SAFETY POLICY AND DATA PROTECTION

PRIVACY AND COOKIE POLICY

 

This Policy (the 'Privacy and Cookie Policy') regulates the policy on data privacy and the use of cookies of the Web Portals https://www.autoreisen.es https://www.autoreisen.com and http://www.arcarhire.com (the 'Portals') that are owned by Special Prices Auto Reisen, S.L., a Spanish company registered with the Companies Register of Santa Cruz de Tenerife in volume 492 , folio 87, page number TF-2832, entry no. 1. The Company's registered office and address for tax purposes is at Calle San Francisco, 5, Edificio Santander, Planta 8, 38002, Santa Cruz de Tenerife; its company/tax registration number (CIF) is B38086500; its email contact address for the purposes of this Privacy and Cookie Policy is: privacidad@autoreisen.es

 

Please spend a few minutes reading our privacy and cookie policy, it will not take you long. Our aim is to explain to you in a simple, clear and transparent manner how we process and protect your personal information and your rights. Your security and that of your personal data are of the utmost importance to us and protecting them properly is something we take very seriously.

 

This policy applies to all users of the Portals, whether or not they are customers of AUTO REISEN, provided that they are private individuals. By personal data, we mean all information about an identified or identifiable individual.

 

This Privacy and Cookie Policy will be translated into several languages as part of AUTO REISEN's business and its corporate policy on quality, service and customer care. Nevertheless, in the event of any dispute regarding the interpretation or application of the terms of this policy, the parties agree that the Spanish version of the Privacy and Cookie Policy will take precedence over any other language version of it for all legal purposes.

 

PRIVACY POLICY

 

  1. WHAT TYPES OF PERSONAL DATA DO WE USE?

 

The personal data that we use are those that are strictly necessary to be able to provide you with the service/s you require (basically, identification data, data associated with personal circumstances, driving permits or licences, financial/banking data and any other data concerning the provision of the service itself, for example, geolocation details in the case of geolocated vehicles. Failing to give us your personal data could make it impossible for us to provide you with our services.

 

2.      HOW DO WE USE THE DATA?

 

The personal data that you provide via the Portals will be processed for the particular purpose stipulated in this privacy policy and, as applicable, in the various data forms provided on the Portals.

 

The collection of data in the course of browsing the Portals has the following processing purposes:

(i)      To enable users to browse the Portals so that they can access the information and content provided there. This access is understood to be without prejudice to the subject-to-payment basis of the specific content, services and products that are offered via the Portals for users to purchase if they wish to do so.

(ii)    To make contact with users and respond to any requests or enquiries that may arise from using the forms that are provided on the Portals.

(iii)   To comprehensively manage vehicle booking requests.

(iv)   To adopt such protection measures as may be legally applicable, including the possible anonymisation of your personal data using the appropriate techniques available for the purpose. Accordingly, anonymisation and pseudonymisation processing may be used to enhance the protection of your personal data.

(v)    To apply the pertinent security, technical and/or organisational measures to personal data that are deemed appropriate based on the risks identified concerning your rights at any given time, including the encryption of personal data and other measures that may involve certain processing of the data of Portal users.

 

Similarly, you are informed that if you purchase our services, the data collected for this purpose either via the Portals or via our call centre, or directly at any of our service desks will be processed for the following purposes:

(i)      To provide and comprehensively manage the self-drive car rental service and to draw up the related agreement, including all processing of your data that is strictly necessary in order to provide you with the services you require. This includes the processing associated with the customer care service, the management and enhancement of service quality and customer loyalty. In the case of the vehicles in the AUTO REISEN fleet that are fitted with geolocation technology, this could include access to the geolocation data. The geolocation service operates as a protection measure for our vehicles, their occupants and any other third party during the rental period and is implemented by AUTO REISEN with all the legal guarantees that are required in this area.

(ii)    To comprehensively manage the insurance options signed up for from among those indicated in the terms and conditions, whether they are included in the rental price or are optional (in accordance with the rental agreement signed).

(iii)   To respond to any call for roadside assistance or relating to accident insurance.

