Last Updated 1/2/2021
1. About us
1.2. You are
entitled to every right guaranteed by the 2016/679 EU regulations and all
relevant European and national legislation. We will process your personal data
strictly within the legal regulations.
We will use your personal data when:
we have your full consent;
we have to implement the
contract that we are about to sign or have already signed with you;
dictated by our legal
interests (or the legal interests of a third party) whenever your
interests and fundamental rights do not override these interests;
we have to conform to legal
or regulatory obligations;
- dictated by public interest.
2. Why we process
your personal data
We process any personal data you have willingly provided, for which we have secured your full consent, whenever it is necessary for the implementation of the contract between us or when steps are to be taken at your request, before drawing up the contract, and such purposes are specified as: the rental of cars to a third party with or without a driver, the sale of cars to a third party (wholesale or retail), the hire of trucks and vans with or without a driver.
3. Categories of
We have the right to collect, process, store and forward various types of personal data that we have classified as follows:
Identity data include full name (trade
name for sole proprietorships), mother and father’s name, date of birth,
identity card (number, date of issue/expiry and place of issue), or
passport (number, date of issue/expiry and place of issue), residence
permit, valid driver’s license (number, date of issue/expiry and place of
Contact data include home address, email,
fax and phone numbers;
Financial data include taxpayer ID, bank
account number, payment card details, indication of VAT exemption,
activity (for sole proprietorships), tax office (for sole
proprietorships), headquarters (for sole proprietorships);
We do not collect sensitive personal data in any of our activities or countries of operation with the exception of your health data, which we acquire with your consent in case of traffic accident injury, solely to forward to the insurance agency that insures our vehicle.
4. How we collect your
We collect your personal data in digital form or in print, every time you use our services, when these services are provided by us directly at the points of customer service or in other places where our company legally operates. We also collect your data when you use our websites, our phone services or cellphone applications and our company email. Any user/customer may browse our webpage without providing any personal information. Information about our cookies policy can be found on our company webpage.
We collect personal data of
customers or drivers while booking short or long-term car rental or sale
of a car, such as full name, address, phone number, driver’s license,
credit card details, taxpayer ID, etc. (as specified in paragraph 3).
- We may collect personal data with your consent in many ways, such as telephone calls, customer service contacts, websites and other sources, as specified above.
5. How long we keep
your personal data
We keep your personal data only as long as needed to fulfil the purposes for which they have been collected, including the fulfilment of any legal or accounting obligation, or mandatory mention.
To specify the
length of keeping personal data, we examine the quantity, the nature and the
sensitivity of personal data, the potential danger of harm by unauthorized use
or disclosure of your personal data, the purposes towards which we process your
personal data and whether we are able to fulfil such purposes by other means,
within the existing legislation.
The Customer’s tax
data are kept for a period of ten (10) years from the date of issue of each tax
document, to be made available, as required, to the tax authorities within the
time frame of valid tax demands. Any data pertinent to establishing, enforcing
and supporting legal claims of the Company or a third party in the presence of
any competent court of law or administrative authority are kept for a period
starting at the time that the Company demands are generated and up to twenty
(20) years or for a longer period up to the statute of limitations and the
termination of possible bilateral litigations. The Company may keep the
customer’s personal data after fulfilling the purposes of collecting and
processing them if such is our legal obligation as stipulated by any relevant
6. Protection of
your personal data
We have taken all the appropriate organizational and technical precautions to safeguard and protect your personal data from unintentional or fraudulent destruction, accidental loss, distortion, unlawful dissemination or access and any other kind of unauthorized processing.
7. Who the
recipients of your data are
Our company guarantees that it will not forward, share, or relinquish etc. your data to others (except the ones mentioned in this document) for any reason or use unless this is dictated by the present legislation or stipulated by public/judicial bodies or authorities. Only the necessary minimum of Company personnel, all of whom are bound to confidentiality will have access to your personal data, which also applies to our partners who comply with our directives and are aligned with the provisions of the 2016/679 EU regulation and they process your data as joint data controllers or as data processors on our account and according to our directives.
