EN |

Privacy policy

Last modified: 21.06.2023.

Data Controller: Primero Rent d.o.o., Street 43, Istarske divizije - Via della XLIII divisione istriana 12, Pula, OIB: 09633598338

Data Protection Officer:: Satya Perk, dpo@primero.hr

Your privacy is of great importance to us, and we want to explain how we use and protect your personal data. Our goal is to ensure privacy protection and transparency in data processing.

Table 1 presents the distribution of purposes, legal bases, volume, and retention periods of the data.

 

Purposes Legal Bases Volume Retention period
Vehicle rental:
  1. Vehicle rental agreement,
  2. Identity verification,
  3. Vehicle planning and allocation,
  4. Validity check of driver's license,
  5. Verification of permitted categories,
  6. Verification of any driving restrictions or prohibitions,
  7. Collection of rental fees,
  8. Collection of additional charges,
  9. Collection of damages or traffic fines,
  10. Security deposit.
 Contract Full name, address, date of birth, personal identification number (PIN), contact information (phone, email), copy of ID card or passport, vehicle type, pick-up/drop-off date and time, pick-up/drop-off location, driver's license number, driver's license issue/expiry date, vehicle categories, driving restrictions/prohibitions information, credit card details (card number, expiration date, CVV), additional charges details (insurance, equipment, fuel), damage/traffic fine details, security deposit amount 6 years Contract

11 years Transacti-on
Communication and information:
  1. Sending reservation and change notifications,
  2. Sending marketing materials and promotions,
  3. Satisfaction surveys and feedback
  1. Contract
  2. Consent,
  3. Legitimate interest
 Full name, contact information (phone, email), reservation details (vehicle type, pick-up and drop-off dates and times, location), feedback and ratings 6 years Contracts

Consent Withdraw
Business activities:
  1. Business reporting,
  2. Vehicle and rental record keeping,
  3. Notification to regulatory bodies,
  4. Invoicing and payment confirmations,
  5. Bookkeeping records,
  6. Financial reporting and analysis.
 Legal obligation (16., 18., 19.) or Contract (14., 15., 17.) Rental quantity, vehicle types, income and expenses, full name, vehicle details (type, model, license plate), reservation details (vehicle type, pick-up and return date/time, location), address, personal identification number (PIN), payment details 6 years Contract

11 years Transaction
Employee administration:
  1. Salary payments to workers,
  2. Pension insurance registration,
  3. Health insurance registration,
  4. Organization and implementation of employee programs.
 Legal obligation (21., 22.) or Contract (20., 23.) Full name, Personal Identification Number (PIN), phone, email, address, job title and responsibilities, employment data (start date, contract), salary, tax information ... 6 years Programs

11 years Other
Web:
  1. Web cookies - Facebook Pixel, Google Tag Manager
 Consent Visitor data on the website (IP address, browsing, interactions, conversions) 180 days Pixel, 26 months GTM

 

  1. 1. RIGHTS: In accordance with the General Data Protection Regulation (GDPR), we respect and protect the rights of our clients regarding the processing of their personal data. Clients have the following rights:

  2. Right of access: Clients can request access to their personal data that we process.
  3. Right to rectification: Clients can request the correction of inaccurate or incomplete data.
  4. Right to erasure: Under certain conditions, clients can request the deletion of their data.
  5. Right to restriction of processing: In certain situations, clients can request the restriction of the processing of their data.
  6. Right to data portability: Clients have the right to have their data transferred to another data controller.
  7. Right to object: Clients can object to the processing of their data by contacting us at azop@azop.hr
  8. Right to not be subject to automated decision-making: Clients have the right to not be subject to decisions based solely on automated processing.
  9. Right to withdraw consent: Clients have the right to withdraw their consent for data processing at any time.

    10. To exercise these rights, clients can contact our Data Protection Officer via email or postal mail to the address of the Data Controller. Your request should include your name, contact information, a clear description of the request, and the right you wish to exercise. We will respond to your request in accordance with the GDPR, within 30 days of receiving the request.


  10. 2. THIRD PARTIES: We only share personal data of our clients with third parties for the purpose of providing services and improving the user experience, always considering the rights of the data subjects. We only collaborate with partners within the EU/EEA area, in compliance with applicable laws and regulations on personal data protection. The third parties we collaborate with include:

    Insurance companies: for the purpose of vehicle and user insurance, claims processing, and insurance requests.
    Technical support: for the purpose of providing technical support and maintaining IT infrastructure.
    Financial institutions: for the purpose of service payment or transaction processing.
    Marketing partners: strictly with consent for receiving marketing materials or participating in promotions and contests.
    Competent authorities: in accordance with the legislation, we may be obliged to share data with the competent authorities.

    All our partners provide adequate protection of personal data and comply with the GDPR.

    11.  

  11. 3. TECHNICAL AND ORGANIZATIONAL MEASURES: We have implemented various technical and organizational measures to protect the data of our clients.

    Technical measures include encryption, firewalls, antivirus protection, regular backups, and access control. Organizational measures include employee training, data protection policies, contracts with third parties, a designated DPO, incident management, and compliance monitoring.

    We continuously work to improve our security measures to ensure a high level of protection for the personal data of our clients and adapt to new security challenges.

    12.  

  12. 4. CHANGES: Our current privacy policy is effective as of May 9, 2023.

    In case of any changes to the privacy policy, we will notify clients of the changes and update the privacy policy on our website with a clearly indicated effective date. For transparency and historical reference, we archive previous versions of the privacy policy. If you have any questions or would like to access previous versions of the policy, please contact our Data Protection Officer.

    13.