At Groundtier, we are committed to protecting your personal information and respecting your privacy. This policy explains how we collect, use, store, and protect your data in accordance with Albanian law and EU General Data Protection Regulation (GDPR) standards.
1.1 Who We Are
Groundtier sh.p.k. is the data controller responsible for your personal information.
Company Name: Groundtier sh.p.k.
Registration: Currently under incorporation (NUIS to be announced upon registration)
Address: Tirana, Albania
Contact: info@groundtier.com
Privacy Inquiries: privacy@groundtier.com
1.2 Scope of Policy
This policy applies to all personal data collected through our website, booking platform, email communications, and customer service interactions.
1.3 Your Rights
You have the right to access, correct, delete, or restrict use of your personal data. See Section 8 for details.
1.4 Independent Drivers
Drivers act as independent service providers and process personal data solely for the purpose of fulfilling the booked transfer. We require drivers to handle your information in accordance with data protection standards through contractual agreements.
2.1 Information You Provide
When you make a booking, we collect:
Contact Details: First and last name, email address, phone number (including country code)
Travel Details: Flight number and airline, arrival/departure dates and times, pickup and drop-off locations, number of passengers, special requests (child seats, luggage requirements, etc.)
Child Seat Requests: When a parent/guardian books a transfer including child seats, we process the child's approximate age category only as necessary to provide the appropriate safety seat. This is not considered sensitive health data.
2.2 Information We Collect Automatically
When you visit our website, we may collect: IP address and approximate location, browser type and version, device information, pages visited and time spent, referring website, and cookie data (see Section 6).
2.3 Information from Third Parties
We may receive data from flight tracking services (flight status updates), payment processors (transaction confirmations), and location services (address verification).
2.4 Special Category Data
We do not intentionally collect sensitive personal data (health information, religion, etc.). If you voluntarily provide such information (e.g., mobility requirements), we process it only to fulfill your service request.
3.1 Service Delivery
We use your data to: confirm and process your booking, assign driver and vehicle, track your flight and adjust pickup time, provide meet and greet service, navigate to pickup and destination, send booking confirmations and updates, and provide customer support.
3.2 Legal Basis
Contract Performance: Processing necessary to provide service you booked
Legal Obligation: Compliance with tax, accounting, and transport regulations
Legitimate Interest: Improving service quality, preventing fraud, and direct marketing of similar services (we do not currently send marketing communications but may in the future with your consent)
3.3 Communications
We may contact you to confirm booking details, provide service updates (flight delays, driver arrival), request feedback after service, and respond to inquiries or complaints.
3.4 Service Improvement
We may analyze anonymized booking data to understand popular routes and times, optimize driver allocation, improve website usability, and identify service issues. We may use analytics tools to understand site usage patterns.
3.5 Fraud Prevention
We may use your information to verify identity and payment details, detect unusual booking patterns, prevent unauthorized use of payment cards, and comply with anti-money laundering requirements.
4.1 Service Providers
We share necessary information with trusted third parties who help us deliver service:
Booking Automation Platforms: We use secure cloud-based automation and workflow platforms to coordinate booking details, driver assignment, and customer notifications. Information shared: Booking details, contact information. Purpose: Service coordination and scheduling. Protection: EU Standard Contractual Clauses.
Communication Services: Email service providers receive your email address, name, and booking details to send confirmations and updates. Location: EU (GDPR-compliant).
Mapping & Location Services: Geocoding and mapping services receive addresses (anonymized where possible) for route planning and navigation. Location: Various, protected by Standard Contractual Clauses.
4.2 Legal Requirements
We may disclose your information if required by Albanian law or court order, tax authorities, law enforcement (with proper legal process), or regulatory authorities.
4.3 Business Transfers
If Groundtier is acquired or merged, your data may be transferred to the new entity, subject to this privacy policy.
4.4 What We Never Do
We never sell your personal data to third parties, share your data for third-party marketing, use your data for purposes incompatible with original collection, or transfer data outside EU/EEA without adequate protections.
5.1 Security Measures
We protect your data using: SSL/TLS encryption for all website communications, encrypted storage of personal information, secure password policies and access controls, regular security audits and updates, and staff training on data protection.
5.2 Payment Security
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We never see or store your complete credit card details.
5.3 Data Breach Response
We will take appropriate steps to notify affected individuals and authorities in accordance with applicable data protection laws and timelines in the unlikely event of a data breach, take immediate action to contain and remediate the breach, and offer support and guidance to affected individuals.
5.4 Your Responsibility
Please keep your booking confirmation and reference number secure, do not share login credentials if you create an account, and notify us immediately of suspected unauthorized access.