Indicatively, recipients of your data are:
a. the insurance agencies that collaborate with our Company;
b. collaborating users of our logos and on a case-by-case basis our systems
(franchisees). Relevant information can be found on our Company webpage;
c. the car rental companies (in Europe or elsewhere) that are part of the
international car rental system and handle bookings, with whom we share
information pertaining to our car rental activities. Said information may
include personal details of your booking entered through the respective
application. Your data will not be used for any other reason, without your
prior notification and consent. Let it be noted that personal data are also
relayed/forwarded to non EU countries (to cater to bookings outside the EU) on
condition that they possess adequate legislation to protect personal data;
d. companies of auditors that check our Company’s financial statements;
e. cooperating companies that provide roadside assistance to drivers using
our Company vehicles;
f. cooperating companies in car rentals;
g. legal service providers (lawyers, law firms) that defend our Company interests against third parties, natural or legal persons, judiciary and administrative authorities, independent authorities and bodies.
8. How we ensure
that the processors and sub-processors respect your data
The processors working on our account have agreed with the company and are contractually committed:
a. to observe confidentiality;
b. not to forward your data to third parties without our Company’s permission;
c. to take safety measures;
d. to comply with the legal framework concerning personal data protection and particularly regulation 679/2016/EU (GDPR);
e. to have been informed and observe all relevant laws and regulations towards the protection of personal data.
In the execution of their duties, the processors may at times employ other persons called sub-processors. In this case, the data controller will have authorized them to handle all or part of data processing. As a result, sub-processors have the same obligations and rights as the processors, as these are analyzed in the present policy and always within the bracket of their delegated duties and bear full responsibility as would the processor.
9. Your rights
You have the right to:
a. request access to your personal data (“subject access request”). This
provides you with a copy of your personal data as kept by us and it allows you
to ensure that we process them according to the provisions of the law;
b. request the correction of your personal data kept by the company. You
may correct incomplete or faulty data or add to the data we have on you, though
we have the right to ask you for verification of the new data you provide;
c. request that your personal data be deleted subject to time period
limitations as stipulated in paragraph 5. Still, as you probably know, we may
not always be able to comply with your deletion request for specific legal
reasons about which you will be notified, if necessary, on submission of your
d. oppose our processing your personal data when you deem that your
fundamental rights and freedoms have been violated. You also have the right to
oppose our processing your personal data for promotional purposes.
e. request the restriction of processing your personal data. This allows
you to ask us to suspend processing your personal data in the following cases:
i) if you wish to verify the accuracy of the data, ii) when the company’s use
of the data is unlawful, but you do not wish us to delete your data, iii) when
you wish us to preserve your data even if we do not ask for it, in the event it
is necessary for you in order to confirm, exercise or defend legal claims, or,
iv) if you have objected to our using your data, but you have to verify whether
we have compelling legal reasons to do so;
f. request personal data transmission to you or to a third party. We will
provide you or the third party you have specified with your personal data in a
structured, readable form. This specific right pertains only to information we
have received with your consent during signing the contract or later, up to the
time the request has been submitted;
g. withdraw your consent in case you realize and can prove that it has stopped being lawful. Nevertheless, this cannot influence legitimate processing that took place before you withdrew your consent. If you withdraw your consent, it may not be possible for us to offer you certain products or services.
If you wish to exercise any of the rights above, please contact us.
10. How to exercise
You can always submit your complaints concerning your personal data to the supervising authority. In Greece, this authority is the Hellenic Data Protection Authority (HDPA) and you can access it and find relevant details via the following link: www.dpa.gr. Be that as it may, we would appreciate it if we were to be allowed to handle your queries before you approach the Data Protection Authority, therefore we would like to ask you to get in touch with us first, using the contact information provided above.
You will not be asked to pay in order to access your personal data (or to exercise any other one of your rights). Nevertheless, we reserve the right to ask for a reasonable fee if your request is blatantly unfounded, repetitive or abusive.
information we may require
We have the right to ask you for certain particulars in order to verify your identity and safeguard your right to access your personal data (or exercise any other one of your rights). It is a protective measure, which ensures that your personal data will not be accessed by unauthorized others. We also have the right to contact you and ask for further information concerning your request, in order to speed up reply time.
13. Reply time
We try to reply to all legitimate requests within two months. We may take longer than two months to reply if the request is particularly complex or if you have submitted a series of requests. In such case, you will be notified accordingly.
14. How you will be
informed about any modifications of the present policy