Privacy Policy

In the following we would like to inform you about the types of data processed by SIXT and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.

The party responsible for processing your data (controller) is Sixt rent a Car Ltd, Waterside Drive, Langley, GB Slough SL3 6EY (hereinafter also referred to as SIXT).

If you have any questions on data protection, please contact us at dataprotection@sixt.com.

The following categories of personal data can be processed by us in connection with our services:

• Master data: These include, for example, a person’s first name, surname, address (private and/or business), date of birth.
• Communication data: These include, for example, a person’s telephone number, email address (private and/or business) fax number if applicable, as well as the content of communications (e.g., emails, letters, faxes).
• Contract data These include, for example, the rental information (vehicle category, pick-up and return dates, pick-up and return branch, booked extras/services), rental contract number, reservation number, driver’s licence data, driver’s licence photograph, license plates of the vehicle you rented, and information on customer loyalty and partner programmes.
• Financial data such as credit card data.
• Voluntary data: These are data that you provide to us on a voluntary basis, without us having explicitly requested them, and include information such as your preferences with regard to the vehicle’s equipment and category.
• Special data categories: In the event of an accident, damage to the vehicle, or similar incidents, we process data relating to the respective course of events and the damage incurred. These data can be provided by customers, passengers or injured parties. The data processed in such circumstances can include health-related data such as data on injuries, blood alcohol levels, driving under the influence of narcotic substances, and the like.
• Third-party data If, within the scope of your vehicle rental, you provided us with personal data of third parties (e.g., family members, second drivers, passengers), then we will also process these data.

Art. 6 (1) point (a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.

Art. 6 (1) point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract (e.g., when making the vehicle reservation).

Art. 6 (1) point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which SIXT is subject,

Art. 6 (1) point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., SIXT, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.

Art. 9 (2) point f) GDPR: Pursuant to this provision, certain special categories of personal data can be processed if such processing is necessary for the establishment, exercise or defence of legal claims. These special categories of personal data include the health data of the data subjects.

Purposes of data processing

We process your master data, communication data, contract data, financial data and any data you have provided voluntarily, for purposes of implementing your reservations and facilitating the conclusion and performance of your rental contract.

We moreover use the master data, communication data and contract data for customer services purposes, for example to handle any complaints or changes of reservation that you contact us about.

If you book your vehicle via travel agencies, online travel agencies or other agents, then your master data, communication data, rental information and, if applicable, financial information, will be transferred to us by our partners.

We also use your master data, and contract data for purposes of settling accounts (e.g., commissions and sales processing) with, for example, travel agencies, other agencies, franchise partners and cooperation partners. We also transfer your data to partner companies in the event that we do not have the vehicle or vehicle type requested by you available.

We are furthermore legally obliged – for purposes of preventing and investigating criminal offences – to compare your master and communication data with official perpetrator lists provided to us. Such comparisons also serve to ward off dangers and to facilitate prosecution by the state authorities.

We furthermore use your data for your and our security, for example to avoid payment defaults and to prevent property offences (in particular fraud, theft, embezzlement). If you request to pay for your rental by invoice, then we process your master and financial data in order to assess your creditworthiness by obtaining the corresponding information from credit agencies.

Once both contracting parties have fulfilled their obligations under the rental contract, your master data, financial data and contract data will be stored until the statutory retention period expires.

Legal basis for the above processing

Art. 6 (1) point b) GDPR applies to the processing of data to the extent required to implement reservations, to conclude and perform contracts and for customer relations purposes.

Art. 6 (1) point f) GDPR applies to the processing of data to the extent required to settle accounts vis-à-vis third parties, to assert one’s own claims, and to mitigate risks and prevent fraud.

Art. 6 (1) point c) GDPR applies to the processing of data to the extent required to detect, prevent and investigate criminal offences, to examine and store driver’s licence data, and to comply with preservation periods under commercial and tax law.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data to improve our services and customer services lie in the fact that we want to offer you the best possible services and to sustainably improve customer satisfaction.

