Termini e Condizioni

 

Logo Europcar

 

 

 

EUROPCAR ITALIA S.p.A.

PRIVACY STATMENT FOR CLIENTS

Article 13 of the General Data Protection Regulation 679/2016

 

  1. Who processes your personal data?

Europcar Italia S.p.A, , subject to the management and co-ordination of Europcar Mobility Group SA , with head office located in 39100 - Bolzano, Corso Italia 32, Tax ID and VAT Reg. No. 05035331007, (“Europcar”) and its parent company Europcar International S.a.s.u. with head office located in 13 Ter Boulevard Berthier 75017 Paris, France, are companies that in their capacity as independent Data Controllers, collect and process your personal data pursuant to the General Data Protection Regulation 679/2016 ("Data Protection Regulation"). To learn about the characteristics of the processing of your personal data on the part of Europcar International S.a.s.u., read the specific privacy statement on the website https://www.europcar.com/security-and-privacy-policy or available upon request

 

  1. Why do we process your personal data?

The personal data that you are providing in this booking (name and surname, address, contact details, photocopy of driver's license, details on method of payment, tax details for billing) and information regarding your rental and related services that you requested (e.g. dates and vehicle collection and delivery stations, type of vehicle, license plate and conditions of the vehicle, requested services, are all required to:

  1. process your booking to comply with the rental contract that you have concluded, including related services (e.g. customer assistance, as well as online chat in real time through our website, the creation of a section on our website dedicated to you where you can see the invoices and check the status of your bookings) and any extra services that you request (e.g. winter driving accessories, additional driver, etc), as well as exercise the respective rights (e.g. manage fines or claims and determine the respective liability);
  2. comply with law obligations, rules and EU standards regarding the contract concluded with you and the services rendered (e.g. on taxing, accounting, insurance, anti-terrorism);
  3. protect corporate assets (car fleet) and the safety of drivers in case of accidents by using a multi-functional satellite device "data event recorder" with geolocalion to track and recover the rented vehicle and reconstruct the events in case of an accident, as well as to request first aid of staff for medical or mechanical assistance;
  4. prevent fraud associated with the rental through data entering in case of car theft, misappropriation or fraud associated with your rental or where there are applicable cases reported against you in the centralised anti-fraud database managed by ANIASA (National Association Car Rental Industry and Automobile Services).

Moreover, if you give us your consent, your personal details will be processed to:

  1. analyse your rental preferences and habits so that we can customise and improve our sales offer and services;
  2. keep you up-to-date by sending marketing materials, including personalised information (e.g. newsletters, emails, text messages, regular mail, calls by operators, instant messaging, messages and communication through social networks, etc) on services, on deals and on initiatives (e.g. contests) of Europcar or to invite you to participate in market surveys (to better understand your preferences and to improve our sales offer);
  3. disclose your personal details to our business partners - whose list is available on our website (www.europcar.it) - partners who will contact you to tell you about deals, promotions, latest news on products and services.

The legal basis for processing your personal details will be:

  1. to execute the contract entered into with you and to observe the respective obligations of law for said purposes 1 and 2 (article 6, paragraph 1, letter b and c of the Data Protection Regulation);
  2. The execution of the contract and legitimate interest of Europcar to protect its own car fleet and exercise its rights (article 6, paragraph 1, letter (b) and (f) of the Data Protection Regulation);
  3. Europcar's legitimate interest to prevent fraud for purposes outlined in no. 5 (section 6, paragraph 1, letter f) of the Data Protection Regulation);
  4. your consent to the purposes 5, 6 and 7 (article 6, paragraph 1, letter (a) of the Data Protection Regulation).  Even if you do not intend to give us your consent, you may still make the booking, rent Europcar vehicles and benefit from the services offered by us.  You can always cancel your consent.

In any case, the processing shall take place pursuant to applicable standards - as amended and supplemented thereof - issued by the Data Protection Authority (hereinafter, "Data Protection Authority") (such as fidelity cards and warranties for consumers. The rules of the Data Protection Authority for fidelity plans of 24 February 2005 and guidelines on promotional activities and protection against spam of 4 July 2013), as well as the observance of warranties and the necessary measures prescribed in the authorisation procedure issued by the Data Protection Authority to Europcar on 7 November 2013 "onboard installation of a multi-functional storable satellite device in the car fleet, the so-called "event data recorder.", as well as that issued by the Data Protection Authority to ANIASA on 20 November 2017 "Creation of a databank where to share the information provided by rental car companies"

  1. Is all the requested data necessary?

The requested data (e.g. name, surname, contact details, address, driver's license number) are required to process your booking and for the respective rental and to fulfil the related obligations (e.g. taxation, accounting, insurance matters).

