Deutsch
العربية العربية Български Български বাংলা বাংলা Català Català Čeština Čeština Dansk Dansk Deutsch Deutsch Ελληνικά Ελληνικά English English Español Español Eesti Eesti Euskara Euskara Français Français हिन्दी हिन्दी Hrvatski Hrvatski Magyar Magyar Bahasa Indonesia Bahasa Indonesia Íslenska Íslenska Italiano Italiano 日本語 日本語 ქართული ქართული 한국어 한국어 Lietuvių Lietuvių Latviešu Latviešu Bahasa Melayu Bahasa Melayu Malti Malti Nederlands Nederlands Norsk Norsk Polski Polski Português Português Română Română Русский Русский Slovenščina Slovenščina Српски Српски Svenska Svenska ไทย ไทย Filipino Filipino Türkçe Türkçe Українська Українська اردو اردو Tiếng Việt Tiếng Việt 简体中文 简体中文

Privacy Policy

How romecarrent.com collects, uses, and protects your personal data.

1. Introduction and Scope

This Privacy Policy explains how romecarrent.com ("we", "us", or "our") collects, uses, stores, and protects personal information when you visit our website or make a car hire reservation through our platform. We operate from Rome, Metropolitan City of Rome Capital, Italy, and our services are governed by Italian law and, where applicable, European Union law including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Italian Legislative Decree no. 196/2003 (the "Codice della Privacy") as amended by Legislative Decree no. 101/2018.

This policy applies to all users of romecarrent.com regardless of whether you complete a booking or simply browse our site. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website.

We act as the data controller for personal information you provide directly to us. Where we engage third-party service providers, they may act as independent data processors or controllers, as described further below.

2. Information We Collect

We collect several categories of personal information in the course of providing our car hire services in Rome and surrounding areas including Fiumicino, Ciampino, and the broader Metropolitan City of Rome Capital region.

2.1 Personal Identification Data

When you make or enquire about a booking, we collect your full name, email address, telephone number, and date of birth. Where required for vehicle hire compliance purposes under Italian road traffic law, we may also collect your driver's licence number, issuing country, expiry date, and a copy of your passport or national identity document.

2.2 Booking and Reservation Data

We collect information relating to your car hire reservation including pickup and drop-off locations (such as Rome Fiumicino Leonardo da Vinci Airport, Roma Termini station, or central Rome addresses), rental dates and duration, vehicle category selected, optional extras requested (GPS navigator, child seat, additional driver), and any special instructions you provide.

2.3 Payment Information

Payment transactions on our platform are processed exclusively by certified third-party payment processors who comply with the Payment Card Industry Data Security Standard (PCI-DSS). We do not store your full credit or debit card number, CVV, or banking credentials on our servers. We retain only the last four digits of your card and transaction reference numbers for booking confirmation and refund purposes.

2.4 Browsing and Technical Data

When you access our website, we automatically collect technical information including your IP address, browser type and version, operating system, referring URLs, pages visited, time and date of access, and session duration. This data is collected via server logs and, where you have consented, through cookies and similar tracking technologies as described in our Cookie Policy.

2.5 Location Data

If you grant permission through your browser or device, we may collect approximate location data to suggest nearby pickup locations across Rome - from the historic centre near the Colosseum and Piazza Venezia to suburban areas along the Via Appia Antica or the ring road (Grande Raccordo Anulare). Location access is entirely optional and can be withdrawn at any time through your browser settings.

3. How We Use Your Information

We process your personal data only for specified, explicit, and legitimate purposes. The legal bases for processing under Article 6 of the GDPR are identified alongside each purpose below.

3.1 Processing Bookings and Fulfilling Reservations

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR). We use your personal and booking data to confirm your car hire reservation, communicate pickup instructions, coordinate vehicle handover at locations across Rome, and process payments and refunds. Without this processing, we cannot deliver our core services.

3.2 Customer Support and After-Service Communication

Legal basis: Performance of a contract and legitimate interests (Art. 6(1)(b) and (f) GDPR). We use your contact details to respond to enquiries, manage complaints, issue refunds, handle incidents during the rental period, and follow up after your return of the vehicle.

3.3 Service Improvement and Analytics

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Aggregated and anonymised browsing data helps us understand how visitors navigate our site, which vehicle categories attract the most interest, and where our booking process can be improved. This analysis does not identify you personally.

3.4 Marketing Communications

Legal basis: Consent (Art. 6(1)(a) GDPR). If you have explicitly opted in, we may send you promotional emails about seasonal car hire deals in Rome, exclusive weekend rates, and offers relevant to your previous booking history. You may withdraw consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly at info@romecarrent.com.

3.5 Legal and Regulatory Compliance

Legal basis: Legal obligation (Art. 6(1)(c) GDPR). We retain and may disclose certain personal data where required to comply with Italian law, EU regulations, court orders, or requests from competent public authorities including Italian traffic and tax authorities.

4. Data Sharing with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share your data only in the following carefully controlled circumstances:

  • Payment Processors: Certified PCI-DSS compliant payment service providers receive the minimum necessary data to authorise and process your transaction securely.
  • Insurance Providers: Where your booking includes collision damage waiver or comprehensive insurance, relevant reservation data is shared with the insurer to validate cover and process any claims.
  • Vehicle Fleet Partners and Booking Integrators: Where we work with local car hire operators in Rome or third-party booking technology providers, we share reservation data needed to confirm and fulfil your hire.
  • IT and Hosting Providers: Our website hosting and infrastructure partners may process technical data on our behalf under strict data processing agreements requiring GDPR compliance.
  • Legal and Regulatory Authorities: We may disclose personal data to Italian law enforcement, tax authorities, courts, or other public bodies when legally required to do so.

Where any third party acts as a data processor on our behalf, we maintain a written data processing agreement requiring them to process data only on our documented instructions and to implement appropriate security measures.

5. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, subject to our legal obligations under Italian and EU law.

  • Booking and reservation records: Retained for 10 years following the end of the rental period to comply with Italian civil and tax law requirements (Codice Civile and D.P.R. 600/1973).
  • Customer support communications: Retained for 3 years from the date of last interaction.
  • Marketing consent records: Retained for the duration of the marketing relationship and for 3 years after you unsubscribe, to demonstrate compliance with consent obligations.
  • Technical and browsing logs: Retained for up to 12 months unless a longer period is required for security investigation or legal proceedings.
  • Payment transaction references: Retained for 10 years in compliance with Italian accounting and anti-money laundering regulations.

Once data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you as an individual.

6. Your Rights as a Data Subject

Under the GDPR and Italian data protection law, you have the following rights with respect to your personal information. These rights apply regardless of whether you reside in Italy, elsewhere in the European Union, or another country.

6.1 Right of Access

You have the right to request a copy of all personal data we hold about you, along with information about how it is being used. We will respond to verified access requests within 30 days.

6.2 Right to Rectification

If any personal information we hold is inaccurate or incomplete, you have the right to request that we correct it without undue delay. This is particularly important for booking-critical data such as your name and driver's licence details.

6.3 Right to Erasure ("Right to be Forgotten")

You may request that we delete your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent (and no other legal basis applies), or where the data has been processed unlawfully. This right is subject to our legal retention obligations described in Section 5.

6.4 Right to Data Portability

Where processing is based on your consent or a contract, and carried out by automated means, you have the right to receive a copy of your data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another controller.

6.5 Right to Object

You have the right to object at any time to processing based on legitimate interests, including profiling. You also have an absolute right to object to the use of your data for direct marketing, after which we will cease processing your data for that purpose immediately.

6.6 Right to Restriction of Processing

You may request that we restrict processing of your data in certain circumstances, for example while the accuracy of data is disputed or while an objection is being assessed.

6.7 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Italian data protection supervisory authority, the Garante per la protezione dei dati personali, at www.garanteprivacy.it, or with the supervisory authority in your country of residence within the EU.

To exercise any of the above rights, please contact us using the details in Section 10 below. We may ask you to verify your identity before processing your request.

7. Data Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, alteration, or disclosure.

Our security measures include, but are not limited to:

  • Transport Layer Security (TLS/HTTPS) encryption for all data transmitted between your browser and our servers.
  • Access controls limiting personal data access to authorised staff with a legitimate need to know.
  • Regular security testing and vulnerability assessments of our web infrastructure.
  • Staff training on data protection obligations under Italian and EU law.
  • Contractual security requirements imposed on all data processors and sub-processors.
  • Incident response procedures to identify, contain, and notify relevant parties in the event of a personal data breach within the 72-hour timeframe required by Art. 33 GDPR.

Notwithstanding these measures, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security but commit to taking all reasonable steps to protect your information and to notifying you promptly if a breach affecting your rights occurs.

8. International Data Transfers

romecarrent.com is based in Rome, Italy, and primarily processes data within the European Economic Area (EEA). Where we engage service providers located outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include the European Commission's Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms. You may request details of any such safeguards by contacting us at the address below.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and, where you have given consent, to analyse usage and deliver relevant content. A detailed explanation of the cookies we use, their purposes, and your options for managing them is provided in our Cookie Policy, which is incorporated into this Privacy Policy by reference. You may update your cookie preferences at any time through the cookie consent tool available on our website.

10. Updates to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our services, applicable law, or best practice guidance from the Garante per la protezione dei dati personali. When we make material changes, we will update the "Last Updated" date at the bottom of this page and, where appropriate, notify you directly by email if the changes significantly affect how we process your personal data.

We encourage you to review this page each time you use our site or make a car hire reservation. Continued use of romecarrent.com following the posting of changes constitutes your acknowledgement of the updated policy.

11. Contact Us for Privacy Enquiries

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact our team using any of the following methods:

  • Email: info@romecarrent.com
  • Phone: +1 (928) 537-1060
  • Postal Address: romecarrent.com, Rome, Metropolitan City of Rome Capital, Italy

We will acknowledge your request within 5 business days and aim to resolve all privacy-related enquiries within 30 calendar days, as required under Art. 12 GDPR.

Last Updated: June 2025. This Privacy Policy applies to all services provided by romecarrent.com.