Privacy Policy

This Privacy Notice explains how we collect, use, and protect any information about you. It also tells you how to contact us if you have questions—we’ll be more than happy to help. If you’re interested in what we do with cookies and similar technologies, please see our Cookie Policy.

We may change this Policy from time to time; therefore, please check this Privacy

Policy regularly for any updates.

We offer a wide range of online car-rental services, including products and services such as insurance, via our website, mobile applications, emails and text messages, and social networks (“platforms”). For this purpose, we may also need to enter into various service contracts. This Policy applies to all personal data we collect while carrying out the actions described above or when you contact us by email, live chat, phone, or post.

Personal data

Personal data means information relating to an identified or identifiable person, whether on its own or combined with other information. Common examples of personal data processed by RentKraft during daily operations include names, addresses, phone numbers and other contact details, driving licence information, etc.

Personal data you provide to us

a) If you are a RentKraft customer / prospective customer:

We cannot help you make a booking or request a quote without receiving certain information from you. To obtain a booking or a booking quote, we ask for the essential information we need to provide the requested services. This may include your name, age, date and place of birth, and contact details (email, address, and phone number). It may also include identification details such as passport, ID card, and driving licence, or information necessary for payments (card or bank account details).

In addition, we collect information from your computer when you use any of our platforms, even if you don’t make a booking—please also see our Cookie Policy. This can include your IP address, the browser you use, and language settings.

If you contact us (e.g., by phone, email, or social networks), we will also collect information from you there.

After you complete a booking, and subject to your consent, we may ask you to provide a review to help us improve our services and to help ensure future customers receive quality services.

Personal data you provide about other people

You may make a booking on someone else’s behalf (e.g., a friend, family member, or colleague). If you do so, please make sure that person knows you are giving us their details and has agreed to the way we handle their personal data (as described in this Notice). This is your responsibility.

Personal data collected automatically

When you make a booking, we record on which platform it was made and how you arrived on our platform (for example, if you came from another website).

Even if you do not complete a booking, we may automatically collect certain information when you visit our platforms—please also see our Cookie Policy.

Why do we collect and use your personal data?

a) If you are a RentKraft customer / prospective customer:

We ask for your personal data so that we can reserve your car and make sure you receive the best possible service. These are the main reasons we collect your personal data, but there are others as well.

We may use your personal data in the following ways:

• Bookings: Primarily, we use your personal data to create and manage your booking (or another product or service, such as insurance).
• Customer service: Our customer service team needs your details to assist you—for example, to make a booking or answer any questions you have before, during, or after your rental.
• Customer reviews: We may use your contact details to send you a short survey about your booking or to invite you to leave a review on one of our social media platforms (Facebook, Google). This helps us understand and improve our services. Your review will help future customers make the right choice and help our business partners improve the services they provide. By submitting a review, you agree that it may be displayed.
• Marketing activities: We also use your personal data for marketing activities, which may include contacting you by phone, email, or SMS with information about insurance products you did not include in your booking.
• Communications with you: There may be other times when we contact you by phone, email, or SMS to respond to your questions and requests, to perform rental agreements, or to help you complete a booking you started but did not finish.
• Fraud detection and prevention: To provide a safe and trustworthy service, we use your personal data to detect and prevent fraud and other illegal or unwanted activities. Likewise, we may use personal data for security and risk assessment purposes, which may include verifying users and bookings. This can mean that, at times, certain bookings are placed on hold.
• Improving our services: We analyse personal data to enhance the functionality and quality of our online services and to improve the overall user experience. We always work to make our platforms more pleasant and easier to use.
• Call monitoring: We may record phone calls made for booking registration or contract execution to ensure we continue to provide top-quality service.
• Legal purposes: Finally, in certain cases it may be necessary to use your personal data to resolve legal disputes, fulfil our legal obligations, or comply with investigations by public authorities.

b) If you are a RentKraft partner / representative / an employee of a RentKraft partner:

We will process the personal data you provide so we can carry out our specific activity, which will include:

• Carrying out our activity: performing various tasks and services related to executing rental contracts with our customers or providing support services ancillary to our core activity (e.g., performing contracts concluded with your employing organisation or the one you represent, or concluded directly with you).
• Fraud detection and prevention: To provide a safe and trustworthy service to our customers, we use your personal data to detect and prevent fraud and other illegal or unwanted activities.
• Legal purposes: Finally, in certain cases it may be necessary to use your personal data to resolve legal disputes, fulfil our legal obligations, or comply with investigations by public authorities.

