Privacy Policy

With this Privacy Policy, provided pursuant to Article 13 of Regulation (EU) 2016/679 (« GDPR » or « Regulation »), we wish to inform the User about the ways in which his/her Personal Data (i.e. any information that can directly or indirectly identify him/her) will be processed when he/she visits and/or purchases on the  www.transfeero.com website  (hereinafter, the « Site« ). This policy, together with the Cookie Policy and the Terms of Use and General Terms and Conditions of Sale, establishes the basis on which Users’ personal data will be processed.

Personal data controller

The Data Controller of the personal data collected through the Website is: SICILY ACTION S.r.l., with registered office in San Giovanni La Punta (CT), Via Fiuggi snc, CAP 95037, P.IVA IT05304190878 REA: CT-357256 (hereinafter ‘Data Controller‘), e-mail address: info@transfeero.com

The list of Joint Data Controllers may be made available at the request of the data subject.

Methods of Processing Personal Data

We take into the utmost consideration the right to privacy and protection of our Users’ personal data, which will be lawfully processed.

The Personal Data provided or acquired will be subject to Processing based on the principles of correctness, lawfulness, transparency and protection of confidentiality pursuant to current regulations, through the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.

The Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.

Personal data processed

When you visit the Site, contact us (by email, by phone, by post, etc.), subscribe to the newsletter or place an order, we process some of your Personal Data, either independently or through third parties.

We list the categories of personal data processed:

1. Identification, contact and login data: first and last name, email address, telephone number, any data relating to the booking and the contract of carriage (including those related to assistance and improvement of the customer experience), as well as any personal data used to send surveys and to encourage the publication of opinions/feedback through Trustpilot;
2. Purchase data: data that refer to purchases made;
3. Browsing data: relating to the connection, IP addresses, domain names and other parameters relating to the browser and operating system used;
4. Usage Data: information generated by visiting the site or making purchases, such as log data, recordings, interaction and transaction processes, performance indicators, navigation flows and use of features, as well as data related to monitoring the quality of service, including recordings of phone calls with Customer Service;
5. Billing and payment data: tax and accounting data (VAT number, tax code, billing address, company name if applicable), bank and payment data (bank account number or IBAN code for transfers, payment card details).

Purpose of the Processing and Legal Basis

The Data Controller will process the Users’ Personal Data, as listed above, for the performance of its economic and commercial activities, for the specific purposes indicated below.

1. Purposes relating to the Contract and the Legal Obligations
2. Browsing the Site;
3. Registration and management of the account (recovery of credentials, cancellation, etc.) and use of related services;
4. Activities necessary for the conclusion of the contract for the purchase of the services sold by the Site and its execution;
5. Order processing;
6. Assistance and customer care activities as well as to respond to requests, complaints, reports and objections from Users via email to the Data Controller’s addresses or through other communication channels;
7. Management of User requests through remote communication tools, such as email, chat, telephone, SMS, chatbots, banners, notification systems and other remote communication tools present on the Site;
8. Fulfilment of obligations deriving from current law, regulations or EU legislation (e.g. tax and accounting obligations) or management and response to requests from the competent administrative, tax and judicial authorities;
9. Activities of an administrative, accounting and tax nature such as activities related to the contract concluded through the Site, such as, by way of example, the issuance of receipts and/or invoices, the keeping of accounting records;
10. Response to requests to exercise the rights recognized to Users by the contract entered into with the Data Controller, by the law in relation to this contract or by the GDPR, and consequent activities.

For these purposes, the Legal Basis is the need to execute the pre-contractual and contractual obligations to which the User is a party (art. 6.1.b) of the GDPR) or the fulfilment of legal obligations to which the Data Controller is subject (art. 6.1.c) of the GDPR).

Therefore, with the exception of account registration data, which is optional, their processing is necessary to allow the conclusion and execution of the contract through the Site or to respond to pre-contractual requests made by the User in relation to the Site. Failure to provide data, therefore, will make it impossible for the User to conclude a contract through the Site and/or to receive a response to the requests made.

