Car Rental Rhodes

Privacy Policy

1.1 Welcome to the privacy policy of Rhodes Car Rental. We value your privacy and are dedicated to safeguarding your personal data. This privacy policy outlines how we protect your personal data as a customer and provides updates on your privacy rights and legal protection. Our company is responsible for the collection, handling, and processing of your personal data.

1.2 You are entitled to all the rights guaranteed by the 2016/679 EU regulations and relevant European and national laws. We will process your personal data strictly in compliance with these regulations.

We will use your personal data when:

We have obtained your explicit consent.
It is necessary to fulfill a contract we are about to enter into or have already entered into with you.
It is required to pursue our legitimate interests (or those of a third party) when your interests and fundamental rights do not override these interests.
We need to comply with legal or regulatory obligations.
It is mandated by law.

2. Why We Process Your Personal Data

We process any personal data that you willingly provide and for which we have secured your consent. This processing is necessary for executing contracts between us or for taking pre-contractual steps at your request. The specific purposes include car rentals to third parties with or without drivers, car sales to third parties (wholesale or retail), and truck and van rentals with or without drivers.

3. Categories of Information Collected

We have the right to collect, process, store, and transmit various types of personal data, categorized as follows:

Identity data, including full name (business name for sole proprietorships), parents' names, date of birth, identity card (number, date of issue/expiry, and place of issue), or passport (number, date of issue/expiry, and place of issue), residence permit, valid driver's license (number, date of issue/expiry, and place of issue).
Contact data, including home address, email, and phone numbers.
Financial data, including taxpayer ID, bank account number, payment card details, indication of VAT exemption, business activity (for companies), tax office (for companies), headquarters (for sole companies).
Credit ratings and legal documents (for companies).

We do not collect sensitive personal data in any of our activities or countries of operation, except for health data acquired with your consent in the event of a traffic accident injury, solely for transmission to the insurance agency that insures our vehicles.

4. How We Collect Your Data

We collect your personal data in digital or physical form whenever you use our services. This includes in-person service points, our websites, phone services, mobile applications, and company email. You can browse our website without providing personal information. Information about our cookie policy is available on our company website.

We collect personal data from customers or drivers when booking short or long-term car rentals or car sales. This data may include full name, address, phone number, driver's license, credit card details, taxpayer ID, etc. (as specified in paragraph 3).
We may collect personal data with your consent through various channels, including telephone calls, customer service interactions, websites, and other sources.

5. How Long We Retain Your Personal Data

We retain your personal data only as long as necessary to fulfill the purposes for which they were collected, including compliance with legal or accounting obligations. The retention period is determined based on factors such as data quantity, nature, sensitivity, potential risks, processing purposes, and legal requirements.

Tax data are kept for ten (10) years from the date of each tax document issuance, as required by tax authorities.
Data relevant to legal claims are retained for up to twenty (20) years or as required by law.
We may keep customer personal data beyond the initial purpose if legally obligated.

6. Protection of Your Personal Data

We have implemented appropriate organizational and technical measures to protect your personal data from unauthorized destruction, loss, alteration, unlawful dissemination, access, and other unauthorized processing.

7. Recipients of Your Data

We assure that we do not disclose, share, or transfer your data to third parties except as required by law, public/judicial bodies, or authorities. Only authorized Company personnel, bound by confidentiality, and compliant partners who adhere to the GDPR may access your personal data.

Recipients of your data may include:

a. Insurance agencies collaborating with our Company. b. Collaborating users of our logos and systems (franchisees). c. Car rental companies (within or outside Europe) within the international car rental system with whom we share information related to car rental activities. d. Sworn auditors checking our Company's financial statements. e. Companies providing roadside assistance to drivers using our vehicles. f. Legal service providers defending our Company's interests. g. Cooperating car rental companies.

8. Ensuring Data Processors Respect Your Data

Our data processors have agreed to adhere to confidentiality, security measures, and GDPR compliance. They are also aware of relevant laws and regulations regarding personal data protection.

9. Your Rights

You have the right to:

a. Request access to your personal data. b. Request correction of your personal data. c. Request deletion of your personal data. d. Object to the processing of your personal data. e. Request the restriction of processing your personal data. f. Request personal data transmission. g. Withdraw your consent.

If you wish to exercise any of these rights, please contact us.

10. How to Exercise Your Rights

For inquiries or to exercise your rights, please email us at: or write to: Rhodes Car Rental - DPO, Eykalipton str, 85102 Rhodes.

11. Fees

You will not be charged for accessing your personal data or exercising your rights unless the request is unfounded, repetitive, or abusive.

12. Information Required for Verification

We may request specific information to verify your identity and protect your data from unauthorized access.

13. Response Time

We aim to respond to all legitimate requests within one month. Complex or multiple requests may require additional time, and you will be notified accordingly.

14. Notification of Policy Changes

We reserve the right to modify this policy in compliance with the law. Any significant changes will be posted on our website. We encourage you to review this policy periodically to stay informed about your data protection. Changes will be effective from the date of posting on our official website:

Cookie Settings