Privacy policy in relation to the processing and security of personal data in GETRENTACAR INC.

BASIC TERMS
Website Administration - authorized employees on the Website Management https://getrentacar.com, acting on behalf of GETRENTACAR INC.
Personal data processing - any action or set of actions with personal data performed using automation means or without them, including the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution), de-identification, blocking, deletion, destruction of personal data.
Personal data - any information relating directly or indirectly to a specific or definable user. To such information, in particular, include:
- information about your computer, including your IP address, geographical location, type, browser version and operating system;
- information about your visits and use of our Website, including the source of the referral, the duration of the visit, page views and navigation paths through the Website;
- your email address, which you enter when registering on our Website;
- information that you enter when you create a profile on our Website — for example, your name, profile pictures, gender, date of birth, relationship status, interests and hobbies, education data and employment information;
- your first name, last name and email address that you enter to set up a subscription to our emails and / or newsletters;
- information that you enter when you design services on our Website;
- information that is created when using our Website, including when, how often and under what circumstances you use it;
- information relating to the services you use over the Internet a Website that includes your name, address, telephone number, email address and credit card information;
- information that you publish on our Website, indicating the publication on the Internet, which includes your username, profile pictures and the content of your messages;
- the information contained in any messages that you send to us by e-mail or through our Web site, including its content for communication and metadata;
- any other personal information that you send us.
User Website - a person who has access to a Website https://getrentacar.com through the Internet and use of the Website https://getrentacar.com.
Dissemination of personal data - actions, access to the disclosure of personal data to an indefinite circle of persons.
Website - an information system created on the basis of a communication server's web server, identified by the domain name https://getrentacar.com, intended for posting information on the Internet, means of its visual design and interaction with users via web clients.
Consent to the processing of personal data - the permission of the User of the Website, which he gives the interested party to receive, collect, store and use personal information about themselves.
Personal Data Subjects - an entity that is directly or indirectly determined or determined by personal data.
Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.

1. APPOINTMENT AND AREA OF ACTION OF THE DOCUMENT
1.1. "The GETRENTACAR INC. Policy" in relation to the processing and security of personal data "(hereinafter the Policy) determines the position and intentions of GETRENTACAR INC. (hereinafter also referred to as the Company) in the field of processing and ensuring the security of personal data in order to respect and protect the rights and freedoms of each person and, in particular, the right to privacy, personal and family secrets, protection of his honor and good name.
1.2. In order to maintain business reputation and ensure compliance with the requirements of the current international norms in the field of personal data, the Company considers the most important task to ensure the legitimacy of the processing and security of personal data of subjects in business processes. To solve this problem, the personal data protection system has been introduced, is functioning and is undergoing periodic review (control).
1.3. The Policy is strictly enforced by the managers and employees of all departments and branches of the Company.
1.4. The Policy applies to all personal data of subjects processed in the Company using automation tools and without using such tools.
1.5. This document determines the Company's Policy in the field of processing and protecting personal data and is located at https://getrentacar.com. This Policy has access to any subject of personal data.
1.6. The Policy is developed and used in conjunction with the Consent to the processing of personal data, which is also available at https://getrentacar.com.

2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
2.1. Processing and ensuring the security of personal data in the Company is carried out in accordance with the requirements of international norms in the field of personal data, European Union Regulation 2016/679 (General Data Protection Regulations).
2.2. When processing personal data, the Company adheres to the following principles:
• legality and fairness;
• restrictions on the processing of personal data to the achievement of specific, predetermined and legitimate goals;
• the reliability of personal data, their relevance and sufficiency for processing purposes;
• prevent processing of personal data that is incompatible with the purposes of collecting personal data;
• prevent the merging of databases containing personal data that are processed for purposes that are incompatible with each other;
• the legitimacy of organizational and technical measures to ensure the security of personal data;
• processing of personal data that meets the purposes of their processing;
• compliance content.
2.3. The Company processes personal data only in the presence of at least one of the following conditions:
• processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
• processing of personal data is necessary to achieve the objectives stipulated by law, for the implementation and fulfillment of the functions, powers and responsibilities of the operator imposed by international standards in the field of personal data;
• processing of personal data is necessary for the execution of the contract, of which either the beneficiary or the guarantor is party, according to which the subject of personal data is, and also to enter into a contract on the initiative of the subject of personal data or the contract on which the subject of personal data will be the beneficiary or surety;
• processing of personal data is necessary for the exercise of the rights and legitimate interests of the Company or third parties or to achieve socially significant goals, provided that it does not violate the rights and freedoms of the subject of personal data;
• processing of personal data is necessary when receiving feedback, analyzing the improvement of the quality of Services and services, as well as obtaining information about loyalty and satisfaction with the Company's Services and services, further research and processing of this information;
• processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request;
• processing of personal data to be published or mandatory disclosure in accordance with international standards in the field of personal data.
2.4. In cases established by international standards in the field of personal data, the Company has the right to transfer personal data to Users.
2.5. The Company destroys or depersonalizes personal data upon the achievement of processing objectives or in case of loss of the need to achieve the processing objective.

