Privacy Policy
Processing of personal data in accordance with the principles of personal data protection established by Legislative Decree 196/2003, GDPR– EU 679/2016, Legislative Decree 101/2018, D.L. 139/2021 converted with Law 205/2021, Legislative Decree 24/2023. Unless otherwise specified, the mentioned articles refer to the current Privacy Code coordinated and updated, lastly, with the amendments made by D.L. October 8, 2021, no. 139, converted, with modifications, by Law December 3, 2021, no. 205, by Legislative Decree March 10, 2023, no. 24, effective from July 15, 2023, and by D.L. March 2, 2024, no. 19.
A) Data Controller
Frank Rent Napoli S.r.l. – Registered Office: Via Giovanni Bagaini 15 - 21100 - Varese (VA)- VAT and Tax Code: 08747371212
Certified Email:
B) Definitions ex art. 4 GDPR 679/2016
Personal Data (or Data)
Any information which, directly or indirectly, in connection with any other information, including a personal identification code, makes a natural person identified or identifiable.
Data Subject
A natural person to whom the Personal Data refers.
Data Processor (or Processor)
A natural or legal person, public administration, and any other entity that processes personal data on behalf of the Controller, as described in the privacy policy presentation.
Data Controller (or Controller)
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures concerning the operation and use of this Website.
The Data Controller
unless otherwise specified, is the owner of this Website.
This Website (or this Application)
The hardware or software tool through which the Personal Data of Users are collected and processed.
Service
The Service provided by this Website as defined in the relevant terms (if available) on this site/application.
European Union (or EU)
Unless otherwise specified, all references to the European Union contained in this document are extended to all current EU member states and the European Economic Area.
Cookie
Small piece of data stored in the User's device.
C) Types of Data collected
The following categories of personal data may be processed by us in connection with our services:
- identifying personal data: name, surname, gender, address (private and/or business), password, and phone number, customer code;
- contact data: phone numbers, email address (private and/or business), fax numbers, third party phone numbers, content of communications (for example emails, letters, faxes);
- contractual data: driving license data, identity card and passport data, a selfie taken with the camera of a smartphone/tablet, vehicle categories, pick-up and return branch, extras/services booked, booking number and rental contract, auto-generated PIN, credit check outcome;
- financial data: credit card data, account and banking data;
- voluntarily provided data: this category includes the data you provide to us voluntarily, without explicit requests by us, and includes information such as your preferences regarding equipment and vehicle category, the nature of the complaint, or responses to a survey;
- third-party data: in the case you communicate to us, within the rental relationship, personal data of third parties (e.g., relatives, additional drivers, passengers), we will also process these data.
- vehicle data: e.g. vehicle identification number, model, manufacturer, license plate;
- special categories of data: in case of an accident, vehicle damage or similar events we also process your statements regarding the facts and the damage occurred. Such statements may be made by clients, passengers, or injured parties. In these cases, data regarding health, such as data related to injuries, blood alcohol content, driving under the influence of psychotropic substances or similar may also be processed.
- location data: data we may process when using the Mobile Web Application, data detecting the location of the device, data allowing the location of the rented vehicle if it is equipped;
- telematics data for connected vehicles: location data: e.g., latitude, longitude, altitude, direction, GSM information (e.g.: signal), ID, geo-zone, accuracy;
- vehicle status data: e.g. VIN, ignition, doors, tires, lights, information on fuel/battery, mileage;
- driving behavior data: e.g. speed, travel data, information on driving modes and consumption; -Maintenance/vehicle status data: e.g. warning lights, control messages, maintenance distance/time;
- damage data: e.g. accident intensity, sensor data, rollover alarm, telematic device diagnostics data: e.g. IMEI, voltage, modem temperature; data related to accidents/emergency calls: e.g. automatic or manual accident/emergency call, roadside assistance call;
- special categories of data: in case of an accident, vehicle damage or similar, we process the data related to the respective occurrence and the damages suffered. These data may be provided by clients, passengers, or injured parties. Data processed in such circumstances may include data related to health, such as those related to injuries, blood alcohol level, driving under the influence of drugs, and similar.
MODES AND PLACE OF PROCESSING THE DATA COLLECTED
D) Processing Mode
The Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using computer and/ or telematic tools, with organizational methods and with logic strictly related to the indicated purposes. In addition to the Controller, in some cases, other subjects involved in the organization of this Website (administrative, sales, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed also, if necessary, as Data Processors by the Controller ex. art. 2-quaterdecies. The updated list of these parties may always be requested from the Data Controller. The information you share with us will be used exclusively to provide you with the requested services. We will use the contact information provided to communicate with you for the provision of these services. We may use the contact data to send you information about our products and services, where permitted by you. We use Personal Data for analysis purposes and to be able to assist our customers by improving our services and websites.
