- About us
Welcome to the private policy of the "Dimitris Cars" company. We respect your privacy and are committed to protecting your personal data. The present policy informs you about the way we safeguard your personal data as a customer and it provides updates on your privacy rights and protection afforded by the law. Our company is responsible for collecting, handling and processing your personal data.
You are entitled to every right guaranteed by the 2016/679 EU regulations and all relevant European and national legislation. We will process your personal data strictly within the legal regulations.
We will use your personal data when:
- We have your full consent
- We have to implement the contract that we are about to sign or have already signed with you
- Dictated by our legal interest (or the legal interests of a third party) whenever your interests and fundamental rights do not override these interests.
- We have to conform to legal or regulatory obligations
- Dictated by public interest.
- Why we process your personal data
We process your personal data you have willingly provided, for which we have secured your full consent, whenever it is necessary for the implementation of the contract between us or when steps are to be taken at your request, before drawing up the contract and such purposes are specified as the rental of cars to a third party.
- Categories of information collected
We have the right to collect, process, store and forward various types of personal data that we have classified as follows:
- Identity data include full name for sole proprietorships, mother and father’s name, date of birth, identity card (number, date of issue /expiry and place of issue),or passport (number, date of issue/expiry and place of issue), residence permit, valid driver’s license (number, date of issue/expiry and place of issue)
- Contact data include home address, email, fax and phone numbers.
- Financial data include taxpayer ID, bank account number, payment card details, indication of VAT exemption, activity (for sole proprietorships), tax office (for sole proprietorships),credit ratings and legal documents(for sole proprietorships).
We do not collect sensitive personal data in any of our activities or countries of operation with the exemption of your health data, which we acquire with your consent in case of traffic accident injury, solely to forward to the insurance agency that insures our vehicle.
- How we collect your data
We collect your data in digital form or in print, every time you use our services, when these services are provided by us directly at the points of customer service or in other places where our company legally operates. We also collect your data when you visit our website, our phone services or cell phone applications and our company email. Any user/customer may browse our website without providing any personal information. Information on our cooking policy may be found on our company webpage.
We collect personal data of customers or drivers when booking short or long term car rental or sale of a car such as full name, home address, driver’s license, credit card details, taxpayer’s id(as specified in paragraph 3).
We may collect personal data with your consent in many ways such as telephone calls, customer service contracts, websites and other sources as specified above.
- How long we keep your personal data
We keep your personal data for as long as needed to fulfill the purposes for which they have been collected including the fulfillment of any legal or accounting obligation or mandatory mention.
To specify the length of personal data, we examine the quantity, the nature and the sensitivity of the data, the potential danger or harm by unauthorized use or disclosure of your personal data, the purposes towards which we process your data and whether we are able to fulfill such purposes by other means within the existing legislation.
The Customer’s tax data are kept for 10 years from the date of the issue of each tax document, to be made available, as required to the tax authorities within the time frame of valid tax demands. Any data pertinent to establishing, enforcing and supporting legal claims of the company or a third party in the presence of any competent court of law or administrative authority are kept for a period starting at the time that the Company demands are generated up to 20 years or for a longer period up to the statute of limitations and the termination of possible bilateral litigations. The Company may keep the customer’s personal data after fulfilling the purposes of collecting and processing them if such is our legal obligation as stipulated by any relevant legal provision.
- Protecting your personal data
We have taken all the appropriate organizational and technical precautions to safeguard and protect your personal data from unintentional or fraudulent destruction, accidental loss, distortion, unlawful dissemination or access and any other kind of unauthorized processing.
- Who the recipients of your data are
Our company guarantees that it will not forward share or relinquish etc your data to others (except the ones mentioned in this document) for any reason or use unless this is dictated by the present legislation or stipulated by public/judicial bodies or authorities. Only the necessary minimum of Company personnel, all of whom are bound to confidentiality, will have access to your personal data which also applies to our partners who comply with our directives and are aligned with the provisions of 2016/679 EU regulation and they process your data as joined data controllers or as data processors on our account and according to our directives.
Indicatively recipients of your data are:
- The insurance agencies that collaborate with us
- Collaborating users or our logos and on a case-by case basis our systems (franchisees). Relevant information can be found on our webpage.
