We may change this Notice from time to time; so please check back here for any updates.
We offer a range of services related to online car rental, including products and services such as insurance, through our own websites, mobile apps, emails and text messages (‘platforms’). We also do this through our business partners’ websites, social media and other platforms. This Notice applies to all the personal data we collect while we’re doing this, or when you contact us by email, live chat, phone or post.
Our business partners should also visit our Privacy and Cookie Statement for Business Partners to understand how personal data is processed as part of our business relationship.
Personal data you give us
We can’t help you make a booking or request a quote without certain information. When you do either of those things, we ask you for the information we need so we can give you what you want. This is pretty standard stuff and may include your name, age, date and place of birth and contact details (email, address and phone number). It can also include information about your passport, identity card and driving licence – and your loyalty programme number and payment information.
In addition, we collect information from your computer when you use one of our platforms, even if you don’t make a booking. This may include your IP address, which browser you use, and your language settings. There are also situations where we receive information about you from third parties, or automatically collect other information. This is a basic overview of the information we collect. Would you like to know more?
Personal data you give us
We store and use the information that you give us. When you make a booking, we need at least your name, email address and payment information. We might also ask for your home address, phone number and date of birth, and the names of any additional drivers.
If you get in touch with us (by phone, by email or through social media, for example) we will collect information from you there too.
After your booking, we may ask you to provide a review to help us improve our services, and to help ensure future customers get exactly what they’re looking for.
There are also other ways you might give us information. For example, if you’re browsing with your mobile device, you can share your current location with us, so we can provide you with the best possible service. To make things easier, you can also open a user account, which lets you review and manage your bookings, as well as saving your personal settings and your passport and driving licence details. It also makes it easier to make future bookings.
Personal data you give us about others
You might add someone as an additional driver, or you might make a booking on behalf of someone else, for example, a friend, family member or colleague. If you do, please make sure that that person knows you’re giving us their details, and has accepted the way we handle their personal data (as described in this Notice). This is your responsibility.
Personal data we collect automatically
When you make a booking, we record what platform you made it on, and how you got to our platform (if you came through from another site, for example).
Even if you don’t end up making a booking, we may automatically collect some information when you visit our platforms. This may include your IP address, which pages you’ve visited, which browser you’re using, and information about clicks. It might also include information about your computer’s operating system, its application version, language settings, device-specific setting and characteristics, and data that identifies your device.
If you’re using a mobile device, we might also collect location details. And we might analyse, and process basic data related to the apps installed on it (e.g. name, description and category).
Personal data we get from other companies
We may also get information about you from social media platforms, our business partners, subsidiaries of the Rentalcars.com corporate family, affiliates of the Booking Holdings Inc corporate group (see here for more information) and other third parties. For example:
We work with affiliate business partners to offer our services on other platforms. When you make a booking on one of these platforms, we may share your personal data with them, and they may share your personal data with us.
The companies that provide the services you have booked through our platforms may need to send us information about you – for example, if your booking leads to an insurance claim or customer service dispute.
Our business partners may also send us information about you that may help us show you more relevant adverts.
We may combine any of this information with the information you give us directly.
Please see ‘Why do we collect and use your personal data?’ for details.
Why do we collect and use your personal data?
We ask for your personal data so we can book your car (and anything else you need for your booking), and make sure you get the best possible service. We also use it to contact you, and to tell you about our latest deals and special offers. These are the main reasons we collect your personal data, but there are other reasons too. Would you like to know more?
We may use your personal data in the following ways:
Bookings: First and foremost, we use your personal data to make and administer your booking, and to forward the necessary details to the company that provides your car (or other product or service, such as insurance). This includes sending you communications in relation to your booking, such as confirmations, modifications and reminders.
Customer service: We provide international customer service 24/7 in over 40 languages. Our international customer service teams need your details so they can help you make a booking, for example, or to reply to any queries you may have before, during or after your booking.
Customer reviews: We may use your contact details to send you a short questionnaire about your booking. This helps us understand and improve our service and the service our business partners provide.
Account facilities: To make things easier, you can create a user account on our platforms. This involves giving us your personal data, and it lets you do a number of useful things. You can manage your bookings or other purchases, take advantage of special offers, and manage your personal settings and preferences. It also makes it easier to make future bookings.
Marketing activities: We also use your personal data for marketing activities, which may include:
Contacting you by post, phone, email or SMS (depending on the contact details you give us) with our latest news, special offers, discounts and updates, including details of our products and services (and/or those of our group companies or affiliate business partners). You can unsubscribe from these marketing communications quickly, easily and at any time – just click the “unsubscribe” link in any email or visit our Data Subject Request Portal.
Contacting you by phone, email or SMS with information about insurance products that you didn’t include in your booking.
Showing you relevant offers on our platforms or on third-party websites, including social media sites.
Inviting you to participate in promotional activities (such as referral programs or competitions).
Communicating with you: There may be other times when we contact you by phone, email or SMS. There could be a number of reasons for this, including:
Responding to, and handling any requests you have made.
Emailing you a reminder about a booking you didn’t finalise, to see if you need any help to do so. We see this as a useful additional service because it lets you carry on with a booking without having to find the car again or fill in all the booking details from scratch.