To the extent that data processing is required to perform analyses with a view to preventing damage to our company and our vehicles, our legitimate interests lie in maintaining security for costs and preventing economic disadvantages such as those arising from non-payment or the loss of our vehicles.

Categories of recipients of your data

For the purposes described in the foregoing, we disclose your data to the following recipients: IT service providers, call centres, collection companies, financial services providers, credit agencies, agency partners, franchise partners and other cooperation partners.

Transfer to third countries

If you use our company to reserve vehicles that you want to rent in third countries, we send your personal data to your contracting partner in the third country concerned. The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. We can also transfer your data to a third country subject to the conditions set forth in Art. 49 GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (see → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.

Purposes of data processing

We process your master data, communication data and contract data for purposes of promoting customer loyalty, implementing bonus programmes, optimising customer offers and holding customer events (see → Events and donations). The customer loyalty programmes we promote include our own programme and the programmes of our cooperation partners.

We use your email address in order to recommend similar products and services offered by us. You may at any time object to your email address being used without incurring more than the cost of transmission as per the applicable basic fees.

Legal basis for processing

Art. 6 (1) point a) GDPR applies to data processing for purposes of implementing direct marketing measures that require explicit advance consent.

Art. 6 (1) point f) GDPR applies to data processing for purposes of implementing direct marketing measures that do not require explicit advance consent, and of implementing the marketing measures mentioned (→ Purposes of data processing).

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data for purposes of implementing direct marketing measures and the marketing measures mentioned lie in the fact that we want to convince you of our services and promote a lasting customer relationship with you.

Categories of recipients of your data

For the purposes described in the foregoing, we disclose your data to IT service providers, call centres, advertising partners and providers of customer loyalty programmes.

Transfer to third countries

The transfer of data to third countries takes place within the scope of partner programmes. The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. We can also transfer your data to a third country subject to the conditions set forth in Art. 49 GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (see → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.

Purposes of data processing

If you discover damage to our vehicles, if you or another person cause/causes such damage, or if you or another person are/is involved in an accident with one of our vehicles, then we will process you master data, communication data, contract data, financial data and, if applicable, data concerning health for the following purposes:

• receiving and processing complaints,
• providing customer services in cases of damage,
• settling claims, and
• processing damages resulting from accidents (processing based on information provided by you and third parties such as the police, subsequent renters, witnesses, etc.).

This includes the processing of the aforementioned data categories for purposes of settling claims, for example vis-à-vis insurance companies

When dealing with cases of damage and accidents, we also process you master data, communication data and contract data with a view to providing help in the form of our SIXT damage assistance services and mobility guarantee.

We also process you master data, communication data and contract data for purposes of fulfilling legal obligations (e.g. providing information to investigating authorities).

Should the competent authorities suspect you of having committed an administrative or criminal offence with one of our vehicles, then we will process not only the master data pertaining to you that we have stored, but also the data conveyed to us by the competent authorities.

We also process your master data, communication data, financial data, contract data and, if applicable, data concerning health, for purposes of upholding and asserting any claims that we may have against you, for example claims resulting from non-payment or damage caused to our vehicles.

Legal basis for processing

Art. 6 (1) point b) GDPR applies to data processing for purposes of complaints management, providing customer services in cases of damage, and processing damages resulting from accidents.

Art. 6 (1) point c) GDPR applies to data processing for purposes of processing damages resulting from accidents.

Art. 6 (1) point f) GDPR applies to data processing for purposes of settling claims, asserting any claims that we may have against you, and handling claims relating to administrative offences.

Art. 9 (2) point f) GDPR applies to the processing of data concerning health for purposes of establishing, exercising or defending legal claims.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data for purposes of settling claims and asserting any claims that we may have against you lies in our desire to ward off damage to our company and to ensure that we can provide our customers with undamaged vehicles. We are moreover obliged, pursuant to our contractual relations with third parties (e.g. insurance companies), to process your data for purposes of settling claims. Our legitimate interests in this respect lie in ensuring our contractual fidelity.