3. PURPOSES OF PERSONAL DATA PROCESSING
3.1. The Company processes personal data of the subject of personal data solely for the following purposes:
(A) undertaking activities to facilitate the organization of contacts and provide advice to Users of the Website;
(B) the conclusion, execution and termination of civil contracts by Users of the Website with third parties;
(C) the identification of the User and / or his representative;
(D) informing about the Company's and (or) third parties in whose interests the Company acts, advertising and (or) marketing campaigns, surveys, questionnaires, and marketing research regarding the services provided by the Company and / or the persons in whose interests the Company acts .
(E) communicating with the User, if necessary, including sending notifications, requests and information related to his use of the Site, rendering services, as well as processing requests and requests from the User;
(F) improve the quality of services provided, ease of use, develop new services and services;
(G) conducting statistical and other studies based on anonymized data.

4. RIGHTS OF PERSONAL DATA SUBJECTS
4.1. The User, whose personal data are processed by the Company, has the right to:
4.1.1. receive from the Company:
• confirmation of the processing of personal data by the Company;
• legal grounds and purposes for the processing of personal data;
• information about the methods of personal data processing used by the Company;
• name and location of the Company;
• information on persons who have access to personal data or to whom personal data may be disclosed in accordance with international standards in the field of personal data;
• a list of processed personal data relating to the User from whom the request was received and the source of their receipt, unless otherwise provided by law for the provision of such data;
• information on the processing time of personal data, including the storage period;
• information on ongoing or alleged cross-border transfer of personal data;
• name and address of the person processing personal data on behalf of the Company;
• other information stipulated by international standards in the field of personal data;
4.1.2. require clarification of their personal data, their blocking or destruction if personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
4.1.3. demand elimination of illegal actions of the Company in relation to his personal data;
4.1.4. appeal against the actions or inaction of the Company to the supervisory and control authority in the field of personal data protection or in court if a citizen believes that the Company processes their personal data in violation of the requirements of international personal data standards or otherwise violates its rights and freedoms ;
4.1.5. protect their rights and legitimate interests, including damages and / or moral damages in court.
4.2. The withdrawal of consent to the processing of personal data does not affect the legality of data processing based on your consent prior to its withdrawal. If you want to send a request, you should contact the Company in writing using the contact information provided below. The Company makes a decision on your request within four weeks.
4.3. The User has the right to receive personal data about him or her that he or she provided to the Company in a structured, commonly used and machine-readable format and has the right to transfer this data to another operator without objection of the Company if:
- processing is based on consent in accordance with Article 1.6. this Policy;
- processing is carried out by automatic means.
4.4. In exercising its right to data portability in accordance with clause 4.3. the User has the right to transfer personal data directly from the Company to another operator, where it is technically possible.
4.5. The exercise of the right mentioned in clause 4.3. Does not prejudice the right to delete User data. This right does not apply to the processing required for a task performed in the public interest or in the exercise of official authority granted to the Company.
4.6. The right referred to in clause 4.3. Shall not adversely affect the rights and freedoms of third parties.

5. ORDER, TERMS AND METHODS OF PROCESSING PERSONAL DATA
5.1. The processing of personal data of the User of the Website is carried out in accordance with this Policy, the User Agreement, as well as the consent of the User to the processing of personal data.
5.2. The Company processes personal data both in an automated way and without the use of automation.
5.3. The Company stops processing personal data in the following cases:
achieving the goals of personal data processing;
withdrawal of the consent of the subject of personal data;
identification of illegal processing of personal data;
termination of the Company's activities.
5.4. The processing of the User’s personal data is carried out by the Company in the following ways: collection, recording (including on electronic media), systematization, accumulation, storage, drawing up of lists, labeling, updating (updating, changing), retrieving, using, transferring (distributing, providing, access), de-identification, blocking, deletion, destruction, cross-border transfer of personal data, obtaining images by photographing, as well as performing any other actions with personal User data subject to applicable law.

