Privacy Policy
How rentcorfu.com collects, uses, and protects your personal information
1. Introduction and Scope
This Privacy Policy explains how rentcorfu.com ("we", "us", "our") collects, processes, and safeguards personal data provided by visitors and customers ("you") when using our website or booking a rental vehicle in Corfu, Greece. Our operations are based in Corfu (Kerkyra), a region subject to Greek national law and the European Union General Data Protection Regulation (GDPR) (EU) 2016/679.
This policy applies to all personal data collected through our website at rentcorfu.com, through phone or email enquiries directed to [email protected], and through any booking transaction completed for vehicle pickup at Corfu International Airport (CFU), the New Port, Corfu Old Town, or any other designated rental location on the island.
By using our website or completing a booking, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please refrain from submitting personal data via our website.
2. Data Controller
The data controller responsible for your personal data is rentcorfu.com, operating in Corfu, Greece. For all data protection enquiries, please contact us at:
rentcorfu.comCorfu, Greece
Email: [email protected]
Phone: +1 (735) 394-5616
3. Information We Collect
We collect the minimum amount of personal data necessary to provide our car rental service reliably and safely. The categories of data we may collect include:
3.1 Personal Identification Details
When you make a booking or contact us, we may collect your full name, email address, phone number, date of birth, and a copy or reference number of your driving license. For young driver verification (for customers between ages 21 and 25), additional license details may be requested at pickup.
3.2 Booking and Rental Data
We collect information related to your reservation: pickup location (for example, Corfu Airport arrivals hall or the ferry terminal at the New Port), return location, rental dates, vehicle category selected, optional extras such as child seats or GPS, and your flight or ferry arrival details where provided to assist with punctual delivery.
3.3 Payment Information
We do not store full card details on our own servers. Payment processing is handled exclusively by certified third-party payment processors that are PCI-DSS compliant. We may retain a partial transaction reference and confirmation status for accounting and dispute resolution purposes. Our booking model supports debit card payments and does not require a credit card, which means the amount we process reflects only the confirmed rental cost - no large security hold is placed through our system.
3.4 Browsing and Technical Data
When you visit rentcorfu.com, we may automatically receive your IP address, browser type, device type, operating system, referring URL, pages visited, session duration, and cookie identifiers. This technical data is used to ensure the website functions correctly and to understand how visitors interact with the site.
3.5 Location Data
If you use our map or location features to identify rental pickup points in Corfu, your approximate geographic location may be detected via your device or browser. This data is used solely to display relevant pickup locations and is not stored in identifiable form beyond the current session.
4. How We Use Your Data
We process your personal data for the following lawful purposes under GDPR Article 6:
4.1 Processing Bookings (Contractual Necessity)
Your name, contact details, driving license reference, and booking preferences are required to confirm your car rental reservation, arrange vehicle availability, and coordinate pickup at Corfu Airport, the New Port, or Corfu Town. Without this data, we cannot complete your booking.
4.2 Customer Support (Legitimate Interest / Contract)
We use your contact details to respond to enquiries, provide pre-travel guidance about driving in Corfu (including route information for reaching Paleokastritsa, the Achilleion Palace, or the northern coast), resolve booking amendments, and handle post-rental queries or complaints.
4.3 Service Improvement (Legitimate Interest)
Anonymised and aggregated browsing data helps us improve website performance, refine fleet availability displays, and better present pricing for rental periods across the Corfu tourist season (April through October).
4.4 Marketing Communications (Consent)
Only where you have given explicit consent, we may send you promotional emails about seasonal rental offers, early booking discounts, or updated fleet availability in Corfu. You may withdraw consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.
4.5 Legal Compliance (Legal Obligation)
We may process and retain your data where required by Greek law, EU regulations, insurance obligations, tax records, or in response to legitimate requests from law enforcement or regulatory authorities in Greece.
5. Data Sharing with Third Parties
We do not sell your personal data. We share data only with trusted service partners who are contractually obligated to handle it securely and only for the purposes described in this policy. These partners may include:
- Payment processors - certified PCI-DSS providers who handle debit and card transactions on our behalf
- Insurance providers - Greek and EU-licensed insurers who require driver details to validate rental coverage and process any claims relating to vehicles operated in Corfu and surrounding areas
- Booking platform integrators - technology partners who power our availability search, booking confirmation, and voucher generation systems
- Fleet management partners - local operators in Corfu who fulfill vehicle delivery and collection at airport or port locations
- Analytics services - anonymised and aggregated website analytics providers (no personal identifiers shared)
Where any third party processes data outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law:
- Active booking data - retained for the duration of your rental and for up to 2 years afterward for dispute resolution and insurance purposes
- Accounting and transaction records - retained for 5 years in compliance with Greek tax law (Law 4308/2014 on Greek Accounting Standards)
- Marketing consent records - retained until consent is withdrawn, plus a short administrative period of up to 6 months
- Website technical logs - typically retained for up to 90 days, then deleted or fully anonymised
- Customer support correspondence - retained for up to 3 years after the final interaction
When retention periods expire, data is securely deleted or anonymised so it can no longer be linked to an individual.
7. Your Rights Under GDPR
As a data subject under the EU General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access - you may request a copy of the personal data we hold about you
- Right to rectification - you may ask us to correct inaccurate or incomplete data
- Right to erasure - you may request deletion of your data where there is no overriding legal basis for retention
- Right to data portability - you may request your data in a structured, machine-readable format
- Right to object - you may object to processing based on legitimate interests, including direct marketing
- Right to restrict processing - you may request that we limit how we use your data in certain circumstances
- Right to withdraw consent - where processing is consent-based, you may withdraw at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA - Αρχη Προστασιας Δεδομενων Προσωπικου Χαρακτηρα) at www.dpa.gr.
8. Data Security
We take the security of your personal data seriously and apply appropriate technical and organisational measures to protect it from unauthorised access, loss, alteration, or disclosure. These measures include:
- Encrypted data transmission using TLS/HTTPS across the entire rentcorfu.com website
- Access controls limiting staff access to personal data on a need-to-know basis
- Regular security assessments of our systems and third-party integrations
- Contractual security obligations imposed on all data processors we engage
- No storage of full payment card numbers on our own infrastructure
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Hellenic Data Protection Authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33 and 34.
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to ensure functionality, remember preferences, and gather anonymised analytics. Please refer to our Cookies Policy for a full description of the cookies we use, their purpose, and how you can manage your preferences. You may withdraw or adjust your cookie consent at any time through the cookie settings banner available on the site.
10. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the services we offer. When material changes are made, the revised policy will be published on this page with an updated effective date. We encourage you to review this page periodically. Continued use of our website or services after an update constitutes acceptance of the revised policy.
This policy was last reviewed and updated in 2025.
11. Contact Us About Privacy
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch:
rentcorfu.com - Privacy EnquiriesCorfu, Greece
Email: [email protected]
Phone: +1 (735) 394-5616
We aim to respond to all privacy-related requests within 30 calendar days. For complex requests this period may be extended by a further two months, in which case we will notify you of the extension and the reason for it.
