1. Principles
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, comply with applicable law, or defend legal claims. We apply data minimisation throughout the lifecycle and delete or anonymise data at the end of its retention period.
2. Retention schedule
| Data category | Retention period | Legal basis |
|---|---|---|
| Booking records (route, dates, passenger, price) | 7 years from booking completion | Greek Tax Code (Law 4308/2014, Art. 5) |
| VAT invoices & payment proof | 10 years | Greek tax law & EU VAT Directive |
| Driver profile data (licence, insurance, KTEO) | While Driver is active + 5 years after deactivation | Legitimate interest, regulatory compliance |
| User account (name, email, password hash, preferences) | Active account + 12 months after closure | Contract performance, then erasure |
| Marketing-consent records | Until withdrawal + 12 months for audit trail | Consent + legal obligation (Art. 7 GDPR) |
| Quote requests not converted to bookings | 180 days | Legitimate interest (capacity planning, conversion analysis) |
| Support & complaint communications | 3 years from resolution | Legitimate interest, defence of legal claims |
| Server access & security logs | 90 days | Legitimate interest (security, fraud prevention) |
| Analytics cookies (opt-in only) | 14 months (Google Analytics default) | Consent |
| Strictly-necessary cookies (session, CSRF) | Session or up to 30 days | Essential for service delivery |
| Lost-property recovery records | 2 years | Legitimate interest, dispute resolution |
| Backup snapshots | 35 days rolling | Operational continuity |
3. What “deletion” means in practice
At the end of the retention period, personal identifiers are removed from active databases and replaced with anonymous tokens. Records may persist in:
- Backup snapshots for up to 35 days, after which they roll off automatically.
- Aggregated analytics with no personal identifiers (e.g. “the Athens–Meteora route had 42 bookings in March” survives, but the specific passengers do not).
- Statutory retentions — invoices and tax records cannot be deleted before the legal period expires, even on request, per Art. 17(3)(b) GDPR.
4. Early deletion at user request
You can request deletion of your account and associated personal data at any time by emailing [email protected]. We will delete what is not subject to legal-retention obligations within 30 days and confirm in writing. Data we are legally required to retain will be locked from active processing and deleted at the end of the statutory period.
5. Driver data (separate retention)
Driver onboarding documents (driving licence, vehicle registration, KTEO certificate, insurance certificate) are retained for the duration of the partnership plus 5 years thereafter, in line with commercial transport recordkeeping obligations under Greek law.
6. Review
This schedule is reviewed annually. Changes are announced via banner on luxi.gr and by email to registered users. Older versions of this document are available on request via [email protected].
See also: GDPR Policy, Privacy Policy, Information Security Policy.