Privacy policy
Last updated: July 18, 2026
This Privacy Policy explains how Kasma collects, uses, stores and shares personal information when you visit our website, submit a ride request, make a booking, contact our team or otherwise use our services.
1. Data Controller
The controller responsible for your personal information is:
Legal business name: [LEGAL BUSINESS NAME]
Trading name: Kasma
Address: [FULL BUSINESS ADDRESS, GERMANY]
Email: [PRIVACY EMAIL]
Telephone: [PHONE NUMBER]
2. Information We Collect
We may collect the following information:
Contact Information
- Full name;
- Email address;
- Telephone or WhatsApp number;
- Billing address;
- Country of residence.
Ride and Booking Information
- Pickup and destination addresses;
- Requested date and time;
- Flight or train details;
- Passenger count;
- Luggage information;
- Vehicle preferences;
- Child-seat requirements;
- Accessibility requirements;
- Special instructions;
- Booking and cancellation history.
Payment Information
Payments may be processed by Shopify, Shopify Payments or another payment provider.
Kasma generally does not directly receive or store complete credit-card details. We may receive transaction information such as payment status, transaction reference, amount paid and payment method.
Technical Information
When you use our website, we may collect:
- IP address;
- Browser and device information;
- Cookie identifiers;
- Website activity;
- Pages visited;
- Referral source;
- Approximate location;
- Security and fraud-prevention information.
Communication Information
We may keep copies of emails, contact-form submissions, WhatsApp messages, telephone notes and other communications relating to your request or booking.
3. Medical and Accessibility Information
For Medical Appointment Transportation or accessible rides, we only request information necessary to arrange appropriate transportation.
Please do not send medical records, diagnoses or information that is not required for the ride.
Where a customer voluntarily provides health-related or accessibility information, we process it only where necessary to arrange the requested service and, where legally required, based on the customer’s explicit consent.
4. How We Use Personal Information
We may use personal information to:
- Review ride requests;
- Contact customers;
- Provide quotations;
- Confirm and manage bookings;
- Arrange transportation with drivers and transport providers;
- Process payments and refunds;
- Provide customer support;
- Send booking updates;
- Detect fraud and protect our website;
- Comply with legal, accounting and tax obligations;
- Improve our website and services;
- Send marketing communications where consent has been provided.
5. Legal Bases for Processing
Depending on the situation, we process personal information because:
- Processing is necessary to take steps requested before entering into a contract;
- Processing is necessary to perform a contract;
- Processing is necessary to comply with a legal obligation;
- Processing is necessary for our legitimate business interests;
- The customer has provided consent;
- Processing is necessary to establish, exercise or defend legal claims.
A GDPR privacy notice should explain the business identity, purposes, data categories, legal grounds, retention, recipients and any international transfers.
6. Sharing Personal Information
We may share necessary information with:
- Independent drivers;
- Licensed chauffeur and transportation companies;
- Vehicle operators;
- Shopify and its affiliated service providers;
- Payment processors;
- Website-hosting and IT providers;
- Email, telephone and communication providers;
- Accounting, legal and professional advisers;
- Fraud-prevention and security providers;
- Government authorities where legally required.
Transportation providers receive only the information reasonably required to perform the booked ride.
7. Shopify
Our store is hosted by Shopify. Shopify processes certain customer and visitor information to provide ecommerce, checkout, fraud-prevention and payment services.
Information may be processed by Shopify entities and service providers located outside Germany or the European Economic Area, subject to applicable data-transfer safeguards.
8. International Data Transfers
Some service providers may process personal information outside Germany or the European Economic Area.
Where required, we use recognised safeguards such as:
- European Commission adequacy decisions;
- Standard Contractual Clauses;
- Binding Corporate Rules; or
- Other legally accepted transfer mechanisms.
9. Data Retention
We retain personal information only for as long as necessary to:
- Process and manage the booking;
- Provide customer support;
- Resolve complaints or disputes;
- Prevent fraud;
- Meet legal, tax and accounting obligations.
Information may be retained for longer where required by German commercial or tax law.
10. Cookies and Analytics
Our website may use necessary cookies for:
- Shopping-cart functionality;
- Checkout;
- Security;
- Fraud prevention;
- Language and preference settings.
Analytics, advertising or other non-essential cookies will be used only where permitted and, where required, after consent has been obtained. Certain cookies require consent before being placed on a user’s device.
Customers can manage cookie preferences through the cookie banner or browser settings.
11. Marketing Communications
We send promotional emails or messages only where permitted by law.
Customers can unsubscribe using the link contained in the message or by contacting us. Unsubscribing from marketing does not prevent us from sending necessary booking or transaction messages.
12. Your Rights
Depending on applicable law, you may have the right to:
- Request access to your personal information;
- Request correction of inaccurate information;
- Request deletion;
- Request restriction of processing;
- Object to certain processing;
- Request data portability;
- Withdraw consent;
- Lodge a complaint with a data-protection authority.
Withdrawal of consent does not affect processing that occurred before consent was withdrawn.
13. Complaints to a Supervisory Authority
You may submit a complaint to the data-protection authority responsible for the German federal state in which our business is established, or to another competent EU supervisory authority.
14. Children
Bookings must be made by a person aged 18 or older.
A parent, guardian or responsible adult must make any booking involving a minor. Child-seat and passenger-age information may be requested where needed for safety and legal compliance.
15. Security
We use reasonable administrative, technical and organisational measures to protect personal information.
However, no internet transmission or electronic storage method can be guaranteed to be completely secure.
16. Changes to This Privacy Policy
We may update this Privacy Policy when our services, providers or legal obligations change.
The latest version will be published on this page with an updated revision date.