Transfers Driver
Transfers Driver
  1. Home
  2. Privacy Policy

Privacy Policy

Last updated: April 2026

GDPR applies here, even though we’re based in Morocco. Because most of our clients live in the European Union, we apply GDPR (Regulation EU 2016/679) by extraterritoriality alongside Moroccan Law No. 09-08. If you’re booking from the EU, your data rights travel with you.

The short version

We collect what it takes to organise your transfer: name, email, phone, itinerary, and flight number. You book through WhatsApp or our website, that’s where it starts and ends. Your data never goes to marketers, never gets sold, never gets traded.

To access, correct, or delete your data, write toprivacy@Transfers Drivertransferts.co, we reply within 30 working days.

  •   Payment

Stripe or PayPal, both PCI-DSS certified. We never store your full card number on our systems.

  •   WhatsApp

Our primary booking channel. Messages are governed by Meta’s terms. We only use your first name and itinerary. 

Your rights

Access, correction, deletion, one email is all it takes. Response guaranteed within 30 working days.

 Who we are

Transfers Driver has been running private transfers out of Essaouira since 2010. Not an aggregator, not a booking platform, a licensed operator with a physical address in the city where every transfer we run begins. We hold a Moroccan transport licence and handle your data from here, not from a call centre somewhere else.

We operate under Moroccan Law No. 09-08 of February 18, 2009, supervised by the CNDP (Rabat). And because the majority of people who book with us live in Europe, GDPR (EU 2016/679) applies to us too, leaving the EU to travel doesn’t mean leaving your data rights behind.

  • Law 09-08, Morocco
  • GDPR, EU 2016/679
  • Moroccan transport licence
  • Based in Essaouira since 2010

What data we collect and why

a) Booking data via WhatsApp

Most TRANSFERS DRIVER bookings come through WhatsApp Business. From that exchange, we collect what’s needed to confirm and run your transfer: first name, phone number, pick-up point, destination, date and time, flight number if applicable, and passenger count. Nothing beyond that.

On WhatsApp: Messages go through Meta Platforms Ireland under WhatsApp’s own terms, that part is out of our hands. What is in our hands: we don’t store your conversation. We pull out what we need to run your transfer and that’s it.

b) Online booking form

Through the form on Transfers Drivertransferts.com, we collect: full name, email address, phone number, departure point, destination, date and time, flight number, number of passengers and bags. Nothing else is requested.

c) Payment data (online option)

Online payments are handled by Stripe or PayPal, both PCI-DSS certified. TRANSFERS DRIVER never sees your full card number or sensitive banking details, only a transaction ID and the amount paid, kept for billing records. Cash on board remains available and generates no digital data whatsoever.

d) Browsing data, Google Analytics 4

When you visit Transfers Drivertransferts.com, Google Analytics 4 collects aggregated browsing data: pages visited, session duration, device type, and country of origin. This data is processed by Google Ireland Limited and hosted on Google servers (EU and outside EU). It cannot identify you personally.

GA4 only runs with your prior consent. A banner appears on your first visit, you can decline without any effect on your booking. Analytics stays off until you confirm your choice.

e) Data passed by partners

When a riad, hotel, or tour operator sends us a booking on your behalf, we receive only what’s needed to organise your transfer. That data is used solely to deliver the service, never to reach out to your guests directly or for any commercial purpose of our own.

Who we share your data with

Your data is never sold, rented, or passed on. It may be shared only with the following sub-processors, strictly within the scope of their role:

  • Your TRANSFERS DRIVER driver, receives your first name, pick-up location, time, and flight number. Nothing more.
  • Stripe / PayPal, for online payment processing. Each has its own data protection policy.
  • Meta Platforms Ireland (WhatsApp Business), for managing booking exchanges. Data transiting through WhatsApp is subject to Meta’s terms of use.
  •       Google Ireland Limited (Google Analytics 4), only if you accepted analytics cookies on your first visit.
  • Website host, for the operational maintenance of Transfers Drivertransferts.com.