6.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us provide better service and understand how you use our site.
6.2 Cookie Consent
We use a cookie consent management platform (Cookiebot) to record your preferences. Strictly necessary cookies do not require consent, but we obtain your consent for analytics and functional cookies through our consent banner.
6.3 Types of Cookies We Use
6.4 Third-Party Cookies
We use cookies from payment processors (Stripe) for secure checkout, and analytics providers for website improvement. All third-party cookies are subject to your consent through our cookie banner.
6.5 Managing Cookies
You can control cookies through: our cookie consent banner (first visit), cookie settings link in website footer, or your browser settings (instructions at aboutcookies.org).
Note: Disabling necessary cookies may prevent booking functionality.
6.6 Do Not Track
Our website does not currently respond to "Do Not Track" browser signals, but you can disable cookies through your browser settings or our cookie consent banner as described above.
7.1 How Long We Keep Your Data
Active Bookings: Retained until service completion plus 30 days (enables customer support and service delivery)
Completed Bookings: Retained for 5 years after service date (required for Albanian tax and accounting law compliance, supports warranty claims and dispute resolution)
Marketing Communications: Retained until you unsubscribe or withdraw consent (can be deleted upon request)
Website Analytics: Aggregated data retained indefinitely (anonymized), individual visitor data retained up to 26 months
7.2 Extended Retention for Claims
Booking data may be retained beyond our standard retention period if required for active insurance claims or disputes, legal proceedings, or regulatory investigations. Once claim or dispute is resolved, data is deleted.
7.3 Deletion After Retention Period
When retention period expires, personal data is securely deleted or anonymized, financial records are retained per legal requirements, and aggregated statistics may be retained indefinitely.
7.4 Early Deletion
You may request early deletion (see Section 8), except where legal obligations require retention, legitimate disputes or claims exist, or data is needed for compliance or fraud prevention.
8.1 Right to Access
You can request confirmation of whether we process your data, a copy of your personal data, and information about how we use your data.
8.2 Right to Rectification
You can request correction of inaccurate personal information or completion of incomplete data.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion when data is no longer necessary for original purpose, you withdraw consent (where consent was legal basis), you object to processing and no overriding legitimate grounds exist, or data was processed unlawfully.
8.4 Right to Restriction
You can request we limit processing while verifying accuracy of disputed data, determining legitimacy of processing you've objected to, or when data is no longer needed by us but needed by you for legal claims.
8.5 Right to Data Portability
You can request your data in structured, commonly-used format (CSV, JSON) that is transferable to another service provider.
8.6 Right to Object
You can object to processing based on legitimate interests (we'll stop unless compelling grounds exist) or direct marketing (we'll stop immediately).
8.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw at any time. This doesn't affect lawfulness of processing before withdrawal.
8.8 Right to Lodge Complaint
You have the right to complain to Albanian Data Protection Authority (Komisioni i Mbrojtjes së të Dhënave Personale) or your local EU data protection authority (for EU residents).
9.1 Where We Process Data
Your data may be processed in Albania (where our company is based), the European Union (service providers), and the United States (certain technical providers).
9.2 Transfer Safeguards
When transferring data outside EU/EEA, we ensure protection through:
9.3 Specific Provider Protections
Payment processing (Stripe): Protected by EU Standard Contractual Clauses, operates servers in Ireland (EU) and US. Automation and communication platforms: Protected by Standard Contractual Clauses or Data Privacy Framework certification. A full list of data processors is available upon request.
10.1 Age Restriction
Our services are intended for adults (18+). We do not knowingly collect personal information from children under 18, except child passenger names/ages provided by parent/guardian for service delivery and information necessary for child seat provision.
10.2 Parental Responsibility
Parents/guardians making bookings for children are responsible for providing accurate child information, consenting to necessary data processing, and exercising privacy rights on child's behalf.
11.1 Updates
We may update this policy to reflect changes in law or regulation, new service features, or improved data practices.
11.2 Notification
Material changes will be posted on our website with updated "Effective Date", notified via email for significant changes, and subject to your consent where required by law.
11.3 Your Continued Use
Continuing to use our service after changes indicates acceptance of updated policy.
Privacy Inquiries:
Email: privacy@groundtier.com
Response time: Within 5 business days
General Inquiries:
Email: info@groundtier.com
Website: groundtier.com
Postal Address:
Groundtier sh.p.k.
Tirana, Albania
(Full address available in booking confirmation)
Albanian Data Protection Authority:
Komisioni i Mbrojtjes së të Dhënave Personale
Email: info@idp.al
Website: www.idp.al
This privacy policy was last updated in April 2026 and applies to all services provided by Groundtier sh.p.k.