Royal Wheels Privacy Policy

---

Royal Wheels (“Royal Wheels,” “we,” “our,” or “us”) provides non-emergency medical and wheelchair-accessible transportation services. We are committed to protecting the privacy and security of our passengers and website visitors. This Privacy Policy explains what information we collect, how we use it, the conditions under which we may disclose it, and the choices you have in accordance with major international data-protection laws, including—but not limited to—the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and relevant U.S. healthcare privacy rules (e.g., HIPAA, where applicable).

This Policy covers all personal information processed by Royal Wheels in connection with:

• our public website (royalwheels.com and any sub-domains);
• mobile or web booking forms;
• phone, SMS, e-mail, or in-person reservations;
• marketing communications; and
• provision of transportation services.
  
  

Category

Examples

Collection Method

Identity & Contact Data

Full name, postal address, e-mail, phone number, emergency contact

Online forms, phone bookings, e-mail, in-person

Trip Details

Pickup & destination addresses, appointment date/time, physician name & phone, mobility requirements

Booking forms, dispatch software

Demographic & Medical-Related Data

Date of birth, wheelchair type, accessibility needs, relevant health notes (only the minimum necessary)

Supplied by passenger or authorized caregiver

Payment Data

Cardholder name, partial PAN, payment tokens (processed through PCI-DSS-compliant providers)

Secure payment gateway

Technical Data

IP address, device identifiers, browser type, cookies & similar technologies

Website/app analytics

Marketing Preferences

Opt-in/opt-out status for e-mail, SMS, cookies

Consent forms, preference center

Sensitive data warning: We do not request full medical records. Any health-related information is limited to what is necessary to complete your trip safely and is protected under HIPAA where applicable.

We process personal data under one or more of the following bases:

1. Performance of a contract – to schedule, manage, and complete your ride.
2. Legitimate interests – e.g., to improve our services, prevent fraud, or secure our systems, unless such interests are overridden by your rights.
3. Legal obligation – to comply with transport regulations, tax laws, or court orders.
4. Consent – for optional marketing communications and some cookies. You may withdraw consent at any time.
   

• Service Delivery: confirm bookings, dispatch drivers, coordinate return trips, send reminders/updates.
• Customer Support: respond to inquiries, reschedule rides, handle complaints.
• Billing & Accounting: process payments, issue invoices, manage refunds.
• Safety & Compliance: maintain trip logs, verify driving records, meet insurance or medical-transport rules.
• Analytics & Improvements: analyze aggregated usage to enhance routing, website performance, and user experience.
• Marketing (with consent): send newsletters, service updates, and promotions. You can opt out any time.
  
  

We never sell your personal information. We share it only when necessary:

Recipient

Purpose

Safeguards

Drivers & Operational Staff

Pickup, drop-off, and accessibility details

Confidentiality agreements; role-based access

Authorized Healthcare Providers / Facilities

Verify appointment or facilitate patient transfer

HIPAA Business Associate Agreements (BAAs) where required

Payment Processors

Secure card transactions

PCI-DSS compliance; tokenization

IT & Cloud Vendors

Hosting, e-mail, routing software

Data-processing agreements; encryption

Regulators / Law Enforcement

Legal compliance, dispute resolution, safety investigations

Only upon valid request

Corporate Transactions

Acquisition, merger, or asset sale

Notice to affected users; contractual protection

We operate primarily in the United States but may use cloud services with servers in other countries. Whenever we transfer personal data outside its country of origin, we rely on:

• Adequacy decisions (for EU–US Data Privacy Framework participants), or
• Standard Contractual Clauses (SCCs), or
• other legally recognized mechanisms ensuring an equivalent level of protection.
  
  

We keep personal data only for as long as necessary to fulfill the purposes outlined in this Policy and to meet legal, accounting, or reporting requirements. Typical retention periods:

• Trip & billing records: 7 years (tax/insurance compliance)
• Marketing preference data: until you opt out or 2 years after last interaction
• Cookie data: per cookie lifespan (see Cookie Notice)
  

Once retention periods lapse, data are securely deleted or anonymized.

• TLS/HTTPS encryption for all online forms
• Role-based access control (RBAC) and multi-factor authentication for staff systems
• Regular vulnerability scanning & penetration tests
• AES-256 encrypted backups
• Driver devices wiped on separation
• Incident-response plan aligned with NIST standards
  
  

Depending on your jurisdiction, you may have the right to:

• Access – Obtain a copy of the data we hold about you
• Rectify – Correct inaccurate or incomplete data
• Erase – Request deletion of personal information (subject to legal exemptions)
• Restrict or Object – Limit or oppose certain processing activities
• Data Portability – Receive your data in a machine-readable format
• Opt Out of Marketing – Click “unsubscribe” or contact us anytime
• Do Not Sell/Share (CCPA/CPRA) – We do not sell personal data, but you still have this right if you are a California consumer
  

To exercise these rights, e-mail privacy@royalwheels.com or call [toll-free number]. We may verify your identity before fulfilling requests.

Our website uses strictly necessary, performance, and functional cookies. We obtain consent for non-essential cookies via a banner on your first visit. See our separate Cookie Notice for details and opt-out options.

Our services are intended for individuals age 13 and older. We do not knowingly collect personal data from children under 13 without parental consent. If you believe a child has provided us data without authorization, please contact us and we will delete it promptly.

Our website may link to external sites (e.g., hospitals, payment gateways). We are not responsible for their privacy practices. Please review their policies before providing personal data.

We may update this Privacy Policy periodically. The “Effective Date” at the top will indicate when it was last revised. Significant changes will be communicated via e-mail or a prominent notice on our website.

Royal Wheels Privacy Office
Address: [Physical Address]
E-mail: privacy@royalwheels.com
Phone: [Phone Number]

If you have unresolved concerns, you have the right to lodge a complaint with your local data-protection authority.

Thank you for trusting Royal Wheels with your personal information. Your privacy and security are paramount to us, and we continually strive to uphold the highest standards of protection worldwide.