Aller au contenu principal
Double H — chauffeur privé VTC Double H Chauffeur Privé · VTC
Book
GDPR

Privacy policy

Last updated: 8 May 2026

This privacy policy aims to inform you of how Double H VTC (hereinafter "we" or "Double H") collects, uses, and protects your personal data within the framework of the VTC private chauffeur activity, in compliance with the General Data Protection Regulation (GDPR) and the amended French Data Protection Act.

1. Data controller

Identity
Double H VTC
SIREN
En cours d'attribution
Address
20 allée Arthur Guérin, 93320 Les Pavillons-sous-Bois
Contact
contact@doublehvtc.fr

For organisations of our size, the appointment of a Data Protection Officer (DPO) is not mandatory. However, any question relating to the processing of your data may be addressed to contact@doublehvtc.fr with the subject "GDPR".

2. Data collected

We collect and process the following data categories:

2.1 At booking time

  • Identity: full name (mandatory legal mention on the booking voucher)
  • Contact: phone number, email address
  • Trip: pickup and destination addresses, pickup date and time
  • Flight: flight or train number for airport/station transfers
  • Company: company name (optional, for professional accounts)
  • Preferences: ride type, options selected, concierge requests
  • Third party: if you book for someone else, the passenger's name and phone

2.2 During the ride

  • Vehicle geolocation (technical only, not retained)

2.3 Technical data (website browsing)

  • IP address and technical identifiers (when submitting a booking, retained for fraud audit)
  • User Agent (browser type)
  • Aggregated and anonymised browsing data (analytics — see cookies)

3. Processing purposes

Your data is processed exclusively for the following purposes:

  • Performance of the transport contract: organising and carrying out your ride, contacting you before or during the trip
  • Legal compliance: issuance and retention of the booking voucher compliant with the French order of 6 August 2025 (legal obligation)
  • Invoicing: issuance of invoices and receipts, accounting
  • After-sales service: handling claims, mediation
  • Marketing communication: sending occasional information if you have expressly consented (opt-in)
  • Security: fraud prevention, security audit
  • Anonymous statistics: improvement of the service and the website (Plausible Analytics, aggregated data without cookies)

4. Legal bases

In accordance with article 6 of the GDPR, the legal bases applicable to our processing are:

  • Contract performance: for data strictly necessary to organise and carry out the ride (article 6.1.b GDPR)
  • Legal obligation: for the retention of booking vouchers (article 6.1.c — French order of 6 August 2025)
  • Legitimate interest: for fraud prevention and security (article 6.1.f)
  • Consent: for newsletter and analytics beyond what is strictly necessary (article 6.1.a)

5. Data recipients

Your data is strictly reserved for internal use and is never sold to third parties. However, it may be shared with:

  • Hosting: Cloudflare, Inc. (United States, GDPR-certified via standard contractual clauses) — encrypted storage
  • Email service: Resend (sending confirmation emails and PDF vouchers)
  • Mapping service: Google Maps (only the addresses entered in the booking module, for itinerary calculation)
  • Accountant / chartered accountant: for accounting obligations (invoices only)
  • Authorities: upon legal requisition only

6. Retention period

  • Booking vouchers: kept for 10 years (recommended duration for accounting obligations and statute of limitations)
  • Customer data (bookings): 5 years after the last ride (right of withdrawal, warranty)
  • Newsletter data: until your unsubscription, and 3 years maximum of inactivity
  • Technical logs: 12 months maximum
  • Analytics data: aggregated, kept for 14 months

7. Your rights

In accordance with articles 15 to 22 of the GDPR, you have the following rights:

  • Right of access: confirm that data concerning you is being processed and obtain a copy
  • Right of rectification: correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to legal retention obligations (in the case of booking vouchers)
  • Right to restriction: restrict processing in certain cases
  • Right to object: object to processing, particularly direct marketing
  • Right to portability: receive your data in a structured, machine-readable format
  • Right to withdraw consent at any time, for processing based on consent

To exercise your rights, contact us at contact@doublehvtc.fr. We will respond within one month (extendable to 3 months for complex requests). A copy of an identity document may be required to verify your identity.

8. Complaint to the CNIL

If you believe your rights are not respected, you may lodge a complaint with the French Data Protection Authority (CNIL):

CNIL — 3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07
www.cnil.fr

9. Data security

We implement appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, and any disclosure: communication encryption (HTTPS), at-rest data encryption, strict access control, regular audits.

10. International transfers

Some of our data may be processed outside the European Union by our subcontractors (Cloudflare, Google, Resend). These transfers are governed by standard contractual clauses adopted by the European Commission or by adequacy decisions, ensuring an equivalent level of protection.

11. Modifications

This policy may be modified to reflect legal or technical changes. The last update date is indicated at the top of the page. Substantial changes are notified by email to registered customers.