Security and Privacy Policy

 

Privacy Policy

Table of contents

1. Who processes your personal data?

2. For what purposes do we collect your personal data?

3. Who are the recipients of the personal information we collect about you?

4. For what period will we retain your personal data?

5. What rights can you exercise with respect to the processing of your personal data?

6. Who to contact when you have a query regarding the processing of your personal data?

7. How do we protect your personal data?

8. What rules apply to the processing of your personal data when clicking on links placed on our website which direct you to our partner's websites or other websites?

9. Changes to this Privacy Policy


1. Who processes your personal data?

Europcar Group UK Limited whose registered office is located at James House, 55 Welford Road, Leicester, Leicestershire LE2 7AR UK (hereinafter referred to as ("we”, “us”, “our(s)”) is responsible for the processing of your personal data (i.e. any information that would allow us to identify you, either directly or indirectly) through our website, our rental stations, or through any other contact you may have with us.

2. For what purposes do we collect your personal data?

We collect and use personal data for some or all of the following purposes:

a. Your registration as a Europcar customer including creating your account and providing you with a driver ID.

This processing is necessary to identify you and to prepare and facilitate your future bookings and rentals with us.

b. The booking and the management of your vehicle rental:

i. to confirm your booking;

ii. to modify or cancel your booking;

iii. to correspond with you in relation to your booking or rental (e.g. to provide you with information on your booking or rental, to send you reminder notices before your check-in / check-out times; to respond to your questions or suggestions);

iv. to verify your identity and to carry out credit and fraud prevention checks prior to releasing a vehicle to you at the start of your rental. We may obtain information about you from credit reference agencies and fraud prevention agencies to assess creditworthiness and prevent fraud and other criminal activity. This information may include a search that will appear on your credit report and be visible to other credit providers. Please see section 3 for further details of the agencies and databases we access or contribute to and how this information may be used. Further information is available on request;

v. to manage your rental (including delivery and return of the vehicle);

vi. to manage your invoices;

vii. to manage any payment of arrears;

viii. to manage any disputes;

ix. to manage any claims or recover any losses relating to your vehicle rental including the recovery of or damage to our vehicles.

This processing is necessary for the performance of any rental agreement that is concluded between you and us and also to support our legitimate interests.

c. Payment purposes

This processing is necessary to enable us to take payment for the services we provide to you and to pay any additional charges or fines you may incur as a result of using our services. We will retain your credit card information according to our retention policy set out in section 4 of this Privacy Policy.

This processing is necessary for the performance of any rental agreement and to support our legitimate interests.

d. The monitoring of our vehicles based on the rental of "connected" vehicles and geolocalisation systems. This may include:

i. monitoring the location, state, performance and functionalities of our vehicles;

ii. anticipating and identifying potential contractual or road traffic infringements;

iii. supporting our fight against criminal activities including theft and insurance fraud.

This processing, for the purpose of protecting the integrity of our fleet, is based on our legitimate interests.

e. Improvement of our products and services on the basis of:

i. customer surveys or questionnaires you have completed or taken part in;

ii. the recording of your rental history to suggest pre-selected options when looking for new bookings or rentals.

This processing, for the purpose of obtaining a better understanding of your needs and offering you customized functions to enhance your experience of our products and services, is based on our legitimate interest.

f. The operation of our live web chat to provide you with online assistance when making your booking or reservation and any associated online services.

This processing, based on our legitimate interest, allows us to personalise our services for you and improve the service we offer notably through answering your queries in a timely manner.

g. Promotional and marketing activities, namely:

i. the sending of email and SMS notifications for special promotions or deals that may be relevant for you ;

ii. the sending of our newsletters;

iii. the sending of emails about a booking you did not complete or sending you a summary about a booking enquiry;

iv. the management of any loyalty program and provision of a membership card;

v. the organization and running of promotional contests, sweepstakes or other competitions;

vi. the management and updating of our customer or prospects database.