2. Analytics and statistics and other non-consensus-based purposes
3. To carry out statistical analyses with respect to the use of the Site, navigation, product research, to improve the site and the offer of products sold through it;
4. Purpose of service quality control, specifically with regard to the recording of phone calls with Customer Service;
5. To ensure compliance with the contractual rights of the Data Controller or to demonstrate that it has fulfilled the obligations arising from the contract with the data subject or imposed by law, to prevent and/or repress fraudulent or harmful actions;
6. Remind the User who has undertaken the purchase process that he has placed a product in his shopping cart.

The legal basis for this processing is legitimate interest (art. 6.1.f) of the Regulation). Sometimes the Legal Basis consists of the legitimate interest (Article 6, paragraph 1, letter f) in conjunction with recital 47 of the Regulation), for sending transactional email communications (e.g. abandoned cart).

3. Direct Marketing and Profiling Purposes
4. With the User’s consent, we will send commercial emails to show them updates, news, offers and promotions, market research, including through automated processing tools such as emails and newsletters.
5. With the User’s consent, we will process his/her Personal Data to attribute particular characteristics, preferences, and send him/her, also through automated processing tools such as « retargeting » or through the inclusion in clusters of subjects with common characteristics, personalized and diversified commercial communications, based on his/her profile.

For these purposes, the processing, including the final decision about the promotional communication to be sent or displayed to the user based on the cluster(s) to which the user belongs, takes place automatically, without human intervention, on the basis of algorithms whose parameters have been previously set.

The legal basis is the User’s express consent to the processing of personal data for these purposes (art. 6.1.a) of the Regulation. The provision of data for these purposes is optional. In the event of lack of consent, revocation of the same or exercise of the right to object, the possibility for the User to make purchases on the Site will not be affected in any way.

4. Soft-spam

To send commercial communications to the User’s email address issued as part of the purchase of products through the Site, to propose the direct sale of similar products. This activity does not require the acquisition of the prior express consent of the interested party as it is exercised on the legal basis referred to in art. 130, paragraph 4, of the Privacy Code (Legislative Decree no. 196 of 30 June 2003) which expressly allows it, provided that the user does not refuse such use, initially or on the occasion of subsequent communications.

5. Geolocation

To allow the use of the services and features of the Site/app that require the detection of geographical location, the Data Controller may process the User’s geolocation data, according to the following methods.

Position detection is necessary for several phases of the service, such as: the identification of the pick-up location, the confirmation of the moment when the customer is taken on board (« customer on board ») and the registration of the completion of the trip (« customer dropped off »).

In ride-hailing OnDemand services, geolocation is essential for both the driver and the customer, as both parties must be able to view the other’s location in real time to allow the correct and safe provision of the service.

For pre-booked private transfer services (scheduled in advance), geolocation will instead be required only for drivers, while for customers it will remain optional unless different future needs are required.

The processing of geolocation data takes place only with the express consent of the User, issued through the device settings or through a special banner/flag at the time of the first activation of the service. The User may withdraw his/her consent at any time by changing the device settings or by contacting the Data Controller at the contact details indicated in this policy.

In the absence of consent, the functions based on geolocation cannot be made available, while it will remain possible to use all the other functions of the Site/app that do not require such data.

Changing your choices and withdrawing your consent

In the event of consent, the User may at any time revoke the consent given and/or object to the processing of personal data for general marketing and profiling purposes through the methods indicated in the ‘Rights of Data Subjects’ section later in this policy.

In the event of withdrawal of consent, the processing carried out on the basis of the consent given before its withdrawal will still be considered legitimate.  In the event of withdrawal of consent and/or opposition to the processing of your data for the purpose of general marketing, the user’s data will no longer be processed for this purpose and will be kept by the Data Controller only in the circumstance in which there is another legal basis that legitimizes the processing (e.g. contractual performance; legal obligation; legitimate interest).

