Privacy Policy

At WAYGO, we value your privacy and commit to protecting your personal data. This privacy policy outlines how we collect, use, store, and protect the information of visitors to our website.

We are committed to providing a secure and trustworthy experience when you browse our website. We acknowledge the importance of maintaining the privacy of your personal data and guarantee that all information collected will be treated in accordance with applicable data protection laws.

Although our website is static and does not require you to provide personal information, we want to clarify what kind of information we may collect automatically, as well as the security procedures we have implemented to protect that information.

We recommend that you read this privacy policy carefully to understand what information will be handled when using the WAYGO website. By continuing to browse our site, you agree to the practices described in this policy.

Please note that this privacy policy applies exclusively to the WAYGO website and does not cover third-party websites that may be linked from our site.

Should you have any questions or concerns about our privacy policy, feel free to contact us through the channels provided at the end of this document. We are always available to clarify any questions regarding the handling of your personal data and your privacy.

Thank you for trusting WAYGO as your source for a rent a car. We are committed to protecting your privacy and ensuring a safe experience on our website.

Sincerely,

The WAYGO Team,

B - GENERAL PART

As part of the availability of the website hosted at https://www.waygo.pt , Renteuropa Lda, headquartered at Estrada Real D. Maria II nº7, 2480-109 Pedreiras, registered in the commercial registry office (INSERT CITY OF REGISTRATION) with taxpayer number 508 435 200, hereinafter referred to as “WAYGO,” may request the user to provide personal data, i.e., information provided by the user that allows WAYGO to identify and/or contact them ("personal data").

Through this privacy policy, WAYGO provides the user, in accordance with their right to information as set out in the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016) and the Portuguese Data Protection Law (Law No. 58/2019 of 8 August), detailed information about the nature of the data collected and the purpose and treatment to be carried out regarding your Personal Data.

1.1 1 Collection and Processing of User Data

WAYGO collects and processes the following personal data of visitors to this website:

1.1.1 2.1 Information Collected Automatically

During a visit to the WAYGO website, we automatically collect certain information through tracking tools and technologies, such as cookies and server logs. This information may include your IP address, browser type, operating system, preferred language, date and time of access, pages visited, and other technical data. This information is collected for traffic analysis, enhancing user experience, and ensuring website security.

Contact Information.

Name, country, phone/mobile number, and email.

Vehicle reservation details. Reserved vehicle group(s), pick-up and drop-off date, time, and location.

Flight number associated with the reservation.

Billing Information

Full name, address, tax identification number (NIF), and payment information.

Mandatory Legal Data

Any data legally required for compliance with legal obligations, including but not limited to identification data required for security checks and compliance with applicable laws.

Payment Data

Payment data will be collected and processed directly by third-party entities, namely STRIPE TECHNOLOGY EUROPE LIMITED and IFTHENPAY LDA.

1.1.2 Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience while browsing the WAYGO website. Cookies are small text files stored on your device that may contain information such as user preferences, selected language, previously visited pages, and other settings. This information helps us customize the content and provide features and functionalities tailored to your interests. You have the option to disable cookies in your browser, but this may affect the website’s functionality. For more information, please refer to our cookies policy https://www.waygo.pt/en/cookie-policy.

1.1.3 Third-Party Links

The WAYGO website may contain links to third-party websites, such as affiliate partners or providers. This Privacy Policy applies only to our website and does not cover third-party sites. We recommend that you review the privacy policies of those sites before providing any personal data.

1.1.4 Security

We have implemented appropriate security measures to protect the information collected automatically during your visit to our website. These include using security protocols such as SSL encryption to protect information transmitted between your browser and our server. However, it is important to note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security of the data provided.

1.1.5 Changes to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes will take effect from the update date indicated at the top of this page. We recommend that you periodically review this Privacy Policy to stay informed about how we protect your information.

2. Communication of Data

Personal data collected is not shared with third parties without the user’s consent, except in the following situations:

Communications required by law to comply with a legal obligation.

Suppliers that provide services as subcontractors (cf. section 2.1. of this Privacy Policy)

2.1.1 Data processors

In the context of processing user data, WAYGO may use or will use third-party entities it subcontracts to, who on behalf of WAYGO and in accordance with its instructions, will process user data in strict compliance with applicable law and this privacy policy.

