EzCar Booking System - Online car reservation system

Privacy Policy and Data Protection

EzCar Booking System is an online service that provides an online booking platform for car rental agencies, VIP and taxi transfer companies. Our websites, mobile properties, and related applications (collectively, "we" or "us") are part of the ZanteWeb It & Development®, which is owned and operated by ZanteWeb It & Development P.C.
At ZanteWeb It & Development we recognize that privacy is important and providing information online involves a great deal of trust on your part. We take this trust very seriously, and make it a high priority to ensure the security and confidentiality of the personal information you provide us with, when you visit our Websites or use our services.

  • We don't sell or share data or run clever programs to try and squeeze information out of you about what you are doing so we can sell you more stuff.
  • All our servers and applications run the same security protocols that banks use to transmit financial data.
  • We only hold your data because you have given it to us - if you don't want us to do that, we won't. If you are worried about it - don't collect or send any sensitive data through our system. You have control over how long we keep your data for, and when you want us to automatically delete it.
  • We comply with all the laws that apply to us - and expect the same from you.


ZanteWeb It & Development P.C. Privacy and Data Protection Notice

    1. General ZanteWeb It & Development P.C. ("we" or "us") take the privacy of your information very seriously. Our Privacy and Data Protection Notice is designed to iinform you, the user of our availability and booking service ("Service") about our practices regarding the collection, use and disclosure of personal and other information about you or your business that may be provided via this website or collected through our booking form
      This policy applies to information provided by our members and account holders ("members") and also applies to information which is processed by us when a person (referred to for convenience as a "Customer") makes a booking or submits data using our Service.
      ZanteWeb It & Development P.C. is a Private Company trading under current Greek legislation and registered under the General Commercial Registry (GEMH), under registration number 146006224000.
      Important Note: If you are using our Service to make a booking with our member or account holder ("account holder") please note that we are a processor of that data but we are not the data controller. We will pass the data you provide onto our account holder in accordance with this policy.

     

    1. Our Policy
      We aim to limit our interaction with your data wherever possible. We have a general policy relating to access to your data. We will generally only seek to access that data which is necessary in accordance to the privileges you have granted to the system. Automated processes may scan your data, but only for an explicit purpose to do with the management of your bookings or delivery of other services. When working with data that was originally collected by us, our processes may need to scan and manipulate the information in order to deliver our service to you. We have systems in place which allow you to limit and control the access you allow to your booking data.
      However when working with data or content that was not collected by us and which originated elsewhere (e.g. private information you may have entered on your booking form) our policy is to only access and process a limited amount of outline data which we need to deliver the service to you. We will not review and analyse content. Occasionally, to assist with troubleshooting problems you are experiencing with the system, we will seek your permission to access your data. Our policy is always to minimise the instances that this occurs, judge the necessity on a case-by-case basis, not to automate this process and only to do so with the knowledge and permission of the owner of the data.

     

    1. Basis on which we process personal data
      1. Personal data we hold about you will be processed either because:
        • you have consented to the processing for the specific purposes described in this notice;
        • the processing is necessary in order for us to deliver our Service (i.e. to comply with our obligations under the contract between us and our account holder); or
        • the processing is necessary in pursuit of a “legitimate interest”.a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security.

     