All sub-processors based outside Morocco (Meta, Google, Stripe, PayPal) are covered by contractual data transfer arrangements in line with Article 43 of Law 09-08.

How long we keep your data

  • Booking and billing records, 10 years (Moroccan legal accounting obligation)
  • Client contact data, 3 months after your last transfer with TRANSFERS DRIVER
  • Operational WhatsApp history, duration of transfer + 3 months
  •  GA4 analytics data, 14 months maximum (Google’s own setting)
  • Payment data, never stored in full on TRANSFERS DRIVER systems, per PCI-DSS requirements

Once these periods expire, your data is deleted or anonymised in a way that cannot be reversed.

Your rights

Under Law No. 09-08 and, for EU residents, under GDPR, you have the following rights:

  • Right of access : request a copy of your data
  • Right to rectification : correct any inaccurate information
  • Right to erasure : ask us to delete your data
  • Right to object : for legitimate reasons
  • Right to portability (EU residents only)

To exercise any of these rights, drop us an email at privacy@Transfers Drivertransferts.com. We get back to you within 30 working days. If our response doesn’t resolve things, the CNDP (cndp.ma, Avenue Al Arz, Hay Riad, Rabat) is Morocco’s supervisory authority, or you can go straight to the data protection authority in your own country.

Cookies

Three categories of cookies may be placed on your device:

  • Strictly necessary cookies, booking session, form security. No consent required.
  • Analytics cookies (Google Analytics 4), traffic measurement. Require your prior consent via the banner shown on your first visit. Declining has no effect on your booking.
  • WhatsApp Business cookies, if you use the contact button. Subject to Meta Platforms Ireland’s policy.

You can update your preferences at any time via the “Manage cookies” link in the footer of every page.

Security

Every page on Transfers Drivertransferts.com runs over HTTPS, your connection is encrypted from the moment you land on the site. Booking data is accessible only to the team members who actually need it to run your transfer. If a breach ever occurred that could affect your rights, we’d notify the CNDP and reach out to you directly, not bury it in a footer update.

Frequently asked questions

Does GDPR apply even though TRANSFERS DRIVER is based in Morocco?

Short answer: yes. GDPR follows the person, not the company’s address. The moment a business handles data from EU residents, wherever it sits, it falls under the regulation. Most of our clients fly in from Europe, so we apply GDPR standards to every booking, not just the ones that come with a European passport.

Is it safe to pay by card on TRANSFERS DRIVER’s website?

Yes. Online payments go through Stripe or PayPal, both PCI-DSS certified. Your full card number never passes through our servers. If you’d rather pay cash on arrival, that works too, and leaves no digital trace.

Why do you need my flight number?

So your driver can track your flight in real time. If it’s delayed, he’s notified automatically and waits at no extra charge. That’s the operational reason, and the concrete proof behind our on-time promise.

Is booking by WhatsApp secure?

WhatsApp Business runs on end-to-end encryption, what you send us, only we see. We hold your first name, itinerary and pick-up time, nothing beyond that. Once your transfer is done, we don’t keep the thread.

Will my phone number be used for marketing after my transfer?

No. Your number is used only to send you your driver’s contact details the day before, and to handle anything that comes up operationally, a delayed flight, a change of pick-up point. It is never passed to any commercial third party.

How do I get my data deleted?

Write to privacy@Transfers Drivertransferts.com with your name and transfer date. We process deletion within 30 working days. The only exception is billing records, which Moroccan law requires us to keep for 10 years.

I’m a hotel partner, is the guest data I send you protected?

Yes. Data shared through a partnership is used exclusively to deliver the transfer you’ve booked. We never use it to contact your guests directly. A Data Processing Agreement (DPA) is available on request as part of any framework contract.

Is my location tracked during the ride?

No. TRANSFERS DRIVER has no mobile app and no passenger geolocation system. Your position during the transfer is neither collected nor stored anywhere in our systems.