WEB PRIVACY POLICY
Below is the privacy policy (hereinafter, the “web privacy policy” or “policy”) that governs the Web Platforms https://www.autoreisen.es https://www.autoreisen.com and http://www.arcarhire.com (hereinafter, “the Platforms”), under the ownership of Special Prices Auto Reisen, S.L. (hereinafter “AUTO REISEN”), a car hire company with offices in airports in the Canary Islands. AUTO REISEN is a Spanish trading company registered in the Trade Register of Santa Cruz de Tenerife in volume 492 , folio 87, page number TF-2832, first entry, with a registered address and tax domicile on Calle San Francisco, 5, Edificio Santander, Planta 8º, 38002, Santa Cruz de Tenerife, with Tax Identification Number B38086500 and the following contact email address for the purposes of this privacy policy: privacidad@autoreisen.es.
Please spend a few minutes reading our privacy and cookie policy, it will not take you long. Our aim is to explain to you in a simple, clear and transparent manner how we process and protect your personal information and your rights. Your security and that of your personal data are of the utmost importance to us and protecting them properly is something we take very seriously.
TO WHOM IS THIS POLICY ADDRESSED AND TO WHOM DOES IT APPLY?
This policy applies to all users of the platform, whether or not they are customers of AUTO REISEN (hereinafter, interchangeably, “the user” and “the users”), who are considered legal persons. By personal data, we mean any information about an identified or identifiable legal person.
If you are already a customer of AUTO REISEN, because you have entered into a contract with us, you must also refer to the information contained in your contract about specific privacy terms.
This platform is aimed at users over 18 years of age, with use by underage users prohibited. Moreover, the user responsibly acknowledges that he/she has sufficient legal capacity to subscribe, if applicable, to the services offered by AUTO REISEN.
This Privacy and Cookie Policy will be translated into several languages as part of AUTO REISEN's business and its corporate policy on quality, service and customer care. Nevertheless, in the event of any dispute regarding the interpretation or application of the terms of this policy, the parties agree that the Spanish version of the Privacy and Cookie Policy will take precedence over any other language version of it for all legal purposes.
IF YOU BROWSE OR USE OUR WEB PLATFORM, WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
We are responsible for processing your personal data:
Full company name: SPECIAL PRICES AUTO REISEN, S.L.
Registered address: Calle San Francisco, 5, Edificio Santander, Planta 8º, 38002, Santa Cruz de Tenerife
Physical location/headquarters: Calle San Francisco, 5, Edificio Santander, Planta 8º, 38002, Santa Cruz de Tenerife
Contact telephone: +34 922 392 216
Contact email (general): privacidad@autoreisen.es
For any matter related to the protection of your personal data, please send an email to: privacidad@autoreisen.es.
WHO IS THE DATA PROTECTION OFFICER (DPO) OF AUTO REISEN?
AUTO REISEN has designated a DATA PROTECTION OFFICER (DPO), whom users, if they so wish, can contact regarding matters related to the processing of personal data and for the exercise of their rights in accordance with the provisions of GDPR. You may contact our DPO by means of the following contact information:
Postal address: Calle San Francisco, 5, Edificio Santander, Planta 8º, 38002, Santa Cruz de Tenerife
Contact email: privacidad@autoreisen.es
1. WHAT TYPES OF PERSONAL DATA DO WE USE?
The processing of your data is required in order to grant you access to the content and/or features of the platform or, should you require it, to provide you with the information or the services made available through it. In this respect, we are firmly committed to processing your personal data in a lawful and consistent manner in accordance with the principles and legal obligations set out in current data protection legislation.
The personal data that we use are those that are strictly necessary to be able to provide you with the service/s you require (basically, identification data, data associated with personal circumstances, driving permits or licences, financial/banking data and any other data concerning the provision of the service itself, for example, geolocation details in the case of geolocated vehicles. Failing to give us your personal data could make it impossible for us to provide you with our services.
