GENERAL DATA PROTECTION REGULATION (GDPR)

  1.  Privacy policy of the Auto LP Company.

We respect your privacy and are committed to protecting your personal data. The present privacy policy informs you about the way we safeguard your personal data as a customer and it provides updates on your privacy rights and protection afforded by the law. Our company is responsible for collecting, handling and processing your personal data. You are entitled to every right guaranteed by the 2016/679 EU regulations and all relevant European and national legislation. We will process your personal data strictly within the legal regulations. We will use your personal data when: we have your full consent; we have to implement the contract that we are about to sign or have already signed with you; dictated by our legal interests (or the legal interests of a third party) whenever your interests and fundamental rights do not override these interests; we have to conform to legal or regulatory obligations; dictated by public interest.

  1. Why we process your personal data

We   process any personal data you have willingly provided, for which we have secured your full consent, whenever it is necessary for the implementation of the contract between us or when steps are to be taken at your request, before drawing up the contract, and such purposes are specified as: the rental of cars to a third party with or without a driver, the sale of cars to a third party (wholesale or retail), the hire of trucks and vans with or without a driver.

  1.  Categories of information collected

We have the right to collect, process, store and forward various types of personal data that we have classified as follows: Identity data include full name (trade name for sole proprietorships), mother and father’s name, date of birth, identity card (number, date of issue/expiry and place of issue), or passport (number, date of issue/expiry and place of issue), residence permit, valid driver’s license (number, date of issue/expiry and place of issue);Contact data include home address, email, fax and phone numbers; Financial data include taxpayer ID, bank account number, payment card details, indication of VAT exemption, activity (for sole proprietorships), tax office (for sole proprietorships), headquarters (for sole proprietorships);Credit ratings and legal documents (for sole proprietorships).We do not collect sensitive personal data in any of our activities or countries of operation with the exception of your health data, which we acquire with your consent in case of traffic accident injury, solely to forward to the insurance agency that insures our vehicle.

  1. How we collect your data

We collect your personal data in digital form or in print, every time you use our services, when these services are provided by us directly at the points of customer service or in other places where our company legally operates. We also collect your data when you use our websites, our phone services or mobile phone applications and our company email. Any user/customer may browse our webpage without providing any personal information. Information about our cookies policy can be found on our company webpage. We collect personal data of customers or drivers while booking short or long-term car rental or sale of a car, such as full name, address, phone number, driver’s license, credit card details, taxpayer ID, etc. (as specified in paragraph 3).We may collect personal data with your consent in many ways, such as telephone calls, customer service contacts, websites and other sources, as specified above.

  1. How long we keep your personal data

We keep your personal data only as long as needed to fulfill the purposes for which they have been collected, including the fulfillment of any legal or accounting obligation, or mandatory mention. To specify the length of keeping personal data, we examine the quantity, the nature and the sensitivity of personal data, the potential danger of harm by unauthorized use or disclosure of your personal data, the purposes towards which we process your personal data and whether we are able to fulfill such purposes by other means, within the existing legislation. The Customer’s tax data are kept for a period of ten (10) years from the date of issue of each tax document, to be made available, as required, to the tax authorities within the time frame of valid tax demands. Any data pertinent to establishing, enforcing and supporting legal claims of the Company or a third party in the presence of any competent court of law or administrative authority are kept for a period starting at the time that the Company demands are generated and up to twenty (20) years or for a longer period up to the statute of limitations and the termination of possible bilateral litigations. The Company may keep the customer’s personal data after fulfilling the purposes of collecting and processing them if such is our legal obligation as stipulated by any relevant legal provision.

  1.  Protection of your personal data

We have taken all the appropriate organizational and technical precautions to safeguard and protect your personal data from unintentional or fraudulent destruction, accidental loss, distortion, unlawful dissemination or access and any other kind of unauthorized processing

  1.  Who the recipients of your data are

Our company guarantees that it will not forward, share, or relinquish etc. your data to others (except the ones mentioned in this document) for any reason or use unless this is dictated by the present legislation or stipulated by public/judicial bodies or authorities. Only the necessary minimum of Company personnel, all of whom are bound to confidentiality will have access to your personal data, which also applies to our partners who comply with our directives and are aligned with the provisions of the 2016/679 EU regulation and they process your data as joint data controllers or as data processors on our account and according to our directives. Indicatively, recipients of your data are: the insurance agencies that collaborate with our Company; collaborating users of our logos and on a case-by-case basis our systems (franchisees). Relevant information can be found on our Company webpage; the car rental companies (in Europe or elsewhere) that are part of the international car rental system and handle bookings, with whom we share information pertaining to our car rental activities. Said information may include personal details of your booking entered through the respective application. Your data will not be used for any other reason, without your prior notification and consent. Let it be noted that personal data are also relayed/forwarded to non EU countries (to cater to bookings outside the EU) on condition that they possess adequate legislation to protect personal data; companies of sworn auditors that check our Company’s financial statements; cooperating companies that provide roadside assistance to drivers using our Company vehicles; cooperating companies in car rentals; legal service providers (lawyers, law firms) that defend our Company interests against third parties, natural or legal persons, judiciary and administrative authorities, independent authorities and bodies.