6. TRANSBOUNDARY TRANSFER OF PERSONAL DATA
6.1. GETRENTACAR INC. - international company. To achieve the objectives specified in the Policy, the Company reserves the right to transfer personal data to countries other than the country from which they were originally received. User data may be transferred to countries that do not have data protection laws equivalent to the laws in force in the European Economic Area. However, prior to the commencement of the cross-border transfer of personal data, the Company is obliged to ensure that the foreign state to which the transfer of personal data is carried out ensures adequate protection of your rights as a subject of personal data.
6.2. In case of cross-border transfer of personal data, the Company protects data in accordance with this Policy, User Agreement and consent to the processing of personal data.
6.3. Information that you publish on our Website or submit for publication on our Website may be accessible via the Internet throughout the world. We cannot prevent third parties from using or misusing such information.
6.4. You expressly consent to the transmission of personal information described in this section.

7. ENSURING PERSONAL DATA SECURITY
7.1. The Company applies the necessary and sufficient organizational and technical measures, including the use of information security tools, the detection of unauthorized access facts, the restoration of personal data, the establishment of rules for access to personal data, and the monitoring and evaluation of the effectiveness of the measures applied.
7.2. All persons authorized by the Company to process personal data are familiar with the provisions of the Russian legislation on personal data, including international requirements for the protection of personal data, documents defining the Company's Policy regarding the processing of personal data, and local acts for the processing of personal data.
7.3. The Company has the following organizational measures:
- the persons responsible for organizing the processing and ensuring the security of personal data are appointed;
- developed local acts on the processing of personal data;
- internal control over the compliance of the processing of personal data with the requirements for the protection of personal data is carried out.
7.4. The Company has the following technical measures:
- Security and fire alarms, as well as video surveillance systems are installed in the buildings;
- information on paper is stored in safes or lockable cabinets, access to which is restricted;
- Physical security is provided, providing for control of access to the premises of unauthorized persons, the presence of reliable obstacles for unauthorized entry into the premises;
- the exchange of personal data during their processing in information systems is carried out via communication channels, the protection of which is ensured by implementing appropriate organizational measures and by applying technical means (using anti-virus information protection tools, firewalling and other technical means).
7.5. When collecting personal data of Users, the Company undertakes to ensure the recording, systematization, accumulation, storage, refinement (update, change), extraction of personal data of Users using databases.

8. COOKIES AND WEB BEACONS
8.1. A cookie is a file that is stored on your computer’s hard drive in your browser. Cookies can be “persistent” or “session”: a permanent cookie will be stored in a web browser and will remain valid until its expiration, unless it is deleted by the User until it expires; The cookie session expires at the end of the User's session when the web browser is closed. Cookies usually do not contain information that personally identifies the User, but personal information that we store about you may be related to information stored and obtained from cookies.
8.2. A web beacon, also called an internet or pixel tag, is used to collect information about your use of the Internet. Thanks to this, the Company can provide you with more specific information. When using the Website, the Company informs you about which cookies and web beacons are related to the Website, and you are invited to consent to the placement of these cookies and web beacons.
8.3. Blocking or deleting all cookies adversely affects the usability of many Web sites. If you block / delete cookies, you will not be able to use all the features on our Website.

9. SITES OF THIRD PARTIES
9.1. Our Website includes hyperlinks to third party websites. We do not control and are not responsible for their privacy policies and activities.

10. RESPONSIBILITY
10.1. In the event of non-compliance with the provisions of this Policy, the Company shall be liable in accordance with applicable laws of the State of Delaware (USA).
10.2. To obtain clarification on the issues of personal data processing, it is necessary to send an official request to the email address info@getrentacar.com.
10.3. In the case of a formal request from the administration of the Website, the following must be indicated in the request text:
• full name;
• the number of the main document certifying the identity of the subject of personal data or his representative, information about the date of issue of the specified document and the issuing authority;
• information confirming the fact of the processing of your personal data by the Company;
• signature.
10.4. Formal requests and complaints are submitted in writing and to the specified address of the Company, previously sent in a reliable manner. To resolve any dispute concerning the interpretation or its own jurisdiction, rely on the jurisdiction of the courts of the State of Delaware (USA).

11. LIMITATION OF PRIVACY POLICY
11.1. The personal data subjects are obliged to reasonably and responsibly approach to the placement of their own personal data in the public domain, including on the Website in the case of leaving comments and feedback.
11.2. The Company is not responsible for the actions of third parties who have gained access to the personal data of the subject through the fault of the latter.
11.3. The Company reserves the right, at its sole discretion, to make changes to this Policy at any time without any special notice. The new version of this Policy comes into force from the moment it is posted on the Website.