Privacy Policy

How rentathenscar.com collects, uses, and protects your personal data.

1. Introduction and Scope

This Privacy Policy explains how rentathenscar.com ("we", "us", or "our") collects, processes, stores, and protects personal data in connection with the car rental booking services offered through this website. It applies to all visitors, users, and customers who interact with our site, whether browsing for a rental vehicle in central Athens, booking a pickup at Eleftherios Venizelos International Airport (ATH), or requesting hotel delivery anywhere across Attica.

This policy is governed by Regulation (EU) 2016/679 (the General Data Protection Regulation - GDPR), Greek Law 4624/2019 on the protection of personal data, and any other applicable Greek or European Union data protection legislation. By using this website, you acknowledge that you have read and understood this policy.

The data controller responsible for your personal information is rentathenscar.com, operating in Athens, Greece. For all data-related enquiries, please use the contact details provided in Section 10 of this policy.


2. Information We Collect

We collect personal data in a number of ways depending on how you interact with our platform. The categories of data we may collect include:

2.1 Identity and Contact Details

When you make or enquire about a booking, we collect your full name, email address, telephone number, and residential address. For the purposes of completing a car rental agreement, we also collect your driving licence number, issuing country, expiry date, and, where required by our rental partners, a copy of your passport or national identity card.

2.2 Booking and Reservation Data

We record details of the vehicle category selected, rental start and end dates, chosen pickup and drop-off location (such as Athens Airport, Piraeus Port, Syntagma, or a hotel in the city centre), additional extras requested (child seats, GPS units, additional drivers), and the total rental cost agreed at the time of booking.

2.3 Payment Information

We do not store credit or debit card details on our own servers. All payment transactions are handled by PCI-DSS-compliant third-party payment processors. We retain only a transaction reference number and the last four digits of the card used, solely for booking verification and customer support purposes. Where bookings are completed with no upfront deposit, a record of the agreed deferred payment method is held securely with our payment partner.

2.4 Technical and Browsing Data

When you visit this website, our servers automatically record your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on each page, and the date and time of your visit. This data is collected through server logs and, where you have consented, via cookies and similar tracking technologies. Please refer to our Cookie Policy at rentathenscar.com/cookie-policy for full details.

2.5 Location Data

If you use our location-based features to find the nearest pickup depot in Athens or to plan a driving route, we may request access to your device's location. This data is used in real time only and is not stored beyond the immediate session unless you explicitly consent to location-based personalisation.


3. How We Use Your Data

We process your personal data only where we have a lawful basis for doing so under the GDPR. The primary bases we rely on are performance of a contract, compliance with a legal obligation, legitimate interests, and your consent. Specifically, we use your data to:

  • Process and manage bookings: to confirm your reservation, issue booking vouchers, coordinate vehicle handover at the agreed Athens pickup point, and handle any amendments or cancellations.
  • Customer support: to respond to enquiries, resolve complaints, and assist you during your rental period, whether you are driving around Monastiraki, heading south along the Poseidonos coastal road, or returning the vehicle at the airport.
  • Service improvement: to analyse usage patterns, identify technical issues, improve the booking flow, and develop new features that make renting a car in Athens simpler.
  • Marketing communications: to send you relevant offers, seasonal promotions, and travel tips - but only where you have given explicit consent. You may withdraw consent at any time.
  • Legal and regulatory compliance: to fulfil obligations under Greek and EU law, including tax record-keeping, fraud prevention, and responding to lawful requests from Greek public authorities.

4. Data Sharing with Third Parties

We do not sell your personal data to any third party. We share data only with trusted partners who are necessary for delivering the service you have requested, and only to the extent required. These include:

  • Car rental suppliers: Local and international rental companies operating in Athens, Piraeus, and Attica who fulfil the physical vehicle booking. They receive the data required to prepare the rental agreement and verify your driving licence at pickup.
  • Payment processors: Certified third-party payment gateways that handle all financial transactions. These processors operate under their own GDPR-compliant privacy policies.
  • Insurance providers: Where a rental includes an insurance product, limited personal and booking data is shared with the relevant insurer or underwriter as required to issue cover.
  • Booking integration partners: Technology platforms that power our search and booking engine. These partners process data on our behalf under binding data processing agreements.
  • Legal and regulatory authorities: Where we are required by Greek law, court order, or regulatory direction to disclose personal information.

All third parties with whom we share personal data are required to process it lawfully, keep it secure, and use it only for the purpose for which it was shared.


5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our standard retention schedule is as follows:

  • Booking and rental records: retained for 5 years from the date of rental completion, in accordance with Greek tax and commercial record-keeping requirements.
  • Customer support communications: retained for 2 years from the date of the last interaction.
  • Marketing consent records: retained until you withdraw consent, plus 1 year thereafter to demonstrate compliance.
  • Technical and browsing logs: retained for up to 12 months for security monitoring and service improvement purposes.
  • Payment transaction references: retained for 5 years for financial audit and fraud prevention purposes.

After the applicable retention period expires, personal data is securely deleted or anonymised in line with our internal data disposal procedures.


6. Your Rights Under GDPR

As a data subject under the GDPR and Greek Law 4624/2019, you have the following rights with respect to your personal data. You may exercise any of these rights at no cost by contacting us using the details in Section 10:

  • Right of access: You may request a copy of the personal data we hold about you and information about how it is being used.
  • Right to rectification: You may ask us to correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure: You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, subject to any overriding legal obligations.
  • Right to data portability: Where processing is based on consent or contract, you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: You have the right to object to processing based on legitimate interests, including direct marketing. Where you object to marketing, we will stop processing immediately.
  • Right to restrict processing: You may request that we limit how we use your data in certain circumstances, for example while a dispute is being resolved.
  • Right to withdraw consent: Where processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA - Archi Prostasias Dedomenon Prosopikou Charaktira), which is the supervisory authority for data protection in Greece. Details can be found at www.dpa.gr.


7. Data Security Measures

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

  • TLS/SSL encryption for all data transmitted between your browser and our servers.
  • Access controls ensuring that personal data is accessible only to authorised staff with a legitimate need to process it.
  • Regular security assessments, vulnerability scanning, and software patching procedures.
  • Third-party payment processing through PCI-DSS certified providers, meaning raw card data never touches our systems.
  • Data minimisation practices - we collect only what is necessary and delete it when it is no longer needed.

While we take all reasonable steps to protect your data, no method of internet transmission is completely secure. If you believe your data has been compromised, please contact us immediately at [email protected].


8. Cookies and Tracking Technologies

This website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, and analyse traffic. Strictly necessary cookies are placed without consent as they are essential for the website to function. All other cookies - including analytics and marketing cookies - are placed only with your prior consent via our cookie consent mechanism.

For a full list of cookies used, their purpose, and how to manage or withdraw your consent, please read our Cookie Policy.


9. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or data processing practices. When we make material changes, we will update the "Last revised" date shown at the bottom of this page and, where appropriate, notify registered users by email.

We encourage you to review this policy periodically. Continued use of the website after a policy update constitutes acceptance of the revised terms, to the extent permitted by applicable law.


10. Contact for Privacy Enquiries

If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or want to raise a concern about how your personal data is being handled, please contact us using the details below:

rentathenscar.com
Athens, Greece
Email: [email protected]
Phone: +1 (653) 760-9184

We aim to respond to all privacy-related requests within 30 days of receipt, in accordance with GDPR requirements. Where a request is complex or where we receive a high volume of requests, we may extend this period by a further two months, in which case we will notify you within the initial 30-day window.

Last revised: June 2025