Privacy Notice
HolboxTransfers.com Global Privacy Notice
This Privacy Notice governs personal data collected through HolboxTransfers.com, quotation and booking forms, WhatsApp, email, phone calls, live chat, social media, payment links, onboard terminal collections, analytics tools, cookies, and other official channels used to request, confirm, pay for, coordinate, change, or support pre-contracted private transportation services.
This page has been intentionally structured to match the clearer editorial style of our Terms and Conditions page. It also reflects that our website receives visitors and booking activity from Mexico, the European Economic Area, the United Kingdom, the United States, Canada, and other jurisdictions, so this Notice includes a core global explanation together with region-specific rights where relevant.
Effective date: April 11, 2026
On this page
- Key points
- 1. Controller and responsible party
- 2. Data we collect
- 3. Why we use personal data
- 4. Legal bases and consent framework
- 5. Cookies, analytics, tags, and similar technologies
- 6. Sharing, processors, and service providers
- 7. International transfers
- 8. Retention and storage periods
- 9. Rights by region
- 10. Minors and third-party passenger data
- 11. Security
- 12. Changes to this Notice
- 13. Privacy contact
Before you share data
- Provide accurate passenger, route, flight, and contact details.
- If you send data for another passenger, you must be authorized to do so.
- Please avoid sending sensitive medical details unless truly necessary for safe service coordination.
Main operational uses
- To quote, confirm, coordinate, and provide private transportation services.
- To process payments, verify transactions, issue receipts or invoices, and prevent fraud.
- To respond to support requests, operational issues, booking changes, or complaints.
What matters most
- We use third-party tools such as payment processors and analytics providers.
- We do not intentionally store full bank-card numbers when authorized processors handle payment.
- Depending on location, you may have rights beyond Mexico's ARCO framework.
Controller and responsible party
For purposes of this Notice, the party responsible for the processing of personal data collected through HolboxTransfers.com and its official booking and service channels is the operating entity identified in the corresponding reservation, payment, invoice, receipt, confirmation, or tax record, which may include Cancun Airport Holbox Transfers S. de R.L., Cancun Cabs Agency S. de R.L. de C.V., or another duly identified affiliated operating entity acting for the requested service.
HolboxTransfers.com functions as the commercial platform and operational booking environment through which private transportation requests, communications, and service coordination are managed. Questions regarding this Notice may be directed to the privacy contact listed at the end of this page.
Data we collect
Depending on the service requested and the channel used, we may collect the following categories of personal data:
- identification and contact data, such as full name, email address, phone number, WhatsApp number, and country;
- reservation and travel data, such as route, pickup point, drop-off point, date, time, airline, flight number, hotel, ferry coordination, passenger count, luggage information, and child-seat needs;
- billing and transaction-related data, such as payment status, processor reference, billing information, or invoice data;
- communications data, such as emails, WhatsApp messages, support messages, chat conversations, service notes, reviews, or complaint records;
- technical and usage data, such as IP address, browser type, device information, approximate geolocation derived from IP, page interactions, referring channels, and analytics identifiers; and
- any other information you voluntarily provide when requesting a quote, booking a service, asking for support, or sending special instructions.
We do not intentionally request sensitive personal data. If a passenger voluntarily shares health or accessibility information necessary to operate a safer service, such information will be used only to the extent reasonably necessary for that purpose.
Why we use personal data
We may use personal data for the following primary purposes:
- to receive and evaluate quote requests;
- to confirm, manage, and operate private transportation reservations;
- to coordinate airport pickups, hotel pickups, ferry timing, route instructions, and customer support;
- to process or verify payments, deposits, refunds, receipts, and invoices;
- to detect, prevent, and investigate fraud, abuse, impersonation, or unauthorized payment activity;
- to maintain booking records and operational evidence;
- to comply with legal, fiscal, accounting, consumer-protection, or safety obligations; and
- to improve the functionality, security, and performance of our website, content, booking flow, and communications.
Where permitted by law, we may also use contact information for service-related follow-up, review requests, and marketing communications regarding our own services. You may opt out of non-essential marketing communications where applicable.
Legal bases and consent framework
When applicable law requires a legal basis for processing, we may rely on one or more of the following: performance of a contract or pre-contractual steps requested by you; compliance with legal obligations; our legitimate interests in operating, securing, and improving the service; and your consent where consent is required.
For Mexico, the applicable framework includes the privacy principles and rights established under the Federal Law on Protection of Personal Data Held by Private Parties. For visitors in the EEA or the UK, this Notice is intended to explain the relevant legal bases in a GDPR-style format. For certain United States or Canadian contexts, this Notice is also intended to function as a notice at collection or equivalent transparency notice where required.
