Latest updated October 2018
At DriveNow, Arriva Danmark A/S we protect your information and therefore process your personal information with due respect for your privacy and in full compliance with the Data Protection Regulation and other legislation.
2. Data controller and contact details
DriveNow, Arriva Danmark A/S
Skøjtevej 26 2770
The responsible for data protection at the Data Controller may be contacted via:
Or alternatively by sending a letter marked ’Persondatabeskyttelse’ to the address stated above.
3. Definition of ’personal information’ and ’processing’
'Personal information' is any form of information about an identified or identifiable natural person. It includes, for example, your name, your address, your phone number and your email address. In contrast, an information about the number of users on a website, for example, is not a personal information because it is not a specific identifiable physical person.
'Processing' constitutes any form of processing of personal data such as collection, storage, disclosure and deletion of personal data.
4. Processing purpose and categories of personal information
The collection and subsequent processing of your personal information are done for the purpose of managing you as a customer. The purpose includes inter alia the need to identify you as a customer, document your right to drive our city cars, calculate the rental price for the hire of our city cars or simply generally process inquiries from you and optimize our services and website. Besides that, your information may be used for profiling and marketing purposes via various channels, hereunder social media, with a view to target communication and offers to you. If you participate in a competition, the personal information provided will be processed with a view to complete the competition.
We collect and process the information you provide to us, for example via website, app, letter, over the phone or via e-mail. The personal information you provide to us may constitute the following categories:
- Contact details (private phone number and e-mail)
- Payment information
- Copy of driver licence and driver licence number
- Travelcard number
- Personal answer to security questions
We collect and process the information about you, as we regularly receive as a result of the customer relationship. The personal information we continuously collect and process may consist of the following:
- Rental history, hereunder start and end address for rentals as well as the registration number of the vehicle used
- Information about damages, parking fees or speed tickets.
5. Legal basis for the processing of your personal information and retention periods
We store your personal information only if we have legal basis, and your personal information will not be processed for a longer period than necessary to fulfil the purposes for which the personal information is collected unless we are legally required to do so.
The table below lists the legal basis for the processing of personal information as well as the retention periods that apply:
GDPR, art. 6, sec. 1, litra b) (fulfilling of contract)
GDPR, art. 6, sec. 1, litra f)
As long as the customer relationship exist and until 3 years after the last purchase (rental). (However, bookkeeping data and information required in accordance with the ‘rental of vehicle without a driver’ Act (BEK nr. 463 02/05/2013)will be kept for up to 5 years from last purchase)
GDPR, art. 6, sec. 1, litra a)
Until you unsubscribe.
|Participation in competitions||
GDPR, art. 6, sec. 1, litra b) (fulfilling of contract)
GDPR, art. 6, sec. 1, litra f) (the interest rule)
|Up to ninety (90) days after the competition is finish and winners have received their prize.|
7. Information Security
We apply appropriate administrative, technical and organizational security measures to protect your personal data that is under our control from unauthorized access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers. We are part of the Arriva plc Group, which trains its employees regarding our data privacy policies and procedures and permit authorized employees to access personal data on a need to know basis, as required for their role. We also take steps to ensure that any service provider that we engage to process personal data on our behalf takes appropriate technical and organizational measures to safeguard such personal information.
8. Transfer of personal information to independent data controllers
We only transfer personal information to processing at independent data controllers, if we have a legal basis for it, and in so far transfer is necessary.
- Public institutions and authorities, hereunder municipalities and police
- Private parking companies
- Insurance companies
9. Transfer of personal information to data processors in third countries
We will only transfer personal information to data processors in third countries (countries outside of EU or EEC), if we have been provided with adequate and reasonable assurances that the level of protection in the country in question for the data processor is sufficient in accordance with the Data Protection Regulation. If we are using data processors from third countries, the third country will be stated below.
10. Rights as a registered
When we process personal information about you, you have the rights, in accordance with the Data Protection Regulation - subject to the reservations stated therein:
- to receive information about the data we process about you,
- to have personal information about you corrected or deleted,
- to withdraw your consent, in case the processing is based on such,
- to limit the data processing regarding your personal information,
- to receive the personal information about you from us in a structured and regular used format,
- to complain about the processing of your personal information, hereunder the right to not be subject to automatic decisions or profiling.
In any case, you can contact the responsible for data protection at the data controller. Contact details are found in section 2 above ’Data controller and contact details’.
You also have the right to file a complaint with a supervisory authority. You may find a list of supervisory authorities in the EU and their contact information via the following link: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
1 The storage of personal data is only happening in the EU, however parts of our IT-system is developed in the specific third country, and thus the developer may get access to the system from there.