PRIVACY POLICY (GDPR)

Updated 11/13/2025

1. Trader identification details
The website rentacarsatumare.com is owned and managed by:

  • Company name: EDMEEA TRANS SRL
  • Registered office: Str. Horea 1 Cod 440010
  • Registration number at the Trade Registry: J2002000566308
  • Unique registration code (CUI): 15012950
  • Phone: +40722610682
  • General e-mail: edmeearent@gmail.com

If you have any questions regarding data processing, you can write to us at: edmeearent@gmail.com

2. What personal data we collect
Depending on how you use the Site, we may process:

  • Identification data: name, surname;
  • Contact details: e-mail, phone number, address;
  • Booking details: rental period, location, vehicle type, booking number;
  • Billing data: address, CUI (if legal entity), invoice contact details;
  • Payment details:
    • we only receive minimal information from Netopia (e.g. transaction status, amount, transaction ID);
    • we do not collect or store card details (these are processed by Netopia Payments, as a separate operator/processor).
  • Technical data: IP address, browser type, pages visited, device (via cookies and similar technologies);
  • Marketing and communication data: your preference regarding receiving offers and newsletters, unsubscribe history.

3. Purposes and grounds for processing
We process your data only for legitimate, clearly defined purposes, based on one or more legal grounds provided by GDPR.
3.1. For the provision of car rental services and administration of reservations

  • purpose: creating and managing the account (if any), processing the reservation, communicating reservation details, issuing documents;
  • ground: performance of the contract (art. 6 para. 1 lit. b GDPR).

3.2. For fulfilling legal obligations

  • purpose: invoicing, accounting records, archiving, reporting to authorities;
  • ground: legal obligation (art. 6 para. 1 lit. c GDPR).

3.3. Fraud prevention and defense of rights in court

  • purpose: preventing misuse of services, defending our rights and interests in case of litigation;
  • ground: legitimate interest (art. 6 para. 1 lit. f GDPR).

3.4. Direct marketing to existing customers (“soft opt-in”)

  • purpose: sending e-mails SMS / messages with offers and promotions for services similar to those already purchased (car rental, special offers, discounts);
  • ground: legitimate interest, combined with the exception provided in art. 12 para. (2) of Law 506/2004 – the situation in which the e-mail address is obtained directly from the customer when selling a service and in each message, the possibility to oppose simply and free of charge.

In other words:

  • when you make a reservation with us and leave us your e-mail, we may occasionally send you offers for similar services,
  • but you will always have the possibility to oppose/unsubscribe very easily.

3.5. Marketing based on consent (extended newsletter, social media custom audiences)

  • purpose: sending newsletters with general offers, special campaigns, news; creating “custom audiences” on social media platforms (e.g. displaying ads to existing customers or people with a similar profile);

If you withdraw your consent, we will no longer use your data for this marketing component, without affecting the processing carried out before the withdrawal.
3.6. Analysis and statistics regarding the use of the Site

  • purpose: traffic analysis, improving services and user experience;
  • ground:
    • legitimate interest (for strictly necessary and anonymized cookies),
    • consent (for analysis/marketing cookies that are not strictly necessary).

4. Who we disclose your data to
We may transmit your data to:

  • IT service providers (hosting, maintenance, e-mail, CRM);
  • Netopia Payments – for online payment processing;
  • e-mail marketing/SMS service providers (sending newsletters on our behalf);
  • consultants (lawyers, accountants, auditors) when necessary;
  • public authorities, when we have a legal obligation or to defend our rights.

We do not sell your personal data to third parties.
If we use social media platforms for personalized advertising, the shared data (e.g. e-mail addresses) will be transmitted under appropriate contractual and security conditions, preferably in a pseudonymized form (e.g. hash).

5. Transfer of data outside the EU/EEA

In principle, we store and process data in the European Economic Area (EEA).
If, for certain services (e.g. newsletter provider or marketing platform), a transfer to a country outside the EEA is necessary, we will ensure an adequate level of protection (standard contractual clauses, other mechanisms permitted by GDPR), and you can request details in writing.

6. Data storage duration
We keep your data only as long as it is necessary for the above purposes and in accordance with legal deadlines:

  • reservation and billing data: contract duration + period required according to tax/accounting legislation (usually 5–10 years);
  • marketing data (newsletter, offers): until withdrawal of consent / exercise of the right to object or after a reasonable period of inactivity of at least 2 years, after which we will delete or anonymize them;
  • technical data (logs, cookies): according to the Cookie Policy.

7. Your rights
According to GDPR, you have the following main rights:

  1. Right to information – to know what data we process and why;
  2. Right of access – to obtain a copy of your personal data;
  3. Right to rectification – to correct inaccurate or incomplete data;
  4. Right to erasure (“right to be forgotten”) – under certain conditions;
  5. Right to restriction of processing;
  6. Right to data portability – to receive the data in a structured format, to transmit it to another operator;
  7. Right to object – especially against processing for direct marketing purposes;
  8. The right not to be subject to a fully automated decision, including profiling, if it produces legal effects on you;
  9. Right to withdraw your consent, when the processing is based on consent.

You can exercise your rights by sending a written, dated and signed request to:

  • e-mail: edmeearent@gmail.com
  • mail: Str. Horea 1 Cod 440010

We will respond within one month of receiving the request (a term that can be extended in complex situations, according to the law).

8. Right to lodge a complaint with the ANSPDCP
If you consider that the processing of your data violates the GDPR, you have the right to contact:
The National Supervisory Authority for Personal Data Processing (ANSPDCP)

  • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, code 010336
  • E-mail: anspdcp@dataprotection.ro
  • Website: dataprotection.ro

You can also notify the competent courts.

9. Data security
We adopt appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction or unauthorized modification, such as:

  • encryption and pseudonymization where appropriate;
  • control of access to data;
  • periodic backups;
  • internal confidentiality policies and staff training.

10. Changes to the Privacy Policy
We reserve the right to periodically update this Policy.
The updated version will be published on the Site, mentioning the date of the last update. In case of substantial changes, we may inform you by e-mail or through a visible message on the Site.