Cookies, analytics, tags, and similar technologies
Our website may use cookies, pixels, tags, scripts, session storage, local storage, and similar technologies for functionality, security, measurement, traffic analysis, and marketing support. These technologies may be deployed directly by us or by third-party providers acting on our behalf.
We may use tools such as Google Analytics 4 and Google Tag Manager to understand website traffic, booking behavior, traffic source performance, language preferences, device trends, approximate geographic patterns, and content effectiveness. These tools may collect or process identifiers such as IP-related data, browser data, device data, page interaction data, and event data in accordance with their own technical design.
Where applicable law requires prior consent for non-essential cookies or analytics technologies, those tools should be subject to the corresponding consent flow or user choice mechanism implemented on the website. Essential technologies needed for security, session integrity, basic booking functionality, fraud prevention, or load balancing may continue to operate where permitted by law.
For more information, please review our Cookie Statement if available.
Sharing, processors, and service providers
We may share personal data only as reasonably necessary for the purposes described in this Notice, including with:
- drivers, dispatch personnel, operations staff, or assigned vehicle providers involved in performing the service;
- payment processors, acquiring banks, terminal providers, antifraud providers, or related financial service providers;
- technology, hosting, analytics, messaging, live chat, support, or communication providers;
- accounting, legal, tax, insurance, or compliance advisers where reasonably necessary; and
- governmental authorities or third parties when disclosure is required by law, legal process, tax obligations, safety reasons, or defense of rights.
We do not sell personal data for monetary consideration. We do not share personal data with unrelated third parties for their independent marketing use unless you specifically request or authorize it.
International transfers
Because our website and tools may be accessed from multiple countries and may rely on technology providers, processors, or service infrastructure located in different jurisdictions, personal data may be transferred to, accessed from, or processed outside the country where the customer is located.
Where foreign law requires transfer safeguards, we intend to rely on lawful transfer mechanisms, contractual protections, processor commitments, or other recognized safeguards as applicable to the relevant transfer and provider relationship.
Retention and storage periods
We retain personal data only for as long as reasonably necessary for the purposes described in this Notice, including reservation administration, customer support, fraud prevention, accounting, tax compliance, legal defense, and evidentiary needs.
Retention periods may vary depending on the nature of the data, the payment method, the existence of a dispute, the applicable legal or tax retention period, and whether the data is needed to verify past service activity. Technical and analytics data may be retained according to the settings and retention controls available in the relevant platform.
Rights by region
Mexico
You may request access, rectification, cancellation, or opposition regarding your personal data in accordance with applicable Mexican law, and you may also request to limit use or disclosure where applicable.
EEA and United Kingdom
Depending on the circumstances, you may have rights such as access, rectification, erasure, restriction, objection, and portability, as well as the right to withdraw consent where consent is the legal basis. You may also have the right to lodge a complaint with the competent supervisory authority.
United States
Residents of certain states may have rights to know, access, correct, delete, or limit certain processing of personal information, subject to legal exceptions and applicability thresholds. Where required, this Notice is intended to function as a notice at collection.
Canada
Depending on applicable Canadian law, you may request access to your personal information, request correction, and ask questions about how consent is obtained and how your personal information is handled.
To exercise any applicable right, please contact us using the details in Section 13 and provide enough information for us to identify the relevant reservation or interaction safely.
Minors and third-party passenger data
Our services are not directed to children booking independently. However, booking information may include minors traveling with parents, guardians, or other authorized adults. Adults providing passenger information for minors or other travelers must be authorized to do so and must provide accurate information relevant to the service.
Security
We use reasonable administrative, contractual, organizational, and technical measures intended to protect personal data against unauthorized access, misuse, alteration, or unlawful loss, taking into account the nature of the data and the operational context of the service. No system can be guaranteed to be absolutely secure, and customers should also use caution when sending information through third-party networks, shared devices, or unsecured channels.
Changes to this Notice
We may modify this Privacy Notice from time to time to reflect operational, legal, regulatory, or technological changes. The updated version will be published on this page together with its effective date. Material changes may also be communicated through other appropriate channels when required.
Privacy contact
For privacy requests, rights requests, or questions about this Notice, please contact:
HolboxTransfers.com Privacy Contact
Email: [email protected]
Website: holboxtransfers.com/privacynotice.aspx
If your request relates to a specific booking, please include the passenger name, service number, travel date, and the channel used for the reservation, so we can locate the relevant record more efficiently.