Recipients/categories of recipients of your data

For the purposes described in the foregoing, we disclose your data to the following recipients: Public authorities (investigating authorities; regulatory authorities; police authorities), collecting companies, experts, assistance services providers, lawyers and insurance companies.

Transfer to third countries

In cases of damage and/ accidents suffered in a third country, we send your personal data to the competent authorities and to insurance companies in such third country. The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. We can also transfer your data to a third country subject to the conditions set forth in Art. 49 GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (see → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.

Purposes of data processing

We process your master data, communication data, contract data and financial data for purposes of fulfilling the legal obligations to which SIXT is subject. These require us to process data, for example in order to comply with duties of disclosure vis-à-vis authorities and to comply with the processing requirements as stipulated by commercial and tax law provisions (e.g., the preservation period for bookkeeping documents and accounting records as per Section 257 (4) of the German Commercial Code (HGB).

Legal basis for processing

Art. 6 (1) point c) of the General Data Protection Regulation (GDPR).

Recipients/categories of recipients of your data

The authorities may require us to disclose your data to them for the purposes described above.

Purposes of data processing

We process your master data, communication data and contract data, as well as any data provided voluntarily, for purposes of optimising our processes and offerings.

This involves, for example, compiling and evaluating rental reports, implementing capacity planning to improve vehicle allocation procedures, setting up a data warehouse, analysing and rectifying sources of error, and conducting customer satisfaction surveys. We moreover process your master data and contract data for purposes of optimising our online presence (see → Website).

To improve the quality of our offering and our customer services, we process your master data and contract data on the basis of an algorithm with a view to, for instance, creating profiles and probability values in relation to future rentals and to take-up rates for our offers.

We also process your master data, communication data and contract data in connection with our collaboration with franchise partners, cooperation partners and agency partners, and for purposes of optimising the related processes and offers (see. → Reserving and renting vehicles).

We also process address data originating from external service providers to update our address database and to ensure that the master data we use for contract handling is correct.

Legal basis for the above processing

Art. 6 (1) point a) of the General Data Protection Regulation (GDPR) applies where consent is required to implement measures intended to optimise our processes and offers.

Art. 6 (1) point f) GDPR.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data to improve our services and customer services lie in the fact that we want to offer you the best possible services and to sustainably improve customer satisfaction.

Categories of recipients of your data

For the purposes described in the foregoing, we disclose your data to the following recipients: IT service providers, call centres, cooperation partners, agency partners and franchise partners.

Transfer to third countries

Where our cooperation partners, agency partners and franchise partners are based in a third country, we transmit your personal data to that third country. The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. We can also transfer your data to a third country subject to the conditions set forth in Art. 49 GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (see → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.

Purposes of data processing

We may also process your master data and communication data to invite you to events as part of our customer service and customer loyalty activities. We may moreover use your master data and communication data for charitable purposes (e.g., to appeal for donations).

Legal basis for the above processing

Art. 6 (1) point f) GDPR applies to data processing for purposes of acquiring customers, strengthening customer relations and managing business customers.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data for customer service, customer loyalty and charitable purposes lie in our desire to, on the one hand, offer the best possible services and sustainably raise customer satisfaction, and, on the other, fulfil the social responsibilities that we, as a large company, are bound to.

Categories of recipients of your data

For the purposes described in the foregoing, we disclose data relating to contacts at our business customers to the following recipients: IT service providers, call centres, event organisers.

Purposes of data processing

Your personal data is recorded via SIXT websites if you actively provide such data to us, for instance as part of a registration procedure, by filling out forms, by sending emails, and, primarily, by making a vehicle reservation. We use these data for the purposes described above or for purposes that arise from the respective request, for example, to process specific reservation requests or preferences.

The data are only used for advertising purposes to the extent that such advertising is our own (including tell-a-friend features).

Security, SSL technology

SIXT has implemented a variety of technical and organisational measures in order to protect your personal data, in particular against random or intentional manipulation, loss, destruction and access by unauthorised persons. These security measures will be continually adapted in accordance with technological developments. The transfer of personal data between your computer and our server invariably takes place by encrypted connection (Secure Socket Layer (SSL)).

Online tracking

Some new browsers use “Do not track” functions. If this is the case, our website may not respond to “Do not track” requests or may be unable to retrieve the headers of such browsers. To find out more about what your settings are and about whether you want to deny certain providers access to your information, please click here for the US, here for Canada, and here for Europe (please note that opting out will not mean that you are no longer displayed any advertising at all. Rather, you will still receive generic advertising).

Cookies

Visits to our website may result in information being stored on your computer in the form of “Cookies”. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us neither contain personal data nor are they connected to any such data.

Most of the cookies used by us are so-called session cookies, which are required in order to maintain consistency during your visit, for example by ensuring that the preferences you entered when making your reservation request, as well as any other information entered, are remembered for the duration of your session. We also need session cookies in order to ensure that any offers (e.g., promotional offers) you click on are assigned to your request. Session cookies are automatically deleted after each session. We furthermore use cookies in order to determine, when you pay return visits to our website, whether you are interested in certain types of offers. This enables us to be more targeted about the offers we show you on our website. If you are already registered with us and have a customer account, it will be possible for us to compare the information recorded by the cookies used with the information known to us. This in turn enables us to tune our offers more finely to your needs and wishes. These cookies have a lifespan of one year, after which they are automatically deleted. We also need cookies for purposes of settling accounts with our advertising partners, because cookies are able to record the page or promotional campaign that led the customer to us. As with other data, we record this data exclusively in abstract form so as to ensure that it cannot be used to identify the data subject. A cookie of this type has a lifespan of 31 days.

You have the opportunity to accept or to reject cookies. Most web browsers accept cookies automatically. Generally, however, you will be able to adjust your browser settings so as to reject cookies. If you opt to reject cookies, you may find that you are unable to use some of the website’s functions. If you accept cookies, you can opt to delete such accepted cookies at a later point in time. You can delete cookies in Internet Explorer 8 by selecting “Tools” > “Delete Browsing History” and then clicking on the button “Delete Cookies”. If you delete the cookies, all settings controlled by these cookies, including advertising settings, will be deleted, possibly irrecoverably.

Use of Google Analytics (this text is provided by Google, Inc)

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.

Further information can be found at https://marketingplatform.google.com/about/ (general information on Google Analytics and data protection). We would like to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to ensure anonymous collection of IP addresses (so-called IP masking). Under tools.google.com/dlpage/gaoptout you will find instructions for deactivating Google Analytics Services.

HotJar web analytics services

The SIXT website uses the HotJar analytics services for purposes of improving customer friendliness and customer experiences. These services can record mouse clicks as well as scroll movements. They can also record information entered on this website via keyboard. Such information is not personalised and thus remains anonymous. HotJar does not record such information on pages that do not use the HotJar system.

You can disable the HotJar service at https://www.hotjar.com/legal/compliance/opt-out

Use of Google Maps

SIXT’s mobile applications (SixtMobil) as well as the reservation application and the branch finder application on the website all use Google Maps API applications. These applications are all essential to the functionality and full availability of the booking service. By using the SixtMobil services, the reservation application or the branch finder application, you declare that you agree with such services and application being subject to the terms of service and the privacy policy of Google. To access Google’s terms of service, please click here. The access Google’s privacy policy, please click here. Google Maps is used to provide customers with the appropriate map section and to show them the nearest branches. The transfer of location data to Google invariably takes place in anonymised form; no further information is provided to Google.

Adobe SiteCatalyst

SIXT uses Adobe SiteCatalyst by Adobe Systems Inc. (“Adobe”) to compile its web statistics. Through this web analysis program, Adobe records and collects anonymous data, which are then used to analyse and gain a better understanding of the online behaviour of visitors to SIXT websites. The data analysed includes information about the links that led customers to the SIXT website, browser types, operating systems (e.g. MAC OS or Windows), screen resolutions, colour capabilities, plugins, language settings, cookie settings, search engine terms and JavaScript activation. The program also records the number of visits to the website and its sub-sites, and the amount of time spent on the respective sites.

