Privacy policy
Last updated: April 2026
1. Introduction
Global Travel Solutions ("we", "our", or "us") is committed to protecting the privacy of our business clients, website visitors, and partners. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with our services. This policy applies to data we collect and process on global-travelsolutions.com, the booking assistant at app.global-travelsolutions.com, and the order-detail display at transfer-order.info.
We process personal data in compliance with the General Data Protection Regulation (GDPR) (EU 2016/679), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).
2. Data Controller and Data Protection
The data controller responsible for processing your personal data is Global Travel Solutions. For contact details, please refer to our Imprint page.
We are not required to appoint a Data Protection Officer under Art. 37 GDPR as we do not carry out large-scale processing of special categories of data. For data protection inquiries, please contact us at the email address listed on our Imprint page.
3. Data We Collect
We collect and process the following categories of personal data:
- Contact information: Name, email address, phone number, and company name provided through our contact forms, booking requests, or direct communication.
- Booking data: Passenger names, pickup and drop-off locations, flight numbers, travel dates, and special requirements submitted for ground transport services.
- Business data: Company name, billing address, VAT ID, and payment information required for invoicing and account management.
- Website usage data: IP address, browser type, device information, pages visited, and referral source collected automatically through server logs and analytics tools.
- Communication records: Emails, WhatsApp messages, and call logs related to service requests and support interactions.
4. How and Why We Process Your Data
The following sets out the purposes for which we process personal data and the corresponding legal basis under GDPR for each purpose.
- Providing transport services — Contract performance (Art. 6(1)(b)): Processing is necessary to fulfil our ground transport service agreements with clients.
- Processing quotes and invoices — Contract performance (Art. 6(1)(b)): Processing is necessary to generate accurate quotes, confirm bookings, and issue invoices.
- Client communication — Contract performance (Art. 6(1)(b)): Processing is necessary to communicate with clients regarding service updates, schedule changes, and operational matters.
- Website analytics (after consent) — Consent (Art. 6(1)(a)): Analytics cookies and tracking are only activated after you give explicit consent. You may withdraw consent at any time.
- Marketing and advertising (after consent) — Consent (Art. 6(1)(a)): Marketing and retargeting cookies are only activated after you give explicit consent. You may withdraw consent at any time.
- Improving website and services — Legitimate interest (Art. 6(1)(f)): We analyse aggregated usage data to improve service quality and user experience. We have assessed that this interest is not overridden by your rights.
- Tax and accounting compliance — Legal obligation (Art. 6(1)(c)): Processing is required to comply with German tax and commercial law, including the Abgabenordnung (AO) and Handelsgesetzbuch (HGB).
- Fraud prevention — Legitimate interest (Art. 6(1)(f)): We detect unusual booking patterns and monitor for fraudulent activity to protect our clients and our business.
- Order coordination via share links — Contract performance (Art. 6(1)(b)): We display order details (passenger name, route, vehicle, driver, meeting instructions) on transfer-order.info/o/{code} so that clients, passengers, drivers, and greeters can access the information needed to deliver the service. Access is via a short code included in the URL — anyone holding the code can view the details. It is the client's responsibility to share the link only with intended recipients.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. We use Google Tag Manager (GTM) to manage tracking scripts and Google Analytics 4 (GA4) to analyse website traffic. These tools are only activated after you give explicit consent via our cookie banner.
- Essential cookies: Required for basic website functionality such as language preference, session management, and storing your cookie consent choice. These cannot be disabled.
- Analytics cookies (Google Analytics 4): Used to understand how visitors interact with our website, including page views, traffic sources, and user behaviour. GA4 collects data such as anonymised IP addresses, browser information, and interaction events. Data is processed by Google LLC.
- Marketing cookies: Used to measure the effectiveness of our advertising campaigns on platforms such as Google Ads and Facebook Ads. These cookies track conversions and help us optimise ad spend.
Cookie Consent Mechanism
When you first visit our website, a cookie banner allows you to accept or reject non-essential cookies. Your preferences are stored in a cookie called "gt_consent" for 365 days. You can change your preferences at any time by clicking "Cookie Settings" in the website footer. We use Google Consent Mode v2 to ensure that no analytics or marketing data is collected until you give explicit consent.
Cookies in Use
| Cookie Name | Provider | Purpose | Expiry |
|---|---|---|---|
| gt_consent | Global Travel Solutions (first-party) | Essential — stores your cookie consent preferences | 365 days |
| _ga | Google Analytics 4 | Analytics — distinguishes unique users | 2 years |
| _ga_<ID> | Google Analytics 4 | Analytics — stores and counts page views in a session | 2 years |
| _gid | Google Analytics 4 | Analytics — distinguishes users within a 24-hour session | 24 hours |
| _gcl_au | Google Ads | Marketing — conversion tracking for Google Ads campaigns | 90 days |
The exact cookies used may change as we update our tracking configuration. This table reflects the cookies in use at the time of the last policy update.
transfer-order.info is used only to display booking details via share links and does not set analytics or marketing cookies.
