PRIVACY POLICY
Privacy Policy
This policy on personal data processing/protection (hereinafter "Policy") informs about the collection, storage, processing and use of your personal data in accordance with the paragraphs below.
The company “OLYMPIC COMMERCIAL & TOURIST ENTERPRISES SINGLE-PERSON SA" (hereinafter Avis or "Company" or "we" or "us"), having its registered office at Chalandri, Attica, 50 Vas. Georgiou Street, Tel.: 2106879800 and 8015005555, contact email: contact@avis.gr, acting as the Controller, collects, stores, uses and generally processes your personal data.
1. What are Personal Data?
"Personal data" means any information concerning individuals, including first and last names, mailing address, email address, contact telephone number, etc., which identifies or can identify you (hereinafter "Personal Data" or "Data").
2. What is Personal Data Processing?
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated tools, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Data we collect
We make sure to collect only Data absolutely necessary to serve the purpose for which they were provided and such Data are used solely and exclusively for the purposes for which they were collected. We will also use your contact data to inform you about issues concerning the rental and about new offers and services. With the exception of any Data collected by way of Cookies (more information on the Cookies Policy is available here), Data are limited to data explicitly provided by you for a specific purpose subject to your consent. Also, we collect Data when you visit our website subject to your consent, which you are deemed to have granted by filling in the appropriate fields.
Identity data, such as first name, last name, father's name, date of birth, driver's license, tax identification number, personal identification card number.
Contact/product shipment data, such as mailing address, email address, telephone number.
Payment details, such credit/debit card number, PayPal account, bank account number.
Authentication details, such as (username), IP address .
Rental contract history data with our Company.
Data of any overdue debts to our Company.
Data on car accidents involving our Company's vehicles.
Data on any abusive behaviour towards Avis officials.
Geolocation data (gps), electronic application data (bluetooth, navigator), Telematics application data.
4. How we use your Data
Your Data are processed either by authorized Company staff or by means of IT systems and electronic devices used by our Company and in certain cases, by third parties who are bound by a contract with our Company, undertaking the contractual responsibility to ensure the confidentiality and protection of your Data, and process them solely and exclusively for the purposes for which they were provided.
As a general rule, your Data are processed with a view to providing you with services, including:
Price quotations: The Company processes your Data to enable it to offer you a price quotation for short- or long-term car rentals.
Car Rental: The Company processes your Data as part of its contractual obligation to rent you a car, provide you with services (such as maintenance, paintwork, repair, car replacement, etc.), comply with its legal obligations, rebut, raise or exercise legal claims.
Car Purchase: The Company processes your Data to complete second-hand car sales.
Compliance with applicable Legislation: The Company processes your Data to enable it to meet its obligations under the law, in particular tax and insurance legislation or to provide insurance coverage for vehicles under active insurance agreements.
Creating User Account: The Company processes your Data to provide you with a user account and make it easier for instance to enter into rental or purchase agreements for products and/or services.
Sending Newsletters: The Company gives you the option to choose to receive Company newsletters/promotions/advertisements at your email (e.g. about new available products and/or services, special offers, new car rental stations, tourist agencies, etc.).
Information services from our Website: The Company provides information services to its clients
Data stored in electronic applications (navigator, Bluetooth, gps etc.): When you (or a fellow passenger) use the vehicle, you may store data in electronic applications installed in the vehicle by the manufacturer. Our company will never ask you to proceed to such storage and, if you do so, it will be solely your choice. It is your responsibility to delete such data prior to the vehicle (temporary or permanent) drop-off.
Geolocation data (gps): Some of our vehicles may carry geolocation systems (gps). These systems will be activated only in cases of theft of the vehicle, following a relevant notification from the lessee / driver. The legal basis is the legitimate interest of protecting the vested interest of company's property.
Telematics application data: Some of our vehicles nay carry a Telematics application. This system locates the vehicle in case of theft or embezzlement or in case the vehicle is unjustifiably not returned to the lessor on the agreed date and at the same time it has not been possible to contact the lessee. Further data provided by the application is: a) Smart Check – in, i.e. evaluation of the kilometers traveled during the Lease, fuel level, etc., b) timely information on the maintenance status, etc., c) asset management in cases of significant damage to the vehicle, etc. d) list of assets, i.e. live mapping of the exact location at any time of the vehicles (owned by the lessor). The legal basis for processing is the legitimate interest in protecting the legal property of the company.
Response to personal data requests: To satisfy any of your rights (access, deletion, correction, etc.) we will ask you for the minimum identification data as well as your signature. Legal basis is our legal obligation to respond to data subjects’ requests.
Client Privilege Programs: Through those programs the Company offers a number of benefits to clients, including priority service at rental stations, better spots at the Company's car parks, discount coupons, offers, etc.
Contact: The Company uses Data to answer to requests/questions you make for instance through the Contact Center and contact forms.
