Last Updated 28-06-21
1. About us
1.2. You are entitled to every right guaranteed by the 2016/679 EU regulations and all relevant European and national legislation. We will process your personal data strictly within the legal regulations.
We will use your personal data when:
- we have your full consent;
- we have to implement the contract that we are about to sign or have already signed with you;
- dictated by our legal interests (or the legal interests of a third party) whenever your interests and fundamental rights do not override these interests;
- we have to conform to legal or regulatory obligations;
- dictated by public interest.
2. Why we process your personal data
We process any personal data you have willingly provided, for which we have secured your full consent, whenever it is necessary for the implementation of the contract between us or when steps are to be taken at your request, before drawing up the contract, and such purposes are specified as: the rental of cars to a third party with or without a driver, the sale of cars to a third party (wholesale or retail), the hire of trucks and vans with or without a driver.
3. Categories of information collected
We have the right to collect, process, store and forward various types of personal data that we have classified as follows:
- Identity data include full name (trade name for sole proprietorships), mother and father’s name, date of birth, identity card (number, date of issue/expiry and place of issue), or passport (number, date of issue/expiry and place of issue), residence permit, valid driver’s license (number, date of issue/expiry and place of issue);
- Contact data include home address, email, fax and phone numbers;
- Financial data include taxpayer ID, bank account number, payment card details, indication of VAT exemption, activity (for sole proprietorships), tax office (for sole proprietorships), headquarters (for sole proprietorships);
- Credit ratings and legal documents (for sole proprietorships).
We do not collect sensitive personal data in any of our activities or countries of operation with the exception of your health data, which we acquire with your consent in case of traffic accident injury, solely to forward to the insurance agency that insures our vehicle.
4. How we collect your data
We collect your personal data in digital form or in print, every time you use our services, when these services are provided by us at our customer service points, namely in our stores, or in other places where our company legally operates (indicatively airports, hotels, service stations, etc).
We also collect your data when you use our call centers or any of our mobile applications, when you use our company email, as well as when you use our company websites. In the latter case and especially when you create or manage your profile, we collect the necessary data for this purpose.
In addition, please refer to our company website for information about our cookies policy (Cookies Policy).
- We may collect personal data with your consent in many ways, such as telephone calls, customer service contacts, websites and other sources, as specified above.
- We collect personal data of customers or drivers while booking short or long-term car rental or sale of a car, such as full name, address, phone number, driver’s license, credit card details, taxpayer ID, etc. (as specified in paragraph 3).
- We also collect your personal data when you create a profile on our website, as follows:
- Personal Data that we collect: Full Name, Email, Telephone Number.
- Access: It is obtained by creating a password which you choose and create. You have the option to renew the password or reset it in case of loss. The password is strictly personal. Its creation, as well as any change, is done exclusively through your email and at your own risk. Third party access to your reservation management profile is strictly prohibited. This is why we advise you not to give access to your profile to third parties and to contact us if you have any problems or have any questions about your reservation. In no case does our company bear any responsibility if you provide access to authorized or non-authorized third parties. Accordingly, we have no obligation to serve or provide information to third parties regarding the management of your reservation, through your electronic profile, even if you request it, as the profile and its use are strictly personal. Access to your profile is free 24 hours a day, all days of the year (excluding cases of maintenance of our website or the existence of a technical problem). You reserve the right to update your contact details at any time.
- Reasons for creating a profile: i) the management of your reservation, ii) the storage of your reservation history by our company, from the creation of your profile and onwards, iii) making a future reservation.
5. How long we keep your personal data
We keep your personal data only as long as needed to fulfil the purposes for which they have been collected, including the fulfilment of any legal or accounting obligation, or mandatory mention.
To specify the length of keeping personal data, we examine the quantity, the nature and the sensitivity of personal data, the potential danger of harm by unauthorized use or disclosure of your personal data, the purposes towards which we process your personal data and whether we are able to fulfil such purposes by other means, within the existing legislation.
The Customer’s tax data are kept for a period of ten (10) years from the date of issue of each tax document, to be made available, as required, to the tax authorities within the time frame of valid tax demands. Any data pertinent to establishing, enforcing and supporting legal claims of the Company or a third party in the presence of any competent court of law or administrative authority are kept for a period starting at the time that the Company demands are generated and up to twenty (20) years or for a longer period up to the statute of limitations and the termination of possible bilateral litigations. The Company may keep the customer’s personal data after fulfilling the purposes of collecting and processing them if such is our legal obligation as stipulated by any relevant legal provision.
6. Protection of your personal data
We have taken all the appropriate organizational and technical precautions to safeguard and protect your personal data from unintentional or fraudulent destruction, accidental loss, distortion, unlawful dissemination or access and any other kind of unauthorized processing.
