We pay special attention to security and respect the privacy and confidentiality of your personal data. That is why we have invested time and resources to fully comply with the applicable national, European and international legal framework, and the European Union’s General Data Protection Regulation 679/2016, which came into effect on 25 May 2018.
If you have any questions or concerns about the processing of your personal data, you can contact us by e-mail at [email protected] (link) or by phone +30 2310 630000.
- Website that is not directed to minors. Our website is not directed to minors. If the personal data of persons under the age of 18 are processed without the explicit consent of their parents or legal guardian, we reserve the right to delete the data obtained.
- Data controller.
The Personal Data controller is the company under the name “VALID CAR RENTAL G.P. - CAR RENTAL” (hereinafter: “VALID CAR RENTAL”), as legally represented, based in Ano Evosmos of Thessaloniki - Greece, Palaia Simachiki str Oraiokastrou 0, P.C. 56224, and has a branch at the 9th km Thessaloniki - Moudania, V.A.T. ID: 801152150, tel. +30 2310 630000, email: [email protected].
- Personal Data.
- The term “personal data” means any information related to an identified or identifiable natural person. The identifiable natural person is a person whose identity can be identified directly or indirectly, in particular by reference to an identifier such as a name, an address, an identification number, credit card number, bank account information, social security number or driving license number, location data, an online identifier such as an IP address (Internet Protocol), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Personal information does not include any information that, by itself, cannot recognize you as a particular person or entity (e.g., anonymized information) or data collected for statistical purposes.
- When you sign up on our website, we collect the information you submit, and specifically, your first name, your last name, your email, your telephone number, your address and your password.
- When you make a reservation via our website we collect the information you submit, including your first name, your last name, your address, your email, your telephone number, your VAT ID, your country, your address, your city and your postal code.
- When concluding a short-term or a long-term car rental with us we collect the information you disclose, including your first name, your last name, your date of birth, your telephone number, your VAT ID, your country, your address, your city, your postal code, your driving license number, your identity card number or passport number and your credit / debit card number.
- The personal data you may enter anywhere on our site or when concluding a short-term or a long-term car rental, are subject to processing and are stored in a file under the responsibility of the VALID CAR RENTAL, only for reasons relating to: (a) the development, execution, and implementation of the website, or the fulfillment of obligations arising out of the reservation that you make or the contract of short-term or a long-term car rental or any agreements entered into between you and the data controller; (b) the processing of your requests; (c) the provision, with your consent, of information regarding our services. Such a provision of information includes email messages or other equivalent electronic means (e.g. SMS), and (d) in general, the improvement of the services we provide. Your personal data are not allowed to be used by any third party, except as provided by the law and this Policy.
- We collect and process information that is considered purely personal data, as well as other information that is not considered as such. Information that cannot identify you as a specific person can be used without restrictions.
- When browsing this website or when concluding a short-term or a long-term car rental, we do not collect or process sensitive personal data, namely, data related to a user’s health, sex life, sexual orientation, genetic or biometric data, or data revealing one’s racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a trade union.
- When sending a message via the contact form, we collect the information you provide us, including your first name, your last name and your email address.
- We collect the IP address (Internet Protocol), which is deleted when you exit the website. The IP address is a number that is given to your computer when using the Internet. Information is collected about your actual location.
- If not required by law, we will not obtain your consent before collecting your personal data from third parties. Instead, it will be deemed that you have previously given such consent to any third party from whom we receive such information.
- If you wish, we can use the personal data you give when you use our website or our services in general to inform you via email about offers - discounts etc.
- Only authorized employees of our company have access to the information of your transactions and only when this is necessary, e.g. for the processing of your reservation. In case we use third parties to support our systems, we take measures to ensure the privacy and confidentiality.
The personal information we process will be only used for the defined, explicit, and legitimate purposes explained to you and will not be further processed in a manner incompatible with those purposes. Moreover, we limit the collection to only that information that is appropriate, relevant and necessary for the purposes explained to you.
- Period of maintenance.
- We keep personal data and other information for a period of five (5) years from the date of each transaction through our website. By way of exception, personal data which is necessary for the pricing of our services are kept for a period of ten (10) years due to the applicable tax legislation.
- When we no longer require your personal information, we will destroy, delete or anonymize the information without prior notice to you.
- Our website addresses the issue of protecting your anonymity and personal information very seriously. We protect your personal data and, in general, the information we receive about you, and we guarantee their confidentiality, integrity and availability using appropriate security measures, according to the most up-to-date and advanced technological methods. These measures include technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
- To prevent unauthorized access and transmissions, promote data security, and encourage appropriate use of information, we and our service providers use a variety of tools (encryption technologies, passwords, physical and electronic security) to assist in the protection of your information. However, "perfect security" does not exist on the internet or through data transmissions, so we make no guarantees. Third parties may unlawfully intercept or access transmissions or private communications and you should not expect that your personal information will remain private.
- Access to our website is controlled by a firewall, which allows the use of certain services by customers / users, while prohibiting third parties from accessing systems and databases with confidential data and information.
- The site uses HTTPS protocol (TLS).
- Your personal data is stored on an encrypted server, which uses security protocols (SSLs), and is accessible only by the controller, and only when necessary, eg. to manage your requests.
- For security reasons, we do not disclose all of our security measures. Please be assured that we use commercially reasonable industry standards to protect your information.
- For your own safety, you should also treat all information provided on our website as confidential and private and not disclose it to third parties. Additionally, it is your responsibility to limit access to your computer and browser.
