We collect personal data provided directly by users and data obtained automatically. The data may include:

• Identification and contact detailsName, address, email, phone number, tax identification number (NIF), and other information necessary for the booking and invoicing process; in the case of car rentals, we may collect identification document and driver's license data when required by law. This data is provided when you fill out contact or booking forms on our platform.
  
  

• Payment detailsIf you choose to pay online, we process your credit card details through a secure payment service provider. We ourselves We do not store The full card numbers, only any tokens or technical records necessary for transaction validation with Ifthenpay.
  
  

• Browsing and behavior dataTechnical data is automatically collected during your visit, such as IP address, device and browser information, pages visited, access sources, and time spent on the site. This data is obtained via cookies and analytical tools (e.g., Google Analytics) and is intended to improve the functioning of the website.
  
  

• Preferences and settings: such as the selected language, remembered through a functional cookie from the translation plugin (e.g., language cookie name).
  
  

• Optional dataIf you subscribe to our newsletter or promotions (if available) or fill out satisfaction surveys, we will process the data you provide for the purpose of communicating news or improvements.

All personal information is collected for legitimate purposes and in accordance with the purposes described below.

We process your personal data for the following main purposes:

• Contract or pre-contract execution: manage the car booking and rental process (reservation confirmation, contract and invoice issuance), provision of requested services, and communication related to your booking. This processing is necessary to fulfill contractual and pre-contractual obligations.
  
  

• Communication and support: to respond to your messages through the contact form or email, provide customer support, and send service-related information.
  
  

• Compliance with legal and tax obligations.: to archive invoicing and accounting data for legal purposes, particularly tax obligations. By law, companies must keep accounting and tax documents for up to 10 years.
  
  

• Security and fraud prevention: verify customer identity, detect and prevent fraud or abuse in rental services, particularly through analysis of usage patterns.
  
  

• Service and website improvementAnalyze website visit and usage statistics (via Google Analytics) to adapt content, identify errors, and optimize the user experience. Google Analytics allows us to see how visitors use the site in an aggregated and anonymous way, for improvement purposes.
  
  

• Marketing and promotional information (With consent): If you have authorized it, we may process your data to send you information about future products and promotions. This purpose requires your specific consent.
  
  

• Personalization of preferences: We use the language cookie to present the website to you in your preferred language and to maintain certain browsing preferences.
  
  

Freerent's legitimate interests include keeping the site secure, functional, and tailored to users' needs (e.g., ensuring the site's quality and security).

The processing of your data is based on several legal grounds under the GDPR (Article 6):

• Performance of a contract or pre-contractual steps (art. 6.1.b GDPR) – when we process data to manage reservations, execute car rental contracts, or respond to inquiries that result in a purchase.
  
  

• Explicit consent (art. 6.1.a GDPR) – when you give us free and informed consent to process your data for specific purposes (for example, when you accept the cookie banner for analytics or when you subscribe to the newsletter). Consent can be withdrawn at any time, without affecting the legality of the processing up to that point.
  
  

• Legitimate interest (art. 6.1.f GDPR) – applicable to processing necessary for our legitimate interests or those of third parties, provided that such interests do not override your fundamental rights and freedoms. Examples include website security and fraud prevention, as well as service improvement through website usage analysis.
  
  

• Legal obligation (art. 6.1.c GDPR) – compliance with legal obligations imposed on the company, such as the preservation of tax and accounting documents for the legally required period.
  
  

All processing is carried out in accordance with the purposes described above and within the limits permitted by law, namely the GDPR and Law No. 58/2019.

We retain your personal data only for as long as necessary for the purposes for which it was collected and in accordance with applicable legal requirements. Examples of retention periods:

• Customer data and contracts: kept for the period required by tax and commercial law. In Portugal, accounting and tax documents must be kept for 10 years, unless otherwise provided by law.
  
  

• Contact forms and email communications: held for as long as processing is justified (e.g., until the request is exhausted or for a period of up to 3 years if there is no conflict).
  
  

• Cookie and analytics dataAnonymous or aggregated data is retained for the time defined in the settings (for example, Google Analytics retains data for a specific, configurable period; consent data may be archived for as long as it is relevant).
  
