purpose: Payment processing, fraud prevention, refund processing.
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract) and Art. 6 para. 1 lit. f GDPR (secure payment processing).

Google Maps & YouTube

Google Maps

We use Google Maps to display maps and calculate driving routes. When used, the IP address and location data are transmitted to Google.

YouTube

We embed videos from YouTube. When playing the videos, a connection to the YouTube (Google) servers is established.

Google Fonts (Local)

Google Fonts are integrated locally. As a result, no automatic connection to Google servers is established for pure font provision.

Cookies / Consent Management

We use technically necessary cookies to provide basic functions (e.g., security). Additionally, we use – only after consent – cookies for Google Analytics.

Your Rights

You have the right to information, correction, deletion, restriction, data portability, and objection. Consent can be revoked at any time.
Right to Complain: Austrian Data Protection Authority.

Data Security

We use appropriate technical and organizational measures to protect data (e.g., access protection, transport encryption).