Privacy Policy
Last Updated: May 26, 2025
I. PRELIMINARY PROVISIONS
Definitions: 1. Privacy Policy – this document. 2. Controller – PAKORENT Dawid Pokój, with its registered office in Warsaw, ul. Komitetu Obrony Robotników 39/10, 02-148 Warsaw, entered into the Central Registration and Information on Business of the Republic of Poland, NIP: 1230895797, REGON: 142903580. 3. Client – a person: a) who has made a car reservation via the Website, or b) concluded a car rental agreement with the Controller, or c) being a user of the car (driver, person collecting or returning the car), or d) whose data has been collected by the Controller via the Website, other communication channels or based on other activity of this person, e) whose data has been shared with the Controller based on an agreement with a business partner, or f) whose data has been obtained by the Controller in another way consistent with applicable law. 4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. 5. Website – the website available at https://pakorent.pl/.
II. PERSONAL DATA CONTROLLER. CONTACT DETAILS
1. The Controller of Clients' personal data is PAKORENT Dawid Pokój (details as in point I.2). The Controller may also be an entity to whom Clients' personal data has been entrusted for processing by business partners in order to perform the contract. 2. Clients can contact the Controller regarding personal data protection in the following way: 1. by e-mail at: rodo@pakorent.pl 2. in writing, by sending correspondence to the address: PAKORENT Dawid Pokój, ul. Komitetu Obrony Robotników 39/10, 02-148 Warsaw 3. by phone at: +48 533 00 66 66
III. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
The Controller processes personal data for the following purposes: 1. Submitting an offer and concluding a rental agreement (Art. 6(1)(b) GDPR). 2. Performance of the rental agreement and Client service (Art. 6(1)(b) GDPR). 3. Providing services electronically (online reservation) (Art. 6(1)(b) GDPR). 4. Establishment, investigation or defense against claims (e.g. debt collection, traffic damage, contractual penalties) (Art. 6(1)(f) GDPR). 5. Direct marketing of own services (Art. 6(1)(f) GDPR). 6. Sending commercial information (newsletter, SMS) – solely based on voluntary consent (Art. 6(1)(a) GDPR). 7. Telephone marketing – solely based on voluntary consent (Art. 6(1)(a) GDPR). 8. Client satisfaction surveys (Art. 6(1)(f) GDPR). 9. Fulfillment of legal obligations (e.g. tax, accounting, sharing data with services, indicating the driver to law enforcement agencies) (Art. 6(1)(c) GDPR). 10. Monitoring GPS: Securing property against theft and verifying the correctness of the rental agreement performance, including speed control, driving style and trips abroad (Art. 6(1)(f) GDPR). 11. Verification of payment credibility (Art. 6(1)(f) GDPR).
IV. SCOPE OF PROCESSED DATA
1. The Controller may process the following data: name and surname, address of residence/registered address, PESEL, date and place of birth, ID card/passport no., driving license no. and expiry date, NIP, company data, phone no., e-mail address, bank account no., payment data (including tokenized payment card data). 2. The Controller also processes data concerning the vehicle (registration no.) and geolocation data (GPS) for property security and verification of contract conditions. 3. The Website may collect technical data (logs, IP) for security and statistical purposes.
V. DATA RECIPIENTS
Data recipients may be: 1. Employees and associates of the Controller. 2. Business partners with whom the Controller cooperates in the performance of the contract (e.g. rental intermediaries). 3. Entities processing data on behalf of the Controller (e.g. accounting offices, IT providers, hosting, GPS and telematics system providers, marketing agencies, insurers, law firms, debt collection companies). 4. Entities authorized by law (Police, Prosecutor's Office, courts, administrative bodies, GITD). 5. Payment operators and banks. 6. Economic Information Bureaus (e.g. KRD, BIG InfoMonitor) – in case of untimely payments.
VI. DATA RETENTION PERIOD
1. Data will be stored for the period necessary to perform the contract, and after its completion for the period required by law (e.g. 5 years for accounting documentation). 2. In the case of claims investigation – until they are time-barred. 3. Data processed based on consent – until it is withdrawn. 4. Data from GPS monitoring – for the period necessary for security purposes and contract settlement, not longer than results from the T&C or legal provisions (max. 365 days).
VII. CLIENT RIGHTS
The Client has the right to: 1. Access their data and receive a copy of it. 2. Rectify (correct) their data. 3. Delete data ("right to be forgotten") – in cases specified in GDPR. 4. Restrict data processing. 5. Data portability. 6. Object to data processing (including profiling) based on the legitimate interest of the Controller. 7. Withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal). 8. Lodge a complaint to the President of the Personal Data Protection Office (PUODO). To exercise rights, please contact the Controller (e.g. by e-mail: rodo@pakorent.pl).
VIII. PROFILING
The Controller may analyze Clients' activity on the Website (profiling) in order to adjust the offer. The Client has the right to object to profiling for marketing purposes – in such a case we will cease these activities.
IX. COOKIES
1. The Website uses cookies to ensure the proper functioning of the site, for analytical and marketing purposes. 2. Consent to cookies: The use of marketing and analytical cookies (e.g. Google Analytics) takes place solely based on the user's voluntary consent, expressed via the cookie banner available on the website. 3. The User can change cookie settings at any time using the consent management tool on the site or web browser settings. 4. Blocking necessary cookies may affect the functioning of the Website.
X. FINAL PROVISIONS
1. The Controller applies technical and organizational measures ensuring protection of processed data appropriate to threats and categories of data. 2. This Privacy Policy enters into force on May 26, 2025.