Skip to main content
Greek Island Buses LogoGreek Island Buses

Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect information you provide directly (name, email, payment details) and automatically (usage data, device information, cookies). For drivers using the GIBS Driver mobile app, we also collect precise location data (GPS) during active shifts, including in the background, so passengers can see live bus position.

2. How We Use Your Information

We use your information to process ticket purchases, send booking confirmations, improve our services, and communicate with you about your account.

3. Data Sharing

We share your information with bus operators to fulfil your booking, payment processors (Stripe) to process payments, and email providers to send confirmations.

4. Your Rights (GDPR)

You have the right to access, correct, delete, or export your personal data. You may also object to processing or request restriction. Contact us at [email protected].

5. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations. Account data is deleted 30 days after account deletion request.

6. Cookies

Please refer to our Cookie Policy for information about how we use cookies.

7. Legal Basis for Processing (GDPR Art. 6)

We process your personal data under the following legal bases: (a) Performance of a contract (Art. 6(1)(b)) — when you purchase tickets or create an account; (b) Legitimate interests (Art. 6(1)(f)) — for fraud prevention, platform security, and service improvement; (c) Consent (Art. 6(1)(a)) — for marketing emails and optional analytics cookies, which you may withdraw at any time; (d) Legal obligation (Art. 6(1)(c)) — for tax records and regulatory compliance under Greek and EU law.

8. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). Where we transfer data outside the EEA (e.g., to cloud service providers), we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission, in accordance with GDPR Chapter V.

9. Data Protection Officer

Our Data Protection Officer can be contacted at [email protected] or by post at: Greek Island Buses, Data Protection Officer, Athens, Greece. The DPO oversees our compliance with GDPR and is available to address any concerns about how we handle your personal data.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr, or with the supervisory authority in your EU/EEA country of residence. You also have the right to seek judicial remedy.

11. Driver Location Data (GIBS Driver App)

When a driver uses the GIBS Driver mobile app to start a shift, the app collects precise device location (GPS) — both while the app is in the foreground and in the background — for the duration of the shift. This data is used to (a) display the live position of the bus to passengers viewing that route, (b) record the route actually driven for operational and safety review, and (c) match scanned passenger tickets to the correct trip. Location is only collected while a shift is active; it stops as soon as the driver ends the shift. Background location requires the driver's explicit Android system permission and can be revoked at any time in the device settings (which will end live tracking). We do not sell location data, do not use it for advertising, and do not share it with third parties other than our hosting and map providers acting as data processors. Location records are retained for up to 90 days for operational review, then deleted or anonymised.