This policy explains how TransfersCO (Pty) Ltd (“TransfersCO”, “we”, “us”) collects, uses, shares and protects your personal information when you use our website, apps and booking services across 89 countries. We are committed to processing your information lawfully, fairly and transparently in line with the Protection of Personal Information Act, 2013 (POPIA) and, where it applies to you, the EU General Data Protection Regulation (GDPR).
Who we are
TransfersCO (Pty) Ltd is the responsible party (POPIA) / data controller (GDPR) for the personal information described here. We are a ground-transport and tours booking platform connecting travellers with vetted drivers, fleet partners and suppliers.
Our Information Officer / Data Protection Officer can be reached at dpo@transfersco.africa.
Note for publication: before this policy goes live, add TransfersCO’s registered company number and physical office address here — POPIA and the GDPR require the responsible party’s full identity and contact details.
Information we collect
We collect only what we need to quote, book and deliver your transfer, and to run and improve the platform:
- Booking details — pickup and drop-off locations, dates and times, passenger numbers, luggage, flight numbers, vehicle class and special requests.
- Contact & account details — name, email address, phone number, and (if you create one) account credentials.
- Payment information — processed by our regulated payment providers. We receive confirmation of payment and limited transaction details; we do not store your full card number.
- Communications — messages you send us by email, WhatsApp, SMS or in-app, and our replies.
- Partner & driver information — for drivers, fleet, provider, agent and corporate partners, we also collect onboarding, verification (KYC), banking/payout and compliance details.
- Device & usage data — IP address, device and browser type, pages viewed and interactions, collected via cookies and similar technologies (see Cookies & analytics).
We collect this information directly from you, from your use of our services, and from partners acting on your behalf (for example a travel agent or corporate account making a booking for you).
How & why we use it
We use your personal information for the following purposes, each with a lawful basis under POPIA and the GDPR:
- To provide the service — quoting, booking, dispatching a driver, and supporting your trip. (Basis: performance of a contract.)
- To communicate with you — booking confirmations, driver details, e-receipts, and service updates. (Basis: contract / legitimate interest.)
- To take payment and keep records — billing, refunds, invoicing, tax and accounting. (Basis: contract / legal obligation.)
- To operate, secure and improve the platform — fraud prevention, safety, troubleshooting and, where you have consented, analytics. (Basis: legitimate interest / consent.)
- Marketing — we only send marketing communications where you have opted in, and you can unsubscribe at any time. (Basis: consent.)
- To meet legal obligations — responding to lawful requests and complying with applicable law. (Basis: legal obligation.)
We do not use your personal information to make decisions that produce legal or similarly significant effects about you based solely on automated processing.
International transfers
Some of our operators are located outside South Africa or your country. Where we transfer personal information across borders, we do so in line with POPIA (section 72) and, for GDPR-covered data, Chapter V — relying on appropriate safeguards such as adequacy decisions, standard contractual clauses, or your consent, so your information remains protected.
How long we keep it
We keep personal information only for as long as necessary for the purposes above, and to meet legal, tax and accounting obligations (which for financial records is typically several years under applicable law). When it is no longer needed, we delete or anonymise it.
How we protect it
We use appropriate technical and organisational measures — including encryption in transit, access controls and least-privilege practices — to safeguard your information against loss, unauthorised access and misuse. If a security compromise affecting your personal information occurs, we will notify you and the relevant regulator as required by law. To report a vulnerability, see our security policy.
Your rights
Subject to applicable law, you have the right to:
- Access the personal information we hold about you;
- Correct or update information that is inaccurate or incomplete;
- Delete your information where there is no lawful reason for us to keep it;
- Object to or restrict certain processing, including direct marketing;
- Withdraw consent at any time (this does not affect processing already carried out);
- Data portability — receive certain information in a portable format (GDPR).
To exercise any of these rights, email dpo@transfersco.africa. We will respond within the timeframes required by law.
If you are not satisfied, you may lodge a complaint with the Information Regulator (South Africa) (inforegulator.org.za) or, if the GDPR applies to you, your local EU data-protection authority.
Children
Our services are intended for adults. We do not knowingly collect personal information from children without the consent of a competent person. If you believe a child has provided us information without such consent, contact us so we can address it.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Please review it periodically.
Contact us
Questions or requests about privacy and your personal information:
- Data Protection Officer / Information Officer: dpo@transfersco.africa
- General support: support@transfersco.africa
- Security disclosures: security@transfersco.africa