With the rapid development of cloud storage, an increasing number of users prefer to store their data on the remote cloud to reduce the burden of maintaining the data by themselves. Since different cloud storage providers offer distinct quality of service, e.g., prices, access speed, security and reliability, outsourced data transfer becomes a fundamental requirement for users to change their cloud storage providers. Therefore, how to guarantee the correctness and availability of the cloud data when the data are being transferred from one semi-trusted cloud to another becomes a primary concern of data owners. To address this issue, we propose a provable data transfer protocol based on provable data possession and deletion for secure cloud storage in this paper. Specifically, the data owner can transfer the outsourced data from one cloud to another, without retrieving the entire data from the old cloud, and checking the data integrity in the new cloud and worrying about the deletion of the removed data in the old cloud, after the data are transferred. Our scheme achieves the desirable features of supporting both plaintexts and ciphertexts operations, which means that two clouds can generate the possession proof and deletion evidence on the cloud data, respectively, regardless the data are encrypted or not. We also develop a prototype implementation of the proposed protocol which demonstrates the efficiency and practicality of the proposal.