  1.  How we ensure that the processors and sub-processors respect your data

The processors working on our account have agreed with the company and are contractually committed: to observe confidentiality; not to forward your data to third parties without our Company’s permission; to take safety measures; to comply with the legal framework concerning personal data protection and particularly regulation 679/2016/EU (GDPR);to have been informed and observe all relevant laws and regulations towards the protection of personal data. In the execution of their duties, the processors may at times employ other persons called sub-processors. In this case, the data controller will have authorized them to handle all or part of data processing. As a result, sub-processors have the same obligations and rights as the processors, as these are analyzed in the present policy and always within the bracket of their delegated duties and bear full responsibility as would the processor.

  1. Your rights

You have the right to: request access to your personal data (“subject access request”). This provides you with a copy of your personal data as kept by us and it allows you to ensure that we process them according to the provisions of the law; request the correction of your personal data kept by the company. You may correct incomplete or faulty data or add to the data we have on you, though we have the right to ask you for verification of the new data you provide; request that your personal data be deleted subject to time period limitations as stipulated in paragraph 5. Still, as you probably know, we may not always be able to comply with your deletion request for specific legal reasons about which you will be notified, if necessary, on submission of your request. Oppose our processing your personal data when you deem that your fundamental rights and freedoms have been violated. You also have the right to oppose our processing your personal data for promotional purposes. Request the restriction of processing your personal data. This allows you to ask us to suspend processing your personal data in the following cases: i) if you wish to verify the accuracy of the data, ii) when the company’s use of the data is unlawful, but you do not wish us to delete your data, iii) when you wish us to preserve your data even if we do not ask for it, in the event it is necessary for you in order to confirm, exercise or defend legal claims, or, iv) if you have objected to our using your data, but you have to verify whether we have compelling legal reasons to do so; request personal data transmission to you or to a third party. We will provide you or the third party you have specified with your personal data in a structured, readable form. This specific right pertains only to information we have received with your consent during signing the contract or later, up to the time the request has been submitted; withdraw your consent in case you realize and can prove that it has stopped being lawful. Nevertheless, this cannot influence legitimate processing that took place before you withdrew your consent. If you withdraw your consent, it may not

be possible for us to offer you certain products or services. If you wish to exercise any of the rights above, please contact us.

  1.  How to exercise your rights for any clarification concerning the present privacy policy, including any request to exercise your legitimate rights, You can email us at: info@autolp.gr or write to: Auto LP rent a car, Eleftheriou Venizelou Av.3, Athens, 17671 Kallithea. You can always submit your complaints concerning your personal data to the supervising authority. In Greece, this authority is the Hellenic Data Protection Authority (HDPA) and you can access it and find relevant details via the following link: https://www.dpa.grBe that as it may, we would appreciate it if we were to be allowed to handle your queries before you approach the Data Protection Authority, therefore we would like to ask you to get in touch with us first, using the contact information provided above.
  2. Fee

You will not be asked to pay in order to access your personal data (or to exercise any other one of your rights). Nevertheless, we reserve the right to ask for a reasonable fee if your request is blatantly unfounded, repetitive or abusive.

  1. What information we may require

We have the right to ask you for certain particulars in order to verify your identity and safeguard your right to access your personal data (or exercise any other one of your rights). It is a protective measure, which ensures that your personal data will not be accessed by unauthorized others. We also have the right to contact you and ask for further information concerning your request, in order to speed up reply time.

  1.  Reply time

We try to reply to all legitimate requests within the month. We may take longer than a month to reply if the request is particularly complex or if you have submitted a series of requests. In such case, you will be notified accordingly.

14. How you will be informed about any modifications of the present policy

We reserve the right to modify the present policy and effect any changes in the information provided previously, within the constraints of the law. If there are fundamental changes in policy or in the way we use your personal data, we will post the updates on the present policy on our website and you may be informed about any changes there. Let it be made clear that such changes will be effected starting the day they are posted in the amended privacy policy on the Company official webpage www.autolp.gr We encourage you to read the policy at regular intervals so that you can keep up to date about your data protection.