(iv)   To prevent fraud, and to investigate, prosecute and take any appropriate measures and/or action against actions that involve or may involve inappropriate use of our vehicles and other items that we make available to you within the framework of the rental agreement, in order to ensure proper compliance with the applicable legislation, and with our policies and terms and conditions. In the event of the Company identifying or being called upon in connection with any unlawful act or traffic offence, your personal information may be disclosed to the law enforcement agencies and the other competent authorities within this sphere as provided for by law.

(v)    To provide information on other products and services similar to those purchased that are offered by AUTO REISEN regardless of the channel of communication used. This is pursuant to Article 21.2 of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce, without prejudice to the legitimate exercise of your personal rights at any time, particularly that of objection.

(vi)   Sending commercial or advertising communications provided that they were previously requested by you or expressly authorised by you, concerning possible promotions, benefits and specific discounts on our services.

 

If you do not agree with these processing purposes, we ask you to leave our Portals immediately. Otherwise, for example, by accepting this policy, or merely by continuing to browse while being aware of the information contained in this policy, you will be deemed to unequivocally consent to the processing purposes described above.

 

3.      WHAT IS THE LAWFUL BASIS FOR PROCESSING YOUR DATA?

 

 

Processing purposes

Lawful basis for processing

 

To enable users to browse the Portals

Your consent and, where appropriate, the satisfaction of the Company's own legitimate interest, or that of a third party, associated with the proper management, maintenance, development of and changes to the Portals, tools, network and associated information systems, so that the functionalities, access to content and services perform properly and they are all kept generally secure.

To make contact with users in response to requests or enquiries from them.

Your consent

To comprehensively manage vehicle bookings

The adoption of pre-contractual measures

To adopt such protection measures as may be legally applicable, including the possible pseudonymisation or anonymisation of your personal data using the appropriate techniques available for this purpose.

Compliance with a legal obligation (European Data Protection Regulation)

To implement the appropriate security, technical and/or organisational measures for your personal data according to the risk existing at any given time.

Compliance with a legal obligation (European Data Protection Regulation)

To provide and comprehensively manage the vehicle rental service and the related performance of the agreement, including, among others, the customer care service, or the geolocation service for AUTO REISEN vehicles that are equipped with it.

Performance of the agreement

To comprehensively manage the arrangement of insurance

Performance of the agreement

To respond to any call for roadside assistance or relating to accident insurance

Performance of the agreement

To prevent fraud, and to investigate, prosecute and take any appropriate measures and/or action against actions that involve or may involve inappropriate use of our vehicles and other items that we make available to you.

Compliance with a legal obligation and, where appropriate, the satisfaction of the Company's own legitimate interest, or that of third parties.

To respond to the legitimate requirements of the relevant law enforcement agencies and competent authorities.

Compliance with a legal obligation, primarily that contained in Legislative Royal Decree 6/2015 of 30 October 2015 enacting the consolidated text of the Law on Traffic, the Use of Motor Vehicles and Road Safety, and in Organic Law 4/2015 of 30 March 2015 on the Protection of Public Safety, without prejudice to any other applicable legislation.

To provide information on other products and services that are similar to those purchased.

 

The satisfaction of a legitimate interest pursuant to Article 21.2 of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce.

To send commercial or advertising communications.

Your consent.

 

When the lawful basis is primarily your informed consent, given freely and unequivocally, to the processing of your personal data for the processing purposes described, you will be able to choose how your data are processed and used according to your specific interests and needs in each case, so that when the processing is based on your consent, you will have the right to withdraw that consent at any time, although withdrawing it will not in any way affect the lawfulness of the processing previously carried out by AUTO REISEN.

 

When the processing of your personal data is for advertising or direct marketing purposes, you will have the right to object at any time to the processing of your personal data, including any profiling connected with such marketing.

 

If you do not accept this policy, or you do not consent to the processing of your personal information in accordance with it, AUTO REISEN may prevent you from using the Portals and the services, content and functionalities associated with them. However, acceptance of this policy is separate from any acceptance of the particular legal terms and conditions that may govern the specific purchase by users of the services and products made available via the Portals.

