Privacy Policy

Last updated

13.05.2026

Who we are

This website ( rentolux.com) is operated by CIC PARTNER S.a.r.l, a company registered in Luxembourg under company law.

Registered Address: 62 Rue de Strassen, 2555 Luxembourg

Email: [email protected]

Rentolux is the brand under which CIC PARTNER S.a.r.l provides luxury car rental services in the EU.

What personal data we collect and why we collect it

  • Identity information: First and last name
  • Contact information: Email address, phone number, residential address
  • Technical data: IP address, browser type, device information
  • Transactional data: Payment status and details (via Stripe – we do not store card numbers)
  • Booking information: Vehicle selection, rental period, location

We collect this data to:

  • Process and manage your bookings
  • Fulfill contractual obligations (rental agreement)
  • Comply with legal requirements (e.g. insurance, traffic fines)
  • Send confirmation and service messages
  • Send promotional and advertising messages (with consent)
  • Prevent fraud and misuse

We do not collect or retain any sensitive data (e.g. health or biometric data).

Legal basis: Data is collected based on contract performance, legal obligations, legitimate interest, and/or your explicit consent (for marketing and cookies).

Comments

We do not currently allow public comments on our website. If this changes, we will update this policy accordingly.

Media

Users cannot upload media files to the site. All uploaded images are controlled by our administrators.

Contact forms

When users submit a contact form, we collect their name, email, and message content. This data is stored for up to 12 months for customer service purposes and is not used for marketing unless the user opts in.

Cookies

We use CookieYes to manage cookie consent. The following types of cookies may be used:

  • Essential cookies: Required for site functionality
  • Analytics cookies: To understand how users interact with our website
  • Marketing cookies: To serve targeted ads (only with consent)

You can manage your cookie preferences at any time via the banner or settings.

Analytics

We use Google Analytics to track anonymized website usage. Users can opt out of tracking via the Google Analytics opt-out browser add-on. Read Google’s privacy policy: https://policies.google.com/privacy

Who we share your data with

Recipient Purpose Type of Data Shared Privacy Policy
Stripe Payment processing Billing details, name, email stripe.com/privacy
CookieYes Cookie consent management IP address, consent status cookieyes.com/privacy-policy
Hosting Provider Website hosting and security Technical and traffic data On request

We do not sell your data or share it with advertisers.

How long we retain your data

  • Contact form entries: up to 12 months
  • Booking records: 10 years (for legal/accounting purposes)
  • Cookie and analytics data: up to 14 months
  • Payment data: handled by Stripe, per their retention policy
  • Marketing consent: retained until you withdraw your consent

What rights you have over your data

As an individual under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Withdraw consent at any time
  • File a complaint with a supervisory authority

To exercise your rights, please contact: [email protected]

Where your data is sent

All data is processed and stored within the European Union. No data is transferred outside the EU unless through GDPR-compliant mechanisms such as Standard Contractual Clauses (SCCs). Stripe and Google comply with EU data protection standards.

Contact information

CIC PARTNER S.a.r.l

62 Rue de Strassen, 2555 Luxembourg

Email: [email protected]

We currently do not have a designated Data Protection Officer (DPO).

Additional information

How we protect your data

  • HTTPS encryption
  • Secure servers with limited access
  • Regular security audits
  • Role-based access control for staff
  • Stripe for PCI-compliant payment processing

What data breach procedures we have in place

  • Notify affected users without undue delay
  • Inform relevant data protection authorities
  • Take corrective actions to minimize impact
  • Document the breach in accordance with GDPR Article 33

What third parties we receive data from

We do not receive personal data from third parties except from Stripe for payment confirmations or from analytics providers (Google Analytics) in aggregate form.

What automated decision making and/or profiling we do with user data

We do not use automated decision-making or profiling that significantly affects users.

Industry regulatory disclosure requirements

We operate within the European Union and comply with applicable GDPR and consumer protection regulations.