E) Legal Basis for Processing
The Controller processes Personal Data relating to the User if one of the following conditions exists ex. Art. 45-bis implementing article 6, paragraph 2, as well as article 23, paragraph 1, of GDPR 2016/679:
- the User has given consent for one or more specific purposes;
- processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
- processing is necessary to comply with a legal obligation to which the Controller is subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
It is always possible to request the Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on the law, provided for by contract or necessary to conclude a contract.
F) Place
The Data is processed at the operating offices of the Controller and in any other places where the parties involved in the processing are located. For further information on this aspect, you can contact the Controller.
The Personal Data of the User may be transferred to a country other than the one in which the User is located. For more information about the place of transfer, the User can refer to the section concerning details on the processing of Personal Data.
In case of higher protection, the User has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization under public international law, as well as regarding the security measures taken by the Controller to protect the Data.
Should one of the transfers described above take place, the User can refer to the respective sections of this document or ask for information from the Controller by contacting him at the contact details provided at the beginning.
G) Retention Period
The Data is processed and stored for the time required by the purposes for which it was collected.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the completion of that contract.
- Personal Data collected for the purposes of the Controller's legitimate interests shall be retained as long as needed to fulfill such purposes. The User can obtain further information regarding the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.
- When the processing is based on the User's consent, the Controller may keep the Personal Data for longer until such consent is revoked.
The Controller may be obliged to retain the Personal Data for a longer period in compliance with a legal obligation or by an authority order.
At the end of the retention period, the Personal Data will be deleted. Therefore, the right to access, the right to deletion, the right to rectification, and the right to data portability cannot be exercised after expiration of the retention period.
H) Purposes of Processing Collected Data
The User's Data is collected to allow the Controller to provide its Services, as well as for the following purposes: Contacting the User, Statistics, Backup saving, and Display of content from external platforms.
For further detailed information on the purposes of processing and the Personal Data concretely relevant for each purpose, the User can refer to the relevant sections of this document. The data of those who do not purchase or use products/services, despite having had previous contact with representatives of the company, will be immediately deleted or processed anonymously, unless otherwise justified, unless the informed consent of the interested parties has been validly acquired for a subsequent commercial promotion activity or market research.
I) Details on the Processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
- Contacting the User:
the User, by filling out the contact form with their Data, consents to their use to respond to requests for information, quotes, or whatever nature indicated by the header of the form.
- Statistics:
the services contained in this section enable the Data Controller to monitor and analyze traffic data and are used to anonymously and for purely statistical purposes track the pages visited by the User.
- Backup saving and management:
this type of services allows the saving and management of backups of this Website on external servers managed by the service provider itself. These backups can include both the source code and the contents. No sensitive data is stored on the server.
L) User Rights
In case of higher protection, the User may exercise all the rights listed below. In all other cases, the User can contact the owner to find out which rights are applicable in his case and how to exercise them. In particular, under articles 15-16-17-18-19-20-21 of the European Regulation 679/2016 (GDPR) and national legislation, the interested party can, according to the methods and within the limits established by current legislation, exercise the following rights:
- Revoke consent at any time.
- The User can revoke consent to the processing of their Personal Data previously expressed.
- Object to the processing of their Data.
- The User can object to the processing of their Data when it is done on a legal basis other than consent. Further details on the right of objection are indicated in the section below.
- Access their Data.
- The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed. The User can verify the correctness of their Data and request its update or correction.
- Obtain the limitation of the processing.
- When certain conditions are met, the User can request the limitation of the processing of their Data. In such a case, the Controller will not process the Data for any other purpose other than its storage.
- Obtain the deletion or removal of their Personal Data.
- When certain conditions are met, the User can request the deletion of their Data by the Controller.
- Receive their Data or have it transferred to another owner.
- The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another owner. This provision is applicable when the Data are processed by automated means and the processing is based on the User's consent, on a contract to which the User is part or on pre-contractual measures related to it.
- Propose a complaint under Art. 141.
- The User may propose a complaint to the competent Data Protection Authority or act in judicial proceedings.
How to exercise the rights
To exercise the User's rights, Users may direct a request to the contact details of the owner
COOKIE POLICY
This Website makes use of Cookies. To learn more and to take an informed look, the User can consult the Cookie Policy.
N) Additional Information on Processing
- Defense in court:
The User's Personal Data may be used by the Controller in court or in the preparatory stages to its possible establishment to defend against abuses in the use of this Website or related services by the User. The User declares to be aware that the Controller may be required to reveal the Data at the order of public authorities.
O) Changes to This Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website as well as, where technically and legally feasible, by sending a notification to Users through one of the contact details in possession of the Controller. Therefore, please regularly check this page, referring to the date of the last modification listed at the bottom.
If the changes affect processing activities based on consent, the Controller will, if necessary, collect the User's consent again.
Unless otherwise specified, this privacy policy exclusively concerns this Website.