Privacy Policy

1. Introduction

Last updated: February 2026

MMG VTC is committed to protecting the privacy and personal data of its customers. This privacy policy explains how we collect, use, store and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and French data protection law.

Data controller:

• Name: MMG VTC
• Email: mmgvtc06@gmail.com
• Phone: +33 6 23 17 13 21
• Address: Nice, France

2. Personal Data Collected

We only collect data necessary to provide our VTC transport services:

2.1 Identification Data

• Name and surname: To identify the customer and personalize the service
• Email address: For booking confirmations and communications
• Phone number: To contact you if needed (delay, change, emergency)

2.2 Booking Data

• Pick-up location and destination: To organize your journey
• Date and time: To plan the ride
• Number of passengers: To adapt the vehicle
• Additional information: Luggage, special requests (optional)

2.3 Navigation Data (Cookies)

• Technical cookies: For proper site functioning (cookie consent)
• Analytics cookies: To improve user experience (if accepted)

2.4 Data NOT Collected

We do NOT collect:

• ❌ Banking data (managed directly by Stripe)
• ❌ Sensitive data (ethnic origin, political opinions, health, etc.)
• ❌ Real-time geolocation data

3. Processing Purposes

Your personal data is used only for the following purposes:

3.1 Booking Management

• Processing your booking request
• Booking confirmation by email
• Journey organization (departure, destination, schedule)
• Contact if needed (delay, change, emergency)

Legal basis: Contract performance (Article 6.1.b of GDPR)

3.2 Customer Communication

• Response to your questions and requests
• Sending confirmations and reminders
• After-sales service

Legal basis: Contract performance and legitimate interest

3.3 Payment Management

• Payment processing via Stripe (secure)
• Invoice issuance
• Accounting management

Legal basis: Legal obligation (accounting) and contract performance

3.4 Service Improvement

• Customer satisfaction analysis
• User experience improvement
• Anonymized statistics

Legal basis: Legitimate interest (Article 6.1.f of GDPR)

3.5 Legal Obligations

• Retention of accounting data (10 years)
• Compliance with tax obligations
• Response to requests from competent authorities

Legal basis: Legal obligation (Article 6.1.c of GDPR)

4. Data Recipients

Your personal data is accessible only to the following persons and services:

4.1 Authorized Personnel

• MMG VTC driver: To organize and perform your journey
• Customer service: To respond to your requests

4.2 Technical Service Providers

• Formspree: Contact form management (GDPR compliant)
• Stripe: Secure payment processing (PCI DSS Level 1)
• Netlify: Website hosting (GDPR compliant)
• Google Fonts: Font display

All our service providers are GDPR compliant and located in the European Union or have appropriate guarantees.

4.3 Competent Authorities

Your data may be communicated to competent authorities only in case of legal obligation (judicial requisition, tax audit, etc.).

4.4 No Data Sale

We NEVER sell your personal data to third parties.

5. Retention Period

Your data is retained only for the period necessary for the purposes for which it was collected:

Data Type	Retention Period	Justification
Booking data	3 years after the ride	Claims and disputes management
Accounting data (invoices)	10 years	Legal obligation (Commercial Code)
Contact data (prospects)	3 years without interaction	Commercial prospecting
Technical cookies	13 months maximum	CNIL recommendation
Analytics cookies	13 months maximum	CNIL recommendation

Automatic deletion: At the expiration of these periods, your data is automatically deleted from our systems.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

6.1 Technical Measures

• ✅ HTTPS encryption: All communications are encrypted (SSL/TLS)
• ✅ Anti-spam protection: Honeypot to block malicious bots
• ✅ Data validation: Strict control of user inputs
• ✅ XSS protection: Prevention of code injections
• ✅ Security headers: Content-Security-Policy, HSTS, etc.
• ✅ Secure hosting: Netlify (GDPR compliant)

6.2 Organizational Measures

• ✅ Restricted access: Only authorized personnel access data
• ✅ Confidentiality: Staff confidentiality commitment
• ✅ Regular backups: Protection against data loss
• ✅ Updates: System and software regularly updated

6.3 Secure Payments

Payments are processed by Stripe, certified PCI DSS Level 1 (highest security standard). We NEVER store your banking data.

7. Your Rights (GDPR)

In accordance with GDPR, you have the following rights regarding your personal data:

7.1 Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

7.2 Right of Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure (Article 17)

You can request deletion of your personal data, unless we have a legal obligation to retain it (e.g., invoices).

7.4 Right to Restriction (Article 18)

You can request restriction of processing of your data in certain cases.

7.5 Right to Portability (Article 20)

You can receive your data in a structured, machine-readable format.

7.6 Right to Object (Article 21)

You can object to processing of your data for reasons relating to your particular situation.

7.7 Right to Withdraw Consent

You can withdraw your consent at any time (cookies, newsletter, etc.).

7.8 How to Exercise Your Rights?

To exercise your rights, contact us:

• Email: mmgvtc06@gmail.com
• Phone: +33 6 23 17 13 21
• Mail: MMG VTC, Nice, France

Response time: We undertake to respond within a maximum of 1 month.

ID proof: For security reasons, we may ask for a copy of your ID.

8. Cookie Management

Our site uses cookies to improve your browsing experience.

8.1 Types of Cookies Used

Technical Cookies (Required)

• Cookie consent: Remembers your choice (accept/decline)
• Session: Maintains your active session

These cookies are necessary for the site to function and do not require consent.

Analytics Cookies (Optional)

• Google Analytics: Traffic statistics (if accepted)

These cookies require your prior consent.

8.2 Managing Your Preferences

You can modify your cookie preferences at any time:

• Via the banner: Click "Accept" or "Decline"
• Via your browser: Settings → Privacy → Cookies
• Deletion: Clear cookies from your browser

8.3 Retention Period

Cookies are retained for a maximum of 13 months (CNIL recommendation).

9. Data Transfers Outside EU

Your personal data is primarily stored and processed in the European Union.

9.1 Service Providers Outside EU

Some service providers may be located outside the European Union:

• Stripe: United States (Standard Contractual Clauses approved by European Commission)
• Google Fonts: United States (Legitimate interest, minimal data)

9.2 Appropriate Guarantees

All transfers outside the EU are governed by appropriate guarantees in accordance with GDPR (Standard Contractual Clauses, Privacy Shield, etc.).

10. Right to Lodge a Complaint

If you believe your rights are not being respected, you can lodge a complaint with the CNIL:

French Data Protection Authority (CNIL)

• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
• Phone: +33 1 53 73 22 22
• Website: www.cnil.fr
• Online form: www.cnil.fr/fr/plaintes

11. Policy Modifications

We reserve the right to modify this privacy policy at any time to reflect changes in our practices or for legal reasons.

Notification: In case of substantial modification, we will inform you by email or via a notification on the site.

Last update date: February 2026

12. Contact Us

For any questions regarding this privacy policy or the use of your personal data, contact us:

Response time: We undertake to respond to your requests within a maximum of 1 month.