Legal

Privacy Policy

Effective Date: June 2025 · Governed by Greek Law & EU GDPR · Jurisdiction: Kefalonia Courts · Operator: Kondi Marko

Preamble

Introduction

Assos Moto Rent And Go, operated by Kondi Marko, with registered place of business at Unnamed Road 0, Asos 280 84, Kefalonia, Greece (hereinafter "the Company," "we," "us," or "our"), is committed to protecting the personal data of all individuals who interact with our business, including customers, website visitors, and prospective renters.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we retain it, who we share it with, and what rights you hold under applicable data protection law. It applies to all personal data collected through our website at https://assos-moto.lovable.app/, by telephone, by email, and in person at our station in Asos, Kefalonia.

This policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, "GDPR"), Greek Law 4624/2019 implementing the GDPR in Greece, and all other applicable data protection legislation in force in Greece and the European Union.

By using our services, visiting our website, or entering into a rental agreement with us, you acknowledge that you have read and understood this Privacy Policy.

Section 1

Who We Are (Data Controller)

Data Controller

Assos Moto Rent And Go, operated by Kondi Marko.

Contact for Data Matters

mrkkondi@gmail.com / +30 6986699311

For the purposes of the GDPR, the Data Controller is Kondi Marko, trading as Assos Moto Rent And Go, Unnamed Road 0, Asos 280 84, Kefalonia, Greece. As Data Controller, we determine the purposes and means by which your personal data is processed. If you have any questions about how we handle your personal data, or if you wish to exercise any of your rights under applicable data protection law, you may contact us directly at the details above. We will respond to all data-related enquiries within thirty (30) days of receipt.

Section 2

What Personal Data We Collect

We collect and process the following categories of personal data.

Data Category	Specific Data Points	How Collected
Identity Data	Full name, date of birth, nationality, gender	In person at station, online booking form, email
Contact Data	Email address, telephone number, residential address	Online booking form, telephone, in person
Identification Documents	Passport number or national ID card number, issuing country, expiry date	In person at station upon vehicle collection
Driving Licence Data	Licence number, category, issuing country, expiry date, any endorsements	In person at station upon vehicle collection
Payment Data	Credit or debit card type, last four digits, payment transaction reference. Full card numbers are never stored by the Company.	POS terminal, bank transfer records
Rental Transaction Data	Booking reference, vehicle rented, rental dates, mileage, fuel level, damage notes, deposit amount	Generated at time of rental
Accident & Incident Data	Details of any accident, damage, or theft report filed during or after the rental	Reported by Renter or authorities
Communication Data	Emails, SMS messages, and written communications exchanged between the Renter and the Company	Email, telephone, in person
Website Usage Data	IP address, browser type, pages visited, time on site, referring URL, cookies	Automatically via website analytics tools

We do not intentionally collect special categories of personal data (also known as sensitive data), which includes data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation. If any such data is incidentally disclosed to us, we will not process it for any purpose and will delete it promptly.

Section 3

Why We Collect Your Data & Legal Basis

Purpose of Processing	Legal Basis under GDPR	Details
Fulfilling the rental agreement	Article 6(1)(b) — Contract performance	Processing your booking, issuing a rental contract, collecting and returning the vehicle, managing the rental period.
Processing payments and security deposit	Article 6(1)(b) — Contract performance	Charging the rental fee, placing and releasing the security deposit, issuing receipts and invoices.
Insurance administration	Article 6(1)(b) — Contract performance / Article 6(1)(c) — Legal obligation	Providing your details to our insurance provider as required under Greek insurance law and the terms of our insurance policy.
Compliance with Greek and EU legal obligations	Article 6(1)(c) — Legal obligation	Retaining rental records for tax purposes, providing data to Greek tax authorities, responding to law enforcement requests, filing accident reports as required by Greek legislation.
Traffic violation and fine administration	Article 6(1)(c) — Legal obligation / Article 6(1)(f) — Legitimate interests	Identifying the driver responsible for a traffic violation and providing their details to the relevant Greek authorities as required by law.
Damage recovery and legal claims	Article 6(1)(f) — Legitimate interests	Pursuing recovery of costs arising from damage, loss, or outstanding obligations through civil legal proceedings if necessary.
Customer communications	Article 6(1)(b) — Contract performance / Article 6(1)(f) — Legitimate interests	Responding to enquiries, confirming bookings, notifying changes, sending rental-related information.
Improving our website and services	Article 6(1)(f) — Legitimate interests	Analysing website usage patterns to improve usability, content, and the booking experience.
Marketing communications	Article 6(1)(a) — Consent	Sending promotional emails or messages about our services, only where the individual has explicitly opted in. You may withdraw consent at any time.

Section 4

How We Share Your Personal Data

We do not sell, rent, or trade your personal data to any third party for commercial purposes. We may share your personal data with the following categories of recipients only where necessary and for the purposes described in Section 3.

Insurance Providers

We share relevant personal data including your name, driving licence details, and accident information with our insurance provider as required to administer the insurance included in your rental and to process any claims.

Greek Law Enforcement & Judicial Authorities

We are legally obligated to provide personal data to the Hellenic Police, Greek courts, tax authorities, or other competent public authorities upon lawful request. This includes providing driver identification details in response to traffic violation notices.

Greek Tax Authorities (AADE)

We are required to retain and submit financial and transactional records to the Greek Independent Authority for Public Revenue as required by Greek tax law.

Legal Advisors and Debt Recovery

In the event of a legal dispute or unpaid debt, we may share relevant personal data with our legal representatives or authorised debt recovery agents operating within the European Union.

Website Service Providers

Our website may use third-party analytics and hosting providers (such as analytics platforms and cloud hosting services). These providers may process your IP address and usage data on our behalf. They act as data processors under written agreements and may not use your data for their own purposes.

Payment Processors

Payment card transactions are processed through a POS terminal provider. The Company does not store full card numbers. The terminal provider is independently responsible for the security of card data under applicable payment industry standards (PCI-DSS).

All third parties with whom we share personal data are required to handle it in accordance with applicable data protection law. We do not transfer personal data outside the European Economic Area (EEA) unless appropriate safeguards are in place as required by Chapter V of the GDPR.

Section 5

How Long We Retain Your Personal Data

Data Category	Retention Period	Reason
Rental contract and transaction records	10 years from the date of the rental	Greek tax law requires retention of financial records for a minimum of 10 years
Identity and driving licence data	Duration of rental plus 5 years	Legal claims limitation period under Greek civil law
Accident and incident reports	10 years from the date of the incident	Insurance claim resolution and potential legal proceedings
Payment records	10 years	Greek tax and accounting obligations
Communication records	3 years from the date of communication	Resolution of potential disputes
Traffic violation records	Until the fine is fully resolved and paid, plus 2 years	Legal obligation and dispute resolution
Website usage and analytics data	26 months	Industry standard for analytics data and improvement of services
Marketing consent records	Until consent is withdrawn, plus 3 years	Proof of consent under GDPR

After the applicable retention period has expired, personal data will be securely deleted or anonymised so that it can no longer be linked to an individual. Where data must be retained for legal reasons but is no longer needed for operational purposes, it will be archived and access to it will be restricted.

Section 6

Cookies & Website Tracking

Our website at https://assos-moto.lovable.app/ may use cookies and similar tracking technologies to improve user experience, analyse traffic patterns, and understand how visitors interact with our content.

Cookie Type	Purpose	Duration
Strictly Necessary	Required for the website to function correctly. These cannot be disabled.	Session
Analytics / Performance	Used to collect anonymised information about how visitors use the site, including pages visited and time spent. We use this data to improve the website.	Up to 26 months
Functional	Used to remember preferences such as language or previously entered booking information.	Up to 12 months
Marketing / Targeting	Used to show relevant advertising. We do not currently use marketing cookies but may do so in the future with your consent.	N/A

You may control or disable cookies through your browser settings at any time. Disabling strictly necessary cookies may affect the functionality of the website. Where we use non-essential cookies, we will request your consent in accordance with applicable law before placing them on your device.

Section 7

Your Rights Under GDPR

Under the General Data Protection Regulation and Greek data protection law, you have the following rights in relation to your personal data.

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will provide this within thirty (30) days of your request.

Right to Rectification (Article 16)

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. We will correct inaccurate data promptly upon verification.

Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where the processing is unlawful. This right is subject to our legal obligations to retain certain data, as described in Section 5.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of the data is being verified or while an objection to processing is being considered.

Right to Data Portability (Article 20)

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data where it is based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or where the processing is for the establishment, exercise, or defence of legal claims.

Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent (for example, for marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with the Greek Data Protection Authority (Hellenic Data Protection Authority — HDPA) if you believe that our processing of your personal data infringes applicable data protection law. The HDPA can be contacted at: Hellenic Data Protection Authority, Kifissias 1-3, 115 23 Athens, Greece. Website: www.dpa.gr. Telephone: +30 210 6475 600.

To exercise any of the above rights, please contact us in writing at mrkkondi@gmail.com or by post to our registered address. We may need to verify your identity before processing your request. There is no charge for exercising your rights unless the request is manifestly unfounded or excessive.

Section 8

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include physical security of our premises and paper records, restricted access to personal data on a need-to-know basis, use of secure email communications where possible, and secure handling of payment data through PCI-DSS compliant POS terminals.

No method of transmission over the internet or method of electronic storage is completely secure. While we take all reasonable steps to protect your personal data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Hellenic Data Protection Authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34 of the GDPR.

Section 9

Children's Data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under the age of 16. The minimum age for renting a motorised vehicle from us is 20 years old, and all renters must provide proof of age and identity at the time of collection. If we become aware that we have inadvertently collected personal data from a child under the age of 16 without appropriate parental or guardian consent, we will delete that data promptly. If you believe that we may have collected personal data from a child, please contact us immediately at mrkkondi@gmail.com.

Section 10

Links to Third-Party Websites

Our website may contain links to third-party websites, services, or platforms, including booking platforms, map services, or social media pages. This Privacy Policy applies only to our own website and services. We are not responsible for the privacy practices of any third-party websites and encourage you to read their privacy policies before providing any personal data to them. The inclusion of a link on our website does not constitute an endorsement of the linked website or its privacy practices.

Section 11

International Data Transfers

We are based in Greece, which is a member state of the European Union, and process personal data within the European Economic Area (EEA). We do not routinely transfer personal data outside the EEA. In the rare circumstance where a transfer outside the EEA is required, for example where a renter is based outside the EEA and requests copies of their data, we will ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including reliance on adequacy decisions issued by the European Commission, or the use of Standard Contractual Clauses approved by the European Commission.

Section 12

Legal Basis Summary

Important: Our Processing is Grounded in Law

All personal data processing carried out by Assos Moto Rent And Go is based on one or more of the following legal grounds under Article 6 of the GDPR: (a) your explicit consent; (b) the necessity of processing to perform the rental contract with you; (c) compliance with a legal obligation under Greek or EU law; or (f) our legitimate interests, where these are not overridden by your fundamental rights and freedoms. Where we rely on legitimate interests, we have carefully balanced our interests against your rights and concluded that our processing is proportionate and does not cause undue harm. You may request further information about our legitimate interests balancing assessment by contacting us directly.

Section 13

Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or improvements to our services. The current version of this Privacy Policy will always be available on our website at https://assos-moto.lovable.app/privacy-policy. The effective date at the top of this page will be updated whenever a material change is made. We encourage you to review this policy periodically. Where changes are material and you are an existing customer, we will make reasonable efforts to notify you directly by email where we hold your contact details.

Section 14

Governing Law & Supervisory Authority

This Privacy Policy is governed by and construed in accordance with the laws of Greece and the applicable regulations of the European Union, including the GDPR. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Kefalonia, Greece. The competent supervisory authority for data protection matters in Greece is the Hellenic Data Protection Authority (HDPA).

HDPA Website

www.dpa.gr

HDPA Telephone

+30 210 6475 600

Contact

Get in Touch

Data Controller: Kondi Marko

Trading as Assos Moto Rent And Go

Unnamed Road 0, Asos 280 84, Kefalonia, Greece
+30 6986699311
mrkkondi@gmail.com
Data Protection Enquiries: mrkkondi@gmail.com

Response time: within 30 days of receipt

This Privacy Policy was last updated in June 2025. Assos Moto Rent And Go is committed to protecting your personal data in accordance with Greek law and the General Data Protection Regulation (EU) 2016/679.

Assos Moto Rent And Go | Operated by Kondi Marko | Asos 280 84, Kefalonia, Greece | Governed by Greek Law & EU GDPR | Supervisory Authority: Hellenic Data Protection Authority (HDPA)