en
Language
We are the Rienhoff d.o.o., Hertz International Franchisee operating under the Hertz, Thrifty and Dollar brands (together “we”, “us”, and “our”). This policy does not cover our affiliates or other third parties through whom you may interact with us. This is a high level summary to explain how we process your personal data and your rights in relation to that personal data. For full information, please see the full policy below.
In accordance with applicable law, you have the right to:
In order to exercise these rights please write to privacy@hertz.si or Rienhoff d.o.o., Hertz International Franchisee, Verovškova ulica 55, SI-1000 Ljubljana. We will review your request and reply accordingly.
Automated decision making including profiling
Automated decisions within the meaning of Art 22 GDPR mean that a decision that has legal effect on you or significantly affects you in a similar manner is automatically taken on the basis of a computerbased determination (using software algorithms) without review by a person on our part. We do not use
automated decisions.
This Policy was last updated on June 27 2018.
We are Rienhoff d.o.o., Hertz International Franchisee operating in Slovenia, to provide vehicle rental services to our customers under the Hertz, Thrifty and Dollar brands (together “we”, “us”, and “our”).
We are the data controller within the meaning of the EU Data Protection Regulation (GDPR) for the purposes of this Privacy Policy (“the Policy”).
We respect the privacy rights of our customers and are committed to protecting your privacy. This Policy explains our data handling practices with regard to your personal data, as well as your rights associated with that data.
We collect personal data that you provide on our websites, on third-party websites, on applications and offline in connection with any inquiries, reservations, rentals or purchases you make in relation to our services. We may collect your personal data directly or through our service providers, business partners, discount sponsors, licensors, licensees, advertisers and booking channel providers. For further details, see below:
TYPES OF PERSONAL DATA
may include, but are not limited to:
Personal data regarding the person of the customer:
Rental information:
Vehicle sourced information (telematics):We may use in-vehicle data systems to process data about the vehicle’s condition and performance (including mileage, fuel and other operational data) and the driver’s operation of the vehicle during their rental for safety, security and claims management reasons.
We may also track the vehicle’s location throughout the duration of a rental, although we will only actively access this information in circumstances where the driver is in breach of the rental agreement, by failing to return the vehicle on time or by driving into unauthorised territories.
Sensitive Data (special categories of personal data):
We may collect certain personal data that constitutes sensitive data in some countries, such as data about (i) health conditions (for instance, if you ask us to accommodate a disability, such as by provision of hand controls, or if there is an accident and we need to work with insurance and claims management companies relating to any injury you may incur) or (ii) membership of a trade union (or similar organization) if you use a CDP Number that only members of that union or organization can use. Depending upon applicable local law, we may be unable to process such sensitive data without your consent.
b. METHODS OF PROCESSING AND SOURCES OF PERSONAL DATA
may include the following:
Depending on the purposes for which we collect and use your personal data, as set out in this Policy, the personal data we collect from you may be required for the conclusion and performance of the contract or due to a statutory obligation. If you do not provide your personal data the contract or the requested services (e.g. rental to you) cannot be carried out and an existing contract may have to be terminated. However, unless otherwise stated, failure to provide your personal data will not result in legal consequence for you.
Below we have set out the various purposes for which we process your personal data. We have also set out the legal grounds for the processing of your personal data for each purpose:
a. CONTRACT PERFORMANCE
We may use your personal data to provide you with the services or products you request from us and to perform other activities related to such services or products, including billing and collection following a rental, or to communicate with you regarding (i) any reservation you initiate or rental transaction; (ii) your membership/status in one of our membership programs; or (iii) changes to the terms or features of any of our membership programs to which you belong.
Legal grounds: to perform our contract with you or to take steps at your request prior to entering into a contract with you (Art 6 para 1 lit b GDPR).
b. MARKETING
We may use your personal data to provide you with marketing information, special offers and promotions via various means, including e-mail, mail, telephone, social media and messenger services, in accordance with applicable law. We may also share your personal data with a sponsor or other third party
that provides you with special offers or promotions that may be of interest to you (“Third Party Provider”) where permitted.
Legal grounds: on the basis of your consent (Art 6 para 1 lit a GDPR).
You can unsubscribe from receiving such marketing-messages at any time by contacting us at the details at Section 6 below as well as by using the unsubscribe link in each e-mail marketing-message. If you unsubscribe, you will continue to receive communications concerning your account and products and services you requested, and in response to any requests for information by you. Please note that this unsubscribe-process may take some time to complete, consistent with applicable law.
c. CUSTOMER DISCOUNT PROGRAM („CDP“)
As part of our services, we have engaged with third-party organizations that sponsor the special discount code (called a CDP number), member, employee or other number used by you to complete a rental or purchase (“Sponsoring Organization”). As a result of our relationship with these Sponsoring
Organizations, we may be under an obligation to provide them with personal data about you and your use of our services as they relate to your relationship with them, such as (i) to confirm your eligibility to rent using that number, (ii) to establish your compliance with the rules set up by the Sponsoring Organization for use of the number, or (iii) to enable their payment of your rental costs. If you do not wish us to disclose relevant personal data to the Sponsoring Organization for these or other disclosed purposes, you must
not use the number associated with them.