This information is then cumulated and provided by Adobe to SIXT in a format that renders website usage patterns comprehensible. The data used here are not personal data;
in no way can they be used to draw inferences as to a person’s identity.

If you do not want SIXT to receive this information in future, please click here: http://esixtgmbhandcokg.d3.sc.omtrdc.net/optout.html?locale=de_DE&popup=true

For more information about Adobe’s privacy practices or to explain your opt-out for Adobe Services in general, please click here: https://www.adobe.com/de/privacy/opt-out.html

Use of the Facebook Custom Audience service based on Facebook pixels

Our website uses the so-called Facebook pixel created by the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). This tool serves to present users of our website with advertising (“Facebook ads”) that matches their interests during their visits to Facebook. In this way we ensure that our Facebook ads correspond with the interests of the respective users and are therefore not perceived as a nuisance. We also use the Facebook pixel to track how many users click on our Facebook ads. This enables us to assess the effectiveness of those ads, which is useful for statistical and market research purposes. The Facebook pixel is activated by Facebook as soon as you open our website. It can store so-called cookies on your computer. If you log into Facebook after visiting our website, or visit Facebook while still logged in, then Facebook will assign this information to your personal Facebook account. The data recorded about you in no way allows us to draw inferences regarding your identity as a user. The collection and processing of the data by Facebook complies with the provisions of the Facebook Data Policy. For more information in this respect, please go to : https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. You can, at any time, object to the recording of data by the Facebook pixel and the use of your data to present Facebook ads. To do so, please visit the page specially set up by Facebook for this purpose (when there, see the settings for use-based advertising), while you are still logged in to Facebook: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings. The settings are platform-independent, meaning that they will be assumed for all devices, whether desktop computers or mobile devices.

Another way of preventing your data from being recorded when you visit our website via your selected browser is available here: Deactivate Facebook pixel

Criteo:

Our collaboration with advertising partners is based on retargeting technologies. These enable us to better customise our offers according to your interests, and to win back your custom for our products and offers. We pursue this goal using a cookie-based analysis of previous visit patterns that involves creating pseudonymised user profiles.

We cooperate in this regard with Criteo (Criteo SA, 32 Rue Blanche, 75009 Paris), provider of retargeting technologies. Your IP address will be anonymised by the server prior to its processing. The cookies have a lifespan of 60 days.

For options on how to object to the use of your data by Criteo, please go to https://www.criteo.com/de/privacy/

Google AdWords/Double Click:

Advertising shown by us is based on the interest in products our customers previously exhibited. We record information about our customers’ surfing patterns for purposes of providing them with interest-based online advertising. For this, cookies are stored on the respective user’s computer; these contain a multiple-digit identification number. If you do not agree with having your user behaviour analysed, you can adjust your browsers settings so as to prevent analysis cookies from being set. Please note, however, that this may prevent you from being able to use in full all the functions of this website.

The search engine program Google AdWords, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google), facilitates the systematic display on our website of advertising based on Google search terms. For this, Google sets a cookie in the user’s browser as soon as an advert appearing in the Google search or advertising network is clicked on.

For options on how to object to such tracking, please go to: https://www.google.com/ads/preferences/checkgoog?hl=en.

Through its AdWords cookie-based conversion methods, Google can measure the number of people who, after clicking on an AdWords advert, went on to purchase or use the product/service offered. To the extent that Google Ads link to offers from this website, this website will receive statistics from Google about the number of purchases made after clicking on the respective Google AdWords advert.

The options for disabling this tracking function are as follows: You can adjust your browser so as to block the setting of cookies by the domain googleadservices.com or by third parties in general. You can also delete the Google conversion cookie in your browser’s cookie settings.

This website uses Google Remarketing on the basis of Doubleclick, another Google Inc service, to display interest-based advertising. The process of reviewing the pages shown and of allocating adverts is based on a pseudonymous identification number in the Doubleclick cookie. The cookie-generated information about the pages shown is then transferred to and stored on Google servers for evaluation purposes. To read the Google Privacy Policy, please go to https://www.google.de/policies/privacy.

For options on how to object to such tracking, please go to: https://www.google.com/ads/preferences/checkgoog?hl=en

Further objection options:

You can also object to interest-based advertising by Google and by other advertising networks on the following website:

https://www.youronlinechoices.com/de/praferenzmanagement/

Optimizely

This website uses Optimizely, a web analytics service offered by Optimizely Inc. (631 Howard Street, Suite 100, San Francisco, CA 94105, United States) that serves to simplify and conduct A/B testing for purposes of optimising and further developing this website. The information generated by the cookie about your use of the website will generally be transmitted to and stored on an Optimizely server.

The options for disabling this tracking function are as follows: You can deactivate Opitimizely tracking at any time by following the corresponding instructions at https://www.optimizely.com/opt_out.

Refined Ads

To evaluate and optimise our website and to generate advertising that is more relevant to you, we use the tracking system Refined Ads created by Refined Labs GmbH (Residenzstr. 7, 80333 Munich, Germany). This system uses cookies to record user data and compile anonymous user profiles based on it. It does not attribute these data to personal user data.

You can object to such data processing by using an opt-out cookie. For more information in this respect, please go to https://www.refinedlabs.com/datenschutz-refined-ads.

Adition

Our website uses the ADITION service provided by ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany. ADITION sets cookies to control and optimise the ways in which advertising measures implemented by ADITION customers are displayed. It can, for example, maximise the display frequency of advertising for users. When setting cookies, ADITION does not store any personal data such as names, email addresses, or any other personal information. All information gathered is anonymised and comprises technical data such as, for example, the advertising frequency and advertising date of advertising measures, as well as the browsers used and operating systems installed. All data gathered is stored on servers located within the Republic of Germany. For information on ADITION’s Data Privacy Statement, please go to https://www.adition.com/kontakt/datenschutz/ .

You can object to such data processing by using an opt-out cookie. For more information in this respect, please go to https://www.adition.com/datenschutz/?optout=trueAdTraxx.

Tealium (CDP)

This website uses the “Tealium Audience Stream” service, which is provided by Tealium Inc., 11085 Torreyana Road, San Diego, CA 92121, USA (Tealium), to collect and store data, and then use such data to create pseudonymous user profiles. Tealium uses this information to, on our behalf, automatically enhance your use of the website according to your specific needs, and to do so in real time. To do this, it collects information such as advertising and products seen and clicked on, visitor numbers, the topics of sites visited, etc.

The pseudonymised user profiles are not associated with personal data pertaining to the holder of the pseudonym, unless corresponding special consent is obtained. The IP address conveyed by your browser is, likewise, not connected with your user profile.

To create user profiles, Tealium uses cookies or, in the case of mobile terminals, similar technologies. The cookie-generated information about your use of this website is stored within Germany. You can prevent cookies from being set by adjusting your browser settings accordingly. However, please be advised that this may prevent you from being able to use in full all the functions of this website. You can object to the collection and storage of your data for web analytics purposes at any time by following the corresponding instructions at https://tealium.com/de/privacy/.

BlueKai (DMP)

Our website uses “BlueKai” technology provided by Oracle (Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065/USA). This technology enables us to, taking into account your interests and user behaviour on our website and third-party websites, present you with relevant, targeted advertising based on evaluations of your website use on various terminals, such as laptops, smartphones and PCs (so-called cross-device tracking). The technology also provides us with compilations of anonymous statistics on the effectiveness of specific advertising measures (e.g., how many people clicked on or interacted with an advert).

To this end, cookies are set on your terminals and pixel tags implemented on the websites that use BlueKai. Together, these facilitate the analysis and evaluation of your user behaviour (e.g., clicks) on the various terminals. This process involves the creation of so-called cookie IDs, which can be attributed to your terminals for purposes of cross-device profile building, but which cannot be attributed to you personally. The data collected comprise non-personal, usage-related data (e.g. clicks on advertising, websites, times and duration of visit) and non-personal browser data (e.g., language settings, screen resolution). You are therefore not identifiable to us at any point.