What is the legal basis for processing personal data?

To process your personal data, we rely on the following legal bases:

• Performance of a contract to which you are a party: We must use your personal data to fulfil any contract you have concluded with us. For example, when you book a car or when you represent an entity with which we have a collaboration agreement, you must disclose certain information about yourself so we can conclude the contract.
• Legitimate interests: We may use your information for our “legitimate interests” (a term that applies to any activity we consider an essential part of efficiently running our business), while respecting your rights and the law. For example, to provide the most relevant content on our platforms and to improve and promote our products and services.
• Compliance with legal obligations: We may use your personal data for administrative and legal aspects of our activity. For example, when we are required to collect certain information about our customers for tax or accounting purposes, or when we must present information to courts or regulatory authorities.
• Consent: We may rely on your consent to use your personal data in certain circumstances—for example, for direct marketing, to contact you to complete a booking, or to ask for your review of our service quality. You can withdraw your consent at any time by sending a request to office@rentkraft.ro
• , mentioning “Confidentiality” in the subject line.

Competent authorities: We may disclose personal data to public or investigative authorities if we are required to do so by law (or any regulation having the force of law). This includes court orders, subpoenas, and orders arising from legal proceedings and investigations. We may also disclose your personal data if strictly necessary for the prevention, detection, or prosecution of fraud and other criminal acts. It may also be necessary to disclose personal data to competent authorities to protect and defend our rights or property or the rights or property of our business partners.

Third-party service providers: We may use third-party service providers to process your personal data on our behalf. For example, we may use them to invoice services provided by you or by us to you, to organise payments, payment guarantees, or refunds.

We will assess any third party we engage to ensure they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We will enter into written agreements with them containing provisions on the protection they will apply to your personal data and their compliance with our data-security standards and international transfer restrictions.

Do we transfer data outside the European Economic Area?

There may be situations in which we transfer personal data we process to countries outside the European Economic Area (“EEA”)—for example, when one of our service providers uses staff or equipment located outside the EEA (e.g., a cloud provider located in the United States of America). We have put in place appropriate safeguards for the protection of your privacy, fundamental rights, and freedoms, and for the exercise of your rights—e.g., ensuring an adequate level of data protection, usually through the EU Standard Contractual Clauses issued by the European Commission or other available mechanisms. If you wish to consult a copy of any relevant provisions, please contact us.

What security procedures do we apply to protect personal data?

Our business systems and procedures include all reasonable measures to protect your personal data and safeguard it against unauthorised access or destruction, in accordance with Romanian and European data-protection law. We also have specific (technical and physical) security procedures and restrictions that limit access to, and use of, any personal data we hold. Only authorised personnel may access personal data and only for specific, authorised purposes.

How do we handle children’s personal data?

We do not provide services to children under the age of 18 and reserve the right to delete any information we may receive from a child under this age. We may receive information about children in certain situations, such as an insurance claim or a customer-service dispute. If this happens, we will collect and use that information only with the consent of the child’s parent or guardian.

How long do we keep your personal data?

The length of time we keep your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information no longer than necessary to fulfil the purposes described in this Privacy Notice, unless the law allows a longer storage period. We have implemented appropriate measures to ensure your personal information is safely destroyed in a timely and consistent manner when it is no longer needed and no longer processed by us.

In certain situations, we may store your personal information for longer periods so that we have an accurate record of your relationship with us in case of any complaints or challenges, or where we reasonably believe there is a prospect of litigation in relation to your information or relationship.

What rights do you have regarding the personal data you have provided?

Subject to certain exceptions and, in some cases, depending on the processing activity we undertake, you have the right to request access to, rectification or erasure of your personal data, as well as to request data portability. In certain cases, you also have the right to object to the processing of your personal data. Where we process your personal data based on your consent, you may withdraw that consent at any time in the future. You can also lodge a complaint with a supervisory authority.

If you need more information about your rights regarding the processing of personal data—including your rights to access data and correct inaccurate data—please contact us by emailing office@rentkraft.ro

. We may request additional information to confirm your identity and for security reasons before disclosing the requested personal information. We reserve the right to charge a fee where permitted by law—for example, if your request is manifestly unfounded or excessive.

If, in your view, we have breached our obligations regarding the protection of personal data, you may lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) at: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, anspdcp@dataprotection.ro