Storage time

The Data Controller will process the Users’ personal data for the time necessary to achieve the purposes for which such data were collected, as defined in this policy. However, for each of the purposes indicated, the personal data collected will be stored for the time specified below:

1. For the purposes inherent in the Contract, the Data Controller will process the User’s data for the time strictly necessary to carry out the individual processing activities, it being understood that, after this term, the Data Controller may retain the data for the purposes and for the maximum retention periods referred to in the other sections of this policy, if relevant and/or, however, in the cases established by the GDPR and/or by law.
2. For fiscal, administrative, accounting and legal purposes, until the expiry of the legal terms provided for the performance of each obligation and/or for the retention times provided for by law. In the event of closure of the account at the initiative of the User, the data contained therein will be stored for administrative purposes for a period of 3 months from the request to close the account.
3. For purposes based on the legitimate interest of the Data Controller, the Data Controller will process the User’s data for the time strictly necessary to satisfy this interest, unless, in the face of disputes and/or complaints, the Data Controller needs to retain personal data to carry out defense activities (letter l) for the following 10 years (statute of limitations) or, In the event of litigation, further retention is determined by the duration of the litigation or by specific requests from the Authority. The User can obtain more information on the legitimate interest pursued by contacting the Data Controller.
4. For the purpose of direct marketing and profiling, as long as consent is not withdrawn and in any case for a period of 24 months for marketing and 12 months for profiling from when consent has been given or renewed by the User, on the occasion of a new purchase or from the date of the last contact with the User, This means, for example, the opening of the newsletter.
5. The data collected for geolocation purposes (e.g. to allow the correct functioning of pick-up, on-board, dropped off services and, for OnDemand services, the reciprocal localization between User and driver) will be stored for a maximum period of 4 months from their collection, except for further storage necessary for legal obligations, for legal protection needs or for the management of any complaints.

After these retention periods, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, cancellation, rectification and portability of the Data.

Communication and dissemination of data

In addition to the Data Controller, in some cases, the following may have access to the Data:

1. subjects involved in the organization of the Website (for example: administrative, commercial, marketing staff);
2. third parties who perform ancillary and instrumental tasks with respect to the Data Controller’s activity and who process personal data on behalf of the Data Controller (for example: payment services, lawyers, accountants, system administrators, logistics companies, newsletter services, IT services);
3. public or private entities that can access the Data in compliance with the law, regulations and measures issued by the competent authorities;
4. potential purchasers of the Owner company and entities resulting from the merger or any other form of transformation.

These recipients, as the case may be, process the Users’ personal data as persons in charge, data processors or independent data controllers. The User may request the updated list of Data Processors pursuant to art. 28 GDPR.

Place of Processing and Transfer of Data Abroad

The processing of Data takes place essentially in Italy and in the countries of the European Union. Certain third-party tools may process the data of users of this website in countries outside the European Economic Area (the « Third Countries »).

The transfer of data to third countries may also take place through the use of external tools that allow certain services (e.g. newsletters, remarketing, advertising, use of social buttons, display of videos).

Sometimes the use of these tools may imply the transfer of the personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision of the European Commission.

Should there be a need to transfer the data to Third Countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as provided for by Article 45 of the GDPR; such transfer will be governed on the basis of the standard data protection contractual clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.

Cookies

This Website uses cookies. Cookies are small text files that can be installed by websites on users’ devices to make the browsing experience more efficient and to personalize content and ads, provide social network functions and analyze traffic. To learn more, read the Cookie Policy.

Personal Data Processing Tools

CONTACT FORM

By filling out the contact form, the User consents to the processing of the personal data entered therein and their use to respond to requests for information. The personal data subject to processing are those required by the form (name, surname, company, email address, telephone number) and all other personal data that may be entered by the user in the body of the message.

COMMUNICATIONS WITH THE CUSTOMER

Whatsapp Business (Meta Platforms Ireland Limited)

Communications via the ‘Whatsapp Business’ channel can be used to provide the driver’s contact details and names. The service is provided by Meta Platforms Ireland Limited and may use various technologies to collect and store information when you use the services with which it is integrated, this may include the use of cookies and similar tracking technologies.  For the purposes of how we process it, please review the WhatsApp Business Data Processing Terms, as well as the WhatsApp Business Terms of Service. Data collected: phone number, email, usage data, cookies. Place of Processing: IRELAND – Privacy Policy.

Twilio (Twilio Inc.)

