PRIVACY POLICY
TruthLayer® Software
Operated by CheckTransfer Tech B.V.
Last updated: 24-02-2026
1. Identity of the Data Processor
This Privacy Policy describes how personal data is processed within the TruthLayer® software environment.
TruthLayer® is developed and operated by:
CheckTransfer Tech B.V.
The Netherlands
Chamber of Commerce (KvK): 99698277
Email: support@check-transfer.com
Phone: +31 85 040 6311
CheckTransfer Tech B.V. is a software development company and independent SaaS provider.
CheckTransfer Tech B.V.:
- is not an Online Travel Agency (OTA)
- is not a transport provider
- is not a broker or intermediary
- does not sell travel or transfer services
- is not a contracting party in any transport agreement
TruthLayer® operates exclusively as an independent digital verification infrastructure between booking entities, passengers and transport providers.
2. Role Under GDPR
For purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”):
- The booking entity / OTA / transport company acts as Data Controller.
- CheckTransfer Tech B.V. acts as Data Processor.
CheckTransfer Tech B.V. processes personal data solely on documented instructions from the Controller.
TruthLayer® does not independently determine the purposes or means of commercial data processing.
3. Purpose of Processing
Personal data within TruthLayer® is processed exclusively for:
- Logging booking information as received from Controller
- Timestamping operational workflow events
- Registering driver and passenger confirmations
- Preserving immutable audit records
- Providing neutral evidentiary infrastructure
TruthLayer® does not use personal data for:
- Marketing
- Profiling
- Commercial resale
- Behavioral analysis
- Independent commercial exploitation
Processing is strictly limited to operational verification and digital evidence preservation.
4. Categories of Data Processed
Depending on system configuration by the Controller, data may include:
- Passenger name
- Phone number
- Email address
- Flight details
- Pickup and drop-off location
- Booking reference
- Driver identification
- Vehicle details
- Event timestamps
- Digital confirmations
- System log data
TruthLayer® does not expand data categories beyond those transmitted by the Controller.
5. Lawful Basis
The lawful basis for processing is determined solely by the Controller.
The Controller is responsible for:
- Informing data subjects
- Providing privacy notices
- Obtaining consent where required
- Ensuring lawful data collection
CheckTransfer Tech B.V. processes data strictly under Article 28 GDPR (Processor obligations).
6. Data Minimization & Neutrality
TruthLayer® is architected according to the principles of:
- Data minimization
- Purpose limitation
- Storage limitation
- Integrity and confidentiality
CheckTransfer Tech B.V. has no commercial interest in:
- The outcome of a transfer
- Whether a booking is completed
- Whether a dispute arises
TruthLayer® operates as a neutral technological layer.
7. Data Security
CheckTransfer Tech B.V. implements appropriate technical and organizational measures, including:
- Encrypted data transmission (TLS/SSL)
- Role-based access control
- Multi-layer authentication
- Secure hosting infrastructure
- Continuous monitoring and logging
- Access limitation to authorized personnel
TruthLayer® is designed as an event-logging environment to reduce risk of data manipulation.
8. Data Retention
Personal data is retained:
- According to Controller instructions
- For contractual duration
- For legally required evidentiary preservation where applicable
Deletion requests are assessed in light of:
- Legal retention requirements
- Contractual obligations
- Audit trail integrity
9. International Data Transfers
Data is primarily processed within the European Economic Area (EEA).
If transfers outside the EEA occur, appropriate safeguards (such as Standard Contractual Clauses) will be implemented in accordance with GDPR Chapter V.
10. Sub-Processors
CheckTransfer Tech B.V. may use carefully selected infrastructure providers (e.g., hosting providers).
All sub-processors are bound by written agreements ensuring GDPR compliance and equivalent data protection standards.
A sub-processor list is available upon request.
11. Data Subject Rights
Data subjects may exercise their rights under GDPR, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction
- Right to portability
- Right to object
Requests must be directed to the Controller (OTA or booking entity).
CheckTransfer Tech B.V. will assist the Controller where reasonably possible.
12. Data Breach Notification
In the event of a personal data breach, CheckTransfer Tech B.V. will:
- Notify the Controller without undue delay
- Provide relevant technical details
The Controller remains responsible for supervisory authority notification unless otherwise required by law.
13. Intellectual Property & Use of Software
TruthLayer® and all related software components remain the exclusive intellectual property of CheckTransfer Tech B.V.
Users may not:
- Reverse engineer the software
- Copy or replicate the system
- Modify proprietary elements
- Remove trademark or copyright notices
- Use the software outside licensed scope
TruthLayer® is protected under applicable copyright, trademark and intellectual property laws.
14. Limitation of Liability
To the maximum extent permitted by law:
CheckTransfer Tech B.V. shall not be liable for:
- Transport service failures
- Passenger no-shows
- Driver non-performance
- Commercial disputes
- Indirect or consequential damages
- Loss of revenue or goodwill
Liability, if any, is limited to the SaaS fees paid in the relevant contractual period.
15. Changes to This Policy
CheckTransfer Tech B.V. reserves the right to update this Privacy Policy.
Material changes will be communicated appropriately.
Continued use of TruthLayer® constitutes acceptance of the updated policy.
16. Contact Information
For privacy or compliance inquiries:
CheckTransfer Tech B.V.
Email: support@check-transfer.com
Phone: +31 85 040 6311