2. Principles and conditions of personal data processing

2.1. Processing and ensuring the security of User’s personal data in the Company is carried out in accordance with the requirements in the field of personal data of the Delaware Online Privacy Protection Act (DOPPA, 6 Del. C. § 1205C) and the General Data Protection Regulation 2016/679 of the European Union (GDPR).

2.2. When processing personal data, the Company adheres to the following principles: (a) legality and fairness; (b) restrictions on the processing of personal data to the achievement of specific, predetermined and legitimate goals; (c) the reliability of personal data, their relevance and sufficiency for processing purposes; (d) prevent processing of personal data that is incompatible with the purposes of collecting personal data; (e) prevent the merging of databases containing personal data that are processed for purposes that are incompatible with each other; (f) the legitimacy of organizational and technical measures to ensure the security of personal data; (g) processing of personal data that meets the purposes of their processing; and (h) compliance content.

2.3. The Company processes personal data only in the presence of at least one of the following conditions: (a) processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data; (b) processing of personal data is necessary to achieve the objectives stipulated by law, for the implementation and fulfillment of the functions, powers and responsibilities of the operator imposed by international standards in the field of personal data; (c) processing of personal data is necessary for the execution of the contract, of which either the beneficiary or the guarantor is party, according to which the subject of personal data is, and also to enter into a contract on the initiative of the subject of personal data or the contract on which the subject of personal data will be the beneficiary or surety; (d) processing of personal data is necessary for the exercise of the rights and legitimate interests of the Company or third parties or to achieve socially significant goals, provided that it does not violate the rights and freedoms of the subject of personal data; (e) processing of personal data is necessary when receiving feedback, analyzing the improvement of the quality of the Service, as well as obtaining information about loyalty and satisfaction with the Company's Service, further research and processing of this information; (f) processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request; and(g) processing of personal data to be published or mandatory disclosure in accordance with international standards in the field of personal data.

2.4. the Company has the right to transfer the User’s personal data to other Users in relation to vehicle rent booked on the Website and to the Company’s business partners, including marketing and advertisement purposes. The Company may also use the User’s personal data, including any video and/or photographic images posted on the Website, for advertising of the Website and/or the relating Company’s services.

2.5. The Company destroys or depersonalizes personal data upon the achievement of processing objectives or in case of loss of the need to achieve the processing objective.

3. Purposes of personal data processing

3.1. The Company processes personal data of the subject of personal data solely for the following purposes: (a) maintaining the Service activity and organization of support services; (b) the conclusion, execution and termination of contracts concluded by Users via the Service; (c) identification of Users; (d) informing about the Company's or it’s subsidiaries’ or partners’ advertising and/or marketing campaigns, surveys, questionnaires, and marketing research regarding the Service and / or the services provided by the Company’s subsidiaries or partners; (e) communicating with the Users, if necessary, including sending notifications, requests and information related to the Service, as well as processing the User’s requests; (f) improving the quality of services provided, ease of use, development of the new services, and (g) conducting statistical and other studies based on anonymized data.

3.2 The Company collects the following information as a subject of personal data: (a) full name; (b) year of birth; (c) place of registration / residence; (d) phone numbers; (e) email address; (f) data that is transmitted automatically depending on the settings of the software used by the User, including, but not limited to: IP address, cookies data, information about the User’s browser (or another program that allows access to the Service), date and time of access to the Company’s services, addresses of the requested pages and other similar information. The Website has the right to establish requirements for the composition of the Personal Information of the User, which must be provided for the use of its Services. If certain information is not marked as mandatory by the Website, its provision or disclosure is carried out by the User at its discretion.