 

4.      WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR DATA?

 

Failing to provide the personal data required may make it impossible to process the specific request or enquiry you are making and may therefore lead to AUTO REISEN discarding and/or excluding your request or enquiry.

 

The information and personal data that you provide must in all cases be:

 

- Sufficient, although geared, limited and proportionate to the legitimate processing purposes declared by AUTO REISEN, with maximum respect for the principles of purpose limitation and data minimisation.

- Accurate, up to date and true in order to be able to appropriately verify your identity, capacity and, if applicable, representative status, and to be able in each case to adapt the data processing performed to your specific needs and your actual situation. In all cases based on the principle of the accuracy of your personal data.

 

You are also informed that our Portals are for users aged 18 and over. They may not be used by minors under the age of 18.

 

5.      HOW DO WE SHARE YOUR DATA?

Your data may be shared with the following organisations:

- Banks, credit or financial institutions in order to process the relevant payments.

- Administrative and regulatory bodies and law enforcement agencies as well as third parties involved in any legal claim procedure in which you may be involved who must be informed of the identity of the driver or possible driver, as well as in order to complete the procedure for the collection of fines to which AUTO REISEN may be subject under Legislative Royal Decree 6/2015 of 30 October 2015 enacting the consolidated text of the Law on Traffic, the Use of Motor Vehicles and Road Safety, and Organic Law 4/2015 of 30 March 2015 on the Protection of Public Safety.

- Insurance companies and claim managers responsible for handling all aspects of the insurance products effectively purchased.

- Also, since AUTO REISEN forms part of a corporate group, you are informed that your personal data may be shared with other Group companies for purely internal and administrative purposes based on the legitimate interest of AUTO REISEN as provided for under Recital 48 of the GDPR.

In addition, you are informed that your personal data may be disclosed to third parties to the extent that this is provided for by law or legally required.

Lastly, AUTO REISEN has a number of data processors who may have access to your personal data in order to provide their services to our Company. AUTO REISEN's data processors provide sufficient contractual guarantees in conformity with GDPR Article 28.

6.      ARE THERE ANY INTERNATIONAL TRANSFERS OF YOUR DATA?

In general, no international transfers of your personal data are envisaged; AUTO REISEN adopts the necessary measures and guarantees in this respect in conformity with the applicable personal data protection legislation.

7.      HOW LONG WILL WE KEEP YOUR DATA?

With regard to the data that are necessary to enable you to browse any of our Portals, in general your data for these purposes will be kept only as long as is necessary to enable you to browse the Portals properly. Similarly, the data you provide us with via the Portal contact forms are kept only as long as is necessary to respond appropriately to your specific requests and/or enquiries in each case.

In addition, under Article 17 of the Order of 20 July 1995 implementing the Regulation of the Law on Land Transport in matters of self-drive vehicle hire, and for cases in which a self-drive vehicle rental agreement is signed with AUTO REISEN, the Company must keep a copy of such agreements for at least three years from the date on which they were signed, including therefore all of the personal data that are linked with them.

Without prejudice to the foregoing, information that may be evidence of a right or of a rental agreement, or that must be kept in compliance with a legal requirement, may be subject to a specific archiving policy in conformity with the applicable legal provisions.

When the processing of your data is based on your consent, as could be the case when AUTO REISEN sends you commercial communications, your data will be kept for as long as you authorise us to keep them and do not exercise your rights in this area (objection and the right to withdraw your consent at any time, as appropriate, without prejudice to any other personal rights you may have).

Lastly, we inform you that, in general, when your personal data are no longer necessary for the processing purposes for which they were collected, they will be blocked and will only remain available to the competent authorities in case there is a need to establish legal liability in the processing of them. This is always in conformity with the applicable legislation and the data may not be used for any other purpose. Once the legal time limits regarding such blocking have expired, the personal data will be erased in accordance with the applicable regulations and, if applicable, they may also be securely anonymised by AUTO REISEN (anonymised/non-personal data).