If you provide personal details pertaining to third parties (e.g. additional drivers), you must ensure that said persons are informed and have given their consent (where applicable) to use their personal data according to the provisions of this privacy statement

  1. How do we process your personal data?

Your personal data will be processed with or without electronic instruments (including the event data recorder installed on the vehicle that you will rent, in accordance with the Authorisation Procedure of the Data Protection Authority of 07/11/2013).

If you give us your consent, we can analyse your personal details (e.g. your rentals) to try to understand your preferences and rental habits (e.g. checking what vehicles you rented) so that we can send you the best deals, including customised deals (e.g., if you rented a family car, we could send you deals and promotions on rentals for said type of car) or invite you to participate to market research surveys or contests.

It must be noted that all of our analysis activities of your data and preferences will not take place solely with automated means, but will also include the intervention and evaluation of our assigned persons.

 

 

e) Data entry in the anti-fraud centralised database managed by ANIASA (National Association of Car Rental and Car Services):

Your personal data and those of an additional driver, may be entered into the anti-fraud centralised database, managed by ANIASA, for the following purposes: (1) to protect corporate assets (theft prevention, misappropriation of car fleet); (2) to plan corporate strategies to reduce risks of criminal events; (3) to prevent repeated unlawful actions to the detriment of associate companies; (4) to conduct statistical analysis; (5) to exercise rights in legal claims; (6) to cooperate with public safety authorities.

The following data may be processed: personal details; contract details (e.g. type of contract and date and place of execution); data regarding the occurring event (e.g. theft); data regarding the involved vehicles (e.g. brand, model, etc) and any reports filed (e.g. data and place of accident, reporting authorities, details as to whether the vehicle was found or not, etc). No special categories of data or judicial data will be processed.

Data will be processed in the presence of the following assumptions:

(i)  if at the end of the rental you do not return the vehicle and do not show-up at the rental station agreed where to return the vehicle without any reason for not returning the vehicle and without contacting Europcar to give any explanations;

(ii) if at the end of the rental period you do not return the vehicle, reporting a theft and providing Europcar a special report to the competent authorities, if in the 6 previous month, you filed at least other two reports and the declarations contained in your report are then disclaimed by investigations carried out;

(iii) if after taking out the rental contract, it is documented that false or forged vehicle or ID documentation is presented during the rental contract;

(iv) if after taking out the rental contract, an identity theft of third parties is documented.

The reporting in the anti-fraud database will take place exclusively when the following conditions are fulfilled:

a)   it was not possible to contact you (e.g. false contractual details); or

b)   you did not respond to Europcar's attempts to contact you or you were unavailable; or

c)   once you are contacted, you gave inconsistent information with the technical evidence (e.g. information of where the vehicle was last located, equipped with anti-theft satellite that is inconsistent with the allegations of he client);

d)   Europcar files a report for misappropriation with competent authorities;

e)   all preventive checks were carried out including those to find the vehicle, as well as notification procedures and loss of the vehicle's possession;

f)    not less than thirty days passed from the time the vehicle was returned.

The legal basis of the processing by Europcar of your personal data for purposes of entering the data in the database is a legitimate interest to prevent fraud cases envisaged in article 6, paragraph 1, letter (f) of the Data Protection Regulation.

The administrator of the anti-fraud database is ANIASA,  National Association for Car Rental and Services with head office located in Via del Poggio Laurentino, 11 postcode 00144, Rome.

The list of companies that can access the database is available on the ANIASA website at https://www.aniasa.it/aniasa/associazione/associate

The information registered in the database may be disclosed to public authorities (e.g. legal authorities or the police) and will not be disseminated.

The data entered into the database by Europcar and duly coded and stored, will be preserved for the time strictly necessary to clear the position of the data subjects (e.g. until all procedures in legal claims are defined). After this, the data will be deleted by Europcar from its own databanks and anti-fraud database by ANIASA with the possibility of further storing the data, subject to transposition on a different support and in an anonymised manner, solely for statistical purposes of the association.

The data will be arranged within the database based on logics aimed at registering those who over time and for various reasons, did not return the rented vehicles, based on the respect of dignity of data subjects in compliance with principles of necessity, lawfulness and correctness.

Accessing the database by associate firms is guaranteed by special authentication credentials and are protected by proper security measures, as defined in the Guidelines of ANIASA which must be complied by Europcar (and other associate firms) in compliance with the Authorisation Procedure of the Data Protection Authority of 30/11/2017.

For additional information on data processed by ANIASA, read the respective privacy statement on the website https://www.aniasa.it/aniasa/privacy.

 

  1. How long do we keep your personal data for?

Data regarding the rental will be processed for the time necessary to manage your rental and related services, as well as thereafter in compliance with relevant obligations of law (e.g. tax and accounting obligations). After this time, the data will be deleted or made anonymous.

The data gathered through the event data recorded installed on the vehicle will be processed only for the time required to deal with the accident occurring and time to recover the vehicle, as well as to protect the rights of Europcar with competent authorities. After this time, the data will be deleted or made anonymous.

Data on your rental details will be preserved for a maximum of 12 months, the purpose being to analyse your rental preferences and habits, or for 24 months to contact you with promotional initiatives. After this time, the data will be deleted or made anonymous. Data regarding reporting in the ANIASA database are outlined in letter (e)

 

  1. Who are the recipients of your data?

Your personal data will be disclosed and put to the attention to those authorised to process the data (only within their scope of their competence) from rental stations and competent management offices of Europcar and may be disclosed to public entities, insurance companies, the police, public authorities, ANIASA (e.g. in case of fines, accidents or fraud).

The data will also be processed by companies that provide services to manage the rentals and related services, as external managers, or those who conduct marketing activities on our behalf, such as companies that: (i) manage the rental stations (e.g. franchisees); (ii) conduct analysis on your personal details; (iii) that are in charge of processing, managing and sending newsletters and promotional materials; (iv) organise and manage market research activities; (v) oversee Europcar' sales networks; (vi) deal with the management and technical maintenance of Europcar's IT systems; (vii) manage the event data recorder system installed in our car fleet. Data will also be processed by Europcar International S.a.s.u, as independent data controller.

A complete list of external managers can be requested to info.privacy.it@europcar.com.

 

h) Would your personal data be transferred outside the European Union

Your personal data will be subject to transfer to countries outside the EU, such as the US.

Applicable law states that your specific consent is not require to transfer your personal details to countries outside the EU, whenever the transfer:

  1. is required for the execution of a contract concluded between the data subject and the data controller, namely the execution of pre-contractual measures adopted upon request of the data subject (article 49, paragraph 1, letter (b) of the Data Protection Regulation) and in particular managing emails and complaints;
  2. is made based on an adequacy decision with which the European Commission ascertains that a country outside the EU guarantees a proper protection level (article 45 of the Data Protection Regulation) and in particular the "Privacy Shield".

Your personal details will be transferred to third party countries in full compliance of the guarantees, measures and rights envisaged in the above acts. By simply sending an email to info.privacy.it@europcar.com, you can receive additional information on the transfer of your personal details and the guarantees set out for their protection, as well as the means to obtain said data or the place where they were made available.

i) What are your rights?

You may exercise the rights envisaged in articles 15 through 22 of the Data Protection Regulation by sending an email to info.privacy.it@europcar.com or by writing to our head office, rights include the following:

  • the right to obtain confirmation as to whether or not personal data concerning you exist;
  • the right to access your personal details and the information specified in article 15 of the Data Protection Regulation;
  • the right to rectify inaccurate personal details that concern you without unjustified delay or the right to supplement incomplete personal details;
  • the right to delete personal details that concern you without unjustified delay;
  • the right to limit the processing of personal details concerning you;
  • the right to be informed of any rectifications, deletions or restrictions in the processing made in relation to your personal details;
  • the right to receive a structured format of common use and legible form of your personal details from an automated device;
  • the right to oppose at any time to the processing of your personal details for reasons related to a special situation.

The above without prejudice to your right to revoke the consents given to process your personal details at any time and to oppose to the processing of your personal details, in particular when processed for marketing purposes or to analyse your preferences.

Moreover, if you wish you can revoke your consent only to receiving communications by electronic means (e.g. email, texts, instant messaging) and continue to receive sales information only by hardcopy or by telephone by an operator, where applicable.

Moreover, in compliance with article 21 of the Data Protection Regulation, you will have the right to oppose to the processing at any time, for reasons related to a special situation, processing of which is to pursue the legitimate interest of the data subject pursuant to article 6, paragraph 1, letter (f) of the Data Protection Regulation.

 

j) Who can you contact to file a complaint?

If you believe that the processing of your personal details breaches the provisions of the Data Protection Regulation, you can always file a complaint with the Data Protection Authority (www.garanteprivacy.it), or with the Data Protection Authority of the country in which you currently live, work or the place where the alleged violation took place.

 

k) How can you contact the Data Protection Officer? 

The Data Protection Officer appointed by Europcar can be contacted at the following email privacyinformation-italy@europcar.com.

 

 

Centro prenotazioni 199 30 70 30

Scarica la nostra App per tutte le tue esigenze di mobilità

Maggiori dettagli