You can also control cookies through your browser settings. Disabling essential cookies may affect website functionality.
6. Third-Party Services and Data Recipients
We use the following third-party services and share data with the following recipients, all of whom are bound by appropriate data protection obligations:
- Google Analytics 4 (Google LLC): Website traffic analysis. Data is processed on Google servers. We use IP anonymisation and Google Consent Mode v2 to minimise data collection. Google's privacy policy: https://policies.google.com/privacy
- Google Tag Manager (Google LLC): Tag management system that controls when and how tracking scripts are loaded, based on your consent preferences.
- Google Ads (Google LLC): Conversion tracking for advertising campaigns. Only active when marketing cookies are accepted.
- Calendly: For scheduling calls and meetings. Subject to Calendly's own privacy policy.
- WhatsApp Business: For real-time communication with clients. Subject to Meta's privacy policy.
- Cloudflare Inc.: Content delivery network and DDoS protection for our website. Cloudflare may process IP addresses and request metadata. Subject to Cloudflare's privacy policy.
- Local transport providers: We share limited booking data (passenger name, pickup and drop-off locations, flight numbers, and special requirements) with the transport provider assigned to your booking. This is necessary for service delivery.
- Anthropic (Claude API): Our booking assistant Betti is powered by Anthropic's language model. When you interact with Betti via our booking platform, your conversation messages and related booking details are sent to Anthropic for processing. Anthropic processes this data solely to generate responses and does not use it to train its models. Subject to Anthropic's privacy policy: https://www.anthropic.com/privacy
- Tax advisors and accountants: Invoicing and financial data may be shared with our professional advisors for tax and accounting compliance, as required by German law.
7. International Data Transfers
Personal data may be transferred to countries outside the EU/EEA in the following circumstances:
- United States — Google LLC, Calendly Inc., Meta Platforms Inc. (WhatsApp Business), Anthropic PBC: These transfers are protected by the EU-US Data Privacy Framework (DPF), under which these companies are certified, or by Standard Contractual Clauses (Art. 46(2)(c) GDPR). The European Commission adopted an adequacy decision for the DPF in July 2023.
- Worldwide — Local transport providers: Local transport providers worldwide receive limited booking data necessary for service delivery. These transfers are based on Art. 49(1)(b) GDPR (transfer necessary for the performance of a contract between the data subject and the controller) or on Standard Contractual Clauses (Art. 46(2)(c) GDPR) where applicable.
- Ongoing monitoring: We continuously monitor the validity of international transfer mechanisms. Should any adequacy decision be invalidated, we will implement alternative safeguards or cease the relevant transfers.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law. The following retention periods apply:
| Data Category | Retention Period | Legal Basis / Reason |
|---|---|---|
| Booking and invoicing data | 10 years from end of fiscal year | German tax law (AO §147, HGB §257) |
| Contact form submissions | 2 years, or longer if a business relationship is established | Legitimate interest / contract performance |
| Communication records (email, WhatsApp, calls) | 3 years from last interaction | Legitimate interest / statute of limitations (BGB §195) |
| Website analytics data | 14 months | GA4 default data retention period |
| Cookie consent preferences | 365 days | Necessary to respect your consent choices |
| AI assistant conversations | 30 days, then anonymised | Contract performance; Anthropic retains data for up to 30 days for safety monitoring |
| Server logs | 72 hours | Security purposes; deleted automatically thereafter |
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request information about the personal data we hold about you and receive a copy of that data.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing (Art. 18): Request limitation of data processing in certain circumstances, such as while accuracy is contested.
- Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
- Right to object (Art. 21): Object to data processing based on legitimate interest or for direct marketing purposes. Where we process data for direct marketing, we will cease processing immediately upon your objection.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent (Art. 6(1)(a)), you may withdraw consent at any time. You can withdraw cookie consent by clicking “Cookie Settings” in our website footer. For other consent-based processing, contact us by email. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint (Art. 77): You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for our company is the data protection authority of the German federal state in which our registered office is located.
To exercise any of these rights, please contact us at the email address listed on our Imprint page. We will respond to your request within one month as required by GDPR Art. 12.
10. Automated Decision-Making
We do not use automated decision-making or profiling as defined in Art. 22 GDPR that would produce legal effects or similarly significantly affect you. All decisions regarding service bookings and client relationships are made by our staff.
11. Children’s Data
Our services are exclusively directed at business clients (B2B). We do not knowingly collect or process personal data from children under 16 years of age. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it without undue delay.
12. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted communications, access controls, and regular security reviews. All data transfers between your browser and our website are encrypted using TLS (Transport Layer Security). We maintain data processing agreements (Art. 28 GDPR) with all third-party processors.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page with the updated date shown above. We encourage you to review this policy periodically. For material changes, we will make reasonable efforts to notify you directly.
14. Contact
If you have questions about this Privacy Policy or our data practices, please contact us via our Contact page or refer to the contact details on our Imprint page.