Last updated: March 2025
1. Data Controller
In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter "GDPR") and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter "LOPDGDD"), we inform you that the data controller for your personal data is:
| Legal name | Azul Ventures 2022 S.L. |
|---|
| Commercial name | Azul Cars |
|---|
| Tax ID (CIF) | B72770365 |
|---|
| Registered office | C/ Sant Jaume 7, of. 6, 07012 Palma de Mallorca, Balearic Islands, Spain |
|---|
| Business address | Avenida Gabriel Roca 36, Locales A y B, 07014 Palma de Mallorca, Spain |
|---|
| Email | [email protected] |
|---|
| Telephone | +34 971 10 13 32 |
|---|
| Website | www.azulcars.es |
|---|
| Commercial Registry | Registered in the Registro Mercantil of Palma de Mallorca, on 07/12/2022, inscription number 1, volume 2978, folio 87, sheet 95366. |
|---|
2. Purpose of Data Processing
Azul Ventures 2022 S.L. processes the personal data you provide for the following purposes:
- Management of vehicle rental services: Processing reservations, managing rental contracts, processing payments, and providing customer support related to our car rental services.
- User account management: Creating and maintaining your user account, managing your preferences, and providing access to your booking history.
- Commercial communications: Sending information about our products, services, promotions, and offers that may be of interest to you, provided you have given your express consent.
- Legal compliance: Fulfilling legal obligations, including those related to tax, accounting, and traffic regulations.
- Service improvement: Analysing usage patterns and preferences to improve our website, services, and customer experience.
- Fraud prevention: Detecting and preventing fraudulent activities and ensuring the security of our services.
3. Legal Basis for Processing
The legal basis for processing your personal data is as follows, in accordance with Article 6 of the GDPR:
- Performance of a contract (Art. 6.1.b GDPR): Processing necessary for the execution of the vehicle rental contract and related services.
- Consent (Art. 6.1.a GDPR): For sending commercial communications and marketing materials. You may withdraw your consent at any time.
- Legitimate interest (Art. 6.1.f GDPR): For fraud prevention, service improvement, and internal administrative purposes.
- Legal obligation (Art. 6.1.c GDPR): For compliance with applicable tax, accounting, and regulatory requirements.
4. Data Collected
We may collect the following categories of personal data:
- Identification data: Full name, date of birth, nationality, ID document (DNI/Passport) number.
- Contact data: Email address, telephone number, postal address.
- Driving licence information: Licence number, issuing country, expiry date.
- Financial data: Payment card details (processed securely through our payment provider), billing information.
- Booking data: Rental dates, vehicle preferences, pick-up and drop-off locations.
- Navigation data: IP address, browser type, device information, pages visited, and cookies (see our Cookie Policy for details).
5. Data Retention Period
Your personal data will be retained for the time necessary to fulfil the purposes for which it was collected, and subsequently for the legally established periods:
- Contractual data: For the duration of the contractual relationship and up to 5 years thereafter (limitation period under Spanish law).
- Tax and accounting data: 4 years (General Tax Law).
- Commercial communications: Until you withdraw your consent.
- Navigation data: Maximum 13 months from collection.
6. Data Recipients
Your personal data may be communicated to the following recipients:
- Payment processors: For secure payment processing (e.g., Stripe, RedSys).
- Insurance companies: When required for vehicle rental insurance coverage.
- Public authorities: When required by law or judicial order (e.g., traffic authorities, tax authorities).
- Technology providers: Service providers that assist us in operating our website and services, under appropriate data processing agreements.
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
7. International Data Transfers
Some of our technology providers may process data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or that the recipient country has been deemed to provide an adequate level of data protection.
8. Your Rights
In accordance with the GDPR and the LOPDGDD, you have the following rights regarding your personal data:
- Right of access: To obtain confirmation of whether your personal data is being processed and to access such data.
- Right of rectification: To request the correction of inaccurate personal data.
- Right of erasure: To request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
- Right to restriction of processing: To request the limitation of the processing of your data under certain circumstances.
- Right to data portability: To receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object: To object to the processing of your personal data, including profiling.
- Right to withdraw consent: To withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us at:
- Email: [email protected]
- Post: Azul Ventures 2022 S.L., Avenida Gabriel Roca 36, Locales A y B, 07014 Palma de Mallorca, Spain
You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at www.aepd.es if you consider that your rights have been infringed.
9. Security Measures
Azul Ventures 2022 S.L. has implemented appropriate technical and organisational measures to ensure the security of your personal data and prevent its alteration, loss, unauthorised processing, or access, in accordance with Article 32 of the GDPR. These measures include encryption of data in transit, access controls, regular security assessments, and staff training on data protection.
10. Links to Third-Party Websites
Our website may contain links to third-party websites. Once you leave our website, we have no control over the privacy practices of those sites. We recommend that you review the privacy policies of any third-party websites you visit.
11. Changes to This Privacy Policy
Azul Ventures 2022 S.L. reserves the right to modify this Privacy Policy at any time. Any changes will be published on this page with an updated revision date. We recommend that you review this policy periodically.