Privacy Policy

1 Who We Are

DH Black Car Corp is a private transportation and luxury tour company based in New York City, NY, USA. We operate under TLC license and provide private chauffeur services, airport transfers, and customized city tours.

This Privacy Policy explains what information we collect when you use our website (dhblackcar.com), how we use it, and how we protect it.

2 Data We Collect

We collect information in the following ways:

Information you provide directly:

• Full name
• Email address
• Phone number
• Trip details (date, time, pickup location, destination, passenger count)
• Special requests (baby seat, tour guide, etc.)
• Newsletter subscription email (if you choose to subscribe)

Information collected automatically:

• IP address and browser data (for security and analytics)
• Pages visited and time on site
• Session cookies (see section 5)

3 How We Use Your Data

We use the information collected to:

• Process and manage your service booking or quote
• Communicate with you about your trip (confirmations, reminders, updates)
• Send billing and payment receipts
• Send you the newsletter (only if you subscribed — you may unsubscribe at any time)
• Improve our services and website performance
• Comply with legal and regulatory obligations
• Prevent fraud and ensure site security

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4 Payment Processing

Online payments are processed by certified third-party providers — currently EPX (Electronic Payment Exchange) and pymntlink.com. When you make a payment:

• Your credit/debit card information is sent directly to the payment provider through a secure encrypted connection (HTTPS/TLS).
• DH Black Car Corp never stores card data on its servers.
• Payment providers comply with the PCI-DSS standard.

By completing a payment, you also agree to the terms and conditions of the respective payment processor.

5Cookies

Cookies are small text files stored on your device. We use the following types:

• Essential session cookies: required for the site to function correctly (admin login, CSRF security token, language selection). Without these, the site cannot operate.
• Functional cookies: remember your preferences (such as selected language) between visits.
• Analytics cookies: we collect anonymous data about site usage to improve the experience. They do not identify individual users.

We do not use advertising tracking cookies or share cookie data with advertising networks.

By clicking "Accept" on the cookie banner, you consent to the use of functional and analytics cookies. You may withdraw consent at any time by clearing cookies in your browser settings.

6 Third Parties & External Services

Our website integrates the following third-party services:

• Google Fonts — typography loaded from Google servers. Google may log font requests.
• Google Maps — embedded on some pages to display routes or locations.
• OpenStreetMap / Nominatim / Leaflet.js — open-source maps used in the routes section. Nominatim may receive geocoding queries.
• EPX / pymntlink.com — payment processors (see section 4).
• WhatsApp — the floating button redirects you to WhatsApp with a pre-defined message; this interaction is subject to WhatsApp/Meta's privacy policy.

Each external provider has its own privacy policy. We recommend reviewing them if you have questions about how those providers handle your data.

7 Data Retention

We retain your personal information for as long as necessary to:

• Manage your booking and deliver the contracted service
• Comply with legal, accounting, and tax obligations (generally up to 7 years under US law)
• Resolve disputes or enforce agreements

Newsletter subscription data is retained until you request to unsubscribe. Analytics cookies are short-lived (session or a maximum of 12 months).

8 Your Rights

Depending on your location, you may have the following rights over your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Deletion: request that we delete your information ("right to be forgotten").
• Portability: receive your data in a structured, machine-readable format.
• Opt-out of marketing communications: unsubscribe from the newsletter at any time.
• California residents (CCPA): you have the right to know, delete, and not be discriminated against for exercising your privacy rights.

To exercise any of these rights, contact us using the information in section 11.

9 Security

We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or disclosure, including:

• Encrypted connections via HTTPS/TLS throughout the site
• Password storage with hashing (bcrypt)
• Encryption of sensitive credentials in the database
• HTTP security headers (CSP, HSTS, X-Frame-Options, etc.)
• Restricted access to the administration panel

However, no internet data transmission system is 100% secure. While we do everything possible to protect your information, we cannot guarantee absolute security.

10 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the website after changes are posted constitutes your acceptance of the updated policy.

11 Contact Us

If you have questions, comments, or wish to exercise your rights over your personal data, please contact us: