2. Personal Data Collected

The Data Controller collects the following categories of personal data:

Identification data: first name, last name, date of birth, tax identification number, driving licence number
Contact data: email address, phone number, postal address
Payment data: credit/debit card number (managed through secure payment providers)
Browsing data: IP address, browser type, pages visited, date and time of access
Vehicle data: vehicle location data through satellite and anti-theft devices

3. Purpose of Processing

Personal data is processed for the following purposes:

Execution of the rental contract and ancillary services
Payment and invoicing management
Compliance with legal, accounting, and tax obligations
Management of communications with the customer
Vehicle tracking for security and anti-theft purposes
Sending commercial and promotional communications (with prior consent)
Statistical analysis and improvement of offered services

4. Legal Basis for Processing

Contract execution (art. 6.1.b GDPR): processing is necessary for the management of the rental.
Legal obligation (art. 6.1.c GDPR): processing is necessary to comply with legal obligations.
Consent (art. 6.1.a GDPR): for sending commercial communications and use of non-essential cookies.
Legitimate interest (art. 6.1.f GDPR): for the protection of company assets and fraud prevention.

5. Cookies and Tracking Tools

The website uses technical cookies necessary for operation and third-party analytical/profiling cookies, with the user's prior consent. In particular, we use:

Google Analytics — for statistical analysis of traffic and user behavior on the website.
Google Ads — for managing advertising campaigns and remarketing.
Google Search Console — for monitoring indexation and site performance in search results.
Microsoft Bing Webmaster Tools — for monitoring indexation on Bing.
Yandex Metrica — for analyzing user behavior and heatmaps.

Users can manage their cookie preferences through the banner displayed on the first visit to the site or through their browser settings.

For more information about the cookies used by these services, please refer to their respective privacy policies.

6. Data Retention

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

Contractual data: 10 years from the end of the relationship (tax obligations)
Browsing data: maximum 26 months
Vehicle location data: maximum 1 year, then deleted
Marketing data: until consent is withdrawn

7. Data Sharing

Personal data may be shared with:

Insurance companies for claims management
Payment service providers
Satellite tracking service providers
Public authorities and law enforcement, where required by law
IT and hosting service providers

Data is not transferred outside the European Economic Area (EEA), except in cases provided by law and with adequate safeguards.

8. Your Rights

Pursuant to Articles 15-22 of the GDPR, the data subject has the right to:

Access their personal data
Obtain rectification of inaccurate data
Obtain erasure of data (right to be forgotten)
Restrict processing of data
Object to processing of data
Data portability
Withdraw consent at any time
Lodge a complaint with the Data Protection Authority (Garante per la protezione dei dati personali)

To exercise your rights, you may send a request to: info@ciaorentcar.com

9. Data Security

The Data Controller adopts adequate technical and organizational measures to ensure the security of personal data, including:

Encryption of communications (HTTPS/SSL protocol)
Data access limited to authorized personnel with individual credentials
Regular backups and protection systems against unauthorized access

10. Changes to this Policy

The Data Controller reserves the right to modify this policy at any time. Changes will be published on this page with the date of the last update.

Last updated: March 2026

Searching available vehicles...

Privacy Policy

Personal Data Protection Policy

1. Data Controller