Participation in on-line promotional activity/ contests: Subject to your agreement, the Company processes Data you provide to participate in a contest in order to operate contests, contact you if you win and deliver the prize won.
Participation in online market surveys/ answering questionnaires: The Company processes Data that you provide to participate in online surveys, such as demographics (age, income, etc.). You have the option to either fill in all or no information. Survey results are used only to improve our website, and for the sole purpose of enabling you to evaluate the services we provide you with and to help us improve them and for no other purpose.
5. Purpose of processing your Data
We collect your Data for the purposes of the products and/services we provide, including, indicatively:
(a) to assess your request and provide you with a quotation, on the one hand, and to enter into a rental agreement, on the other;
(b) to manage the rental of the car of your choice, e.g. contacting and informing you on availability, performing the agreement, offering car maintenance, paintwork, repair, replacement, pick-up, etc. services, sending the necessary documentation in connection with any products you may have purchased or services provided to you, managing your debts to the company, making reimbursements;
(c) to comply with obligations under applicable legislation, e.g. labor and insurance legislation;
(d) to check, improve, adapt to your preferences and choices regarding our products and/or services;
(e) to email information on Company products and/or services;
(f) to conduct client satisfaction surveys, promote products and/or services, send newsletters on products and/or services;
(g) to engage in communication with you in case of a contest.
(h) to assess credit or other risks to the Company's vehicles and credit claims involved in contracting with customers, with the aim of protecting the ownership of our vehicles, consolidating our transactions, avoiding further loss and, in general, protecting the Company's commercial interests.
6. The legal basis for the processing of your Data by the Company
Your Data are processed subject to:
the terms of our contract with you;
your consent, where required;
the Company's obligations under the law (e.g. tax, labor, insurance, etc. legislation);
the Company's legitimate interest.
7. Recipients of your Data
The company warranties that it will not transmit, disclose, conveyr, etc. your Data to third parties (save the recipients indicated in this Policy) for any purpose or use, unless it is mandatory under applicable legislation or required by public/judicial agencies/authorities.
Access to your Data is granted only to the absolutely necessary Company staff, who are bound by confidentiality agreement, and third parties working with us, that process your Data acting as Joint Controllers or as Processors on our behalf and subject to our instructions.
Recipients of your Data include but are not limited to:
1) Insurance companies working with our Company.
2) Users of our brands and systems who co-operate with our Company.
3) Tourist agencies working with us for car rentals.
4) Airlines we work with to ensure you get even more car rental advantages.
5) Third Parties working with our Company and offering repair, paintwork and maintenance services for vehicles rented to our clients.
6) Certified auditor firms auditing our Company's financial statements.
7) Banks and electronic payments companies
8) Lawyers or law firms to support Avis' interests
9) Security services providers
10) Companies working with us to provide road assistance to drivers using our Company's vehicles.
11) Companies (inside and outside Europe) which also manage the international car reservation system with which we share information related to our car rental activity and can receive personal information in connection with reservations made using that application. Your Data will not be used for any other purposes without you having first being informed and given your consent.
8. How we ensure the respect of Processors and Subprocessors for your Data
Processors acting on our behalf have agreed and are contractually bound to the Company:
• to respect confidentiality;
• to refrain from sending your Data to third parties without the Company's permission;
• to take the necessary security measures;
• to comply with the legal framework on personal data protection, in particular Regulation (EU) 679/2016 (also known as GDPR).
In performing their duties, Processors may employee other persons called Subprocessors. This requires the Controller's prior authorization for the processing, in part or in whole, of Data. As a result, Subprocessors have, as part of their duties, the same contractual obligations and rights, laid down in this Policy, as the Processor and are jointly and severally liable with the Processor.
9. Do we send your Data outside the EU?
The company, being member of an international car rental business organization (Αvis Rent A Car System), occasionally shares Data provided on its website or forms within the purpose and the needs of the lease with other Avis-Budget Group companies, in or outside Europe. Avis may enter your data in a database also accessible by other companies which use the Avis Rent a Car System (either in Europe or elsewhere) with a view to keeping you informed about new services offered by Avis-Budget Group. Your personal data will not be used for any other purposes without your prior consent.
10. When do we delete your Data?
We only keep your Data for as long as is required to fulfil the purpose for which you provided them, in compliance with applicable legislation. All the data we keep regarding the contract shall be retained for a maximum period of twenty (20) years from the end of the lease.
Your declaration of consent to receiving our newsletter is kept for as long as the Company sends you newsletters, unless you opt out.
Personal data you send to participate in Client Privilege Programs are deleted when the program ends or when you have been disqualified for some reason, or if you have express your wish to stop participating in the program, as described in the terms for the use of the program.
Data processed when you participate in contests and/or market surveys will be kept for as long as is required to conclude the contest or survey and are then deleted.
Data processed to compile a list of customers who are not allowed to rent a vehicle due to previous insolvent actions or behaviors are stored for five (5) years from the expiration of the rental contract.
