RentProg Privacy Policy

Last Updated: October 29, 2025

RentProg cares about your privacy. We aim to ensure that your personal data is secured by managing it in accordance with the provisions of the EU General Data Protection Regulation (GDPR) implemented on May 25, 2018, and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

RentProg is a car rental management software service. The data controller responsible for your personal data is:

RentProg LDA
Registered in Portugal
Office address: Estrada Nacional 2, N7, Carvoeira, Penacova, Portugal
Email: admin@rentprog.com
Phone: +351 925 129 909

We provide software as a service (SaaS) for rental businesses to manage their operations, including customer management, booking systems, and related services.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1. For Platform Users (Rental Business Owners/Operators):

Name and surname
Email address
Phone number
Company name and business information
Tax identification number (TIN) - required for payment processing and invoicing
Payment and billing information
Account credentials and preferences
Usage data and analytics

2.2. For End Customers (Renters) - Processed on Behalf of Our Clients:

Name and date of birth
Contact information (address, telephone number, email address)
Passport and identity document information
Driver's license information and photographs
Tax identification number (where applicable in certain jurisdictions)
Vehicle rental transaction details
Payment information (processed by third-party payment processors)
Social media account information (if provided)

3. How We Use Your Personal Data

We process your personal data for the following purposes:

3.1. Service Provision and Contract Performance:

Provide access to and operation of the RentProg platform
Process registrations and manage user accounts
Enable rental businesses to manage their operations
Process bookings and rental transactions
Provide customer support and respond to inquiries
Send service-related communications and notifications
Process payments and billing
Prevent fraud and ensure transaction security

3.2. Legal Compliance:

Comply with legal obligations and regulatory requirements
Respond to requests from government and law enforcement agencies
Establish, exercise, or defend legal claims
Maintain records for audit and compliance purposes

3.3. Business Operations:

Analyze usage patterns and improve our services
Conduct internal research and development
Maintain security and prevent misuse of our platform
Monitor and ensure system performance

3.4. Marketing (with consent):

Send promotional materials about our services and special offers
Conduct marketing campaigns and surveys
Personalize user experience and recommendations

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us at admin@rentprog.com.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to perform our contract with you and provide our services
Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, optional features)
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, service improvement, and security (provided your rights don't override these interests)
Legal Obligation: Processing required to comply with legal and regulatory obligations

You have the right to withdraw your consent at any time for processing activities based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Specific retention periods include:

5.1. Account and Service Data:

Active accounts: Retained for the duration of your subscription and service use
Inactive accounts: Deleted after 36 months of inactivity, unless legal obligations require longer retention
Transaction records: Retained for 3 years after the transaction date for accounting and legal compliance

5.2. Marketing Communications:

Marketing consent and preferences: Retained for 3 years from your last interaction with us
Cookie data and online identifiers: Retained as specified in our cookie policy (typically up to 3 years)

5.3. Customer Service Records:

General inquiries: Retained for 3 years from the date of resolution
Complaints: Retained for 3 years from the date of resolution
Support tickets: Retained for 3 years from closure

5.4. Legal and Compliance:

Litigation or disputes: All relevant information is retained until resolution and for 3 years thereafter
Regulatory investigations: Information retained for the duration of the investigation and 3 years after conclusion
Law enforcement requests: Information retained as required by applicable law and court orders

At the end of the applicable retention period, we will securely delete or anonymize your personal data in accordance with our data retention and deletion procedures.

6. Sharing Your Personal Data with Third Parties

We may share your personal data with third parties in the following circumstances:

6.1. Payment Processors:

We use third-party payment processors (such as Stripe, PayPal, Paddle, Fastspring, and other regional payment providers) to process payments. We do not store full credit card information on our servers. Payment data is transmitted directly to payment processors who are PCI-DSS compliant and implement appropriate security measures.

6.2. Service Providers:

We engage service providers to support our business operations, including:

Cloud hosting and infrastructure providers
Email delivery services
Analytics and monitoring tools
Customer support platforms

These providers act as data processors and are contractually bound to process data only on our instructions and in compliance with this Privacy Policy.

6.3. Legal Requirements:

We may disclose your personal data when required by law, including:

In response to court orders, subpoenas, or other legal processes
To comply with regulatory requirements
To protect our rights, property, or safety, or that of our users or the public
In connection with legal proceedings or investigations

6.4. Business Transfers:

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections as outlined in this policy.

6.5. With Your Consent:

We may share your data with other third parties when you have given us explicit consent to do so.