4. Right of personal data subjects

4.1. The User, whose personal data are processed by the Company, has the right to:

4.1.1. receive from the Company: (a) confirmation of the processing of personal data by the Company; (b) legal grounds and purposes for the processing of personal data; (c) information about the methods of personal data processing used by the Company; (d) name and location of the Company; (e) information on persons who have access to personal data or to whom personal data may be disclosed in accordance with international standards in the field of personal data; (f) a list of processed personal data relating to the User from whom the request was received and the source of their receipt, unless otherwise provided by law for the provision of such data; (g) information on the processing time of personal data, including the storage period; (h) information on ongoing or alleged cross-border transfer of personal data; (i) name and address of the person processing personal data on behalf of the Company; and (j) other information stipulated by international standards in the field of personal data;

4.1.2. require clarification of their personal data, their blocking or destruction if personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;

4.1.3. demand elimination of illegal actions of the Company in relation to his personal data;

4.1.4. appeal against the actions or inaction of the Company to the supervisory and control authority in the field of personal data protection or in court if a person believes that the Company processes their personal data in violation of the requirements of international personal data standards or otherwise violates its rights and freedoms;

4.1.5. protect their rights and legitimate interests, including damages and / or moral damages in court.

4.2. The withdrawal of consent to the processing of personal data does not affect the legality of data processing based on your consent prior to its withdrawal. If you want to send a request, you should contact the Company in writing using the contact information provided below. The Company makes a decision on your request within four weeks.

4.3. The User has the right to receive personal data about him or her that he or she provided to the Company in a structured, commonly used and machine-readable format and has the right to transfer this data to another operator without objection of the Company if: (a) processing is based on consent in accordance with Article 1.5. of this Policy; (b) processing is carried out by automatic means.

4.4. In exercising its right to data portability in accordance with the provisions of this Section the User has the right to transfer personal data directly from the Company to another operator, where it is technically possible.

4.5. The exercise of the right mentioned in Section does not prejudice the right to delete User data. This right does not apply to the processing required for a task performed in the public interest or in the exercise of official authority granted to the Company.

4.6. The User’s right referred to in this Section shall not adversely affect the rights and freedoms of third parties. When exercising its rights provided for in this Policy, the User may not infringe on third-party rights or the rights of others to protect their privacy and personal data.

5. Order, terms and methods of processing personal data

5.1. The processing of personal data of the User of the Website is carried out in accordance with this Policy, the User Agreement, as well as the consent of the User to the processing of personal data.

5.2. The Company processes personal data both in an automated way and without the use of automation.

5.3. The Company stops processing personal data in the following cases: (a) achieving the goals of personal data processing; (b) withdrawal of the consent of the subject of personal data; (c) identification of illegal processing of personal data; and (d) termination of the Company's activities.

5.4. The processing of the User’s personal data is carried out by the Company in the following ways: collection, recording (including on electronic media), systematization, accumulation, storage, drawing up of lists, labeling, updating (updating, changing), retrieving, using, transferring (distributing, providing, access), de-identification, blocking, deletion, destruction, cross-border transfer of personal data, obtaining User’s video and photographic images, as well as performing any other actions with personal User data subject to applicable law.

6. Transboundary transfer of personal data

6.1. GetRentaCar, Inc is an international company. In order to achieve the objectives specified in the Policy, the Company reserves the right to transfer personal data to countries other than the country from which they were originally received. In this case the personal data may be transferred to processed by the Company’s subsidiaries, advisors, consultants, business partners, etc.

6.2. In case of cross-border transfer of personal data, the Company protects data in accordance with this Policy and consent to the processing of personal data.

6.3. Information that published on the Website or submit for publication via the Service may be accessible via the Internet throughout the world. The Company cannot prevent third parties from using or misusing such information.

6.4. By posting the information to the Service the User gives his/her expressly consent to the transmission of personal information described in this Section.

7. Ensuring personal data security

7.1. The Company applies the necessary and sufficient organizational and technical measures, including the use of information security tools, the detection of unauthorized access facts, the restoration of personal data, the establishment of rules for access to personal data, and the monitoring and evaluation of the effectiveness of the measures applied.

7.2. All persons authorized by the Company to process personal data are familiar with the provisions of the applicable legislation on personal data, including international requirements for the protection of personal data, documents defining this Policy regarding the processing of personal data, and local acts for the processing of personal data.

7.3. The Company has the following organizational measures: (a) the persons responsible for organizing the processing and ensuring the security of personal data are appointed; (b) developed local acts on the processing of personal data; and (c) internal control over the compliance of the processing of personal data with the requirements for the protection of personal data is carried out.