- The car rental companies (in Europe or elsewhere)that are part of the international car rental system and handle booking, with whom we share information pertaining to our car rental activities. Said information may include personal details of your booking entered through a respective application. Your data will not be used for any other reason without your prior notification and consent. Let it be noted that personal data are also relayed/ forwarded to non EU countries (to cater to booking outside the EU) on condition that they possess adequate legislation to protect personal data.
- Companies are sworn auditors that check our Company’s financial statements.
- Cooperating companies that provide road assistance to drivers using our Company vehicles.
- Cooperating companies in car rentals: legal service providers (lawyers, law firms) that defend our Company interests against third parties, natural or legal persons, judiciary and administrative authorities, independent authorities and bodies.
- How we ensure that the processors and sub-processors respect your data
The processors working on our account have agreed with the company and are contractually committed:
- to observe confidentiality
- not to forward your data to third parties without our company’s permission
- to take safety measures
- to comply with the legal framework concerning personal data protection and particularly regulation 679/2016EU(GDPR)
- To have been informed and observe all relevant laws and regulations towards the protection of personal data.
In the execution of their duties, the processors may at times employ other persons called sub-processors. In this case the data controller will have authorized them to handle all or part of data processing. As a result, sub-processors, have the same obligation and right as the processors, as these are analyzed in the present policy and always within the bracket of their delegated duties and bear full responsibility as would the processor.
- Your rights
You have the right to:
- Request access to your personal data (subject access request). This provides you with a copy of your personal data as kept by us and allows you to ensure that we process them according to the provision of the law.
- Request the correction of your personal data kept by the company. You may correct incomplete or faulty data or add to the data we have on you, though we have the right to ask you for verification of the new data you provided.
- Request that your personal data be deleted subject to time period limitations as stipulated in paragraph 5. Still as you probably know, we may not always be able to comply with your deletion request for specific legal reasons about which you will be notified, if necessary, on submission of your request.
- Oppose our processing your personal data when you deem that your fundamental rights and freedoms have been violated. You also have the right to oppose our processing your personal data for promotional purposes.
- Request the restriction of processing your personal data. This allows you to ask us to suspend processing your personal data in the following cases:
i) if you wish to verify the accuracy of your data,
ii) when the company’s use of data is unlawful, but you don’t wish to delete your data,
iii) when you wish to preserve your data even if we do not ask for it, in the event it is necessary for you in order to confirm, exercise or defend legal claims, or
iv) if you have objected to our using your data buy you have to verify whether we have compelling legal reasons to do so.
- Request personal data transmission to you or to a third party. We will provide you or the third party you have specified with your personal data in a structured readable form. This specific right pertains only to information we have received with your consent during signing the contract or later, up to the time the request has been submitted.
- Withdraw your consent in case you realize and can prove that it has stopped being lawful. Nevertheless this cannot influence legitimate processing that took place before you withdrew your consent. If you withdraw your consent, it may not be possible for us to offer you certain products or services.
If you wish to exercise any of the above rights please contact us.
- How to exercise your rights
You can always submit your complaints concerning your personal data to the supervising authority in Greece, this authority is the Hellenic Data Protection Authority (HDPA)and you can get access ii and find relevant details via the following link (www.dpa.gr). Be that as it may, we would appreciate it if we were to be allowed to handle your queries before you approach the Data Protection Authority, therefore we would like to ask you to get in touch with us first, using the contact information provided above.
You will not be asked to pay in order to access your personal data (or to exercise any other one of your rights). Nevertheless we reserve the right to ask for a reasonable fee if your request is blatantly unfounded, repetitive or abusive.
- What information we may require
We have the right to ask you for certain particulars in order to verify your identity and safeguard your right to access your personal data (or exercise any other one of your rights). It is a protective measure, which ensures that your personal data will not be accessed by unauthorized others. We also have the right to contact you and ask for further information concerning your request, in order to speed up reply time.
- Reply time
We try to reply to all legitimate requests within the month. We may take longer than a month to reply if the request is particularly complex or if you have submitted a series of requests. In such case you will be notified accordingly.
- How will you be informed about any modifications of the present policy?
We reserve the right to modify the present policy and effect any changes in the information provided previously, within the constraints of the law.