Effective date: 15 May 2026
This Privacy Policy applies to all services of Best Geneva Transports Sàrl (trading as GVA TO ALPS), including the website gvatoalps.com and any communication by phone, WhatsApp, email or messaging. It describes what data we collect, how we use it, on what legal basis, with whom we share it, how long we keep it, and what your rights are.
This Policy is drafted in accordance with the revised Swiss Federal Act on Data Protection (revFADP / nFADP) of 25 September 2020, in force since 1 September 2023, and with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) for data subjects residing in the EU/EEA.
Best Geneva Transports Sàrl (GVA TO ALPS)
Rue Vermont 42, 1202 Geneva, Switzerland
UID / VAT: CHE-291.444.283 — Commercial Register of Geneva
Managing Director: Gheorghe Gavrilita
Email: info@gvatoalps.com
Phone / WhatsApp: +41 78 744 31 14
You may contact us by email, phone, WhatsApp or postal mail at the address above for any matter relating to the processing of your data.
When you complete the booking form or contact us by WhatsApp / email to book a transfer, we collect:
When you write to us by email, WhatsApp or phone, we keep the content of the exchange as long as needed to follow up (quote, booking, complaint handling).
| Purpose | Legal basis (revFADP / GDPR) | Retention |
|---|---|---|
| Performance of the transport contract (booking, pickup, flight monitoring, invoicing) | Contract performance (Art. 31(2)(a) revFADP; Art. 6(1)(b) GDPR) | 10 years (Swiss accounting obligation, CO Art. 958f) |
| Card payment processing (Stripe) | Contract performance; legitimate interest in payment security (Art. 6(1)(b) and (f) GDPR) | 10 years |
| Replying to your enquiries (email, WhatsApp, phone) | Legitimate interest; pre-contractual measures (Art. 6(1)(b) and (f) GDPR) | 2 years after last contact |
| Audience analytics (Microsoft Clarity, Google Analytics) | Consent (Art. 6(1)(b) revFADP; Art. 6(1)(a) GDPR) | See cookie policy — typically 14 months |
| Marketing and ad-conversion tracking (Google Ads) | Consent (Art. 6(1)(b) revFADP; Art. 6(1)(a) GDPR) | See cookie policy — typically 90 days |
| Site security, fraud prevention, access logs | Legitimate interest (Art. 31(2)(c) revFADP; Art. 6(1)(f) GDPR) | 12 months |
| Legal obligations (tax, accounting, lawful requests) | Legal obligation (Art. 6(1)(c) GDPR) | As required by law (up to 10 years) |
To deliver the service we share certain data with the following providers acting as processors or joint controllers. All transfers outside the EU / Switzerland to third countries (notably the United States) are covered either by the EU Commission Standard Contractual Clauses and the EU–US Data Privacy Framework, or by the FDPIC standard clauses for flows from Switzerland.
| Provider | Data transferred | Country | Purpose |
|---|---|---|---|
| Hostinger International Ltd. | All website and database data | Germany (EU) | Hosting |
| REVERT MKT S.R.L. (RO CUI 50930476) — Strada Zorelelor 4, Gherăești, Neamț, Romania | Administrative access to the site (CMS, FTP/SSH, logs) for technical maintenance | Romania (EU — intra-EU transfer) | Website development, maintenance and monitoring; Art. 28 GDPR DPA in place |
| Stripe Inc. | Name, email, amount, booking reference, card data | United States (DPF + SCCs) | Card payment processing (CHF) |
| HighLevel Inc. / LeadConnector LLC (sub-processors include Amazon Web Services, Google Cloud, Twilio, Mailgun, HighLevel India — full list at gohighlevel.com/sub-processors) | Booking data (identity, contact, trip, message) | United States + India — covered by EU 2021 SCCs, EU–US, UK and Swiss–US Data Privacy Framework certification (active), and HighLevel's auto-incorporated Data Processing Addendum. | CRM, booking management, customer communication |
| Microsoft Corporation (Clarity) | Truncated IP, navigation, mouse moves, clicks | United States / EU (DPF + SCCs) | User-experience analytics — only with consent |
| Google LLC / Google Ireland Ltd. | Cookie ID, navigation events, conversion data | Ireland + United States (DPF + SCCs) | Google Analytics and Google Ads — only with consent |
| Meta Platforms Ireland Ltd. (WhatsApp Business) | Your phone number and message content when you write to us on WhatsApp | Ireland + United States | Customer messaging (at your initiative) |
| Transport sub-contractors | First name, phone, pickup location, flight number | Switzerland / France (depending on route) | Actual provision of transport when we sub-contract |
| Authorities, lawyers, accountants, insurers | On lawful request or in case of dispute | Switzerland / EU | Legal obligations |
We never sell your personal data and do not use it for direct marketing without your consent.
This site uses essential cookies (session, language preference) and — only after your consent — analytics and marketing cookies. The full list is set out in our Cookie Policy. You can change your preferences at any time via the "Cookie settings" link in the footer.
We retain your data only for as long as needed for the purpose, in accordance with section 3. After these periods, data are deleted or irreversibly anonymised. Accounting records related to payments (invoices, Stripe transactions) are retained for 10 years pursuant to the Swiss Code of Obligations (Art. 958f CO).
We implement appropriate technical and organisational measures to protect your data against loss, unauthorised access, disclosure or destruction: site-wide HTTPS/TLS, strong passwords, restricted access to the admin panel, regular backups, web application firewall (WAF), card data tokenisation by Stripe (we do not store any card data).
Under revFADP and GDPR you have the following rights regarding your personal data:
To exercise these rights, write to info@gvatoalps.com. We may ask for proof of identity for manifestly excessive requests or to protect your data against impersonation.
If you consider that the processing of your data does not comply with the law, you may lodge a complaint with:
Our services are intended for adults (16+). We do not knowingly collect data from minors under 16 without parental consent. When a booking involves children (child seats, accompanied minors), the booking is made by an adult who assumes that responsibility.
We may update this Policy to reflect legal or service developments. The version in force is always the one published on this page, with the effective date shown at the top. Material changes will be signalled where reasonably possible.
We do not use solely automated decision-making producing legal effects or significantly affecting you. The automated price calculation is a decision-support tool that can be checked by our team before confirmation.
