1. Data Controller
The operator of this vehicle-rental management system ("Service") acts as the data controller for personal data processed through this platform.
2. Data We Collect
- Identity data: first name, last name, middle name
- Contact data: email address, phone number, home address, local address
- Document data: driver's license number and expiry, passport number and expiry
- Payment data: first 4 and last 4 digits of credit cards (we do not store full card numbers)
- Rental data: reservation history, rental agreements, financial transactions
- Technical data: IP address, browser user-agent, session identifiers
3. Legal Basis
We process your data based on: (a) performance of a rental contract (GDPR Art. 6(1)(b)), (b) legal obligations such as tax record-keeping (Art. 6(1)(c)), and (c) legitimate interests for security and fraud prevention (Art. 6(1)(f)).
4. Data Retention
- Financial records (invoices, transactions): 7 years (EU tax law)
- Activity logs: 365 days
- Session data: 30 days
- Personal data: retained until erasure is requested or the data is no longer needed
5. Your Rights (GDPR Art. 12–23)
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion/anonymization of your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, contact us at the address below.
6. Data Security
Sensitive fields (driver's license, passport, addresses) are encrypted at rest. Access is restricted by role-based permissions. All authentication events are logged for security auditing.
7. Contact
For privacy inquiries or data subject requests, please contact your account administrator or email us at the address provided during registration.