Privacy Policy
This policy on personal data processing/protection (hereinafter “Policy”) informs about the collection, storage, processing and use of your personal data in accordance with the paragraphs below.
The company “RHODES SONIC TRANSFERS”, having its registered office at Pefki Rhodes, Tel.:+30 6942636964, contact email: info@rhodes-sonictransfers.gr
1. What are Personal Data?
“Personal data” means any information concerning individuals, including first and last names, mailing address, email address, contact telephone number, etc., which identifies or can identify you (hereinafter “Personal Data” or “Data”).
2. What is Personal Data Processing?
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated tools, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Data we collect
We make sure to collect only Data absolutely necessary to serve the purpose for which they were provided and such Data are used solely and exclusively for the purposes for which they were collected. We will also use your contact data to inform you about issues concerning the rental and about new offers and services. With the exception of any Data collected by way of Cookies (more information on the Cookies Policy is available here), Data are limited to data explicitly provided by you for a specific purpose subject to your consent. Also, we collect Data when you visit our website subject to your consent, which you are deemed to have granted by filling in the appropriate fields.
Identity data, such as first name, last name, father’s name, date of birth, driver’s license, tax identification number, personal identification card number.
Contact/product shipment data, such as mailing address, email address, telephone number.
Payment details, such credit/debit card number, PayPal account, bank account number.
Authentication details, such as (username), IP address .
4. How we use your Data
Your Data are processed either by authorized Company staff or by means of IT systems and electronic devices used by our Company and in certain cases, by third parties who are bound by a contract with our Company, undertaking the contractual responsibility to ensure the confidentiality and protection of your Data, and process them solely and exclusively for the purposes for which they were provided.
As a general rule, your Data are processed with a view to providing you with services, including:
Price quotations: The Company processes your Data to enable it to offer you a price quotation for short- or long-term car rentals.
Compliance with applicable Legislation: The Company processes your Data to enable it to meet its obligations under the law, in particular tax and insurance legislation or to provide insurance coverage for vehicles under active insurance agreements.
Creating User Account: The Company processes your Data to provide you with a user account and make it easier for instance to enter into rental or purchase agreements for products and/or services.
Sending Newsletters: The Company gives you the option to choose to receive Company newsletters/promotions/advertisements at your email (e.g. about new available products and/or services, special offers, new car rental stations, tourist agencies, etc.).
Information services from our Website: The Company provides information services to its clients
Client Privilege Programs: Through those programs the Company offers a number of benefits to clients, including priority service at rental stations, better spots at the Company’s car parks, discount coupons, offers, etc.
Contact: The Company uses Data to answer to requests/questions you make for instance through the Contact Center and contact forms.
Participation in on-line promotional activity/ contests: Subject to your agreement, the Company processes Data you provide to participate in a contest in order to operate contests, contact you if you win and deliver the prize won.
Participation in online market surveys/ answering questionnaires: The Company processes Data that you provide to participate in online surveys, such as demographics (age, income, etc.). You have the option to either fill in all or no information. Survey results are used only to improve our website, and for the sole purpose of enabling you to evaluate the services we provide you with and to help us improve them and for no other purpose.
5. Purpose of processing your Data
We collect your Data for the purposes of the products and/services we provide, including, indicatively:
(a) to assess your request and provide you with a quotation, on the one hand, and to enter into a rental agreement, on the other;
(b) to manage the rental of the car of your choice, e.g. contacting and informing you on availability, performing the agreement, offering car maintenance, paintwork, repair, replacement, pick-up, etc. services, sending the necessary documentation in connection with any products you may have purchased or services provided to you, managing your debts to the company, making reimbursements;
(c) to comply with obligations under applicable legislation, e.g. labor and insurance legislation;
(d) to check, improve, adapt to your preferences and choices regarding our products and/or services;
(e) to email information on Company products and/or services;
(f) to conduct client satisfaction surveys, promote products and/or services, send newsletters on products and/or services;
(g) to evaluate job applications and resumes for possible employment with the Company;
(h) to engage in communication with you in case of a contest.
