Latest updated May 2018
At DriveNow, Arriva Danmark A/S we protect your information and therefore process your personal information with due respect for your privacy and in full compliance with the Data Protection Regulation and other legislation.
2. Data controller and contact details
DriveNow, Arriva Danmark A/S
Skøjtevej 26 2770
The responsible for data protection at the Data Controller may be contacted via:
Or alternatively by sending a letter marked ’Persondatabeskyttelse’ to the address stated above.
3. Definition of ’personal information’ and ’processing’
'Personal information' is any form of information about an identified or identifiable natural person. It includes, for example, your name, your address, your phone number and your email address. In contrast, an information about the number of users on a website, for example, is not a personal information because it is not a specific identifiable physical person.
'Processing' constitutes any form of processing of personal data such as collection, storage, disclosure and deletion of personal data.
4. Processing purpose and categories of personal information
The collection and subsequent processing of your personal information is done for the purpose of managing you as a customer. The purpose includes inter alia the need to identify you as a customer, document your right to drive our city cars, calculate the rental price for the hire of our city cars or simply generally process inquiries from you and optimize our services, including our website. If you sign up for our newsletter, the information will also be processed to send you our newsletter.
We collect and process the information you provide to us, for example via website, app, letter, over the phone or via e-mail. The personal information you provide to us may constitute the following categories:
- Contact details (private phone number and e-mail)
- Payment information
- Copy of driver license
- Travelcard number
- Personal answer to security questions
We collect and process the information about you, as we regularly receive as a result of the customer relationship. The personal information we continuously collect and process may consist of the following:
- Rental history, hereunder start and end address for rentals as well as the registration number of the vehicle used
- Information about damages, parking fees or speed tickets.
5. Legal basis for the processing of your personal information and deletion periods
We store your personal information only if we have legal basis, and your personal information will not be processed for a longer period than necessary to fulfil the purposes for which the personal information is collected unless we are legally required to do so.
The table below lists the legal basis for the processing of personal information as well as the deletion periods that apply:
GDPR, art. 6, stk. 1, litra b) (fulfiling of contract)
GDPR, art. 6, stk. 1, litra f)
As long as the customer relationship exist and until 3 years after the last purchase (rental)
GDPR, art. 6, stk. 1, litra a)
Until you unsubscribe.
7. Information Security
We apply appropriate administrative, technical and organizational security measures to protect your personal data that is under our control from unauthorized access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers. We are part of the Arriva plc Group, which trains its employees regarding our data privacy policies and procedures and permit authorized employees to access personal data on a need to know basis, as required for their role. We also take steps to ensure that any service provider that we engage to process personal data on our behalf takes appropriate technical and organizational measures to safeguard such personal information.
8. Transfer of personal information to independent data controllers
We only transfer personal information to processing at independent data controllers, if we have a legal basis for it, and in so far transfer is necessary.
9. Transfer of personal information to data processors in third countries
We will only transfer personal information to data processors in third countries (countries outside of EU or EEC), if we have been provided with adequate and reasonable assurances that the level of protection in the country in question for the data processor is sufficient in accordance with the Data Protection Regulation. If we are using data processors from third countries, the third country will be stated below.
10. Rights as a registered
When we process personal information about you, you have the rights, in accordance with the Data Protection Regulation - subject to the reservations stated therein:
- to receive information about the data we process about you,
- to have personal information about you corrected or deleted,
- to withdraw your consent, in case the processing is based on such,
- to limit the data processing regarding your personal information,
- to receive the personal information about you from us in a structured and regular used format,
- to complain about the processing of your personal information, hereunder the right to not be subject to automatic decisions or profiling.
In any case, you can contact the responsible for data protection at the data controller. Contact details are found in section 2 above ’Data controller and contact details’.
You also have the right to file a complaint with a supervisory authority. You may find a list of supervisory authorities in the EU and their contact information via the following link: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm