Privacy Policy / GDPR

1. Data Controller details

This Privacy Policy concerns the processing of personal data by our company in the context of operating the website, managing bookings, communicating with customers, and providing vehicle rental services.

Trade name: DRS Rent a Car Igoumenitsa
Legal name: DROSOPOULOS Ch. G.P.
Tax ID: 802720720
GEMI No.: 18158728000
MITE No.: 0621Ε81000064301
Registered office: 4th km Igoumenitsa - Ioannina Road, 46100 Igoumenitsa, Greece
Phone: +30 2665 041520
Email: info@drsrent.gr

2. Where we collect data from

Personal data may be collected directly from the customer or driver, through the website, booking form, email, telephone, WhatsApp, Viber, Messenger, Facebook, Instagram, SMS, physical presence at our office, or any other communication channel used by the customer.

The company may also receive necessary booking details through partners, such as hotels, travel agencies, online booking platforms, brokers, or other collaborators.

3. What personal data we collect

During an online booking, basic contact and booking details are usually collected. Full customer, main driver, additional driver details, and necessary documents may be requested before or at vehicle pick-up, for the preparation and performance of the rental agreement.

• Full name of the customer, main driver, or additional drivers.
• Father’s name, date of birth, country, city, and address, where required.
• Telephone number, email address, and other contact details.
• Booking details, such as pick-up and return dates, delivery/pick-up location, vehicle, special requests, and notes.
• Driving licence details, such as licence number, country of issue, issue date, expiry date, category, and licence-holding period.
• Identity card, passport, driving licence, visa, International Driving Permit, translation, or other necessary document details.
• Copies or photographs of documents, where required for the rental, insurance, identification, damage, fines, or legal obligations.
• Tax ID, tax office, and invoicing details where required for an agreement, receipt, invoice, or accounting/tax obligations.
• Payment or transaction details, such as amount, payment method, date, transaction status, and reference number.
• Deposit, advance payment, refund, charge, or outstanding balance details.
• Details related to damage, accidents, breakdowns, fines, violations, tolls, parking, insurance claims, or disputes.
• Photographs of the vehicle before and after the rental, such as vehicle condition, damage, mileage, fuel level, and equipment.
• Communication history, such as emails, messages, requests, replies, complaints, special agreements, or communication notes.
• Technical website usage data, such as IP address, device type, browser, operating system, and cookies.

As a rule, the company does not collect details of passengers who are not drivers. Passenger details may be requested only in special cases where they are necessary for the performance of the service, management of an incident, insurance claim, legal obligation, or protection of the company’s rights.

The company does not systematically request personal data of minors. If a child seat or other special equipment is required, only the absolutely necessary information may be recorded, such as age or seat category, for safety reasons and proper service.

4. Purposes for which we use the data

Personal data is used only for specific and lawful purposes related to the provision of our services.

• To receive, manage, confirm, change, or cancel bookings.
• To prepare, sign, send, and perform a vehicle rental agreement.
• To identify the customer, main driver, and additional drivers.
• To check rental requirements, such as driver age, licence validity, issuing country, licence-holding period, and compliance with insurance terms.
• To deliver and receive back the vehicle.
• For operational communication regarding a booking, agreement, pick-up, return, payment, deposit, damage, fine, outstanding balance, or agreement delivery.
• To send payment instructions, payment links, or payment confirmations via email, SMS, WhatsApp, Viber, telephone, or another communication channel.
• To issue legal documents and comply with tax or accounting obligations.
• To manage payments, advance payments, deposits, charges, refunds, or outstanding balances.
• To manage damage, accidents, insurance claims, fines, tolls, parking, violations, or other charges related to the rental.
• To apply the Cancellation Policy, including cancellation, no-show, booking changes, retention, or refund of amounts.
• For internal management of booking history, previous rentals, special agreements, damage, debts, or important incidents.
• To protect the vehicles, prevent fraud, false information, theft, non-return of a vehicle, serious breach, damage, debt, or legal claim.
• To send a review request after the rental.
• To improve the operation, security, and user experience of the website.
• For promotional communication and offers, only where consent or another lawful basis exists.

The provision of certain personal data and documents is necessary for the booking, driver identification, preparation of the agreement, and delivery of the vehicle. If the customer does not provide the required details or documents, the company may not be able to complete the booking or rental.

5. Legal basis for processing

Depending on the case, personal data is processed on the basis of one or more of the following legal bases:

• Performance of a contract: where processing is necessary for the booking, rental, and provision of the vehicle.
• Steps before entering into a contract: where the customer requests an offer, booking, or information.
• Legal obligation: where the company must comply with tax, accounting, insurance, or other obligations.
• Legitimate interest: for the protection of the company, vehicles, transactions, legal claims, and security.
• Consent: where required, such as for certain cookies, marketing, or use of customer photos/material for promotional purposes.

6. Payments and card details

The company accepts or may accept payments in cash, by card/POS, online card payment, bank transfer, or another agreed payment method.

When payment is made electronically through a bank or payment provider, payment data is processed by the relevant payment provider in a secure environment.

Our company does not store full bank card details, such as the full card number, CVV code, or other sensitive card details.

We may retain transaction confirmation details, such as amount, date, payment method, transaction status, and reference number, for accounting, tax, and evidential purposes.

7. Driver documents and vehicle photographs

The company may request and retain details or copies of documents of the customer, main driver, and additional drivers, such as driving licence, identity card, passport, visa, International Driving Permit, official translation, or another necessary document.

Details and documents may be provided at the office or sent via the website, email, WhatsApp, Viber, Messenger, or another communication channel, where this is necessary for the booking or rental.

The company may retain photographs of the vehicle before and after the rental as evidence of its condition at delivery and return. The photographs mainly concern the vehicle, damage, mileage, fuel level, and equipment. Where practically possible, the company avoids capturing people in photographs.

8. GPS, tracking, and vehicle telematics

Vehicles may be equipped with GPS, tracking, or telematics systems. These systems may operate for security, anti-theft protection, fleet management, location in the event of theft, non-return, breakdown, accident, use outside the permitted area, or protection of the company’s legitimate interests.

Such data is used only to the extent necessary for the purposes above. There is no continuous human monitoring without reason.

GPS or telematics data may be disclosed to competent authorities, insurance companies, roadside assistance, experts, legal advisers, or judicial authorities only where necessary for theft, non-return, breakdown, accident, insurance claim, legal claim, or protection of the company’s rights.

The vehicles do not have an internal camera or microphone for recording passengers’ image or sound.

9. Security cameras at company premises

At the company’s premises, such as offices, parking areas, delivery/pick-up areas, or vehicle storage areas, a video surveillance system may operate for the security of persons, facilities, vehicles, and property.

The system records image only and not sound. Video surveillance material is kept for a limited period, unless longer retention is required due to an incident, damage, theft, accident, dispute, insurance claim, or legal obligation.

10. Cookies, analytics, and advertising tools

Our website uses or may use cookies and similar technologies for its proper operation, security, improvement of user experience, traffic analysis, and the display or measurement of advertisements.

The website may use analytics, advertising, conversion measurement, maps, anti-spam, and security tools, such as services provided by Google, Meta/Facebook/Instagram, or other providers, according to the visitor’s cookie choices.

The visitor can configure or reject non-essential cookies through the cookie banner or the available website options. Strictly necessary cookies are used for the basic operation of the website.

11. Communication, marketing, and reviews

The company may communicate with the customer for operational matters related to a booking, rental, delivery, return, payment, deposit, damage, fine, outstanding balance, or agreement delivery. Communication may take place by telephone, email, SMS, WhatsApp, Viber, Messenger, or another channel declared or used by the customer.

For promotional messages, offers, updates, or advertising communication via email, SMS, telephone, WhatsApp, Viber, or social media, the company uses the customer’s contact details only where consent or another lawful basis exists.

Marketing consent may be recorded with details such as date, source of consent, communication channel, IP when provided through the website, and withdrawal date, if any.

The customer may request at any time to stop promotional communication, either by sending an email to info@drsrent.gr, replying to the relevant message, or contacting us by telephone or via WhatsApp/Viber.

The company may request or send a review request after the rental. Public reviews or customer comments, such as Google Reviews or social media comments, may be displayed carefully and, where possible, without full identifying details. Use of photos, a person’s image, or personal customer material for advertising purposes requires relevant consent.

12. Who data may be shared with

Personal data is not sold to third parties. However, it may be shared, only where necessary, with partners or bodies involved in the provision of the service, performance of the agreement, or compliance with legal obligations.

• Banks and payment providers.
• Accountants, tax advisers, and partners involved in issuing legal documents.
• Insurance companies, experts, and roadside assistance companies.
• Technical partners, repairers, or vehicle inspection partners, only where required due to breakdown, damage, or an insurance claim.
• Public authorities, police, port authorities, tax authorities, or judicial authorities, where required by law or for the protection of the company’s rights.
• Website hosting, email, booking software, payment system, technical support, and backup providers.
• Legal advisers, lawyers, or competent courts in the event of a dispute or claim.
• Partners, hotels, travel agencies, online platforms, or brokers, only to the extent required for managing the specific booking or cooperation.

Certain service providers, such as communication, email, hosting, analytics, advertising, or social media tools, may be located or may process data outside Greece and/or the European Union. In such cases, the company takes measures so that processing is carried out in accordance with applicable personal data protection legislation.

13. Data retention period

Personal data is retained only for as long as necessary for the purposes for which it was collected and for as long as required by tax, accounting, insurance, or other applicable legislation.

Data related to bookings, rental agreements, driver documents, payments, legal documents, deposits, damage, fines, insurance claims, debts, or potential disputes may be retained for as long as necessary to document the transaction, comply with legal obligations, and protect the company’s legitimate interests.

The right to erasure applies where permitted by law. The company may retain data that is necessary for compliance with legal obligations, proof of the agreement, management of payments, damage, fines, insurance claims, debts, or potential legal claims.

14. Data security

We take appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, leakage, or destruction.

Access to personal data is limited to authorised persons of the company and partners who need the data to perform their work, such as booking management, customer service, accounting/tax support, and technical system support.

15. Rights of customers and visitors

The customer or visitor has, where applicable, the following rights regarding their personal data:

• Right to be informed about the processing of their personal data.
• Right of access to their data.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure, where permitted by law.
• Right to restriction of processing.
• Right to object to processing.
• Right to data portability, where applicable.
• Right to withdraw consent, where processing is based on consent.

To exercise any right or to stop promotional communication, the interested person may contact the company by email at: info@drsrent.gr.

For personal data protection reasons, the company may request identity confirmation before satisfying a request for access, rectification, erasure, or another right.

16. Submitting a complaint

If the interested person considers that the processing of their personal data violates applicable legislation, they have the right to contact the competent supervisory authority.

In Greece, the competent authority is the Hellenic Data Protection Authority.

17. Links to third-party websites

Our website may contain links to third-party websites or services, such as maps, payment platforms, social networks, or other external services.

Our company is not responsible for the privacy policy or data processing practices of third-party providers.

18. Changes to this Privacy Policy

This Privacy Policy may be amended at any time in order to reflect changes in legislation, website operation, or our services.

The current version is always published on this page.