Your browser (Internet Explorer) is not compatible with Rentcars.

Upgrade your browser now to ensure the best experience and safety when booking a car.

UPDATE MY BROWSER
In partnership with:
In partnership with:
In partnership with:
In partnership with:
In partnership with:
In partnership with: Melhores Destinos
In partnership with: Travel Club
Help

Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION RENTCARS

UPDATED ON APRIL 1, 2025.


1. Definitions

The terms and expressions used in this Privacy Policy have the meanings defined below:

“National Data Protection Authority or ANPD”: the public administration body responsible for overseeing, implementing, and enforcing compliance with the LGPD throughout the national territory.

“Rentcars Collaborators”: exclusively for the purposes of this Policy (without implying an employment relationship) all individuals working with Rentcars, including partners, administrators, directors, employees, managers, interns, apprentices, internal service providers, and any other person who has a direct relationship with Rentcars.

“Consent”: a free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose.

“Data Controller”: a natural or legal person, whether public or private, responsible for making decisions regarding the processing of personal data.

“Data”: Personal Data and Sensitive Personal Data, as defined in this Policy, in accordance with the provisions of the LGPD.

“Anonymized Data”: data related to the data subject that does not allow their identification using reasonable and available technical means at the time of processing.

“Personal Data” or “Personal Data”: information related to a natural person that allows them to be identified in any way.

“Sensitive Personal Data” or “Sensitive Personal Data”: personal data concerning racial or ethnic origin, religious belief, political opinion, membership in a union or an organization of a religious, philosophical, or political nature, data related to health or sexual life, genetic data, or biometric data.

“Data Protection Officer”: the person designated by the Data Controller and the Data Processor to act as a communication channel with the data subjects and the National Data Protection Authority (ANPD).

“LGPD”: General Data Protection Law (Law No. 13.709/18).

“Data Processor” or “Data Processors”: a natural or legal person, whether public or private, who processes personal data on behalf of the Data Controller.

“Rentcars”: Rentcars Ltda, a private legal entity registered under CNPJ No. 10.998.234/0001-23, headquartered at Rua Doutor Pedrosa, 151, suite 1201, 12th floor, Centro, Curitiba/PR, ZIP Code 80.420-120, and Rentcars BV, a Dutch company registered with Tax ID No. 859404900, with an address at Herengracht 420, 1017BZ, Amsterdam, Netherlands.

“GDPR”: General Data Protection Regulation 2016/679 of the European Union.

“Data Subject” or “Subject”: the natural person to whom the personal data being processed relates.

“Data Processing” or “Processing”: any operation or set of operations performed on personal data, including sensitive personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination, or extraction of personal data.


2. Purpose

2.1. The purpose of this Privacy Policy is to define the main rules and principles for the processing of data collected, including but not limited to the personal data of customers, suppliers and/or their representatives and collaborators, service providers, partners, rental agencies, as well as any other parties involved in the execution of Rentcars’ activities, ensuring an adequate level of security through protective measures in line with the LGPD and other applicable regulations.

2.2. In this way, we collect personal information that you provide directly, information about how you use our services, and information from third-party sources, as described in this document. We use such information to provide you with our services, understand how you use our services so that we can enhance and personalize your experience, and develop more relevant applications, technologies, and content for our customers. We also use personal information to provide personalized advertisements tailored specifically to your interests.

2.3. This Privacy Policy must be observed by all Rentcars collaborators, customers, suppliers, service providers, partners, rental agencies, or any individual or legal entity that assumes the role of Data Subject and/or Data Processor, in cases where Rentcars acts as the Data Controller.


3. Points of Collection of Personal Data

The collection of personal data by Rentcars can occur in various ways, directly or indirectly, for example, but not exclusively, through:

  1. Receiving emails, including through the Rentcars website;
  2. In person, by the Data Subject themselves;
  3. Electronic resumes submitted by the Data Subject to Rentcars through the website and corporate social networks;
  4. Internal and third-party management systems, including those used by Data Processors;
  5. Registration and navigation by the Data Subject on the Rentcars website or application;
  6. When you communicate with our Customer Service team or other service teams, your communications are transmitted through our systems, including the chatbot, WhatsApp, email, and application, whether for support or sales;
  7. Corporate social networks and communication applications;
  8. Meetings and events, telephone calls, photos, and images from security cameras; and
  9. Contracts, public sources, digitized documents, and documents from customers and partners.

4. Purposes of Data Processing

4.1. The entire data processing procedure at Rentcars is carried out using only the data strictly necessary to achieve the specific purposes, such as, but not limited to:

  1. Fulfillment of contractual and legal obligations with customers, including post-sales support, for which personal data is processed, such as, but not limited to: name, identification document, reservation code, driver’s license, proof of income, vehicle rental details, passport, banking details, marital status, physical address, nationality, occupation, phone, email, IP address, and geolocation.
  2. Analysis of user behavior on the website and application and generation of vehicle recommendations, for which personal data is processed, such as, but not limited to: reservation code, geolocation, customer ID, navigation context, browsing behavior, vehicle pick-up and drop-off locations, number of rental days, and browsing and purchase history.
  3. Lead acquisition and reactivation via the website, email, and WhatsApp, for which personal data is processed, such as, but not limited to: name, gender, email, phone, address, identification document, geolocation, and reservation code.
  4. Conducting customer satisfaction surveys, for which personal data is processed, such as, but not limited to: name, reservation code, email, and phone.
  5. Analysis of customer testimonials and opinions posted on consumer support sites and social networks, for which personal data is processed, such as, but not limited to: name, gender, place of residence, social media profile, and testimonial content.
  6. Calculation of the probability of reservation cancellation, for which personal data is processed, such as, but not limited to: name, gender, age, email, phone, address, reservation code, reservation details, reservation location, whether a promotion was used, whether the customer is new or active, cancellation history, and country of residence.
  7. Customer segmentation for marketing, for which personal data is processed, such as, but not limited to: name, gender, age, email, phone, address, reservation code, reservation details, and segment.
  8. Management of contracts and fulfillment of contractual obligations with rental agencies, suppliers, partners, and service providers, for which personal data is processed, such as, but not limited to: name, date of birth, marital status, identification document, physical address, email, phone, nationality, occupation, signature, and position.
  9. Prospecting and negotiation with new business partners and rental agencies, for which personal data is processed, such as, but not limited to: name, email, phone, identification document, driver’s license, social media profile, position, and occupation.
  10. Management of payments to rental agencies, partners, suppliers, service providers, and other third parties, for which personal data is processed, such as, but not limited to: name, identification document, email, and banking details.
  11. Evaluation and handling of cases of fraud in reservations, for which personal data is processed, such as, but not limited to: name, date of birth, identification document, email, physical address, phone, banking details, reservation details, and IP address.
  12. Physical and asset security of its headquarters, for which personal data is processed, such as, but not limited to: name, photo, and ID; and sensitive personal data, such as biometric data.

4.2. The data mentioned above is processed by Rentcars and by companies contracted by it, and is stored securely under appropriate technical and organizational measures, for the period necessary to fulfill the purposes.

4.3. Rentcars uses tools and assets with global reach; therefore, it conducts international transfers of personal data, in accordance with the terms of the LGPD and Resolution CD/ANPD No. 19/2024.


5. Legal Bases for Data Processing

5.1. The legal bases for the processing of personal data by Rentcars, according to Article 7 of the LGPD, are:

  1. Consent of the Data Subject;
  2. Fulfillment of a legal or regulatory obligation by Rentcars;
  3. Execution of a contract or preliminary procedures related to a contract to which the Data Subject is a party, at the request of the Data Subject;
  4. Protection of the life or physical safety of the Data Subject or a third party;
  5. Legitimate interest of Rentcars.

5.2. The legal bases for the processing of sensitive personal data by Rentcars, according to Article 11 of the LGPD, are:

  1. Consent of the Data Subject;
  2. Fulfillment of a legal or regulatory obligation by Rentcars; and
  3. Protection of the life or physical safety of the Data Subject or a third party.

6. Storage and Disposal of Personal Data

6.1. Any data provided by the Data Subject is collected and stored securely under appropriate technical and organizational measures. To that end, Rentcars adopts various precautions in accordance with the security standards established by the applicable legislation.

6.2. In addition to technical measures, Rentcars also adopts organizational measures, such as the implementation of an Information Security Policy for the proper processing of the data.

6.3. Access to the collected data is restricted to Rentcars collaborators and persons authorized by Rentcars, and it is hosted on servers and systems located in Brazil and in other countries in accordance with the LGPD and Resolution CD/ANPD No. 19/2024.

