Why can Koala process my personal data? (Legal basis and legal background of data management)
1. When reserving a car
Koala is entitled to process your personal data in connection with your car rental contract, so your personal data is
Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
is necessary for the performance of the contract according to the provisions of
If you do not provide us with your personal data in accordance with this Notice,
we cannot fulfill your reservation because we cannot match the customer to it.
In order to facilitate the reservation, you have the opportunity to save your data in the so-called profiling
with function. The legal basis for data management is Article 6, Paragraph 1, Point a) and Point b) of the GDPR. THE
Users contact the Data Controller voluntarily, register voluntarily, and purchase voluntarily
use the service of the Data Manager.
The User has the right to withdraw his consent at any time. The consent
its withdrawal does not affect the legality of data processing based on consent, prior to its withdrawal.
If you withdraw your consent, we will delete your data. You sent your consent to the email address below
you can withdraw it by letter: you need a special address!
Which of my data does Koala manage?
(Scope of processed personal data)
When reserving a car, Koala uses your name, address, and date of birth to complete the reservation
time, e-mail address, telephone number, billing address and bank or credit card
treats your data as personal data.
If the rental contract is concluded between us, you will be in our office when you take over the car
we process data on your driver’s license, identity card and address card
(license number, year of acquisition, expiration date, residential address, identity card number).
Profiling uses your name, place and time of birth, driver’s license data (date of issue,
place, number, expiry date), identity card number (issue date, place, number, expiry date
time) your e-mail address, telephone number, billing address and bank or credit card
treats your data as personal data.
Please, in order to minimize data, only provide personal data
restrict yourself to what you think is essential for us to fulfill the order
required. Please avoid entering unnecessary, sensitive data (e.g. political, religious
view, ethnicity, etc.), Kola does not manage such data, it deletes such data, they
assumes no responsibility for unnecessary submission.
Why does Koala process my personal data?
(Purpose of data management)
The purpose of your personal data is to meet the needs of the reservation you submitted
completion in a time interval.
The purpose of data management in case of booking:
– Confirmation, modification or cancellation of your reservation;
– sharing information in connection with your booking (e.g. providing information about your booking,
sending a reminder notification before logging in/out, any questions or
responding to your suggestions);
– fulfillment of possible additional demands.
The purpose of data management is to facilitate further bookings upon registration.
How long does Koala store my data?
(Duration of data management)
In accordance with the accounting rules, the data about your reservation (name and address) will be kept for 8 years
let’s keep it.
Bank card/credit card data storage period: return of the car + 1 year
Personal document data storage period: 8 years
Phone number, e-mail address, birth data storage period: 8 years
How does Koala ensure the security of my personal data?
(Data security measures)
Koala takes care of the security of personal data, has made them technical and
organizational measures, and established the procedural rules that govern the data and
are necessary to enforce confidentiality rules. It protects personal data in particular
unauthorized access, alteration, transmission, disclosure, deletion or
destruction and against accidental destruction and damage.
Koala has established appropriate authorization levels for access to personal data
(only authorized employees can access it), the paper-based documents are locked
room, the digitized data is kept under appropriate technical protection.
Who else can see my personal data besides Koala?
(Data access and data transmission, data processor(s) used)
Employees of Koala are authorized to learn and process your personal data
Countplus Kft., KBOSS Kft. (szamlazz.hu) MiniCRM Zrt.
are forwarded to
The Data Manager’s servers are operated by an authorized company and maintained in the event of a problem:
The Data Controller uses a server service that is operated by an additional commissioned company and maintained in the event of a problem:
1600 Amphitheater Parkway,
The Service Provider transmits to Google the data of events related to the visit of the Website (clicks; page downloads; time of purchase, purchased items and their prices), as well as the User’s electronic mail address. These data play a role in improving the Website’s services, preparing statistical data, and personalizing the Service Provider’s marketing campaigns.
Facebook Ireland Ltd.,
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2 Ireland
The Service Provider transmits to Facebook the data of events related to the visit of the Website (clicks; page downloads; date of purchase, purchased items and their prices), as well as the User’s electronic mail address. These data play a role in improving the Website’s services, preparing statistical data, and personalizing the Service Provider’s marketing campaigns.
The Data Controller implements appropriate technical and organizational measures, taking into account the state of technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons, in order to ensure that the extent of the risk guarantees an adequate level of data security.
The Data Manager protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.
The Data Controller’s IT system and network are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. Data manager takes care of security with server-level and application-level protection procedures.
Regardless of the protocol (e-mail, web, ftp, etc.), electronic messages transmitted over the Internet are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the Data Controller takes all the necessary precautions. Monitors systems to capture any security deviations and provide evidence for any security incident. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.
The Data Controller keeps records of any data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.
If you are involved in an accident with the car, the insurer of the other party involved in the accident
we will forward your name, address and driver’s license number to you. The purpose of data management is a
We would like to inform you that we do not forward your data to third countries or international organizations.
Koala may be required by law to provide investigative authorities, police,
hand over your personal data to the court, if you receive an obligation or invitation to do so
or justified during the official inspection. Abroad and for a third party,
data is not transmitted for statistical purposes.
What rights do I have in relation to personal data management?
Within the period of data management, you (according to Articles 14-23 of the Infotv. and 15-21 of the GDPR)
are entitled to the following:
Right to information: You can request information from us within the period of data management a
on the management of your personal data. As soon as possible after submitting your application (but
within a maximum of 1 month) we will inform you in writing, in an understandable form, about your processed data, that is
about the purpose, legal basis, duration of data management, and – if applicable, also about the transmission of data
took place – about who receives or received the data and for what purpose.
Right to blocking (except in the case of mandatory data processing according to the GDPR): You can request
to lock the data instead of deleting it, if it indicates a purpose (e.g. investigation, crime
detection), which excludes deletion. Locked personal data can only be processed for as long as
the data management purpose exists which precluded the deletion of personal data.
Right to erasure / oblivion (except in the case of mandatory data management): You can request that
we delete your personal data, one of the cases listed in points a)-f) of Article 17 of the GDPR exists
(e.g. the purpose of data management has ceased).
The right to object (except in the case of mandatory data processing according to the GDPR):
• if the use or transmission of personal data is for direct business acquisition, public opinion
for the purpose of research or scientific research.
If you believe that Koala has violated any of the laws relating to data management
provision, then in order to terminate the illegal data processing you suspect
please contact us first using the contact details in the first column (data manager
contact details) on any of them. If this is ineffective, the National Data Protection and
You can initiate the procedure of the Freedom of Information Authority (NAIH) (address: H-1125
Budapest, Szilágyi Erzsébet fasor 22/c.; e-mail: email@example.com), and Infotv. § 22-
can go to court as specified in
We would like to inform you that we do not perform automated decision-making and profiling.
Valid from May 3, 2019
Koala Tartósbérlet Kft.