Legal grounds: to perform our contract with you where you use a CDP, member, employee or other number (Art 6 para 1 lit b GDPR).
Sponsoring Organizations can use personal data which they receive from us for the purposes specified in their privacy policies. We have no control over the Sponsoring Organization’s privacy policies. Thus, we recommend you review the Sponsoring Organization’s privacy policy for the purposes which they will use your personal data.
d. NORMAL COURSE OF BUSINESS
We may also process your personal data if such processing is necessary:
i. to comply with the law or in response to a subpoena, court order, law enforcement request, or other legal process;
Legal grounds: compliance with a legal obligation to which we are subject (Art 6 para 1 lit c GDPR).
ii. to protect the interests, rights, safety, or property of us or others;
Legal grounds: our legitimate interests (Art 6 para 1 lit f GDPR).
iii. to enforce any terms of service on our websites or the terms and conditions of any rental, purchase, or utilization;
Legal grounds: our legitimate interests, (Art 6 para 1 lit f GDPR).
iv. As part of a business transaction where all or some of our assets are bought, sold, or otherwise transferred by act of law or contract;
Legal grounds: our and third parties’ legitimate interests (Art 6 para 1 lit f GDPR).
v. The proper running of our systems and our business in order to provide our products and services to you and other customers.
Legal grounds: our legitimate interests (Art 6 para 1 lit f GDPR).
e. TELEMATICS
We may use in-vehicle data systems to process data about the vehicle’s position, condition and performance during your rental as follows:
i. to process data relating to the vehicle’s condition and performance during the rental (including vehicle damage, mileage, fuel use and other operational data) to improve the accuracy of our billing processes on return of the vehicle;
Legal grounds: our legitimate interests to ensure accurate charging for your uses of the vehicle, including for fuel and damage, during your rental (Art 6 para 1 lit f GDPR)
ii. to process data relating to the driver’s operation of the vehicle during the rental for safety, security and claims management reasons, including to contact the renter if the data suggests there is a security, safety or operational issue that we need to bring to your attention.
Legal grounds: our legitimate interests to enable us to defend and manage claims arising out of accidents involving the rental vehicle; to ensure we meet our safety and security obligations in relation to the vehicle and each rental (Art 6 para 1 lit f GDPR).
iii. to track the vehicle’s location throughout the duration of a rental in order to access such personal data solely where the driver is in breach of the rental agreement (e.g. by failing to return the vehicle on time or by driving into unauthorised territories) or to assist in the establishment, exercise defence
and management of claims following an accident involving the vehicle.
Legal grounds: our legitimate interests to protect our assets, enforce our terms and conditions and defend and manage claims (Art 6 para 1 lit f GDPR).
iv. to track the vehicle’s location to enable us to provide information to you as you drive about areas of historic or leisure interest, restaurants, service or fuel stations or other places or services of interest.
Legal grounds: your consent (Art 6 para 1 lit a GDPR).
v. to share with you, your employer or others information about your driving performance (such as speed) during your rental;
Legal grounds: your consent to each specific use requested (Art 6 para 1 lit a GDPR)
a. THIRD PARTIES
We may share your personal data with third parties in the following circumstances:
i. Business transaction: with our employees who need them to fulfill contractual and legal obligations and legitimate interests, group companies (as specified herein), external service providers (e.g. IT service providers) and cooperation partners (e.g. sponsoring partners, operators of membership programs) who provide data processing services to us or who otherwise process personal data for the purposes described in this policy (such as financial service providers, insurers, travel agencies, consultants) or who are disclosed to you when we collect your personal data. A list of our current service providers and partners is available on request. All recipients are obliged to treat your data confidentially and to process it only within the scope of the provision of services. This information will be forwarded in particular for the following purposes:
ii. Legal uses: We may use, share and disclose your personal data for legal reasons to competent authorities, such as tax, supervisory or safety authorities, or public authorities, courts or other third parties to:
iii. Disclosure for corporate transactions: We may disclose your personal data to a third party in connection with any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
b. INTERNATIONAL TRANSFERS
Some of the processing activities mentioned in this Policy may involve the transfer of your personal data to various countries around the world outside of the EU/EEA (e.g. if you request car rental services in a country outside the EU or EEA) for which an adequate level of data protection has not (yet) been determined by the EU Commission and which may not provide the same high level of protection. Local laws and regulations in these countries may make personal data available to local authorities or courts.
Where the transfer of your data is necessary to provide rental services requested by you, the legal basis for the transfer is the contractual necessity of the transfer, and your personal data will be processed by the company providing the services you requested in accordance with applicable local law.