When you give us permission to do so we will process your information for direct marketing purposes, i.e. any commercial message from us aiming at promoting our products and/ services. This processing is subject to your express consent.

By exception, if you are already an existing customer and the message concerns products and/or services similar to those you have already purchased, the underlying processing will not be based on your consent but on our continuing legitimate interest. You can withdraw your consent to such processing at any time – please see section 5(b)(v) of this Policy.

vii. We may also work with reputable third parties to offer our members, customers and website visitors a variety of travel services and loyalty programs (including sharing information with loyalty program providers where you inform us you are a member). Further details of our partners in such travel services and loyalty programs can be obtained from our customer services department at customerservicesuk@europcar.com .

h. The management of fines and penalties, in particular:

i. to transfer information to the police or other enforcement agencies or issuing authorities to enable them to identify the driver (or potential driver) of our vehicle in the event of a driving offence or suspected driving offence;

ii. to transfer information to public or private enforcement agencies for the purpose of addressing Parking Notices, alleged or actual breaches of contract and associated fines.

This processing is either required by law or carried out to support our legitimate interests.

i. The management and update of a register of customers (the ‘ Watchlist’) presenting certain risks to our business and/or staff, based on:

i. payment or other incidents which have given rise to legal proceedings;

ii. accidents involving our vehicles or repeated damage caused by a customer;

iii. damage caused deliberately or negligently by a customer;

iv. use of our vehicles for any criminal or alleged criminal activity or otherwise in breach of the general terms and conditions that apply to the rental of our vehicles.

v. Inappropriate or abusive conduct by a customer.

This processing is based on our legitimate interest and aims to reduce our financial exposure in the performance of the rental agreements as well as protecting our staff and customers.

j. Cookies Policy

We carry out certain processing of your personal information through "cookies" and other tracers collected every time you visit our website.

You can accept or reject these cookies and other tracers by following the instructions provided in our Cookies Policy.

This processing is governed by our Cookies Policy, which we encourage you to review. You can find it at the following address https://www.europcar.co.uk/security-and-privacy-policy .

3. Who are the recipients of the personal information we collect about you?

a. Categories of recipient

Your personal data will be disclosed, where necessary and relevant:

i. to authorised personnel within our company and to entities in our group and/or to entities in our groupfranchise network, or any person appointed by any of these entities for the purposes of fulfilling your rental booking and supplying associated services;

ii. to third party IT service providers for technical purposes in order to help us provide you with our products and services.

iii. to law enforcement bodies and other public and private sector bodies for the purposes of dealing with alleged, or actual, road traffic or driving offences and/or associated fines; and private parking companies dealing with alleged or actual breaches of contract;

iv. for the management and update of a register of customers presenting certain risks to the vehicle rental business generally or to its staff. This register is managed by our trade association ‘British Vehicle Rental and Licensing Association (BVRLA)’. More details can be found at www.bvrla.co.uk;

v. to fraud prevention agencies who will use it to verify your identity and to prevent fraud and money-laundering . If we suspect or detect fraud or other criminal activity then we will share the information with the SIRA National Fraud database and it will be visible to other service providers (including insurers) that are members of the SIRA database. You may be refused certain services as a result. The SIRA database is operated by Synectics Solutions Limited;

vi. companies supplying operational support in relation to:

A. delivery and collection of vehicles;

B. authentication of you and your driving licence history (including, but not limited to, Experian and the DVLA);

C. insurers and solicitors that manage our insurance claims and/or debt recovery matters;

We can also disclose your personal data to the extent required by law and/or by competent authorities.

For a list of third parties with whom your personal data may be shared, please click [here].

b. International transfers

We will, to the extent necessary to provide you with ourservices and for the purposes set out here, transfer your personal data outside the EU. For example, if you book to hire a vehicle in a country that is outside of the EU, we will need to provide your information to a third party (such as a franchisee) in the relevant country in order to fulfil the booking.