6. The legal basis for the processing of your Data by the Company
Your Data are processed subject to:
the terms of our contract with you;
your consent, where required;
the Company’s obligations under the law (e.g. tax, labor, insurance, etc. legislation);
the Company’s legitimate interest.
7. Recipients of your Data
The company warranties that it will not transmit, disclose, conveyr, etc. your Data to third parties (save the recipients indicated in this Policy) for any purpose or use, unless it is mandatory under applicable legislation or required by public/judicial agencies/authorities.
Access to your Data is granted only to the absolutely necessary Company staff, who are bound by confidentiality agreement, and third parties working with us, that process your Data acting as Joint Controllers or as Processors on our behalf and subject to our instructions.
Recipients of your Data include but are not limited to:
1) Insurance companies working with our Company.
2) Users of our brands and systems who co-operate with our Company.
3) Tourist agencies working with us for car rentals.
4) Airlines we work with to ensure you get even more car rental advantages.
5) Third Parties working with our Company and offering repair, paintwork and maintenance services for vehicles rented to our clients.
6) Certified auditor firms auditing our Company’s financial statements.
7) Companies working with us to provide road assistance to drivers using our Company’s vehicles.
8) Companies (inside and outside Europe) which also manage the international car reservation system with which we share information related to our car rental activity and can receive personal information in connection with reservations made using that application. Your Data will not be used for any other purposes without you having first being informed and given your consent.
8. How we ensure the respect of Processors and Subprocessors for your Data
Processors acting on our behalf have agreed and are contractually bound to the Company:
• to respect confidentiality;
• to refrain from sending your Data to third parties without the Company’s permission;
• to take the necessary security measures;
• to comply with the legal framework on personal data protection, in particular Regulation (EU) 679/2016 (also known as GDPR).
In performing their duties, Processors may employee other persons called Subprocessors. This requires the Controller’s prior authorization for the processing, in part or in whole, of Data. As a result, Subprocessors have, as part of their duties, the same contractual obligations and rights, laid down in this Policy, as the Processor and are jointly and severally liable with the Processor.
9. Do we send your Data outside the EU?
Your personal data will not be used for any other purposes without your prior consent.
10. When do we delete your Data?
We only keep your Data for as long as is required to fulfil the purpose for which you provided them, in compliance with applicable legislation.
Your declaration of consent to receiving our newsletter is kept for as long as the Company sends you newsletters, unless you opt out.
Personal data you send to participate in Client Privilege Programs are deleted when the program ends or when you have been disqualified for some reason, or if you have express your wish to stop participating in the program, as described in the terms for the use of the program.
Data processed when you participate in contests and/or market surveys will be kept for as long as is required to conclude the contest or survey and are then deleted.
The policy we operate in respect of Data collected by way of Cookies is available (here, see more about the Cookies Policy).
11. Are your Data secure?
The company undertakes to safeguard your Data.
Acknowledging the importance of your Personal Data security, we have put in place all the suitable organizational and technical measures, constantly improving them to follow the latest technological evolutions, for the sole purpose of safeguarding and protecting your Data from all forms of accidental or unlawful processing.
If you have an account, your authentication is achieved by a combination of your email and your Password. Each time you enter your credentials you gain access to your personal account. The security of this process is ensured by the encrypted transfer of your data over the Internet and the Company’s servers. According to the same standards, you are given the possibility to change your Password as often as you wish. When you enter the password you wish, the new password is codified and stored on the Company’s systems. For this reason, you are the only one who knows your password and are exclusively responsible for keeping it secret from third parties.
These measures are reviewed and modified when required.
12. Your rights
You have the right of access to your personal Data.