8.      WHAT RIGHTS DO YOU HAVE OVER YOUR DATA?

You may exercise your rights of access, rectification, erasure, restriction of processing, data portability, objection and the right not to be subject to a decision based solely on automated processing (including profiling), by emailing privacidad@autoreisen.es with the reference "Exercise of Rights", and enclosing with your request a copy of your identity document (passport, N.I.E., etc.) as necessary. If you consider that your personal rights have not been properly upheld, you may file a complaint with the competent control authority, in this case, the Spanish Data Protection Agency.

9.      ARE SECURITY AND PROTECTION MEASURES APPLIED TO YOUR PERSONAL DATA?

 

Taking into account the nature, scope, context and purposes of processing as described, as well as the risks of varying likelihood and severity for your rights and freedoms, AUTO REISEN implements (and will implement) appropriate technical and organisational measures to ensure the proper security and protection of your personal data based on principles of data privacy by design and by default, and also implements a concurrent risk-oriented system that will be reviewed and updated as and when necessary.

 

The use of the Hyper-Text Transfer protocol (HTTPS) is an added guarantee of the security of your personal data.

 

10.   EFFECTIVE DATE AND CHANGES TO PRIVACY POLICY

 

This policy has been in effect since 25 May 2018. AUTO REISEN reserves the right to make changes to this policy to adapt it to any future developments in the applicable legislation, legal principles or case law, or for technical, operational, commercial, corporate or business reasons, and to inform you reasonably in advance of the changes made when that is possible. In any event, it is recommended that each time you access our Portals you read this policy in detail, since any change made to it will be published here. Also, AUTO REISEN may inform you personally in advance of planned changes to this policy before they become effective, provided that it is technically and reasonably possible to do so, in particular, in the case of registered users or customers.

 

11.   DO YOU NEED TO CONTACT US?

 

For any query or suggestion that you may have for us regarding this privacy and cookie policy, please do not hesitate to contact us by email at: privacidad@autoreisen.es

 

12.   JURISDICTION

 

In general, any dispute or conflict will preferably be dealt with by the parties in order to reach an amicable solution by mutual agreement. The channel described above should be used to contact AUTO REISEN for this purpose.

 

If it is not possible to reach such a solution, based on the criteria contained in the GDPR for determining the competent lead supervisory authority for dealing with any dispute or complaint regarding this privacy and cookie policy, at least in terms of administrative proceedings you are informed that this authority will be the Spanish Data Protection Agency (AEPD).

 

Concerning the right to an effective judicial remedy, the provisions of GDPR Article 79.2 will apply, and any action must be taken before the Judges and Courts of Santa Cruz de Tenerife (Canary islands - Spain). In all cases the legislation applicable will be Spanish Law.

 

 

COOKIE POLICY

 

As established in GDPR Recital 30, natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them. For this reason, AUTO REISEN has in place a cookie policy that is consistent with the applicable legislation.

 

1.      WHAT ARE COOKIES? WHAT TYPES OF COOKIES ARE THERE?

 

Cookies are files or devices that are downloaded on to your equipment (computer, smartphone, tablet, mobile devices, etc.) and they can be of different types.

 

In general, according to the Cookies Guide published by the Spanish Data Protection Agency (AEPD), cookies may be of various types depending on different parameters:

 

Depending on who it is that is managing the server or domain from which the cookies are sent and processing the data obtained, we can distinguish between:

- First-party cookies

- Third-party cookies

 

Depending on how long they remain active on the device (duration) we can distinguish between:

- Session cookies

- Persistent cookies

 

Depending on the purpose for which data are collected through the cookies, we can distinguish between:

- Technical cookies

- Personalisation cookies

- Analysis cookies

- Advertising cookies

- Behavioural advertising cookies

 

2.      HOW ARE COOKIES MANAGED AND SET UP?

 

You can manage the use of cookies, and also block them, depending on the browser installed on your computer. You can learn more about how to manage cookies by clicking on the following links:

- Google Chrome

- Mozilla Firefox

- Microsoft Internet Explorer

3.      DO WE USE COOKIES ON OUR PORTALS?

For the time being cookies are not used or served on the Portals. This does not mean that AUTO REISEN may not make use of them in the future, in which case you will be informed via this Policy.