  

• Marketing dataWe retain your contact details for sending promotional communications only with your consent and until you request that we stop receiving them.
  
  

After the expiration of legal deadlines or the termination of the contractual relationship, the data is deleted or anonymized, except if it is necessary to retain it to comply with legal obligations or to defend a right.

To fulfill the purposes described, we may share personal data with external entities, always observing confidentiality and security:

• Service providers (subcontractors)Companies that provide services on our behalf, such as web hosting, database management, technical support, payment processing, accounting or auditing, email delivery, and IT services. These third parties only access your data to the extent necessary to perform the contracted services and are subject to contractual obligations of confidentiality and data protection.
  
  

• E-commerce platformYour order and customer account data are managed on the WooCommerce/WordPress platform. Automattic, the company responsible for WordPress.com, is an American company, but the data hosted on our website follows our privacy policies.
  
  

• Google LLC (Ireland/USA): We use Google Analytics to analyze website usage and the Translate API for automatic translation functionality. Data (e.g., Analytics cookie identifiers) is sent to Google, which may transfer it to servers in the USA. Google provides information about data privacy and security at [link to Google privacy policy]. https://policies.google.com/privacy. The use of these tools complies with Consent Mode v2, ensuring treatment in accordance with your consent.
  
  

• Payment providersIf you use card payment, the transaction data is shared with the financial institution (e.g., Stripe, PayPal, or your bank). These institutions handle the data under their own privacy terms and only process what is necessary to complete the payment and prevent fraud.
  
  

• Authorities and legal entitiesWe may disclose personal data to public authorities (tax authorities, police, CNPD, etc.) when required by law or court order.
  
  

• Other recipientsWith your consent or at your request, we may share data with partners or collaborators (e.g., travel agencies, insurance companies) for specific service provision purposes.
  
  

The recipients listed above include entities both within and outside the European Union. In the case of transfers to third countries (e.g., Google servers in the USA), we ensure adequate protection mechanisms (standard contractual clauses approved by the European Commission or adherence to the new EU-US adequacy framework) as required by the GDPR.

Some of our service providers are based outside the EU/EEA. For example, Google LLC (Ireland and USA) processes Analytics and translation data. Transfers of personal data to the USA are made under the Contractual Clauses Type of the EU or fall within EU-US Data Privacy Framework, ensuring an adequate level of protection. Other providers (e.g., servers or fintechs) will only be contracted if they comply with European data protection standards. If international transfer is required, we will notify you on the website that such transfer is covered by adequate safeguards, in accordance with the GDPR (Article 46).

Freerent adopts appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or improper disclosure. These measures include:

• Use of Secure connection (SSL/TLS) on all pages of the website, ensuring encryption of data in transit.
  
  

• Data is stored on servers protected by firewalls, with physical and logical access control, and regular backups.
  
  

• Pseudonymization and encryption of sensitive data where applicable (e.g., login credentials).
  
  

• Internal access control: only authorized employees, bound by confidentiality obligations, have access to the data, and only to the extent necessary.
  
  

• Procedures for periodic assessment of information security risks and compliance with the GDPR.
  
  

• In the event of a personal data breach, we will follow the GDPR protocol, notifying the CNPD (National Data Protection Commission) and the data subjects if there is a high risk to the rights and freedoms of individuals.
  
  

• Despite these measures, it should be noted that no data transmission over the Internet is 100% secure; however, we do our best to ensure a high level of protection.

According to the GDPR, data subjects (customers and visitors) have the following rights, which can be exercised against Freerent:

• Right of accessTo obtain confirmation as to whether your personal data is being processed and, if so, to receive a copy of that data, information about the processing and its terms.
  
  

• Right of rectification: request the correction of inaccurate data or complete incomplete data that we hold about you.
  
  

• Right to erasure (“right to be forgotten”): request the deletion of your personal data when it is no longer necessary for the original purposes, or when you withdraw consent without another legal basis for processing.
  
  

• Right to restriction of treatment: request that we limit the use of your data (for example, when you dispute the accuracy of the data, or if we refuse to delete it due to legal obligations).
  
  

• Right to portability: to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and/or to transfer it to another data controller, when the processing is based on consent or a contract and the data is processed by automated means.
  