The policy we operate in respect of Data collected by way of Cookies is available (here, see more about the Cookies Policy).
11. Are your Data secure?
The company undertakes to safeguard your Data.
Acknowledging the importance of your Personal Data security, we have put in place all the suitable organizational and technical measures, constantly improving them to follow the latest technological evolutions, for the sole purpose of safeguarding and protecting your Data from all forms of accidental or unlawful processing.
If you have an account, your authentication is achieved by a combination of your email and your Password. Each time you enter your credentials you gain access to your personal account. The security of this process is ensured by the encrypted transfer of your data over the Internet and the Company's servers. According to the same standards, you are given the possibility to change your Password as often as you wish. When you enter the password you wish, the new password is codified and stored on the Company's systems. For this reason, you are the only one who knows your password and are exclusively responsible for keeping it secret from third parties.
These measures are reviewed and modified when required.
12. Your rights
You have the right of access to your personal Data.
This means that you have the right to be informed by us if we process your Data. If we process your Data you can ask to find out the purpose of processing, the type of Data we keep, who we provide them to, for how long we store them, if there is automated decision-making, as well as about the rest of your rights, such as the right of Data rectification and erasure, restriction of processing, and lodging a complaint before the Personal Data Protection Authority.
1. You have the right of rectification of inaccurate personal Data.
2. If you find any errors in your Data you can apply to us for their correction (e.g. name correction or change of address updating).
3. You have the right of erasure/"right to be forgotten".
4. You can ask us to erase your Data if they are no longer necessary for the above purposes of processing or if you wish to withdraw your consent in cases where it is the sole legal basis.
5. You have the right to the portability of your Data.
6. You can ask us to provide you with Data you have provided in a readable format or to transmit them to another controller.
7. You have the right of restriction of processing.
8. You can ask us to restrict the processing of your Data for as long as your objections to their processing is under review.
9. You have the right to object and withdraw your consent to the processing of your Data.
10. You can object to the processing of your Data and we will stop processing them in the absence of other imperative or legal grounds overriding your right. If you have declared your consent to the collection, processing and use of your personal data, you may withdraw it at any time with prospective effect.
13. How you can exercise your rights
In order to exercise your rights, you can submit a request to the e-mail address gdpr@avis.gr and we will make sure that we process it and reply to you, free of charge, within one (1) month of receipt. Exceptionally and after informing you, we may need an extension of two (2) months. If your request is clearly unfounded or excessive, especially because of its repetition, the company may impose a reasonable fee, taking into account the administrative costs of providing the information or execution of the requested action or refuse to follow up the request.
Exceptionally:
- If you wish to rectify your user account Data, you can log into your account and make the corrections/changes you wish without needing to submit a Request,
- If you wish to withdraw your consent to receiving our newsletter, you can opt out by clicking on the link "To unsubscribe from the "newsletter mailing list" click here" at the bottom of each newsletter.
14. When we reply to your Requests
We reply to your requests free of charge and without delay, and in any case within one (1) month from the time of receiving them. If, however, your Request is complex or if you have sent a large number of Requests, we will get back to you within a month to notify you in case we need a two (2) months extension on order to reply.
If your Requests are manifestly unfounded or exaggerated, in particular if they are repetitive, the Company may choose to charge you a reasonable fee in order to cover the administrative costs incurred in providing information or taking the action requested or refuse to take any further action with a Request.
15. Who you can contact for information about the progress of your Requests
For information about the progress of your Request you can contact us at gdpr@avis.gr
16. Do we use automated decision-making/including profiling when processing your Data?
We do not make decisions or automatic profiling using automated procedures when processing your Data, with the exception of the cookies used on our website (more information on the Cookies Policy is available here)
17. Applicable law to the processing of your Data by us
The applicable law is Greek law as shaped by the General Data Protection Regulation (Regulation (EU) 2016/679), and the applicable national and European legislative and regulatory framework on personal data protection.
The Courts of Athens have jurisdiction over disputes arising in connection with your Data. Exceptionally, if a dispute falls within the jurisdiction of a Magistrates' Court, the dispute may be brought before either the Magistrates' Court of Athens or the Magistrates' Court of Chalandri.
18. Where you can complain if we violate applicable law on the protection of your Personal Data?
You have the right to lodge a complaint with the Personal Data Protection Authority (mailing address: 1-3 Kifissias Ave., Postal Code 115 23, Athens, Tel.: 210 6475600, email: contact@dpa.gr), if you believe the processing of your Personal Data to be in violation of the applicable national legal and regulatory framework on personal data protection.
19. How you can find out about amendments to this Policy?
We update this Policy whenever necessary. In case of major changes in the Policy or in the way we use your Personal Data, we will post an updated version of this Policy on our website and inform you by any appropriate means.
We encourage you to refer regularly to this Policy to find out how your Data are protected.
This Personal Data Protection Policy was updated on October 2nd, 2023.