Depending on the circumstances, certain recipients may be located in countries which have, or have not, been recognized by the UK or the European Commission as ensuring an adequate level of data protection. In the event your destination country is not recognized by the UK or the European Commission as having adequate levels of data protection you should be assured that we have put in place the appropriate safeguards to ensure that your personal data is protected in accordance with the requirements of the Data Protection Act 1998 and associated EU regulations.

4. For what period will we retain your personal data?

Your personal data is retained for different periods depending on the purpose of the processing:

Purpose

Retention period

▪ Your registration as a Europcar customer, the creation of your account, the verification of your identity and the provision of your Europcar Driver ID

For the duration of the commercial relationship and up to 5 years following the last activity

▪ Your booking and your vehicle rental

Information that may evidence a right or a rental agreement, or information that must be kept in compliance with a legal requirement will be retained in accordance with applicable legal provisions and for a period that does not exceed the time that is necessary for the purposes for which it is retained.

▪ Payment

Upon effective completion of the payment.

▪ Payment card information

Payment card information (excluding the visual cryptogram):

▪ that may evidence a payment (i.e. card number and date of validity) will be retained for a period of 13 months following the effective date of any relevant payment made from the credit card and will be used only if the transaction is disputed;

▪ can be retained for a longer period, subject to your express consent, to facilitate future payments.

When the payment card is expired related information will, in any event, be deleted.

▪ Promotional and marketing activities

▪ For our existing customers, 3 years following the end of your relationship with us

▪ For people who are not our existing customers - 3 years as from the date we collected your personal information OR from the date of your last request to us for information

▪ Cookies

▪ Please check our Cookies Policy at https://www.europcar.co.uk/security-and-privacy-policy

▪ Monitoring of our vehicles based on the rental of "connected" vehicles and geolocalisation systems

This information is held in an anonymised format by a third party processor for an indefinite period.

We will access this information to obtain details relating to a specific vehicle at a particular point in time for our lawful purposes. This information will not usually be accessed more than 12 months after the date on which the information was recorded.

▪ Payment of fines

For the time necessary to identify the driver (or the potential driver) liable for the alleged or actual offence leading to the fine.

Relevant information can be retained for a period of up to 12 months after receipt of the fine subject to our intermediate archiving policy.

▪ The management and update of an internal register (‘Watchlist’) of customers presenting certain business risks, namely:

 
  1. payment incidents which have given rise to legal proceedings

· until the debt is cleared

  1. theft of a vehicle by you or any criminal or alleged criminal activity involving the vehicle whilst in your control
  • permanently
  1. vehicle accidents or repeated damage caused by you

· 5 years from the occurrence of the event that resulted in the customer details being included on the Watchlist

  1. damage caused deliberately or negligently by you

· 5 years from the occurrence of the event that resulted in the customer details being included on the Watchlist

v. abusive behavior or inappropriate conduct towards our employees or agents

· 5 years or permanently depending on the specific circumstances.

5. What rights can you exercise with respect to the processing of your personal data?

a. At any time, you can view and/or update your personal profile through the "My Europcar" link, accessible through the main navigation bar of our website. Your personal profile includes your membership registration, driver information and car rental preferences information. You can change your password, secret question, update or correct phone number, address, email, and driving licence information and update your car rental and travel preferences including insurance, means of payment and frequent traveler membership.

b. Under current UK and EU data protection legislation, you can also benefit from the following rights:

i. right of "access": is your right to obtain confirmation as to whether or not your personal data are being processed by us, and, where that is the case, to access these personal data and to obtain further information on the characteristics of their processing [1] ;

ii. right "to rectification": is your right to obtain the rectification of inaccurate personal data or, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement;

iii. right to "erasure" (or the so-called "right to be forgotten") : is your right to obtain the erasure of your personal data in certain circumstances [2] ;

iv. right to "object": is your right, at any time, to object to the processing of your personal data and to prevent us from continuing to carry out such processing where:

A. your personal data are processed for direct marketing purposes;

B. your personal data are processed on the basis of our legitimate interest. In that case, your request will be satisfied if you can provide us with a description of the particular situation legitimising your request unless we can demonstrate overriding legitimate grounds in light of your particular situation.

v. right to "withdraw your consent": where the processing of your personal data is based on your consent, you have a right to withdraw your consent to the processing of your personal data at any time and to prevent us from continuing to carry out such processing;

If you wish to exercise any of these rights, please contact the Director of Legal Services as set out in section 6.b below. In addition, our promotional and marketing emails and other communications, also include instructions on how to unsubscribe.

To protect your privacy and security we will take reasonable steps to verify your identity before granting access or making corrections.

If you consider that the processing of your personal data infringes your rights and you wish to lodge a complaint you can do so with the body regulating data protection in your country [3] . In the UK this is the Information Commissioner at https://ico.org.uk/.

6. Who to contact when you have a query regarding the processing of your personal data?

Depending on the purpose of your query, you should contact one of the following:

a. For general queries regarding the processing of personal data carried out by Europcar Group UK Limited : Your query should be marked for the attention of the Director of Legal Services at Europcar Group UK Limited, James House, 55 Welford Road, Leicester LE2 7AR or by email to the Director of Legal Services at _uk-legal@europcar.com.

b. To exercise your rights (access, rectification, erasure, restriction, etc.) : Europcar Group UK Limited: Your communication should be marked for the attention of the Director of Legal Services at Europcar Group UK Limited, James House, 55 Welford Road, Leicester LE2 7AR or by email to the Director of Legal Services at _uk-legal@europcar.com.

7. How do we protect your personal data?

We are committed to protecting the information we collect from you.

In particular, we use appropriate physical, technical and organizational security measures to prevent unauthorized or unlawful processing, accidental loss, or destruction of or damage to your personal data.

Our systems are configured with data encryption, or scrambling technologies, and industry-standard firewalls. When you send personal information to our website over the Internet, your data is protected by "Transport Layer Security (TLS) technology to ensure safe transmission.

Any credit card transaction you make through our websites is done through our Secure Server Technology. This technology notably:

a. assures your browser that your data is being sent to the correct computer server and that the server is secure;

b. encodes the data, so that it cannot be read by anyone other than the secure server;

c. checks the data being transferred to ensure it has not been altered.

8. What rules apply to the processing of your personal data when clicking on links placed on our website which direct you to our partner's websites or other websites?

You may find various links to our partner’s websites or other third party websites (e.g. for travel services) on our website.

PLEASE NOTE: this privacy policy does not apply to any processing of your personal data that is carried out by our partners or any other third parties when you visit their respective websites and we are not responsible for such processing.

We encourage you to review the privacy policies of our partners and other third parties to further understand the rules that will apply to the processing by them of your personal data.

9. Changes to this Privacy Policy

This version of the privacy policy was published on 1 July 2019. If we make any changes to this privacy policy we will identify such changes on our website.

FOOTNOTES RELATING TO SECTION 5


[1] Regarding the purposes of the processing, the categories of personal data concerned, the categories of recipients, whether these data are transferred to third countries and appropriate safeguards put in place (if any), the storage period, the existence of any automated decision-making based on these data, the right to lodge a complaint with the relevant data protection authority, the existence of other data subjects' rights (rectification, erasure, restriction).

[2] Where data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, you withdraw your consent and there is no other legal ground for the processing, you object to the processing of your personal data and there are no overriding legitimate grounds, it is demonstrated that your personal data have been unlawfully processed, to comply with a legal obligation.

[3] The country where you have your habitual residence, place of work or place of the alleged infringement.

 

 

Same smart app. More mobility.

Download the Europcar mobile app for iPhone, iPad and Android now!

More information