This means that you have the right to be informed by us if we process your Data. If we process your Data you can ask to find out the purpose of processing, the type of Data we keep, who we provide them to, for how long we store them, if there is automated decision-making, as well as about the rest of your rights, such as the right of Data rectification and erasure, restriction of processing, and lodging a complaint before the Personal Data Protection Authority.
1. You have the right of rectification of inaccurate personal Data.
2. If you find any errors in your Data you can apply to us for their correction (e.g. name correction or change of address updating).
3. You have the right of erasure/”right to be forgotten”.
4. You can ask us to erase your Data if they are no longer necessary for the above purposes of processing or if you wish to withdraw your consent in cases where it is the sole legal basis.
5. You have the right to the portability of your Data.
6. You can ask us to provide you with Data you have provided in a readable format or to transmit them to another controller.
7. You have the right of restriction of processing.
8. You can ask us to restrict the processing of your Data for as long as your objections to their processing is under review.
9. You have the right to object and withdraw your consent to the processing of your Data.
10. You can object to the processing of your Data and we will stop processing them in the absence of other imperative or legal grounds overriding your right. If you have declared your consent to the collection, processing and use of your personal data, you may withdraw it at any time with prospective effect.
13. How you can exercise your rights
In order to exercise your rights, you can submit a request to the e-mail address info@rhodes-sonictransfers.gr and we will make sure that we process it and reply to you, free of charge, within one (1) month of receipt. Exceptionally and after informing you, we may need an extension of two (2) months. If your request is clearly unfounded or excessive, especially because of its repetition, the company may impose a reasonable fee, taking into account the administrative costs of providing the information or execution of the requested action or refuse to follow up the request.
Exceptionally:
- If you wish to rectify your user account Data, you can log into your account and make the corrections/changes you wish without needing to submit a Request,
- If you wish to withdraw your consent to receiving our newsletter, you can opt out by clicking on the link “To unsubscribe from the “newsletter mailing list” click here” at the bottom of each newsletter.
14. When we reply to your Requests
We reply to your requests free of charge and without delay, and in any case within one (1) month from the time of receiving them. If, however, your Request is complex or if you have sent a large number of Requests, we will get back to you within a month to notify you in case we need a two (2) months extension on order to reply.
If your Requests are manifestly unfounded or exaggerated, in particular if they are repetitive, the Company may choose to charge you a reasonable fee in order to cover the administrative costs incurred in providing information or taking the action requested or refuse to take any further action with a Request.
15. Who you can contact for information about the progress of your Requests
For information about the progress of your Request you can contact us at info@rhodes-sonictransfers.gr
16. Do we use automated decision-making/including profiling when processing your Data?
We do not make decisions or automatic profiling using automated procedures when processing your Data, with the exception of the cookies used on our website (more information on the Cookies Policy is available here)
17. Applicable law to the processing of your Data by us
The applicable law is Greek law as shaped by the General Data Protection Regulation (Regulation (EU) 2016/679), and the applicable national and European legislative and regulatory framework on personal data protection.
The Courts of Athens have jurisdiction over disputes arising in connection with your Data. Exceptionally, if a dispute falls within the jurisdiction of a Magistrates’ Court, the dispute may be brought before either the Magistrates’ Court of Athens or the Magistrates’ Court of Chalandri.
18. Where you can complain if we violate applicable law on the protection of your Personal Data?
You have the right to lodge a complaint with the Personal Data Protection Authority (mailing address: 1-3 Kifissias Ave., Postal Code 115 23, Athens, Tel.: 210 6475600, email: contact@dpa.gr), if you believe the processing of your Personal Data to be in violation of the applicable national legal and regulatory framework on personal data protection.
19. How you can find out about amendments to this Policy?
We update this Policy whenever necessary. In case of major changes in the Policy or in the way we use your Personal Data, we will post an updated version of this Policy on our website and inform you by any appropriate means.
We encourage you to refer regularly to this Policy to find out how your Data are protected.
This Personal Data Protection Policy was updated on September 9th , 2022.