6.4. After fulfilling the purposes for which the data was collected, the data is disposed of within the scope and technical limits of the activities, with retention permitted for the following purposes:

  1. Fulfillment of a legal or regulatory obligation by Rentcars;
  2. Transfer to a third party, provided that the data processing requirements set forth in the LGPD are respected; and
  3. Exclusive use by Rentcars, with third-party access prohibited, provided that the data is anonymized.

7. Geographical Scope

This Privacy Policy applies to cases in which data processing occurs or the data is collected within the Brazilian territory.


8. Rights of Data Subjects

8.1. The Data Subject, whenever possible, receives information about the processing of their personal data at the time of collection.

8.2. The Data Subject may exercise rights regarding the processing of their data, such as: access to information; objection to processing, automated decision-making, and profiling; restriction of processing; data portability; rectification and deletion of data; and revocation of consent, as applicable in each case, via the email address indicated in item 13.2 of this Privacy Policy.

8.3. Rentcars has implemented procedures to ensure responses to data subjects within the legally established deadlines and reserves, under the terms of the LGPD, the right to evaluate data subjects’ requests and to fulfill them when technically feasible and legally required. In any case, the outcome of the evaluation will be communicated to the data subject.

8.4. The Data Subject is aware that exercising some of their rights may prevent the continuation of their relationship with Rentcars.


9. Obligations of the Data Subjects

9.1. The Data Subject is responsible for the truthfulness, accuracy, and confirmation of the data they provide, whether on the Rentcars website or by any other means.

9.2. The Data Subject is prohibited from sharing logins, passwords, or any type of credentials with other people or third-party companies, including coworkers, family, and friends. The Data Subject must use strong and unique passwords for Rentcars assets and tools. Rentcars is not responsible for any breaches of privacy or personal data protection resulting from the actions or omissions of the Data Subject.

9.3. The Data Subject is responsible for implementing all necessary security measures on their devices used to access Rentcars assets and tools, so that Rentcars is not liable for any breaches of privacy or data protection resulting from this lack of diligence.


10. Obligations of Rentcars’ Data Processors

10.1. Rentcars seeks to engage with data processors committed to privacy and data protection.

10.2. Rentcars’ data processors must comply with this Privacy Policy as well as the relevant legislation. In case of non-compliance with either, Rentcars reserves the right to immediate contractual cancellation, without any liability to Rentcars, as well as to apply the appropriate legal and contractual sanctions.

10.3. Rentcars reserves the right to verify that its data processors follow the processes, operational instructions, and procedures defined by Rentcars, through routine or extraordinary audits.


11. Cooperation with the ANPD and Other Authorities

11.1. Rentcars, in its capacity as Data Controller, will cooperate with the ANPD and other data protection authorities on matters related to the protection and privacy of personal data under its processing, within the limits of the LGPD and GDPR, without waiving any rights to defense and appeals as guaranteed to it.

11.2. Rentcars collaborators, as well as service providers and/or suppliers potentially involved in the questioned processing or procedure, will provide support on matters related to the protection and privacy of personal data.


12. Data Sharing

We may share your information internally within our company, as well as with the following entities, for the purposes described above:

  1. Affiliates and subsidiaries: other Rentcars companies over which we have control or that belong to us.
  2. Business Partners: partners with whom we work to provide you with the requested or purchased services. For example, we may work with vehicle rental agencies to facilitate reservations. These partners are responsible for managing your personal information.
  3. Other parties when required by law or for the protection of Rentcars, our services, collaborators, and our customers: we may disclose your information when required by law, in legal proceedings, or by court order. Additionally, governmental authorities may request your data for purposes related to law enforcement, national security, counter-terrorism, and other public safety issues.
  4. Other parties with your consent or upon your request: in addition to the situations outlined in this Privacy Policy, we may share your information with third parties if you expressly authorize or request it.

13. Communication Channel

13.1. Rentcars provides the Data Subject, Data Processors, and any other individual or legal entity with a free communication channel and exclusive service for matters related to privacy and data protection.

13.2. All matters related to privacy and data protection should be directed to Rentcars’ Data Protection Officer, Débora Jabur, at the email: dpo@rentcars.com.

2025© Rentcars. All rights reserved.