Important: We do not sell your personal data to third parties for their marketing purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include:

Encryption of data in transit and at rest
Secure authentication and access controls
Regular security audits and vulnerability assessments
Employee training on data protection
Incident response procedures
Secure data centers with physical access controls

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, as required by GDPR.

8. International Data Transfers

We primarily process and store personal data within the European Economic Area (EEA). However, in certain circumstances, your personal data may be transferred to and processed in countries outside the EEA, for example when using third-party service providers or when providing services to clients in other jurisdictions.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Binding Corporate Rules
Other legally recognized transfer mechanisms under GDPR

We ensure that any international data transfers comply with applicable data protection laws and that your data receives an adequate level of protection equivalent to that provided within the EEA.

9. Cookies and Tracking Technologies

When you visit the RentProg website, cookies and similar tracking technologies are automatically placed on your device. Cookies are small text files that help us provide and improve our services.

9.1. Types of Cookies We Use:

Strictly Necessary Cookies: Essential for the operation of our website and platform. These cannot be disabled as they are required for basic functions like authentication and security.
Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and login details.
Analytics Cookies: Help us understand how visitors use our website by collecting anonymous information about page visits, traffic sources, and user behavior. We use services like Yandex Metrica and Google Analytics.
Marketing Cookies: Used to deliver relevant advertisements and track advertising campaign effectiveness. These may be set by our advertising partners.

9.2. Managing Cookies:

You can control and manage cookies in several ways:

Use the cookie consent banner when you first visit our website
Adjust your browser settings to refuse or delete cookies
Use browser add-ons or plugins that manage cookies

Please note that blocking certain cookies may impact your experience and limit functionality of our services.

For more information about cookies and how to manage them, visit www.aboutcookies.org.

10. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

10.1. Right of Access:

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access your personal data and receive information about how we process it.

10.2. Right to Rectification:

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

10.3. Right to Erasure ("Right to be Forgotten"):

You have the right to request deletion of your personal data in certain circumstances, such as when:

The data is no longer necessary for the purposes for which it was collected
You withdraw your consent and there is no other legal ground for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

10.4. Right to Restriction of Processing:

You have the right to request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

10.5. Right to Data Portability:

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

10.6. Right to Object:

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop processing your data for that purpose.

10.7. Right to Withdraw Consent:

Where processing is based on your consent, you have the right to withdraw that consent at any time. This includes consent for:

Marketing communications
Use of optional cookies and tracking technologies
Optional platform features that require explicit consent

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.8. Right to Lodge a Complaint:

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or place of the alleged infringement if you believe that processing of your personal data violates GDPR.

Our lead supervisory authority in Portugal is:
Comissão Nacional de Proteção de Dados (CNPD)
Website: www.cnpd.pt
Email: geral@cnpd.pt

You may also contact the supervisory authority in your country of residence if different from Portugal.

10.9. Exercising Your Rights:

To exercise any of these rights, please contact us at admin@rentprog.com with "Data Subject Rights Request" in the subject line. We will respond to your request within one month, though this may be extended by two additional months in complex cases.

We may need to verify your identity before processing your request to ensure the security of your personal data.

11. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at admin@rentprog.com, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated policy on our website with a new "Last Updated" date
Sending an email notification to registered users
Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes have been made constitutes your acceptance of the updated policy.

Previous versions of this Privacy Policy are available upon request.

13. Data Controller and Data Processor Roles

It is important to understand the different roles we may play in data processing:

13.1. As Data Controller:

For platform users (rental business owners/operators), we act as a data controller for:

Account information and credentials
Billing and payment data
Usage analytics and platform interactions
Marketing preferences and communications

13.2. As Data Processor:

For end customers (renters), we act as a data processor on behalf of our clients (rental businesses) who are the data controllers. In this capacity:

Our clients determine the purposes and means of processing
We process data only on documented instructions from our clients
Our clients are responsible for obtaining consent and providing privacy notices to their customers
We assist our clients in responding to data subject rights requests

If you are a renter and have questions about how your data is processed, you should contact the rental business directly. However, you may also contact us at admin@rentprog.com.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Controller:
RentProg LDA
Registered in Portugal

Registered Office:
Estrada Nacional 2, N7
Carvoeira, Penacova
Portugal

Email:
admin@rentprog.com

Phone:
+351 925 129 909

Website:
https://rentprog.com/en/privacy

We aim to respond to all inquiries within 30 days in accordance with GDPR requirements.

Política de Privacidade