Moreover, you can manage your preferences for the cookies used on our Platform on the settings panel provided, as stated in the cookie policy.[AMdL2]
2. HOW DO WE USE THE DATA?
The personal data that you provide us with will be processed for the purposes set out particularly in this privacy policy and, where applicable, in the various data forms made available in it. In this respect, data collection serves the following processing purposes:
- (i) To enable users to browse the Portals so that they can access the information and content provided there
- To attend to your requests based on the forms or requests that you send us. If through such forms you were informed of the possibility of being sent promotions, publicity or information on specific services, because you were associated with such requests, and you clearly gave your consent, we inform you that you can withdraw or revoke your consent at any time by writing to: privacidad@autoreisen.es, although this will not affect the previous processing of your data for these purposes.
- To make contact with users and respond to any requests or enquiries that may arise from using the forms that are provided on the Portals.
- To comprehensively manage vehicle booking requests.
- To allow for the uses associated with the Platform’s cookies as described in our cookie policy.
- In the event that you have accepted the cookie policy, for the development of the purposes associated with the different types of cookies used on the platform, in particular, analytics cookies (used to draw up browsing/user profiles), to perform such analytics and statistics associated with web browsing in order to improve our services and the quality of them. If you so wish, you can configure the use of analytics cookies at any time, exercising your right to withdraw your consent for the purposes associated with these cookies. We inform you that withdrawing your consent to the processing of your data in regard to certain types of cookies such as session or technical cookies may prevent you from browsing our platform (see cookie policy).
- To adopt such protection measures as may be legally applicable, including the possible anonymisation of your personal data using the appropriate techniques available for the purpose. Accordingly, anonymisation and pseudonymisation processing may be used to enhance the protection of your personal data.
- To apply the pertinent security, technical and/or organisational measures to personal data that are deemed appropriate based on the risks identified concerning your rights at any given time, including the encryption of personal data and other measures that may involve certain processing of the data of Portal users.
Similarly, you are informed that if you purchase our services, the data collected for this purpose either via the Portals or via our call centre, or directly at any of our service desks will be processed for the following purposes:
- To provide and comprehensively manage the self-drive car rental service and to draw up the related agreement, including all processing of your data that is strictly necessary in order to provide you with the services you require. This includes the processing associated with the customer care service, the management and enhancement of service quality and customer loyalty. In the case of the vehicles in the AUTO REISEN fleet that are fitted with geolocation technology, this could include access to the geolocation data. The geolocation service operates as a protection measure for our vehicles, their occupants and any other third party during the rental period and is implemented by AUTO REISEN with all the legal guarantees that are required in this area.
- To comprehensively manage the insurance options signed up for from among those indicated in the terms and conditions, whether they are included in the rental price or are optional (in accordance with the rental agreement signed).
- To respond to any call for roadside assistance or relating to accident insurance.
- To prevent fraud, and to investigate, prosecute and take any appropriate measures and/or action against actions that involve or may involve inappropriate use of our vehicles and other items that we make available to you within the framework of the rental agreement, in order to ensure proper compliance with the applicable legislation, and with our policies and terms and conditions. In the event of the Company identifying or being called upon in connection with any unlawful act or traffic offence, your personal information may be disclosed to the law enforcement agencies and the other competent authorities within this sphere as provided for by law.
- To provide information on other products and services similar to those purchased that are offered by AUTO REISEN regardless of the channel of communication used. This is pursuant to Article 21.2 of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce, without prejudice to the legitimate exercise of your personal rights at any time, particularly that of objection.
- Sending commercial or advertising communications provided that they were previously requested by you or expressly authorised by you, concerning possible promotions, benefits and specific discounts on our services.
WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?