7. Who the recipients of your data are
Our company guarantees that it will not forward, share, or relinquish etc. your data to others (except the ones mentioned in this document) for any reason or use unless this is dictated by the present legislation or stipulated by public/judicial bodies or authorities. Only the necessary minimum of Company personnel, all of whom are bound to confidentiality will have access to your personal data, which also applies to our partners who comply with our directives and are aligned with the provisions of the 2016/679 EU regulation and they process your data as joint data controllers or as data processors on our account and according to our directives.
Indicatively, recipients of your data are:
- the insurance agencies that collaborate with our Company;
- collaborating users of our logos and on a case-by-case basis our systems (franchisees). Relevant information can be found on our Company webpage;
- the car rental companies (in Europe or elsewhere) that are part of the international car rental system and handle bookings, with whom we share information pertaining to our car rental activities. Said information may include personal details of your booking entered through the respective application. Your data will not be used for any other reason, without your prior notification and consent. Let it be noted that personal data are also relayed/forwarded to non EU countries (to cater to bookings outside the EU) on condition that they possess adequate legislation to protect personal data;
- companies of sworn auditors that check our Company’s financial statements;
- cooperating companies that provide roadside assistance to drivers using our Company vehicles;
- cooperating companies in car rentals;
- legal service providers (lawyers, law firms) that defend our Company interests against third parties, natural or legal persons, judiciary and administrative authorities, independent authorities and bodies.
8. How we ensure that the processors and sub-processors respect your data
The processors working on our account have agreed with the company and are contractually committed:
- to observe confidentiality;
- not to forward your data to third parties without our Company’s permission;
- to take safety measures;
- to comply with the legal framework concerning personal data protection and particularly regulation 679/2016/EU (GDPR);
- to have been informed and observe all relevant laws and regulations towards the protection of personal data.
In the execution of their duties, the processors may at times employ other persons called sub-processors. In this case, the data controller will have authorized them to handle all or part of data processing. As a result, sub-processors have the same obligations and rights as the processors, as these are analyzed in the present policy and always within the bracket of their delegated duties and bear full responsibility as would the processor.
9. Your rights
You have the right to:
- request access to your personal data (“subject access request”). This provides you with a copy of your personal data as kept by us and it allows you to ensure that we process them according to the provisions of the law;
- request the correction of your personal data kept by the company. You may correct incomplete or faulty data or add to the data we have on you, though we have the right to ask you for verification of the new data you provide;
- request that your personal data be deleted subject to time period limitations as stipulated in paragraph 5. Still, as you probably know, we may not always be able to comply with your deletion request for specific legal reasons about which you will be notified, if necessary, on submission of your request.
- oppose our processing your personal data when you deem that your fundamental rights and freedoms have been violated. You also have the right to oppose our processing your personal data for promotional purposes.
- request the restriction of processing your personal data. This allows you to ask us to suspend processing your personal data in the following cases: i) if you wish to verify the accuracy of the data, ii) when the company’s use of the data is unlawful, but you do not wish us to delete your data, iii) when you wish us to preserve your data even if we do not ask for it, in the event it is necessary for you in order to confirm, exercise or defend legal claims, or, iv) if you have objected to our using your data, but you have to verify whether we have compelling legal reasons to do so;
- request personal data transmission to you or to a third party. We will provide you or the third party you have specified with your personal data in a structured, readable form. This specific right pertains only to information we have received with your consent during signing the contract or later, up to the time the request has been submitted;
- withdraw your consent in case you realize and can prove that it has stopped being lawful. Nevertheless, this cannot influence legitimate processing that took place before you withdrew your consent. If you withdraw your consent, it may not be possible for us to offer you certain products or services.
If you wish to exercise any of the rights above, please contact us.
10. How to exercise your rights
You can always submit your complaints concerning your personal data to the supervising authority. In Greece, this authority is the Hellenic Data Protection Authority (HDPA) and you can access it and find relevant details via the following link: www.dpa.gr. Be that as it may, we would appreciate it if we were to be allowed to handle your queries before you approach the Data Protection Authority, therefore we would like to ask you to get in touch with us first, using the contact information provided above.
You will not be asked to pay in order to access your personal data (or to exercise any other one of your rights). Nevertheless, we reserve the right to ask for a reasonable fee if your request is blatantly unfounded, repetitive or abusive.
12. What information we may require
We have the right to ask you for certain particulars in order to verify your identity and safeguard your right to access your personal data (or exercise any other one of your rights). It is a protective measure, which ensures that your personal data will not be accessed by unauthorized others. We also have the right to contact you and ask for further information concerning your request, in order to speed up reply time.
13. Reply time
We try to reply to all legitimate requests within the month. We may take longer than a month to reply if the request is particularly complex or if you have submitted a series of requests. In such case, you will be notified accordingly.
14. How you will be informed about any modifications of the present policy