Privacy Policy

Last updated: 24 April 2026

1. Data Controller

The Data Controller for personal data is GDIS SERVICE S.R.L., with registered office at Via Annibale Caro 52, 07026 Olbia (SS), Italy — VAT/Tax Code IT03047140904.
Email: gdis.noleggi@gmail.com — Phone: +39-352-045-9150.

2. Categories of Data Processed

  • Identification and contact data: first name, surname, email, phone, tax code (where provided).
  • Identity documents: driving licence (front and back) and, where applicable, the second driver's document.
  • Booking data: chosen vehicle, pick-up/drop-off dates and locations, electronic signature on the contract.
  • Technical data: IP address, browser type, pages visited (server logs and technical cookies).

3. Purposes and Lawful Bases

  • Performance of the rental contract (Art. 6.1.b GDPR).
  • Compliance with tax and legal obligations (Art. 6.1.c GDPR).
  • Handling enquiries via the contact form (consent, Art. 6.1.a GDPR).
  • Aggregated browsing analytics — only with prior consent (Art. 6.1.a GDPR).

4. Retention

Contractual data are retained for 10 years for tax purposes. Browsing and analytics data are kept for a maximum of 14 months. Uploaded driving licences are automatically deleted 12 months after the end of the rental, save for legal obligations.

5. Recipients and Transfers

Data are processed by authorised personnel and by external processors: Supabase (database and storage hosting — EU servers), Cloudflare (anti-fraud protection), electronic signature provider and internal management system. No transfers outside the EU take place without appropriate safeguards under Articles 44 et seq. GDPR.

6. Data Subject Rights

You have the right of access, rectification, erasure, restriction, portability, objection to processing and to withdraw consent (Articles 15-22 GDPR). You may exercise them by writing to gdis.noleggi@gmail.com. You also have the right to lodge a complaint with the Italian Data Protection Authority ( www.garanteprivacy.it ).

7. Security

We adopt appropriate technical and organisational measures: TLS-encrypted transport, private storage with time-limited signed URLs, access restricted to authorised personnel, password policy and MFA for internal systems.

8. Changes

This notice may be updated. Updated versions are published on this page with the revision date.

Book Now