Communications via the « Twilio » channel can be used to provide the driver’s contact details and names. The service is provided by Twilio Inc. and may use different technologies to collect and store information when you use the services with which it is integrated; This may include the use of cookies and similar tracking technologies. For the purposes of how we process it, please read Twilio’s Data Processing Terms and Terms of Service. Data collected: phone number, email address, usage data, cookies. Place of processing: Ireland – Privacy Policy.

LIVE CHAT

Intercom (Intercom R&D Unlimited Company)

The live chat through the Intercom channel can be used by Users to communicate with the assistance or customer care service, before, during and after the purchase. The service is provided by Intercom R&D Unlimited Company and allows the Data Controller to manage support and contact requests from the Site. Intercom may use various technologies to collect and store information when you interact with the chat, including the installation of cookies or the use of similar tracking tools, in order to improve the quality of service and user experience. For the purposes of data processing methods, the User is invited to read the Terms for data processing available on the official website of Intercom.

Data collected: name, email address, phone number (if provided voluntarily), usage data, cookies, messages sent via chat.

Place of processing: Ireland – Privacy Policy.

NEWSLETTER

The newsletter service allows the Data Controller to send promotions and commercial communications to users via email. This Site uses the following service:

Intercom (Intercom R&D Unlimited Company)

Intercom is a communications management and email messaging service provided by Intercom R&D Unlimited Company. The service allows the Data Controller to send newsletters, information communications and updates to Users who have given their consent or who have already established a contractual relationship with the Data Controller. Intercom may collect data relating to the User’s interaction with the communications received (such as opening emails or clicking on the links contained) in order to improve the effectiveness of the service and optimize the communications sent. If the User no longer wishes to receive communications from the Data Controller via Intercom, he/she may unsubscribe from the newsletter at any time using the unsubscribe link in each email received.

Data collected: name, email address, usage data, cookies, interactions with messages.

Place of processing: Ireland – Privacy Policy.

SOCIAL NETWORK BUTTONS

The User can use the social buttons to visit the social pages of the Site, through the following social tools that in any case collect personal data of users as traffic data on the pages visited and on which they are installed. The Site provides the following social buttons:

Instagram (Meta Platforms Ireland Limited) The Instagram button is a service for interacting with the social network Instagram, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies, Usage Data and other data as per the relevant privacy policy. Place of processing: IRELAND – UNITED STATES – Privacy Policy

Facebook (Meta Platforms Ireland Limited) The Facebook button and social widgets are services for interaction with the Facebook social network, provided by Facebook Ireland Ltd. Personal Data collected: Cookies and Usage Data. Place of processing: IRELAND – UNITED STATES  Privacy Policy

X (X Corp) The Instagram button is a service for interaction with the social network X (formerly Twitter), provided by X Corp. Personal Data collected: Cookies, Usage Data and other data as per its privacy policy. Place of processing: IRELAND – UNITED STATES – Privacy Policy

REVIEWS

Trustpilot (Trustpilot Group plc)

Trustpilot is an online review platform provided by Trustpilot Group plc, which allows you to rate a particular service or product.

Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: EUROPA – Privacy policy

PAYMENT MANAGEMENT

Checkout.com (Checkout Ltd)

Checkout.com is a payment service provided by Checkout Ltd, which allows you to make online payments by credit card. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: Consult the privacy policy of Checkout.com – Privacy Policy

PayPal (PayPal Europe S.à.r.l. et Cie, S.C.A Inc.)
PayPal is a payment service provided by PayPal Europe S.à.r.l. et Cie, S.C.A Inc., which allows you to make online payments using your PayPal credentials. Personal Data collected: Cookies and various types of Data as specified in the privacy policy of the service. Place of processing: LUXEMBOURG – Privacy Policy

APPLE PAY (Apple Inc)

Apple Pay is a payment service provided by Apple Inc that allows you to make online payments using your credentials. For more information on the data collected by the application, please read the relevant Privacy Policy

GOOGLE PAY (Google Ireland Limited)

Google Pay is a payment service provided by Google Ireland Limited that allows you to make online payments using your credentials. For more information on the data collected by the application, please read the relevant Privacy Policy

SAFETY PRECAUTIONS

This Site uses security measures designed to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The security measures adopted also include the SSL certificate and the HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.