    1. Personal data we collect
      • We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
        • Log-in details and information you provide as an account holder when you register with the Service (Log-In Information);
        • contact information we collect from you as an account holder about you or your employees (for example, names, addresses, contact addresses, telephone numbers and email address provided to us by you or by your employer) (“Contact Information”);
        • any information which is contained in any third party account (e.g. Affiliate account) which you have linked with your EzCar account
        • a record of the bookings made through the Service and information relating to each individual booking (car type/model, pick-up/drop-off date time & location, vacation address or flight number etc.) (“Booking Information);
        • a record of any correspondence between you and us and other interactions with the Service or the Site (“Correspondence Information”)
        • information which may be provided to our account holder using an online booking form (“Booking Form Information”) ;
        • information relating to payment transactions which is collected where we collect payment on behalf of our account holder (if required we may also collect credit card information which is only accesible from account holder for offline processing) (“Payment Information”)
        • information we may require from you when you report a problem or complaint (“Complaints Information”)
        • details of your visits to the Site, the resources and pages that you access and any searches you make (“Technical Information”).
      • We only collect such information when you choose to provide it to us. You do not have to provide any personal information to us and you may withdraw your consent to us to process your data or request that we restrict our processing (see below) but our Service may not be operable in practice without providing such data to us.
      • Information may also be gathered through the Site without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies.
      • An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet.
      • We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.
      • If you are a customer of our account holder and our account holder has connected with us via PayPal (allowing us to collect payment on the Site) then we may have access to your payment history with our account holder, even if you are not a user of the Site. We will not seek to access nor will we process any data other than data specifically relating to our users and payments made via the Site. We will restrict access to any such information and we will also take steps to remove our access to any non-relevant data.

     

    1. How we use your personal data
      1. Please see the table below which sets out the manner in which we will process the different types of personal data we hold. Please note that some of this data (including Booking Information and Booking Form Information) is processed by us as a ‘processor’ and our account holder will be the ‘data controller’ (please see section 3, Data Processing, which explains the terms which apply to us as a processor).

    Purpose/Activity

    Type of data

    Lawful basis for processing including basis of legitimate interest

    When you (or your employer) register with us to provide the Service to our account holder.

    Log-in Information

    Contact Information

    Performance of a contract.

    Necessary for our legitimate interests (to establish necessary information in order to provide our Service).

    When you use the Service as an account holder to take, manage or administer bookings.

    Log-in Information

    Contact Information

    Booking Information

    Booking Form Information

    Payment Information

    Performance of a contract.

    Necessary for our legitimate interests (in order to provide our availability and booking service).

    When you use the Service as a customer or client of our account holder (“Customer”) to make a booking.

    Contact Information

    Booking Information

    Booking Form Information

    Payment Information

    Performance of a contract.

    Necessary for our legitimate interests (in order to provide our availability and booking service).

    When you use the Service as a Customer to provide information relating to a booking.

    Booking Information

    Booking Form Information

    Performance of a contract.

    Necessary for our legitimate interests (in order to provide our availability and booking service).

    When you use the Service as a customer or client of our account holder to make payment to our account holder in relation to a booking.

    Payment Information

    Performance of a contract.

    Necessary for our legitimate interests (in order to provide our availability and booking service).

    To manage our relationship with our account holder which will include:

    (a) Notifying our account holder about changes to our terms or privacy notice;

    (b) Asking them to leave a review or take a survey;

    (c) When a complaint is submitted.

    Log-in Information

    Contact Information

    Booking Information

    Technical Information

    Communication Information

    Performance of a contract

    Necessary to comply with a legal obligation.

    Necessary for our legitimate interests (to keep our records updated and to study how customers use our Service).

    To use data analytics to improve the Service, Site, marketing, customer relationships and experiences.

    Technical

     Communications

    Necessary for our legitimate interests (to define types of customers for our products and services, to keep our services updated and relevant, to develop our business and to inform our marketing strategy).

     

    1. Sharing your information
      • We do not disclose any information you provide to any third parties other than as follows:
        • if you are an account holder we will share information contained in any booking form or other content created by you with anyone who is seeking to make a booking using the Service;
        • if you are a Customer making a booking we will supply any information you provide to us to our account holder;
        • payment information may be provided to our payment processors;
        • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
        • in order to enforce any terms and conditions or agreements for our Services that may apply;
        • to protect the rights, property, or safety of ZanteWeb It & Development P.C., our account holders, or any other third parties
        • o to our technical support & software maintenance partners.
      • Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.
      • Your Data is not sent outside the EU with the exception of the hosting service provider located in a country with an adequacy decision.

     

    1. How we protect your information
      • We want you to feel confident about using EzCar Booking System, and we are committed to protecting the information we collect. While no website can guarantee security, we have implemented appropriate administrative, technical, and physical security procedures to help protect the personal information you provide to us.
      • In order to safeguard the information we collect from you, we took all reasonable steps to ensure that:
        • our servers are protected by security mechanisms and can only be administered via strictly controlled public/ private cryptographic keys;
        • our data processing storage facilities are sited in secure locations to prevent unauthorised access
        • all communication with our servers is encrypted through Secure Sockets Layer (SSL), an industry standard encryption method that encrypts data between your computer and our servers so that in the event of your network being insecure no data is passed in a format that could easily be deciphered.
        • regular security assessments of our infrastructure are performed. This includes web vulnerability scans, dependency vulnerability scans, static code analysis, rule based OS inspection and manual assessments.
        • we employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your information.
        • In addition to all these, we use a State of the Art login system for all our account holders.
          All our account holders that are authorized to access your information, they use by default a high level two step authendication system, in order to have access to their administration control panel.
          So even in the case an unauthorized person/hacker get the Admin login details of an account holder, it will be impossible to gain access from an unauthorized device pc/tablet.

     

    1. Children's privacy
      EzCar Booking System is a general audience site and does not offer services directed to children. Should an individual whom we know to be a child under age 18 send personal information to us, we will delete or destroy such information as soon as reasonably possible.

     

  1. Data Processing
    Certain information we collect we hold as a ‘data processor’ this includes Booking Information, and Booking Form Information. Our account holder is the data controller for this data. Our terms require that our account holder process this data in accordance with applicable data legislation.
    In our Terms of Use this is defined as “Subscriber Personal Data” and in our Terms of Use we set out in accordance with the GDPR our obligations to the account holder in relation to the Subscriber Personal Data we process.

 

  1. Data Retention
    We keep your data only for the time required to fulfill the purpose for which we have collected them, unless a time extension is required due to our legal claims or legal obligations.

 

  1. Your privacy rights
    The GDPR gives you the following rights in respect of personal data we hold about you:

The right to be informed

You have a right to know about our personal data protection and data processing activities, details of which are contained in this notice.

The right of access

You have the right to request information about the personal data we hold about you (free of charge, save for reasonable expenses for repeat requests).

The right to correction

Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, but in any event within one month.

We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

The right to erasure (the ‘right to be forgotten’)

Please notify us if you no longer wish us to hold personal data about you (although in practice it is not possible to provide our Service without holding your personal data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the personal data in question within one month. The data may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible.

We will communicate the erasure to any third parties to whom we have passed the same information.

The right to restrict processing

You can request that we no longer process your personal data in certain ways, whilst not requiring us to delete the same data.

The right to data portability

You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to third party (where technically possible).

The right to object

Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted. You may also object if we use your personal data for direct marketing purposes (including profiling) or for research or statistical purposes. Please notify your objection to us and we will gladly cease such processing, unless we have overriding legitimate grounds.

Rights with respect to automated decision-making and profiling

You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.

Right to withdraw consent

If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time.

 

You can exercise your rights by sending your request, at ZanteWeb It & Development PC, Floka Gaitani, 29100 Zakynthos Greece or via e-mail addressed to dpo@ezcar.gr
In case the response you have received is not satisfactory or your issue has not been resolved, you can contact the Data Protection Authority (www.dpa.gr).

 

  1. Other websites
    Our Site may contain links and references to other websites. Please be aware that this Privacy Policy does not apply to those websites.
    We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site and/or any other service that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
    In addition, if you came to this Site via a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

 

 

  1. Notification of changes to our Privacy Notice
    We will post details of any changes to our Privacy Notice on the Site to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

 

How you can contact us
If you have questions about this Privacy Policy, or with any enquiry relating to your personal information, please contact us at:

ZanteWeb It & Development P.C.
Attn: Legal Department, Privacy Officer
Floka Gaitani
Zakynthos, TK 29100, Greece