Also in cases other than those mentioned above (e.g. where we transfer the data to a company processing it according to our instruction to enable us to provide our services), we will ensure that other required appropriate safeguards are in place for the transfer. These include (i) where the entity receiving the data is located in a country recognized by the European Union as having an adequate level of data protection; (ii) we have concluded the approved EU Standard Contractual Clauses with the recipient for the protection of the personal data; (iii) where the transfer is to the United States, the recipient company is certified under the EU-US Privacy Shield (see below). Further details on the appropriate safeguards taken are available on request. For example:
i. EU-U.S. Privacy Shield Certification: We store your personal data on servers from “The Hertz Corporation” and its subsidiaries, located also in the United States. The Hertz Corporation and its subsidiaries in the U.S. (individually and collectively, the “Company”) participate in the Privacy Shield. The Company’s participation applies to personal data received in the United States from the European Union (“EU”). We are committed to treating such EU personal data in accordance with the Privacy Shield principles, including Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield List at www.privacyshield.gov
ii. EU Standard Contractual Clauses: Where we transfer your personal data outside of the European Economic Area to any other company or organization in a country for which no adequacy decision of the EU Commission exists (e.g. to Russia, India or companies in the U.S. which do not participate in the Privacy Shield), we implement EU Standard Contractual Clauses approved by the European Commission to ensure that your personal data is protected. You can request a copy of these standard contractual clauses by contacting us as set out in Section 6 below.
a. DATA RETENTION
We retain personal data about our customers for as long as necessary for the purposes for which it was collected, or unless otherwise a legitimate interest in retention exist (e.g. as proof of the assertion of legal claims; until the expiry of limitation periods, e.g. 3 years or up to 30 years) or required by law. We process personal data for a number of purposes (see above) and may be required to retain it for legal (including tax) reasons for a period beyond the period of delivery of the vehicle rental services. We maintain a data retention policy to cover all the personal data we retain across our systems. If you have any questions about the retention period applying to the personal data we collect about you, please contact us (see Section 6).
b. SECURITY MEASURES
Personal data is stored and accessed in various locations and cloud services. Servers which store personal data are primarily located in the United States and Europe, although storage may occur in other locations as well. We use reasonable administrative, technical, personnel, and physical measures (a) to
protect personal data against loss, theft, unauthorized use, disclosure, or modification; and (b) to ensure the integrity of your personal data. To help us protect your privacy, you should maintain the secrecy of any logon IDs and passwords, Member numbers, or other identifiers or credentials you may have set up or were provided with in connection with your participation in or use of our products, services, or websites.
c. TRANSMISSIONS
As you may be aware, there is no completely secure method of transmitting or storing data. Although their physical characteristics are different, postal mail, telephone calls, text messages, faxes and transmissions over the Internet or wireless networks all present possibilities of loss, misrouting, interception and misuse of the data that is transmitted. If you have reason to believe that any account with us is no longer secure, you must immediately contact us.
According to the legal regulations you have the following rights. To exercise these rights a) to h) contact us as described in section 6 below.
a. Access: You have the right to request access to, review, and update your personal data covered by this Policy. If you are a member of one of our membership or rewards programs, you may update the personal data in your member profile by logging into your applicable member profile.
b. Rectification: You can request a correction of your personal information if the personal data we hold about you is incorrect or incomplete;
c. Objection to direct marketing: You can object to the processing of your personal data for direct marketing purposes at any time without giving reasons, including profiling to the extent it relates to direct marketing;
d. Objection: You can object to the processing of your personal data if we process it on the basis of our legitimate interest, unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims;
e. Erasure: You can request erasure of your personal data in certain circumstances, such as where processing is no longer necessary for the purpose it was originally collected for and there is no compelling reason for us to continue to process (or store) it);
f. Restriction: You can request restriction of your personal data in certain circumstances, such as that we do not process certain of your personal data (other than merely by storing them) following a rental in circumstances where all matters relating to the rental have been completed and the data is being
stored only to meet certain legal (e.g. retention obligations) requirements;
g. Data portability: You can receive (or ask us to transmit to another organization) your personal data that you have provided to us and which we process by automated means if our processing is either based on your consent or is necessary for the performance of a contract with you.
h. Withdrawal of consent: If we process your personal data on the basis of your consent, you can withdraw your consent at any time with effect for the future. The withdrawal does not affect the legitimacy of the processing until the withdrawal.
i. You also have the right to lodge a complaint with the competent data protection supervisory authority.
a. CONTACT US
Should you have a concern or complaint about our handling of your personal data, you may contact us directly via the methods described below. We will process and respond your request in an expeditious manner.
Please contact us by emailing privacy@hertz.si or writing to the address below if you have any questions, wish to exercise your rights of access, or seek other assistance as described above:
Rienhoff d.o.o.
Hertz International Franchisee
Verovškova ulica 55
1000 Ljubljana
Slovenia
b. CHANGES
We reserve the right to change this Policy at any time with regard to legal, technical or business developments, but such changes do not apply retroactively. We will take appropriate measures to inform you according to the importance of the changes made. Whenever we make a material change, we will note the latest date of such update in the introductory page above.
This policy was last updated on June 27 2018.