| Processing purposes | Lawful basis for processing | Data retention |
|---|---|---|
| To enable users to browse the Portals | Your consent and, where appropriate, the satisfaction of the Company's own legitimate interest, or that of a third party, associated with the proper management, maintenance, development of and changes to the Portals, tools, network and associated information systems, so that the functionalities, access to content and services perform properly and they are all kept generally secure. | - Regarding the data associated with your browsing profile, in relation to analytics cookies that you have accepted as indicated in the AUTO REISEN cookie policy, you must pay close attention to the section on their temporary nature (see cookie policy). |
| To make contact with users in response to requests or enquiries from them. | Your consent | - For the time necessary to properly meet your requests and/or specific requests on a case by case basis. |
| - If these requests consist of the execution of pre-contractual measures at your own request or the signing of a contract with AUTO REISEN, your data will be kept for as long as necessary to give due satisfaction to such pre-contractual measures or the service contract between the parties. | ||
| Solve your doubts about our services in a fast and efficient way. | Your consent and, as the case may be, execution of pre-contractual measures at the request of the user/stakeholder. | For the time strictly necessary to solve or attend to such queries. |
| To comprehensively manage vehicle bookings | The adoption of pre-contractual measures | For a minimum period of six years, based on article 30 of the Royal Decree of 22 August, 1885, by which the Commercial Code is published. |
| If you have accepted the cookie policy provided for this purpose, allow the development of the processing purposes associated with them and, in particular, to perform the relevant analysis derived from your web browsing for analytical and/or statistical purposes. | Your consent | See Cookie Policy[AMdL3] |
| - To adopt such protection measures as may be legally applicable, including the possible pseudonymisation or anonymisation of your personal data using the appropriate techniques available for this purpose. - To implement the appropriate security, technical and/or organisational measures for your personal data according to the risk existing at any given time. | Compliance with a legal obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or the "GDPR") https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing operations intended to ensure the security of the platform, the network and the associated information system, the legitimate interest of AUTO REISEN or, where applicable, of a third party may be invoked (Recital 49 of the GDPR). | As long as the user’s personal data is processed, including the storage of such data for the legally stipulated periods and regardless of the legitimate basis for the processing employed by AUTO REISEN. |
| To provide and comprehensively manage the vehicle rental service and the related performance of the agreement, including, among others, the customer care service, or the geolocation service for AUTO REISEN vehicles that are equipped with it. | Performance of the agreement | For a minimum period of six years, based on article 30 of the Royal Decree of 22 August, 1885, by which the Commercial Code is published. |
| To comprehensively manage the arrangement of insurance | Performance of the agreement | For a minimum period of six years, based on article 30 of the Royal Decree of 22 August, 1885, by which the Commercial Code is published. |
| To respond to any call for roadside assistance or relating to accident insurance | Performance of the agreement | For a minimum period of six years, based on article 30 of the Royal Decree of 22 August, 1885, by which the Commercial Code is published. |
| To prevent fraud, and to investigate, prosecute and take any appropriate measures and/or action against actions that involve or may involve inappropriate use of our vehicles and other items that we make available to you. | Compliance with a legal obligation and, where appropriate, the satisfaction of the Company's own legitimate interest, or that of third parties. | For the time strictly necessary to carry out the processing effectively. |
| To respond to the legitimate requirements of the relevant law enforcement agencies and competent authorities. | Compliance with a legal obligation, primarily that contained in Legislative Royal Decree 6/2015 of 30 October 2015 enacting the consolidated text of the Law on Traffic, the Use of Motor Vehicles and Road Safety, and in Organic Law 4/2015 of 30 March 2015 on the Protection of Public Safety, without prejudice to any other applicable legislation. | For the duration of the procedures in question, in accordance with the retention periods established for each requirement. |
| To provide information on other products and services that are similar to those purchased. | The satisfaction of a legitimate interest pursuant to Article 21.2 of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce. | For the duration of the contractual relationship with AUTO REISEN and, in any case, until you request the effective cancellation of such subscription. |
| To send commercial or advertising communications. | Your consent. | Until you request the effective cancellation of such subscription. |
| Send customer satisfaction surveys related to our services. | Satisfaction of legitimate interest. | For the period of time strictly necessary to carry out the proces |
Where the legal basis for processing your personal data is your consent, we remind you that you have the right to withdraw your consent at any time in a simple manner and free of charge, by writing to: privacidad@autoreisen.es.
In any case, and without prejudice to the foregoing, the user is also informed of the following:
- In accordance with current legislation on personal data protection, in all matters concerning the correct processing of personal data by AUTO REISEN, this company may also store the data securely for three years from the moment it is collected/captured (limitation periods for breaches in this field).
- In regard to the time cookies can be stored, users are recommended to consult our cookie policy (section on their temporary nature).
- Generally speaking, when the personal data is no longer necessary for the purposes for which they were collected, it will be blocked, remaining available only to the competent authorities for the possible identification of liability during the processing thereof, always in accordance with applicable regulations, with its use for purposes other than these not permitted. After the corresponding legal deadlines have elapsed in the event of blocking, your data will be deleted in accordance with applicable regulations and, if applicable, may also be securely anonymised by AUTO REISEN (anonymised/non-personal data).
WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR DATA?
We endeavour to request or apply the minimum and essential data to process personal data in full development of our corporate purposes and objectives This is in line with the principles set out in applicable regulations.
Nevertheless, a failure to provide your personal data may result in the inability to: 1) properly browse our website (disabling technical cookies); 2) access certain content or services; 3) process your specific request or query (for example due to a failure to complete or insufficient completion of the corresponding form or request).
In any case, the personal data and information you provide us with must, according to each case, be:
- Sufficient, although adjusted, limited and proportionate to the legitimate purposes of processing reported in each case, with the utmost respect for the principles of purpose limitation and personal data minimisation.
- Accurate, up to date and truthful in order to suitably verify the identity, capacity and, where applicable, representation as well as to be able to adjust, in each case, the data processing carried out to meet specific needs and real situations. This is in accordance with the principle of accuracy in regard to personal data.
Users are fully responsible for the personal data and information they supply to AUTO REISEN within the framework of the platform and, where applicable, for the services they require or contract from us.
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
Your data may be shared with the following organisations:
- Banks, credit or financial institutions in order to process the relevant payments
- Administrative and regulatory bodies and law enforcement agencies as well as third parties involved in any legal claim procedure in which you may be involved who must be informed of the identity of the driver or possible driver, as well as in order to complete the procedure for the collection of fines to which AUTO REISEN may be subject under Legislative Royal Decree 6/2015 of 30 October 2015 enacting the consolidated text of the Law on Traffic, the Use of Motor Vehicles and Road Safety, and Organic Law 4/2015 of 30 March 2015 on the Protection of Public Safety
- Insurance companies and claim managers responsible for handling all aspects of the insurance products effectively purchased
- Also, since AUTO REISEN forms part of a corporate group, you are informed that your personal data may be shared with other Group companies for purely internal and administrative purposes based on the legitimate interest of AUTO REISEN as provided for under Recital 48 of the GDPR
Similarly, it is possible that certain third parties may be able to access your personal data in development of the services they provide AUTO REISEN with. For example, in the case of third party cookies that are applied on the platform (see cookie policy).
AUTO REISEN has several personal data processors under its control, to whom it allows access to these data, as trusted suppliers, to the extent strictly necessary for the provision of the services contracted with them. Such data processors operate under a service contract under the terms, conditions and guarantees contained in Article 28 of GDPR, with AUTO REISEN carrying out the corresponding controls, inspections and audits in this area in order to verify that such data processors strictly comply with the contracts executed for this purpose and applicable regulations.
ARE THERE ANY INTERNATIONAL TRANSFERS OF YOUR DATA?
We inform you that, in general, no international transfer of your personal data is foreseen, with the necessary measures and guarantees adopted by AUTO REISEN in this area in accordance with existing personal data protection legislation.
Notwithstanding the foregoing, you will find in our cookie policy information on the use of cookies by third parties that may make international transfers of personal data. You can see information related to privacy for the third parties that generate cookies on this website in our Cookie Policy.[AMdL4]
WHAT RIGHTS DO YOU HAVE? WHAT DO THEY MEAN? AND HOW CAN YOU EXERCISE THEM?
