TRANSFERHUB

Partner Platform Privacy Policy

Last updated: 16 April 2026

  1. INTRODUCTION

    2. TransferHub (“we,” “our,” or “us”) operates a platform at transferhub.eu (the “Platform”) that enables transfer partners (“Partners”) to receive and fulfil transportation service requests. This Privacy Policy explains how we collect, use, store, share, and protect personal data relating to individuals who interact with the Platform on behalf of a Partner organisation.

  2. DATA CONTROLLER

    3. The data controller responsible for the processing of your personal data is:

    Digital Mobility Solutions OÜ

    Harju maakond, Tallinn, Lasnamäe linnaosa, Kesk-Sõjamäe tn 2/1, 11415

    Company registration number: 16616306

    Email: partners@transferhub.eu

    Phone: +447700182009

  3. PERSONAL DATA WE COLLECT

    4. When you create an account, complete the onboarding process, or use the Platform on behalf of a Partner, we may collect the following categories of personal data:

    3.1 ACCOUNT AND CONTACT INFORMATION

    • Full name of the account holder / contact person
    • Business email address
    • Business phone number
    • Business or trading address

    3.2 BUSINESS VERIFICATION DATA

    • Company name, registration number, and VAT number
    • Copies of business licences, insurance certificates, or operating permits
    • Bank account or payment details for settlement purposes

    3.3 PLATFORM USAGE DATA

    • Login credentials (hashed passwords)
    • Login history, timestamps, and session data
    • IP address and approximate geolocation derived from IP
    • Browser type, device type, and operating system
    • Actions performed on the Platform (bookings accepted, rejected, etc.)

    3.4 Communication Data

    • Content of emails, live chats, and support tickets exchanged with TransferHub

    3.5 Financial Data

    • Invoicing and payment transaction records

  4. Purposes and Legal Bases for Processing

    5. We process your personal data for the purposes and on the legal bases set out below:

    Purpose

    Legal Basis (Article 6 UK/EU GDPR)

    Account creation and onboarding

    Performance of a contract (Art. 6(1)(b)) — steps necessary to enter into or perform our Partner agreement

    Verifying Partner identity and eligibility

    Legitimate interest (Art. 6(1)(f)) — ensuring the integrity and safety of our Platform

    Processing and managing transfer bookings

    Performance of a contract (Art. 6(1)(b))

    Invoicing, payments, and financial settlement

    Performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c))

    Customer service and dispute resolution

    Legitimate interest (Art. 6(1)(f)) — maintaining service quality and resolving complaints

    Platform security, fraud prevention, and abuse detection

    Legitimate interest (Art. 6(1)(f)) — protecting the Platform and its users

    Compliance with legal and regulatory obligations (e.g., tax, anti-money laundering)

    Legal obligation (Art. 6(1)(c))

    Analytics and Platform improvement

    Legitimate interest (Art. 6(1)(f)) — improving our services

    Communicating service updates, policy changes, and operational notices

    Legitimate interest (Art. 6(1)(f)) — keeping Partners informed about material changes
  5. Data Sharing and Disclosure

    6. We may share your personal data with the following categories of recipients:

    • TransferHub Group entities: We may share personal data within the Booking Holdings Group and its Affiliate Partners for the purposes described in this policy.
    • Payment processors and financial institutions: To process invoices and settlements.
    • Cloud hosting and IT service providers: Who host and maintain the Platform infrastructure on our behalf.
    • Analytics providers: To help us understand Platform usage and improve our services.
    • Professional advisors: Including legal, accounting, and audit service providers.
    • Law enforcement and regulatory authorities: Where required by law, court order, or to protect our legal rights.
    • Customers: Limited contact and journey-related data may be shared with customers to facilitate the transportation service (as described in the Data Protection Appendix to the Partner Agreement).

    We do not sell your personal data to third parties. All third-party service providers are bound by contractual obligations to protect your data and process it only as instructed by us.

  6. International Data Transfers

    7. Your personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom or the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including:

    • Transfers to countries that have received an adequacy decision from the UK government or the European Commission.
    • Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by the UK International Data Transfer Addendum where applicable.
    • Any other transfer mechanism permitted under Applicable Data Protection Law.

    You may request a copy of the safeguards in place by contacting us at the details provided below.

  7. Data Retention

    8. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are:

    Data Category

    Retention Period

    Account and contact information

    Duration of the Partner Agreement plus 2 years

    Business verification documents

    Duration of the Partner Agreement plus 2 years

    Platform usage logs and IP data

    24 months from the date of collection

    Financial and invoicing records

    7 years as required by tax and accounting legislation

    Communication records (emails, chats)

    2 years from the date of the communication

    Data of unsuccessful Partner applicants

    12 months after application decision

     

    When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

  8. Data Security

    9. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

    • Encryption of data in transit (TLS) and at rest
    • Role-based access controls limiting data access to authorised personnel
    • Regular security testing and vulnerability assessments
    • Employee training on data protection and information security
    • Incident response procedures for prompt detection and management of data breaches
  9. Automated Decision-Making and Profiling

    10. We do not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals acting on behalf of Partners. If this changes in the future, we will update this policy and, where required, obtain your explicit consent or provide a mechanism to request human intervention.

  10. Your Rights

    11. Under Applicable Data Protection Law, you have the following rights in relation to your personal data:

    • Right of access — You may request a copy of the personal data we hold about you.
    • Right to rectification — You may request correction of inaccurate or incomplete data.
    • Right to erasure (“right to be forgotten”) — You may request deletion of your data, subject to our legal obligations to retain certain records.
    • Right to restriction of processing — You may request that we limit how we use your data in certain circumstances.
    • Right to data portability — You may request that we provide your data in a structured, commonly used, machine-readable format.
    • Right to object — You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
    • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
    • Right not to be subject to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

    To exercise any of these rights, please contact us using the details in Section 12 below. We will respond to your request within one month, or inform you if an extension is necessary.

    If you believe that our processing of your personal data infringes Applicable Data Protection Law, you also have the right to lodge a complaint with a supervisory authority. The competent authority for Digital Mobility Solutions OÜ is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee. You may also contact the supervisory authority in the EU/EEA member state of your habitual residence or place of work.

  11. Changes to This Privacy Policy

    12. We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. Material changes will be communicated via the Platform or by email. The “Last updated” date at the top of this policy indicates the most recent revision.

    We encourage you to review this policy periodically.

  12. Contact Us

    13. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

    Email: partners@transferhub.eu

    Phone: +447700182009

    Postal address: Harju maakond, Tallinn, Lasnamäe linnaosa, Kesk-Sõjamäe tn 2/1, 11415, Estonia