Google reCAPTCHA (Google Ireland Limited)

This Site uses the Google reCAPTCHA tool, a service provided by Google Ireland Limited that protects the Site from spam and abusive use by robots. The service, in fact, allows you to verify that the user is a person and not a robot, by showing him some questions based on texts or images, or in some cases by means of a JavaScript element in the source text that analyzes the behavior of the user and his operations to exclude that he is a robot, without showing him questions. For more information on the data collected by the application, please read the relevant Privacy Policy and Terms of Service

STATISTICS

Statistics services allow the Data Controller to monitor and analyze traffic data and are used to keep track of the User’s behavior. This Site uses the following third-party services:

Google Analytics (Google Ireland Limited)

Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads from its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. The IP address anonymization function is active on this site. The IP address transmitted by your browser for the purposes of Google Analytics will not be merged with other data already held by Google.

The use of Google Analytics may in some cases involve the transfer of personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision of the European Commission.

The  browser add-on for disabling Google Analytics is available from Google at the following link https://tools.google.com/dlpage/gaoptout?hl=it. Personal Data collected: Cookies, IP address, Usage Data and other personal data defined in Google’s privacy policy. Place of processing: IRELAND and in some cases UNITED STATES – Privacy Policy (https://policies.google.com/privacy?hl=it)

Google Tag Manager (Google Ireland Limited)

Google Tag Manager (Google Ireland Limited) is a tag management service that involves the processing of certain personal data such as Cookies and Usage Data. Place of processing: United States and Ireland. For more information: Privacy Policy

REMARKETING

These services allow this Site to communicate, optimize, and serve advertisements based on your past use of this Website. This activity is carried out through the tracking of Usage Data and the use of Cookies. This Website uses the following services:

Google ADS (Google Ireland Limited)

Google ADS is a service provided by Google Ireland Limited that connects this Website with Google’s advertising network. This Website makes use of the Remarketing features of Google Analytics combined with the ability to adapt to different devices of Google ADS. This functionality makes it possible to link the target groups for promotional campaigns created by the Marketing function of Google Analytics with the device-adaptability of Google ADS. This allows advertising to be shown based on the user’s personal interests, identified through an analysis of the user’s behavior on the web, whether on a mobile device or on other devices. You can permanently disable targeting and remarketing functions by disabling the « personalized advertising » function in your Google account. To do so, simply follow the opt-out link. Personal Data collected: Cookies and Usage Data. Place of processing: Ireland and in some cases the United States – Privacy Policy – Opt out.

Rights of Data Subjects

The interested parties have the right to exercise the faculties provided for in art. 7, 15-22 of the Regulations.

In particular, Users have the right to obtain: access, updating, correction or, when they are interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; certification that the above operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right.

In addition, Users have the right to withdraw consent at any time, if the processing is based on their consent, to request data portability, i.e. to receive all personal data concerning them in a structured, commonly used and machine-readable format), to request the restriction of the processing of personal data and/or erasure (« right to be forgotten »),  as well as the right to object to the processing of personal data concerning him/her and to the processing for the purposes of sending advertising material, direct sales and for carrying out market research.

Pursuant to the Applicable Legislation, the Data Controllers inform that Users have the right to obtain the indication (i) of the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the case of processing carried out with the aid of electronic tools; (iv) the identification details of the Data Controllers and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as data processors or persons in charge of the processing.

Interested parties will be able to exercise their rights, by sending the Data Controller a specific communication or by using the form for exercising the rights of data subjects, available at this link, to be sent, duly completed and accompanied by signature and attachments, to the Data Controller by email to: info@transfeero.com

If data subjects believe that the processing of their personal data violates the Regulation, they also have the right to lodge a complaint with the Privacy Guarantor as the supervisory authority for the protection of personal data (Guarantor for the protection of personal data, with registered office in Piazza Venezia n. 11 – 00187 – Rome (http://www.garanteprivacy.it/).

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Please consult this page often, taking as a reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, the User is required to cease using this Website and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Data Controller is not responsible for updating all the links that can be viewed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.

Privacy Policy updated January 2026