Privacy Policy

Last Updated: May 2026

1. Introduction and Scope

At IZI Transfer (operated under Kazakhstan registration KZ63UWQ06967439), accessible from izi-transfer.com, your privacy is our utmost priority. This comprehensive Privacy Policy governs the collection, processing, and safeguarding of personal data for all users, clients, and partners utilizing our services globally, with strict adherence to the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and the Law of the Republic of Kazakhstan "On Personal Data and its Protection".

2. Categories of Information Collected

We operate on the principle of data minimization, collecting only information strictly necessary for the execution of transport services and legal compliance:

• Personally Identifiable Information (PII): Full legal name, direct contact numbers, email addresses, and residential/billing addresses provided during booking or account creation.
• Operational Travel Data: Exact flight numbers, passenger counts, geolocation points (pickup/drop-off coordinates), specific travel itineraries, and specialized requests (e.g., child seat requirements, mobility assistance).
• Financial and Transactional Data: While we do not process or store raw credit card numbers on our servers, we securely store encrypted billing tokens, transaction histories, and invoicing details to facilitate refunds and comply with international anti-money laundering (AML) regulations. Processing is handled via PCI-DSS compliant gateways.
• Automated Technical Data: When accessing our digital platforms, we automatically log IP addresses, browser agents, operating systems, and session cookies to ensure platform security, prevent fraud, and optimize user experience.

3. Lawful Basis and Purpose of Processing

Your data is processed under the following lawful bases:

• Contractual Necessity: To fulfill the transportation contract, dispatch chauffeurs, and communicate critical ride updates.
• Legal Obligation: To maintain verifiable tax records, generate official invoices, and comply with state transportation and border control directives.
• Legitimate Interest: To monitor fleet safety, conduct post-ride quality assurance, and prevent fraudulent bookings.
• Explicit Consent: For the distribution of non-essential marketing communications, which can be opted out of at any time.

4. Data Sharing, Sub-Processors, and Cross-Border Transfers

IZI Transfer operates an international network. As such, your data may be securely transferred across borders. We strictly control data dissemination:

• Chauffeur Partners: Only your name, pickup location, and contact number are securely transmitted to your assigned driver purely for operational execution. Drivers are contractually bound by strict non-disclosure agreements.
• Infrastructure Partners: We utilize enterprise-grade cloud providers (e.g., AWS, Google Cloud) whose server architectures comply with ISO 27001 and GDPR data sovereignty requirements via Standard Contractual Clauses (SCCs).
• Law Enforcement: We will only disclose personal data to state authorities when presented with a valid, legally binding court order or warrant.

5. Data Retention Period

We do not hold data indefinitely. Operational travel data is anonymized 36 months after the completion of the ride. Financial records and invoices are retained for a strict period of 5 years as mandated by Kazakhstan and international corporate tax laws, after which they are securely purged from our active databases.

6. Your Comprehensive Data Rights

Under GDPR and local data laws, you possess the absolute right to:

• Right of Access: Request a full cryptographic export of all personal data held by IZI Transfer within 30 days.
• Right to Rectification: Immediately correct any inaccurate or incomplete personal records.
• Right to Erasure ("Right to be Forgotten"): Request total deletion of your profile and non-legally-mandated history.
• Right to Restrict Processing: Pause our use of your data while a dispute is being investigated.

To exercise any of these rights, submit a formal request to our Data Protection Officer (DPO) at mail@izi-transfer.com.