| Your rights | What does it consist of? | How do you exercise it? |
|---|---|---|
| Right to information | The right to be provided with suitable information by AUTO REISEN, both when your personal data is collected (whether obtained from you or from a third party) and at any time thereafter in regard to the processing of your personal data. You decide on your personal information. Please consult articles 12 to 14 of GDPR. | AUTO REISEN endeavours to provide you with all the necessary information related to the processing of your personal data pursuant to articles 12 to 14 of GDPR. However, if you have any questions about our privacy and cookie policy, please do not hesitate to contact us by sending an email to: privacidad@autoreisen.es and we will attend to your request for additional information. |
| Right to access | The right to obtain from AUTO REISEN confirmation of whether your personal data is being processed or not and basic information related to such processing (article 15 of GDPR) as well as to obtain a copy of the personal data subject to processing. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to rectification | The right to obtain without undue delay from AUTO REISEN rectification of your personal data in accordance with article 16 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to erasure | The right to obtain without undue delay from AUTO REISEN the erasure of your personal data in accordance with article 17 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to restrict processing | - The right to restrict the processing of your data by AUTO REISEN if: - - You contest the accuracy of your personal data, for a period of time that allows AUTO REISEN to verify its accuracy. - - The processing is unlawful and you object to its erasure (and instead request that it is restricted). - - AUTO REISEN no longer requires the personal data but you need it for the formulation, exercise or defence of claims. - Its exercise is limited to what is set out in article 18 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to portability | The right to receive the personal data concerning you that you have provided us with, in a structured, commonly used and machine-readable format, or to transmit it to another data controller where technically feasible under the terms set out in article 20 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to object | Right to object at any time to the processing of your personal data, including profiling, when it is based on the satisfaction of the legitimate interest of AUTO REISEN or a third party as described in article 21 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to not be subject to a decision based solely on automated processing (including profiling) | Right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you under the terms of article 22 of GDPR. | By sending a written communication by e-mail to privacidad@autoreisen.es with the reference "Exercise of rights". Only if AUTO REISEN has reasonable doubts as to the identity of the natural person submitting the request may it request that additional information be provided in order to confirm his or her identity. |
| Right to withdraw your consent | You have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing carried out by AUTO REISEN based on your consent prior to its withdrawal. | You can request withdrawal, as the case may be, through the forms, content and privacy settings panel made available by AUTO REISEN (for example, unsubscribe from the newsletter via the link provided for this purposes). However, you can also send a written communication to: privacidad@autoreisen.es so that your right can be duly addressed as described in applicable legislation. |
| Right to submit a claim before the component supervisory authority (AEPD) | This entails the possibility of appealing to the supervisory authority in the event that your personal data protection rights are violated (articles 13 and 14 of GDPR). | Before filing any complaint or claim before the Spanish Data Protection Agency (AEPD) we recommend that you contact us in order to assess the specific situation and try, where applicable, to find an effective and amicable solution. Notwithstanding the above, if you so wish you can also visit the website of the AEPD: www.aepd.es |
ARE SECURITY AND PROTECTION MEASURES APPLIED TO YOUR PERSONAL DATA?
Taking into account the nature, scope, context and purposes of processing as described, as well as the risks of varying likelihood and severity for your rights and freedoms, AUTO REISEN implements (and will implement) appropriate technical and organisational measures to ensure the proper security and protection of your personal data based on principles of data privacy by design and by default, and also implements a concurrent risk-oriented system that will be reviewed and updated as and when necessary.
The use of the Hyper-Text Transfer protocol (HTTPS) is an added guarantee of the security of your personal data.
EFFECTIVE DATE AND CHANGES TO PRIVACY POLICY
This policy has been in effect since 25 May 2018
AUTO REISEN reserves the right to make changes to this policy to adapt it to any future developments in the applicable legislation, legal principles or case law, or for technical, operational, commercial, corporate or business reasons, and to inform you reasonably in advance of the changes made when that is possible. In any event, it is recommended that each time you access our Portals you read this policy in detail, since any change made to it will be published here.
Also, AUTO REISEN may inform you personally in advance of planned changes to this policy before they become effective, provided that it is technically and reasonably possible to do so, in particular, in the case of registered users or customers.
DO YOU NEED TO CONTACT US?
For any query or suggestion that you may have for us regarding this privacy and cookie policy, please do not hesitate to contact us by email at: privacidad@autoreisen.es
JURISDICTION
Generally speaking, any controversy or conflict shall be given priority by the parties for the purpose of seeking an amicable and mutually agreed solution, using, for these purposes, the channel and email provided in section 13 of this policy.
In the event that this is not possible, in accordance with the criteria contained in GDPR for determining the competence of the leading or main authority to hear any conflict, controversy or claim regarding this privacy policy, at least in administrative proceedings, you are informed that such authority will be the Spanish Data Protection Agency (AEPD), in accordance, under all circumstances, with the provisions of article 56 of GDPR. In regard to the right to effective judicial protection in these cases against the customer, the provisions of article 79.2 of GDPR shall also apply, and the corresponding action may be brought before the courts of the city of Santa Cruz de Tenerife insofar as the responsible party is a company based in Spain. Existing Spanish and European legislation applicable in this field shall be complied with.
Version 15-11-2023
