Data Privacy Policy

How we collect, use, and protect your personal information at Rent Car Saranda.

1. Introduction and Scope

Rent Car Saranda operates a car rental service based in Sarandë, Vlorë County, Albania. This Privacy Policy explains how we collect, process, store, and protect personal data in connection with our services, including online bookings, vehicle pickups at Sarandë port, hotel deliveries across the Albanian Riviera, and transfers to and from Tirana International Airport or Corfu ferry terminal.

This policy applies to all individuals who interact with our website at rentcarsaranda.com, make a booking, or contact us directly. By using our services, you acknowledge the practices described in this document. Our data processing activities are conducted in accordance with Albanian Law No. 9887 "On Protection of Personal Data" and, where applicable, the General Data Protection Regulation (GDPR) for visitors from the European Economic Area.

The data controller responsible for your personal information is Rent Car Saranda, reachable at [email protected], Sarandë, Vlorë County, Albania.

2. Information We Collect

We collect personal data only to the extent necessary to provide our car rental services and to improve your experience. The categories of information we may collect include:

2.1 Personal Identification Details

Full name, date of birth, nationality, email address, telephone number, home address, and driver's license number and category. We also request the expiry date and issuing country of your driving license to confirm eligibility, particularly for younger drivers aged 21-24 who may use our service.

2.2 Booking and Rental Data

Pickup and drop-off locations (such as Sarandë port, Lëkurësi Castle area, or your hotel on the embankment), rental dates and duration, selected vehicle category, chosen extras (child seats, GPS, additional driver), and any special requests submitted during the booking process.

2.3 Payment Information

We do not store full card numbers on our servers. Payment transactions are handled by PCI-DSS-compliant third-party payment processors. We may retain transaction reference numbers, the card type used (debit or credit), and the approximate billing location for fraud prevention and dispute resolution purposes. As a core part of our service, we accept debit cards and operate a no-deposit model on most vehicle categories - this does not reduce our commitment to secure payment handling.

2.4 Browsing and Technical Data

IP address, browser type and version, operating system, referring URL, pages visited on our website, time and date of access, and device identifiers. This data is collected automatically via server logs and, where consented, via cookies. Please see our Cookie Use page for full details.

2.5 Location Data

If you use our mobile-optimised site and grant location permissions, we may use your approximate location to suggest the nearest pickup point in the Sarandë area. We do not track your GPS position during your rental period.

3. How We Use Your Data

We process personal data for the following purposes, each supported by a lawful basis under applicable data protection law:

3.1 Processing and Fulfilling Bookings

Your identification and booking data is essential for us to prepare the correct vehicle, verify your driving license, complete the rental agreement, and arrange delivery to your chosen location - whether that is the Sarandë port ferry terminal, your hotel near the promenade, or a one-way pickup for a trip along the Riviera toward Himarë or Vlorë. This processing is necessary for the performance of our contract with you.

3.2 Customer Support

We use your contact details to respond to enquiries, assist with modifications or cancellations, and provide roadside assistance during your rental. Our legitimate interest in delivering quality support is the lawful basis for this processing.

3.3 Service Improvement

Aggregated and anonymised browsing data helps us understand how visitors navigate our website, which vehicle categories are most searched, and how our booking flow can be simplified. No individual is identified in this analysis.

3.4 Marketing Communications

Only where you have given explicit consent, we may send you promotional emails about seasonal deals, new vehicle additions, or Sarandë travel tips. You may withdraw consent at any time by clicking "unsubscribe" in any such email or by contacting us at [email protected].

3.5 Legal Compliance and Fraud Prevention

We may process and retain personal data to comply with Albanian tax and commercial law, to respond to law enforcement requests, or to investigate suspected fraud or misuse of our vehicles.

4. Data Sharing with Third Parties

We do not sell, rent, or trade your personal data. We share it only with the following categories of trusted partners, strictly to the extent required to deliver our services:

4.1 Payment Processors

Authorised payment gateway providers handle card transactions in a PCI-DSS-compliant environment. These processors act as independent data controllers for the payment transaction itself and have their own privacy policies.

4.2 Insurance Providers

Where full coverage or CDW insurance is arranged in connection with your rental, basic rental and driver identification details are shared with our insurance partner to validate coverage during the rental period.

4.3 Booking Platform Integrators

If your booking is made through a third-party travel or comparison platform, that platform may share your booking request details with us. We receive only the data necessary to complete the reservation.

4.4 Legal and Regulatory Authorities

We may disclose personal data to Albanian public authorities, courts, or regulators where required by law or where necessary to protect the rights, property, or safety of Rent Car Saranda, our customers, or the public.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Albanian law. Our standard retention periods are as follows:

  • Rental agreements and transaction records: 7 years (Albanian commercial law requirement)
  • Customer support correspondence: 2 years from the date of the last interaction
  • Marketing consent records: until consent is withdrawn, plus 1 year thereafter
  • Website server logs and technical data: 12 months on a rolling basis
  • Driver license and identification copies: 90 days after the rental end date, unless a dispute is open

When data is no longer needed, it is securely deleted or anonymised.

6. Your Rights as a Data Subject

Under Albanian Law No. 9887 and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where it is no longer necessary for the original purpose, subject to legal retention obligations.
  • Right to Data Portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to Object: Object to processing based on our legitimate interests, including direct marketing.
  • Right to Restriction: Request that we limit processing of your data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Albanian Information and Data Protection Commissioner (IDPC) at www.idp.al.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

  • HTTPS encryption for all data transmitted through our website
  • Access controls limiting staff access to personal data on a need-to-know basis
  • Regular review of our data handling procedures and third-party agreements
  • Secure deletion protocols for data that has reached its retention limit

While we take every reasonable precaution, no data transmission over the internet can be guaranteed as completely secure. If you have concerns about the security of your data, please contact us immediately.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies for functionality, analytics, and - where consented - marketing purposes. A detailed description of the cookies we use, their purpose, and how to manage your preferences is available on our Cookie Use page. You can withdraw cookie consent at any time via the cookie settings tool on our site.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. When we make material changes, we will update the "Last revised" date below and, where appropriate, notify registered customers by email. We encourage you to review this page periodically. Continued use of our services after an update constitutes acceptance of the revised policy.

Last revised: June 2025

10. Contact Us About Privacy

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact our privacy team:

You may also visit our Get in Touch page to send a message directly. We aim to acknowledge all privacy-related enquiries within 5 business days and provide a full response within 30 days.