What data does Avis collect?
Last Modified: 14th February 2019
AVIS is concerned with protecting the privacy of any personal information that you may choose to provide to us (“Personal Information”). AVIS will attempt to ensure that its use of your Personal Information is compliant with the General Data Protection Regulation, (“GDPR”), (Regulation (EU) 2016/679).
1.4 This policy is based on the following data protection principles:
• The processing of personal data shall take place in a lawful, fair and transparent way; • The collecting of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; • The collecting of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed; • The personal data shall be accurate and where necessary, kept up to date; • Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay; • Personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed; • All personal data shall be kept confidential and stored in a manner that ensures appropriate security; • Personal data shall not be shared with third parties except when necessary in order for them to provide services upon agreement; • Data subjects shall have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability.
2. The Information we collect and how we use your personal information
2.1 As part of providing you with the Services, we collect your Personal Information in the following ways:
Renting a Vehicle:
• Booking Information - We collect personal information from you to rent a vehicle such as names, telephone, email, driving license, passport copy, ID card, payment information etc at the counter, upon completion of an application or enrolment form, joining our Avis Preferred loyalty scheme or mobile Apps or the use of our products and services including one way car hire, roadside assistance etc • Personal information can be collected through Third party travel agents or third-party booking service that you may use to make your reservation. • Online Account - Personal information is collected online through the website and the details are stored in our customer databases to help you make future bookings effortlessly. • History of transactions - Electronic records of all rental agreements and other transactions you enter into with Avis are stored for future reference i.e. in case of repeat customers etc. • Special requests and preferences including damage waivers, addresses in case of services like delivery and collection services of cars. • Medical Information - Collecting of information regarding any medical disability that requires an adapted vehicle or other driver aid we will use that information in order to provide you with the service you requested and where you have given your explicit consent to us using that information. • Telephone calls – These calls are recorded for quality control and training purposes. • CCTV - CCTV Footage and images can be recorded for security purposes in case you visit the office premises. • Gift Vouchers - Information including names and mailing addresses are collected to fulfil your order.
• Vehicle Tracking - Some vehicles which are equipped with GPS, Bluetooth or similar type of tracking devices which may collect information about the vehicle and individual’s personal data downloaded through Bluetooth etc. • Emergency events – In case of an accident, loss, mechanical failure or any other damage to vehicles during the rental, information regarding the incident would be collected including report of incident, any police or third-party report to perform the contract with you as a customer. • Other details - Information will be collected as to when and where was the vehicle rented, insurance preferences, fuel consumption, parking, fines, tolls, mileage etc to monitor the usage of our vehicle fleet.
AVIS Preferred Loyalty Scheme:
• As part of AVIS loyalty scheme, we collect and retain information like names, contact details drivers licence details, and date of birth to create an Avis Preferred account for you in accordance with the terms and conditions of the Avis Preferred programme to allow you to take the benefits of membership. • This information can be used send promotions and offers to you as a member of AVIS loyalty scheme and for internal analysis about our customers to improve our services.
• Certain Personal information from the use of our website is collected such as IP addresses, browser type, internet service provider (ISP), files viewed on our website etc to analyse the trends on our customers.
• Personal information through web-forms including details like names, address, telephone etc to understand your queries.
• Mobile analytics software is used by AVIS and our analytics may record technical information about how often you use the App, how you use the App, aggregated usage, performance data and where you downloaded the App from etc
3. Disclosing your Personal Information
3.1 Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without your prior explicit consent. We may disclose information to third parties in the following circumstances:
• In cases where AVIS uses third-parties to provide online or electronic ads on our behalf. These third parties use data about your visits to our websites and Apps usage to send you customised ads that may be of interest to you. • AVIS may share personal information with third parties to help us with our marketing and promotional projects, such as managing our social media pages, running contests, and other promotions. We will only use your personal information to send you marketing where you have given us your consent to receive marketing communications. • Information may be shared with travel agents in order to perform our contract with you when you use a travel agent. • Your employer or organisation in order to provide you with benefits of a corporate or association program and to verify drivers’ licenses or other government identification. • To Brokers in order to perform our contract with you when you book a rental through their service and make and confirm your rental reservation, process payments and refunds. • Booking engines in order to perform our contract with you when you use a booking engine. • To Credit card issuers in order to process payments and refunds. • Corporate account manager - If you are renting with a corporate, membership or other similar commercial entity account in order to provide you with benefits of a corporate or association program. • To IT service providers including IT platform providers and website analytics service providers in order to perform our contract with you and support our IT systems and infrastructure, provide maintenance services etc. • Insurance companies and claim handlers. • Any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us. • Any law enforcement body which may have any reasonable requirement to access your Personal Information; • Any regulatory body or authorised entity which any reasonable requirement may have to access your Personal Information; and • We may also transfer or assign your personal information to third parties as a result of, or in connection with a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganisation, or liquidation.
3.2 If at any time you wish us to stop processing your Personal Information for the above purposes, then you must contact us and we will take the appropriate steps to stop doing so. You may contact us at firstname.lastname@example.org
4. Data Subject Rights
4.1 We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. Your principal rights under the GDPR are:
a. the right for information; b. the right to access; c. the right to rectification; d. the right to erasure; e. the right to restrict processing; f. the right to object to processing; g. the right to data portability; h. the right to complain to a supervisory authority or seek judicial remedy; and i. the right to withdraw consent.
4.2 If you wish to access or amend any other Personal Data we hold about you, or to request that we delete any information about you, you may contact us at email@example.com. We will handle your request promptly and will respond within a month, with a possibility to extend this period to two further months for particularly complex requests in accordance with Applicable Law. We will retain your information for as long as needed to provide you with the Services, or to comply with our legal obligations, resolve disputes and enforce our agreements.
4.3 You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some or all of the Services.
4.4 In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.
5. Minors and Children’s Privacy
5.1 Protecting the privacy of minors is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you think AVIS Malta has received personal information of your child or another minor, please contact us at firstname.lastname@example.org.
6. Technical and Organizational Measures
6.1 We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. AVIS has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
6.2 We do not ask for financial or payment information, such as your credit card number, passcode, account number or pin number, in an e-mail, text or any other communication that we send to you. If you do receive a suspicious request, do not provide your information and report it by contacting one our customer service representatives at email@example.com
6.3 No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards. If you believe your Personal Data has been compromised, please contact us at firstname.lastname@example.org.
6.4 If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.
7. Data Retention
• Information (hard copy and electronic) will be retained for a minimum period of 10 years based on our business needs and legal requirements (Maltese Inland Revenue requirement).
7.2 The criteria we use to determine the retention period for certain categories of data is as follows:
• The length of time that you are a member of Avis Preferred or any other loyalty scheme that we operate or a member of any corporate programme; • How frequently you rent with us or when you most recent rental occurred; • Whether there are contractual or legal obligations that exist that require us to retain the data for period of time; • Whether there is any ongoing legal claim that relates to any rental you have made with us, or that is otherwise related to your relationship with us; • Whether any applicable law, statute, or regulation allows for a specific retention period; • Whether the personal information is considered to be a special category of personal information, in which case a shorter retention period generally would be applied; and • What the expectation for retention was at the time the data was provided to us.
8.1 You can report a concern or file a compliant regarding your privacy or data protection by contacting our privacy officer (see section 9.1 for details) or the Supervisory Authority of your choice in the Member State of your habitual residence, place of work or place of the alleged infringement. AVIS Malta has identified the Office of the Information and Data Protection Commissioner (‘IDPC’) Malta as its Lead Supervisory Authority. The IDPC may be contacted at:
Email: email@example.com Telephone: (+356) 2328 7100 Postal Address: Information and Data Protection Commissioner Level 2, Airways House High Street Sliema SLM 1549 Malta
9. Privacy Officer
9.1 AVIS has appointed a Privacy Officer who is responsible for matters relating to privacy and data protection. The privacy officer can be reached at the following address: firstname.lastname@example.org
10. Contacting us
10.1 Please address any queries, requests to exercise any data subject right(s) or requests for more information to email@example.com or “AVIS House” 50 Msida Sea Front, Msida Malta MSD 9043.
How does Avis protect your data?