Sending you a questionnaire or inviting you to review your experience.
Sending you other material related to your booking, such as how to contact us (or another company) if you need help during your booking.
Sending you a summary of your previous bookings.
Sending you other administrative messages, which may include security alerts, even if you don’t have an upcoming booking.
Market research: We may ask you to take part in market research. Any additional personal data that you give us as part of this research will be used only with your consent.
Fraud detection and prevention: To provide a safe, trustworthy service, we use your personal data to detect and prevent fraud and other illegal or unwanted activities. Similarly, we may use personal data for risk assessment and security purposes, which can include verifying users and bookings. This can sometimes mean we may have to put certain bookings on hold.
Improving our services: We analyse personal data to help us improve the functionality and quality of our online services, and enhance the whole user experience. We’re always working to make our platforms easier and more enjoyable for you to use.
Customer reviews: After your booking, we may invite you to review the services that we or our business partner provided. Your review will help future customers make the right choice, and help our business partners improve the services they offer. By submitting a review, you are agreeing that it can be displayed, as explained in our Terms and Conditions. You can make a review anonymously or simply put your first name and country location.
Call monitoring: We may record phone calls and/or allow other staff to listen in to them, to help us train our colleagues and make sure we’re consistently providing a top-quality service. We automatically delete recordings after a specified time, unless we have a legitimate reason not to (if we think there’s evidence of fraud, for example).
Legal purposes: Finally, in certain cases, we may need to use your personal data to handle and resolve legal disputes, for regulatory investigations, for compliance reasons, or to make sure we apply our terms and conditions accurately.
To process your personal data like this, we rely on the following legal grounds:
Performance of a contract: We need to use your personal data to fulfil any contract you’ve made with us. For example, when you book a car, we need to transfer your booking details to the rental company to make sure your car is waiting for you.
Legitimate interests: We may use your information for our ‘legitimate interests’ (a term which applies to anything we believe is an essential part of carrying out our business effectively – at the same time as respecting your rights and upholding the law). For example, to provide you with the most suitable content on our platforms, including our emails and newsletters; to improve and promote our products and services; and for administrative purposes.
Consent: We may rely on your consent to use your personal data in certain circumstances, for example direct marketing purposes. You may withdraw your consent at any time via our Data Subject Request Portal or by emailing email@example.com, stating “Privacy” in the subject line.
What third parties do we share your personal data with – and why?
The company supplying your car rental and/or related products and services: To make your booking, we need to send the relevant details to the company/companies supplying the car and/or other related products (including insurance) that you have requested. These details may include your name, age range, contact details (email, address and phone number), date and place of birth, passport information, driving licence information and any preferences you told us about while booking. If there is a dispute about your booking or insurance cover, or any other kind of customer service issue, we may need to provide the rental company with some information about the booking process as well as the dispute itself. This may include a copy of your booking confirmation, to prove that a booking was actually made, as well as any information related to your complaint. Please be aware that any information you provide directly to the company/companies supplying your car and/or related products will be stored and used in accordance with their own privacy notice(s) and terms and conditions.
Competent authorities: We may share your personal data with government or investigative authorities if we’re required to do so by law (or any regulation having the force of law). This includes court orders, subpoenas and orders arising from legal processes and criminal investigations. We may also disclose your personal data if strictly necessary for the prevention, detection or prosecution of fraud and other criminal acts. And we may need to disclose personal data to competent authorities to protect and defend our rights or properties, or the rights or properties of our business partners.
Third-party service providers: We may use third-party service providers to process your personal data on our behalf and support us in providing our services. For example, we may use them to contact you, or to send booking information on our behalf to the company providing the service, or to manage aspects of our site, call centres or marketing activities. We may also use third-party service providers for market research, fraud detection and prevention services, including anti-fraud screening services. These third parties are bound by confidentiality clauses and are not allowed to use your personal data for other purposes.
To make sure you find deals that are more likely to interest you in our newsletter, we look at the searches you make and the services you book on multiple devices once you’ve signed in to your user account. If you don’t want us to do this, just sign out before you browse, or unsubscribe from our newsletter.
Cross-device tracking can also mean that when you’re using one device, you may see personalised advertisements from lots of different companies, based on your activities on linked devices. The NAI (Network Advertising Initiative) should stop this happening if you opt out of the NAI behavioural advertising program (our Cookie Statement gives you the link you need, under “It’s your choice: Opting in and opting out”). Please note: simply signing out of your user account won’t stop this happening.
What security procedures do we put in place to safeguard your personal data?
Our business systems and procedures ensure we take all reasonable steps to protect your personal data and safeguard it against any misuse or unauthorised access, in accordance with UK and European data protection laws. We also have specific security procedures and restrictions (both technical and physical) that limit access to, and use of, any personal data that we hold. Only authorised personnel can access personal data – and they’re only allowed to do it for specific, authorised reasons.
How do we treat the personal data of children?
We don’t provide services to children under the age of 18 and we reserve the right to delete any information we may receive from a child under this age. We may receive information about children in certain situations, such as an insurance claim or a customer service dispute. If that happens, we will only collect and use that information with the consent of the child’s parent or guardian.