  

• Right to object: to object to the processing of your data for reasons related to your particular situation, namely processing for direct marketing or based on legitimate interests, if you believe that your interests/rights prevail over ours.
  
  

• Right to withdraw consentIf the processing is based on consent, you may withdraw it at any time (this does not affect the lawfulness of processing based on consent before its withdrawal).
  
  

• Right to complainIf you believe that your rights have not been respected, you can file a complaint with the competent Supervisory Authority (in Portugal, the CNPD – National Data Protection Commission).
  
  

To exercise any of these rights, simply send a clear written request to the contact details below. As a rule, we will respond within one month of the request, as stipulated in the GDPR. Any extensions for complex requests will be communicated in a timely manner.

If you wish to access, correct, delete or limit your data, withdraw consent, object to processing or have any other question related to the protection of your personal data, please contact us through the following means:

• E-mail: [email protected]

• Telephone: +351 961 829 346

• HouseholdAvenida da República, Nº 1326, 6º – Sala 68, 4430-192 Vila Nova de Gaia, Portugal
  
  

• Data Protection Officer (DPO)[If applicable, indicate the name/email of the DPO. If there is no mandatory DPO, use the general contact above as the designated contact person.]

For additional information or to file a complaint, you can also contact them directly. National Data Protection Commission (CNPD) through their official channels (e.g., telephone +351 213 928 400 or email) [email protected]).

Our website uses cookies and similar technologies to distinguish users, remember preferences, and analyze traffic. In accordance with the GDPR and Portuguese law, we categorize cookies as follows:

• Strictly necessary cookies: essential for the functioning of the website and services (e.g., WooCommerce session cookies such as woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_[hash], (Necessary for managing the shopping cart and booking process). Without these cookies, the website would not function correctly. These cookies do not require consent as they are legally based on our legitimate interest (ensuring the basic functioning of the website).
  
  

• Functionality cookiesThey remember your choices, such as the website language (e.g., TranslatePress plugin cookie). trp_language) or display preferences. They do not collect personally identifiable information and are not for analytical purposes. They are processed based on our legitimate interest in personalizing the user experience.
  
  

• Analytical cookies: used to analyze website usage and improve it. For example, Google Analytics sets cookies (such as _ga, _gidThese cookies anonymously and in aggregate form record visited pages, session duration, traffic source, etc. This data allows us to evaluate website performance and user behavior. According to regulations, these cookies are only activated after your request. explicit consent.
  
  

• Marketing/advertising cookiesWe do not use our own advertising cookies. If we were to use remarketing cookies (e.g., Google Ads), these would serve to show relevant ads based on your browsing history. Their use always depends on your prior consent (GDPR art. 6.1.a). If activated, there may be a transfer of data to third parties such as Google (USA), which will process the data under its policies (see Google's cookie rules).
  
  

When you enter our website for the first time, we present a cookie banner where you can... accept or refuse The categories of cookies (analytical and marketing). If you refuse, only strictly necessary cookies will be placed. You can change your preferences at any time through the website's cookie settings or browser settings. Note that disabling certain cookies may affect website functionality. For more information about cookies and how to manage/remove cookies in your browser, please consult [link to relevant information]. We refer to the detailed cookie policy. or your browser settings.

We use the Google Consent Mode v2This means that if you do not consent to analytical cookies, Google Analytics only processes basic events (without persistent cookies) in an anonymized way, adjusting to your level of consent.

Our services are not intended for individuals under 18 years of age.
If you are under 18, you should not submit any personal data.

This Privacy Policy may be updated periodically (e.g., to reflect legal changes, new features in our services, or adjustments to data collection). The date of the last update is at the end of the document.. In the event of significant changes to the purposes of the processing or your rights, we will communicate the changes through a visible notice on the website or, if applicable, via email to account holders. We recommend that you review this page occasionally to be aware of any changes. Continued use of our services after changes implies agreement with the updated Policy.

Last updated: May 3, 2025.

Sources and Legislation: This policy complies with Regulation (EU) No 2016/679 (GDPR), Law No 58/2019 and other applicable Portuguese legislation. For more information on data subject rights, please consult the CNPD website. For any questions about this policy or the processing of your data, please contact us as indicated above.