01.Data controller
The controller of your personal data is Happy Bus Marsur S.L., Spanish tax ID B57754913, registered office at Calle Son Boi 7A, 07330 Consell (Balearic Islands, Spain).
You can reach us by email at info@happybusmarsur.com or by phone at +34 680 94 55 99. For data-protection matters specifically, please write to the same address with the subject "Data protection".
02.What we collect
Identity and contact data: name, email address, phone number. Collected when you book a transfer, request a quote or reach us through the contact form.
Trip data: origin, destination, date and time, number of passengers, luggage, flight number (optional) and free-text notes. Collected at booking time.
Payment data: card payments are handled end-to-end by Stripe Payments Europe Ltd. We do NOT store or have access to your full card details. We do store internal payment references (transaction id, amount, status) for billing and for dispute handling.
Tax data: when you request a full invoice we store your tax id (NIF/NIE/passport) and billing address to comply with statutory record-keeping.
Technical and browsing data: IP address, device type, browser, and cookies. See the cookies section for details.
03.Purposes
Manage the booked transfer, including handing over the required details to the assigned driver.
Contact you by email, phone or WhatsApp regarding your booking (confirmations, changes, flight-tracking updates, incidents).
Issue invoices and comply with tax and accounting obligations.
Analyse usage of the site through analytics and advertising tools (Google Analytics, Google Ads) — only when you consent through the cookie banner.
When you expressly authorise it, send you commercial communications about similar services via the channels you have indicated.
04.Legal basis for processing
Performance of the transport contract (GDPR art. 6.1.b) to manage the booking and deliver the service.
Compliance with a legal obligation (GDPR art. 6.1.c) for issuing and retaining invoices under Spanish tax law.
Legitimate interest (GDPR art. 6.1.f) for card-payment fraud prevention and continuous service improvement based on aggregated and anonymised data.
Data-subject consent (GDPR art. 6.1.a) for commercial communications and for the non-essential analytics and advertising cookies.
05.Who we share data with
Technology providers (processors) that enable the site and the booking flow: Google LLC (Firebase hosting and database), Stripe Payments Europe Ltd. (payment processing), Resend Inc. (transactional email delivery), Verifacti (Verifactu-aligned e-invoicing system).
Meta Platforms Ireland Ltd. when the contact happens through the Facebook Messenger channel linked to our business.
Google Ireland Ltd. for site-usage analysis and advertising campaigns, when you have consented to the relevant cookies.
Public authorities (Spanish Tax Agency, law enforcement, courts) where we are legally required to disclose information.
Outside of the above, we do not share your personal data with third parties for commercial purposes.
06.International data transfers
Some of our providers (Google, Stripe, Meta) are headquartered in the United States. Any international transfer of personal data that occurs is covered by the EU–U.S. Data Privacy Framework, adequacy decision of the European Commission of 10 July 2023, and by the Standard Contractual Clauses approved by the Commission (2021/914).
07.How long we keep your data
Booking and service-execution data: for the duration of the contractual relationship and up to 4 years thereafter, matching the statutory limitation period for tax actions under Spanish General Tax Law.
Invoicing data: 6 years from issuance, per article 30 of the Spanish Commercial Code.
Data processed on the basis of consent (marketing, cookies): until you withdraw consent or after two years of inactivity, whichever comes first.
Records of contact and unconverted quote requests: up to one year after the last interaction, unless you exercise your right to erasure earlier.
08.Your rights
You have the right to access your personal data, to rectify it if inaccurate, to have it erased when it is no longer needed, to object to the processing, to request restriction of processing, and to request the portability of your data to another controller — as set out in GDPR articles 15 to 22.
To exercise these rights, write to info@happybusmarsur.com with the subject "GDPR rights" attaching a copy of an ID document. We will reply within one month.
If you believe the processing of your data does not comply with the applicable rules, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD), Jorge Juan 6, 28001 Madrid, or through its e-portal at sedeagpd.gob.es.
You may also withdraw at any time any consent you have granted, without affecting the lawfulness of processing based on consent before its withdrawal.
10.Security
We apply reasonable technical and organisational measures to protect your personal data against loss, unauthorised access or improper disclosure: TLS-encrypted connections, role-based access control on our internal databases, card tokenisation through Stripe, and periodic audits of our tech vendors.
No system is bullet-proof. If you spot any vulnerability or incident affecting your data, please tell us as soon as possible at info@happybusmarsur.com.
11.Changes to this policy
We may update this privacy policy to align with regulatory changes or new service features. Where the change is substantial, we will notify you by email at the address linked to your most recent booking and, when appropriate, through a prominent notice on the website.
The version in force is always the one published on this page, together with the last-updated date shown above.
Questions about how we use your data?
Write to us — our team replies within the one-month deadline set by the GDPR, and usually on the same business day.
Contact Happy Bus Marsur
