Data Privacy Policy

1. Introduction and Scope

This Data Privacy Policy explains how rentcarzurich.com ("we", "us", or "our"), operated from Zurich, Zurich, Switzerland, collects, processes, stores, and protects personal data in connection with vehicle rental services offered through this website. This policy applies to all visitors, registered users, and customers who interact with our platform, whether browsing from a desktop in Zurich Altstadt, completing a booking for pickup at Zurich Airport (ZRH), or contacting us via email.

We are committed to complying with the Swiss Federal Act on Data Protection (nFADP / revDSG), which came into force on 1 September 2023, as well as the applicable provisions of the EU General Data Protection Regulation (GDPR) where relevant to users located in the European Economic Area. By using rentcarzurich.com, you acknowledge that your personal data may be processed as described in this policy.

2. Data Controller

The data controller responsible for processing your personal information is rentcarzurich.com, Zurich, Zurich, Switzerland. For all privacy-related enquiries, you may contact us at:

• Email: [email protected]
• Phone: +1 (256) 666-3798
• Address: Zurich, Zurich, Switzerland

3. Information We Collect

We collect only the personal data necessary to provide our vehicle rental services. The categories of data we may collect include:

3.1 Personal Identification Data

• Full name and date of birth
• Email address and phone number
• Residential address
• Driver's licence number, issuing country, and expiry date
• Passport or national identity document details (where required for cross-border rentals, for example on routes from Zurich to Germany or Austria)

3.2 Booking and Transaction Data

• Rental dates, pickup and drop-off locations (including Zurich Airport, Zurich HB main station, or hotel delivery addresses)
• Vehicle category, optional extras (child seats, GPS, additional drivers)
• Booking reference numbers and reservation history
• Correspondence related to your booking or support requests

3.3 Payment Information

We do not store full payment card details on our servers. Payment transactions are handled by PCI-DSS-compliant third-party processors. We may retain transaction identifiers, partial card details (last four digits), and payment status records for accounting and fraud-prevention purposes. Our no-deposit, debit-card-friendly booking model means we do not place pre-authorisation holds on your account, and no sensitive card data is stored by us.

3.4 Browsing and Technical Data

• IP address and approximate geolocation
• Browser type, version, and operating system
• Pages visited, time on site, and referral source
• Cookie identifiers and session tokens (see our Cookies Policy for details)

3.5 Location Data

If you use location-based features on our website (for example, finding the nearest pickup point near Zurich Hauptbahnhof or the Niederdorf quarter), we may process approximate location data provided by your browser with your explicit consent. You may withdraw this consent at any time through your browser settings.

4. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

• Processing and managing bookings (contractual necessity) - to confirm, amend, or cancel your vehicle rental reservation, arrange pickup at Zurich Airport or other agreed locations, and issue rental documentation.
• Customer support (contractual necessity and legitimate interest) - to respond to enquiries, handle complaints, and assist with roadside assistance or changes to your rental.
• Payment processing and fraud prevention (contractual necessity and legal obligation) - to facilitate payments, detect fraudulent activity, and comply with anti-money-laundering requirements.
• Service improvement and analytics (legitimate interest) - to analyse how visitors use rentcarzurich.com, improve our booking interface, and optimise vehicle availability in Zurich and the wider Swiss market.
• Marketing communications (consent) - to send you promotional offers, seasonal deals, or information about new vehicle categories, but only where you have given explicit consent. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or contacting us directly.
• Legal and regulatory compliance (legal obligation) - to meet our obligations under Swiss law, including the nFADP, Swiss Road Traffic Act, and any applicable cantonal regulations in the Canton of Zurich.

5. Data Sharing with Third Parties

We do not sell your personal data to third parties. We may share your data with carefully selected partners only where necessary to fulfil your rental or meet legal requirements:

• Payment processors - to securely handle debit and credit card transactions in accordance with PCI-DSS standards.
• Insurance providers - to validate coverage for collision damage waiver (CDW), theft protection, and personal accident insurance associated with your rental.
• Booking integration partners - third-party rental platforms or aggregators that process your reservation and communicate availability, pricing, and confirmation.
• Vehicle fleet operators and local agents - where pickup or drop-off is handled by a partner operator in Zurich or another Swiss city.
• Legal and regulatory authorities - Swiss government agencies, cantonal authorities in Zurich, or law enforcement where we are required by law to disclose information.
• IT and hosting providers - data processors who provide server infrastructure, analytics, and technical support under strict data processing agreements.

All third-party processors are bound by contractual data protection obligations consistent with the nFADP and, where applicable, the GDPR. Where data is transferred outside Switzerland or the EEA, we ensure adequate safeguards are in place, such as standard contractual clauses approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:

• Booking and transaction records - retained for 10 years from the date of the transaction, in line with Swiss commercial law (OR Art. 958f).
• Customer support correspondence - retained for 3 years from the date of last contact.
• Marketing consent records - retained until consent is withdrawn, plus 1 year for compliance audit purposes.
• Browsing and analytics data - anonymised or deleted within 26 months of collection.
• Driver licence and identity documents - retained for the duration of the rental agreement and deleted within 6 months of rental completion, unless required longer by law.

7. Your Rights Under Swiss and EU Data Protection Law

Depending on your location and the applicable legal framework, you may have the following rights regarding your personal data:

• Right of access - you may request a copy of the personal data we hold about you, free of charge, once per calendar year.
• Right to rectification - you may ask us to correct inaccurate or incomplete personal data without undue delay.
• Right to erasure ("right to be forgotten") - you may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
• Right to data portability - where processing is based on consent or contractual necessity, you may request your data in a structured, commonly used, machine-readable format.
• Right to object - you may object to processing based on legitimate interest, including direct marketing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to restrict processing - you may request that we limit how we use your data in certain circumstances, for example while a dispute is being resolved.
• Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you believe your rights have not been respected, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

8. Data Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security practices include:

• TLS/SSL encryption for all data transmitted between your browser and our servers
• Restricted staff access to personal data on a need-to-know basis, with role-based access controls
• Regular security assessments and penetration testing of our web infrastructure
• Secure and encrypted storage of booking and customer records
• Data processor agreements requiring equivalent security standards from all third-party partners
• Incident response procedures to identify, report, and address data breaches within the timeframes required by the nFADP

While we take all reasonable steps to protect your data, no method of internet transmission or electronic storage is completely secure. We encourage you to use strong passwords and to contact us immediately if you suspect any unauthorised use of your account.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve rentcarzurich.com. Essential cookies are required for core functions such as maintaining your session during the booking process. Analytics and preference cookies are set only with your consent. For full details on the cookies we use and how to manage them, please read our Cookies Policy.

10. Policy Updates

We may update this Data Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users by email. Continued use of rentcarzurich.com after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

This policy was last reviewed and updated in 2024 to reflect the requirements of the revised Swiss Federal Act on Data Protection (nFADP), which entered into force on 1 September 2023.

11. Contact for Privacy Questions

If you have any questions, concerns, or requests relating to this Data Privacy Policy or the way we handle your personal data, please reach out to our privacy team:

• Email: [email protected]
• Phone: +1 (256) 666-3798
• Address: Zurich, Zurich, Switzerland

We aim to acknowledge all privacy enquiries within 5 business days and to provide a substantive response within 30 calendar days.