For more information on data protection and the corresponding setting options, please go to: https://www.oracle.com/legal/privacy/advertising-privacy-policy.html. You can object to the use of Oracle BlueKai via the corresponding opt-out tool at http://www.oracle.com/us/corporate/acquisitions/bluekai/index.html

Myra

With the support of Myra Security GmbH, we ensure the availability of our services and protect our infrastructure against attacks by criminals, botnets and other malware. Myra Security GmbH assumes the task of performing the corresponding filtering on our behalf. To ensure your security, all traffic flows are checked before they are allowed to access our services. By analysing every attempt to access our website, we can check whether any requests you make are legitimate and thus protect your data against unauthorised access. This filtering process in no way restricts your use of our services/our website.

Legal basis for the above processing

Art. 6 (1) point f) GDPR applies where personal data is processed.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in processing your personal data via our website lie in our desire to optimise our internet offering and, as such, offer our customers best possible services and sustainably increase customer satisfaction.

Categories of recipients of your data

Your data is only transmitted to third parties if this is necessary for performance of the contract, for example, in order to inform a local rental partner about your reservation or to process a credit card payment through your credit card company. In such cases, we transmit your data to IT service providers, call centres, collection companies, financial services providers, agency partners, franchise partners and other cooperation partners.

We moreover transmit data to Google, Inc and Facebook Ireland Ltd. in the aforementioned scope (see → Purposes of data processing).

As part of our measures to prevent fraud, we also transmit – in situations where third parties have been, or are at risk of being, defrauded – personal data to such third parties having suffered, or at risk of, fraud.

Transfer to third countries

If business customers use our services to reserve vehicles that are to be rented in a third country, we transmit the personal data of the driver to our contractual and business partners in such third country. The transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. You can request copies of the aforementioned safeguards from SIXT by writing to the address specified above (see → Controller).

SIXT stores your personal data until they are no longer necessary in relation to the purposes for which they were collected or otherwise processed (see → Purposes of data processing at SIXT). Where SIXT is under legal obligation to store personal data, it will store personal data for the preservation period stipulated by law. The preservation period for commercial documents, which include bookkeeping documents and accounting records (including invoices), is 10 years (Section 257 (4) of the German Commercial Code). During this period, your data may be subject to restricted use within day-to-day operations if its processing serves no further purposes.

Rights pursuant to Art. 15 – 18 and 20 GDPR

You have the right to, at reasonable intervals, obtain information about your personal data under storage (Art. 15 GDPR). The information you are entitled to includes information about whether or not personal data concerning you are stored, about the categories of personal data concerned, and about the purposes of the processing. Upon request, SIXT will provide you with a copy of the personal data that are processed.

You also have the right to obtain from SIXT the rectification of inaccurate personal data concerning you (Art. 16 GDPR).

You furthermore have the right to obtain from SIXT the erasure of personal data concerning you (Art. 17 GDPR). We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, and if the personal data have been unlawfully processed.

Under certain circumstances, you have the right to have the processing of your personal data restricted (Art. 18 DSGVO). These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified.

Should you opt to change to a different vehicle rental company, you have the right either to receive, in a machine-readable format, the data that you provided to us based on your consent or on a contractual agreement with us, or to have us transmit, also in a machine-readable format, such data to a third party of your choice (Right to data portability, Art. 20 GDPR).

No contractual or legal obligations to provide data/consequences of failure to provide data

You are not contractually or legally obliged to provide us with your personal data. Please note, however, that you cannot enter into a vehicle rental contract with us or avail of other services provided by us if we are not permitted to collect and process the data as required for the purposes specified in the foregoing (see → The purposes of data processing at SIXT)

Right to object pursuant to Art. 21 GDPR

If the processing of your data by SIXT is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) point e) GDPR) or if it is necessary in the legitimate interests of SIXT, then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data. SIXT will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.

You may object, at any time and without restriction, to the processing of your personal data for purposes of direct advertising.

Right to withdraw consent at any time

If data processing at SIXT is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.

You have the right to lodge complaints with the supervisory authority responsible for SIXT. Please send such complaints to the following address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Last amended in: May 2018