How can you control the personal data you have given us?
You have the right, subject to some legal exceptions, to access, correct or delete any personal data we keep about you, and to object to your personal data being processed. You can use our Data Subject Access Portal to enforce any of these rights. If you do, we will ask for further information to confirm your identity, to keep your information safe and we will handle your request in accordance with applicable UK data protection law. You can update or delete your user account at any time by signing in on our site.
When you make a booking or request a quote, we ask whether you’d like to opt in to receive marketing emails. You can opt out at any time by clicking “unsubscribe” in any of these marketing emails, or by updating your email preferences in your user account.
Who is responsible for the processing of personal data on our platforms?
arisrentacar.gr takes every precaution to protect our guests’ information both online and off-line. When entering personal and sensitive information on our forms (such as credit card details), that information is encrypted by SSL (Secure Socket Layer) technology (128 bit). All users’ information is restricted to our offices and only employees who need to perform an action in service to our guests are granted access to personally identifiable information. In addition, all employees are kept updated with regards to security and privacy practices. Finally, the servers which store personally identifiable information are in a locked and secure environment. Letsdrive also has a RapidSSL certificate. RapidSSL is recognised as a world class company in the protection of information and transactions.
Browser Information Collection
As most Web site servers we use log files. This includes the internet protocol (IP) address, browser type, internet service provider (ISP) etc. We analyze these to improve our users’ experience of arisrentacar.gr. It is important to note that our website logs are not personally identifiable.
A cookie is a piece of data stored on the user’s computer and is tied to information about the user. Cookies may be used throughout our website for technical reasons or to enhance our users’ experience.
We communicate with users/ guests, with regards to their reservation or request via e-mail or telephone, as needed. We send new and established users information, services, special deals and newsletters.
Notification of changes
Notification concerning the Processing of Personal Data
We would like to assure you that for arisrentacar, the protection of our customers’ personal data is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by third parties processing personal data on account of the company.
What are the legitimate reasons for processing your personal data?
We only process the personal data you provide us such as your name, contact details, e-mail address, telephone number, information on your reservation, such as your reservation code, details of the transaction through which you made the booking, e.g. the details of the card you used to make the payment.
Legitimate reasons for processing your personal data are:
- the provision of the services you assign to us and you wish to receive from us and, consequently, the discharge of our contractual obligations in this context;
- your consent under the specific conditions set out in the legal framework so that you may receive information regarding services, offers that are sometimes tailored to your personal preferences both by arisrentacar and/or third party affiliates that process your personal data in accordance with the framework in force at any given time.
How and why do we use your personal data?
To manage your reservations and provide our services. When you make a reservation with us, we use the information required for the provision of our services, delivery of the vehicle, refunding fares, managing your reservation and serving you as a customer individually or in groups.
To communicate with you and manage our relationship with you. We may need to contact you by e-mail or telephone for administrative purposes, such as confirming your bookings and payments, notifying you in regard to your reservation, handling requests you have submitted for services not received and generally speaking, handling your complaints.
To let you know about our news and offers. Once you have consented to this, we will send you promotional messages about our rental services, updates and the offers of arisrentacar, sometimes tailored to your preferences and interests, if you have chosen to do so, so that we may improve your customer experience.
To improve our services and protect our business interests. The business purposes for which we will use your information help us improve the services we provide, meet your expectations and control transactions from our sales, so as to respond to any requests for contesting charges on your cards and manage the clearance of our sales.
To comply with legal obligations. When, for example, we collect information relating to passenger accidents, we handle ticket replacement or refund requests, passenger compensation, keep an archive of complaints and passenger feedback.
Data Storage Period
The length of the data storage period is decided on the basis of the following specific criteria, as appropriate:
- When processing is required as an obligation under provisions of the legal framework in force, your personal data will be stored for as long as required by the relevant provisions.
- When processing is done on a contractual basis, your personal data will be stored for as long as is necessary for the performance of the contract and for the foundation, exercise, and/or support of legal claims under the contract.
- For purposes of promoting products and services (marketing activities), your personal data is retained until your consent is withdrawn. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent during the period prior its withdrawal.
What are your rights with respect to your personal data?
Any natural person whose data are being processed by arisrentacar enjoys the following rights:
Right to erasure:
You have the right to request the erasure of your personal data when we process it on the basis of your consent or in order to protect our legitimate interests. In all other cases (for example, where there is a contract, an obligation to process personal data required by law, public interest), this right is subject to specific restrictions or does not exist, as the case may be.
Personal Data Security
arisrentacar applies appropriate technical and organisational measures to secure the processing of personal data and to prevent the accidental loss or destruction and unauthorized and/or unlawful access to, use, modification or disclosure of personal data. In any event, the manner in which the Internet functions and the fact that it is freely accessible by anyone cannot guarantee that unauthorised third parties will never be able to violate the technical and organisational measures applied, gaining access and potentially using personal data for unauthorised and/or illicit purposes.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's personal preferences, interests or movements.
If you have any questions kindly send an email to: firstname.lastname@example.org.
When it comes to privacy, we’re always happy to talk.