- What are cookies; Cookies are pieces of information in the form of very short alphanumeric text, stored on your computer with your own approval, and they help the more efficient operation of our website. Cookies in no way cause harm to the user’s computers or the files kept on them.
- How can you opt-out?
- More information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org (link).
- What cookies do we use and why?
- For statistical purposes we use Google Analytics cookies to help us understand how visitors arrive at and browse our website to identify areas for improvement such as navigation. The data collected is processed in a non-personally-identifying form (anonymizeIp - IP Anonymization). Google Inc. discloses this information only to third parties to the extent required by law. To opt-out of Google Analytics visit Google Analytics Opt-out Browser Add-on.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Google Analytics. Gathers information that helps us understand how visitors interact with our websites, which allow us to create a better experience for our visitors. Our users may also implement Google Analytics on their own websites.
|Gathers information for our own, first party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience.
- For safe browsing on our website, we comply with the European Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, as amended by Directive 2009/136/EC.
- We can receive personal information about you from various sources or by different methods. The way of consent may vary depending on each source or method.
- You can revoke your consent at any time by sending an email to [email protected] (link), without prejudice to the legitimacy of the consent-based processing prior to its revocation.
- Access to personal data.
- You are entitled to receive from us a confirmation of whether or not your personal data is being processed and, if so, you have the right to access your personal data, as well as (a) the purposes of the processing; (b) the relevant categories of personal data, recipients or any types of recipients to whom personal data have been or will be disclosed; (c) where possible, the period during which personal data will be stored or, where impossible, the criteria that determine this period; (d) the existence of a right to request us to correct or delete personal data or to restrict the processing of personal data or the right to object to such processing; (e) the right to submit complaint to a supervisory authority; (f) when personal data are not collected by you, any available information about their origin; (g) the existence of automated decision-making, including profile making and important information about the philosophy followed, as well as the importance and predicted consequences of such processing for you.
- You can ask us to provide to you a copy of your processed personal data. For additional copies that may be required, a fee of fifteen (15) Euros is required.
- Any request for access to information should be addressed to the person in charge of processing your personal data at [email protected] (link).
- We will respond within one (1) month.
- Rights of correction, deletion, limitation, portability, objection and complaint submission.
- We are committed to ensure that your personal data is kept confidential and to ensure that you exercise your rights of access, correction, deletion, restriction, portability and objection by sending an email to [email protected] (link). If necessary, we will ask you to provide us with a photocopy of your identity card, passport or other valid documentary evidence.
- Right of correction. The user is entitled to require us without undue delay to correct inaccurate personal data. Having regard to the purposes of the processing, the user is entitled to require the completion of incomplete personal data, including among others through a supplementary statement.
- Right of deletion. The user is entitled to ask us to delete personal data without undue delay if: (a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) the user has revoked the consent on which the processing is based and there is no other legal basis for the processing; (c) the user objects to the processing and there are no compelling legitimate grounds for the processing; (d) the personal data have been processed illegally; (e) data must be deleted so that the controller’s legal obligation is respected; and (f) personal data has been collected in connection with the provision of services in the information society. Requests for deletion of personal data are processed within one (1) month. In the event that personal data is disclosed, the Company, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform third parties processing such data that the platform’s user has requested the deletion of any links to such data or copies or replications of personal data. Please note that there may be latency in deleting your personal information from our servers and backup storage, and the Company may retain your personal information in order to comply with the law, protect our rights, resolve disputes or enforce our agreements.
- Right to restriction of processing. The user is entitled to obtain from us restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
- Right to data portability. The user is entitled to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and (b) the processing is carried out by automated means.
- Right to object. The user is entitled to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Υου have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (EU) 2016/679 (GDPR). The competent supervisory authority of Greece is the Hellenic Data Protection Authority (1-3 Kifissias str., P.C. 115 23, Athens, tel. +30 2106475600, fax +30 2106475628, email: [email protected]).
- Disclaimer on third-party websites.
- Links to third-party websites. When you visit our site, you may be forwarded to third-party internet pages which are not under our control. These links are set up to make it easier for you to use the internet. Please be aware that the Company is not responsible for the privacy practices or content of such other sites and expressly disclaims any liability for any loss or damage that may be caused by the use of such links. The Company encourages you to be aware when you leave its site and to read the privacy statements of each and every website that collects personally identifiable information.
- Social media platforms and widgets. We also maintain presences on social media platforms including Facebook, Instagram, LinkedIn, Google+. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
- We encourage you to be aware when you leave our site and to read carefully the privacy statements of each and every website that collects personal data.
- User obligations.
- The user of the website guarantees that the provided information is correct and accurate and is committed to disclose any changes or modifications thereof. The user is the sole responsible for any loss or damage caused to the site or to any third party responsible for the site as a result of incorrect, inaccurate or incomplete information in the login fields.
- We can send you emails about your reservation. These communications are considered part of the Services and you cannot be excluded.
- We may also send you at regular intervals marketing or promotional communications. Such messages are sent only if you subscribe to them and for as long as you wish. You can opt out of receiving subsequent marketing or promotional communications by clicking the link marked unsubscribe (or a similar phrasing) that’s included in those communications.
- Additional information.
When you post content on our site, this may include your personal data. You are solely responsible for the information that you: (a) post online, (b) post via our website and / or (c) share with another website where you log in from our site.
- We will notify you of such changes by posting the revised policies our site.
- Final provisions.
If you have any questions, comments or complaints about our privacy practices, or if you want to update, delete, or change any personal information we hold, you can contact us by e-mail at [email protected] (link) or by post at the 9th km Thessaloniki - Moudania, Greece.
Last updated date: 09-03-2020, 22:46