7.4. When collecting personal data of Users, the Company undertakes to ensure the recording, systematization, accumulation, storage, refinement (update, change), extraction of personal data of Users using databases.

8. Cookies and web beacons

8.1. A cookie is a file that is stored on te User’s computer’s hard drive in the browser. Cookies can be “persistent” or “session”: a permanent cookie will be stored in a web browser and will remain valid until its expiration, unless it is deleted by the User until it expires; the cookie session expires at the end of the User's session when the web browser is closed. Cookies usually do not contain information that personally identifies the User, but personal information that we store about you may be related to information stored and obtained from cookies.

8.2. A web beacon, also called an internet or pixel tag, is used to collect information about the use of the Internet. Thanks to this, the Company can provide the Users with more specific information. When using the Website, the Company informs any User about which cookies and web beacons are related to the Website, and invites them to consent to the placement of these cookies and web beacons.

8.3. Blocking or deleting all cookies adversely affects the usability of the Website.

9. Sites of third parties

9.1. The Website may include hyperlinks to third party websites. The Company does not control and is not responsible for their privacy policies and activities.

10. Responsibility

10.1. In the event of non-compliance with the provisions of this Policy, the Company shall be liable in accordance with applicable laws of the State of Delaware, USA.

10.2. To obtain clarification on the issues of personal data processing, it is necessary to send an official request to the email address info@getrentacar.com.

10.3. In the case of a formal request from the administration of the Website, the following must be indicated in the request text: (a) full name of the User; (b) the number of the main document certifying the identity of the subject of personal data or his representative, information about the date of issue of the specified document and the issuing authority; (c) information confirming the fact of the processing of your personal data by the Company; and (d) signature.

10.4. Formal requests and complaints are submitted in writing and to the specified address of the Company, previously sent in a reliable manner. To resolve any dispute concerning the interpretation or its own jurisdiction, rely on the jurisdiction of the courts of the State of Delaware, USA.

11. Limitation of privacy policy

11.1. The personal data subjects are obliged to reasonably and responsibly approach to the placement of their own personal data in the public domain, including on the Website in the case of leaving comments and feedback.

11.2. The Company is not responsible for the actions of third parties who have gained access to the personal data of the subject through the fault of the latter.

11.3. The Company reserves the right, at its sole discretion, to make changes to this Policy at any time without any special notice. The new version of this Policy comes into force from the moment it is posted on the Website.

12. Limitation of privacy policy

12.1. Personal data processing: any action or set of actions with personal data performed using automation means or without them, including the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution), de-identification, blocking, deletion, destruction of personal data.

12.2. Personal Data: Any information relating directly or indirectly to a specific or definable user. To such information, in particular, include: (a) information about computer, including IP address, geographical location, type, browser version and operating system; (b) information about any User activity on the Website, including the source of the referral, the duration of the visit, page views and navigation paths through the Website; (c) User’s email address, which was entered when registering in the Service; (d) information that was entered when creating a profile in the Service, and for example, name, profile pictures, gender, date of birth, relationship status, interests and hobbies, education data and employment information; (e) User’s first name, last name and email address that were entered to set up a subscription to emails and / or newsletters; (f) information that was entered when the User designs services via the Service; (g) information that is created when using Service, including when, how often and under what circumstances it was used; (h) information that any User publishes on the Website and/or via the Service, indicating the publication on the Internet, which may include username, profile pictures and the content of messages; (i) the information contained in any messages that any User sends to the Company by e-mail or through the Service, including its content for communication and metadata; (j) any other personal information that may be sent by the User via the Service or to the Company.

12.3. Dissemination of Personal Data: Actions, access to the disclosure of personal data to an indefinite circle of persons.

12.4. Consent to Personal Data Processing: The permission of the User of the Website, which he gives the interested party to receive, collect, store and use personal information about themselves.

12.5. Personal Data Subjects: An entity that is directly or indirectly determined or determined by personal data.

12.6. Cross-border Personal Data Transfer: The transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.