These subcontracted entities cannot transfer user data to other entities without prior written consent from WAYGO, and are also prohibited from subcontracting other entities without prior authorization.

WAYGO commits to subcontract only entities that provide sufficient guarantees regarding the execution of appropriate technical and organizational measures to protect the user’s data. All subcontracted entities will be bound to WAYGO through a written contract, regulating, among other aspects, the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and the rights and obligations of the parties.

3. General Principles Applicable to the Processing of User Data

In the context of personal data processing, WAYGO commits to ensuring that the user’s data is:

Processed lawfully, fairly, and transparently concerning the user.

Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Adequate, relevant, and limited to what is necessary concerning the purposes for which it is processed.

Accurate and updated when necessary, with all appropriate steps taken to ensure that inaccurate data, considering the purposes for which it is processed, are erased or rectified promptly.

Kept in a form that allows identification of the user only for the period necessary for the purposes for which the data is processed.

Processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

4. Legitimate Basis for Processing Personal Data

WAYGO processes data lawfully in the following situations:

The user has given their explicit consent for processing for one or more specific purposes.

Processing is necessary for the performance of a contract to which the user is a party or for pre-contractual measures at the user’s request.

Processing is necessary for compliance with a legal obligation to which WAYGO is subject.

Processing is necessary to protect the vital interests of the user or another individual.

Processing is necessary for the legitimate interests pursued by WAYGO or by third parties, except where such interests are overridden by the user’s interests or fundamental rights and freedoms.

WAYGO ensures that data processing is carried out under these lawful conditions and respects the above-mentioned principles.

If data processing is based on the user’s consent, the user has the right to withdraw consent at any time, though withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

5. Retention Period for Personal Data

Personal data will be stored only for the minimum period necessary for the purposes for which it was collected or subsequently processed, after which it will be deleted, except where legal requirements necessitate longer retention periods.

6. Purposes of Processing Personal Data

In the context of website operations, WAYGO processes user data for the following purposes:

- Ensuring the website’s functionality and maintenance.

- Load balancing and scalability analysis.

7. Technical, Organizational, and Security Measures Implemented

To guarantee user data security and confidentiality, WAYGO processes personal data confidentially, according to its internal security and document classification policies, which are updated periodically. WAYGO applies appropriate technical and organizational measures to ensure the protection of personal data, taking into account the nature, scope, and context of processing, as well as the risks to users' rights and freedoms.

General measures include

Regular audits to assess the effectiveness of technical and organizational measures.

Staff awareness and training on data processing.

Pseudonymization and encryption of personal data.

Mechanisms to ensure the confidentiality, availability, and resilience of information systems.

Systems capable of restoring access to personal data in a timely manner after physical or technical incidents.

8. Data Transfers Outside the European Union

WAYGO does not share personal data with third parties located outside the European Union. If such a transfer is required in the future, WAYGO will ensure compliance with applicable legal provisions, particularly regarding the adequacy of protection in the destination country and the applicable requirements for such transfers.

C - 1 Data Subject Rights

9. Right of Access to Personal Data

WAYGO guarantees users the means to access their personal data. Users have the right to obtain confirmation from WAYGO on whether personal data concerning them is being processed and, if so, access to such data. Upon request, WAYGO will provide a free copy of the personal data undergoing processing. Additional copies requested by the user may incur administrative fees.

10. Direito de retificação de dados pessoais

The user has the right to request rectification of their personal data at any time and the right to have incomplete personal data completed, including by providing a supplementary statement. In case of data rectification, WAYGO will inform each recipient to whom the data was disclosed, unless this proves impossible or involves disproportionate effort.

11. Right to Erasure of Personal Data (“Right to be Forgotten”)

The user has the right to obtain from WAYGO the erasure of their personal data when one of the following grounds applies:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

The user withdraws consent on which the processing is based, and there is no other legal ground for the processing.

The user objects to the processing pursuant to their right to object, and there are no overriding legitimate grounds for the processing.

The personal data has been unlawfully processed

The personal data must be erased to comply with a legal obligation to which WAYGO is subject.

The personal data has been collected in relation to the offer of information society services to children.

However, under applicable legal provisions, WAYGO is not obliged to erase the personal data to the extent that processing is necessary:

For exercising the right to freedom of expression and information.

For compliance with a legal obligation that requires processing by law to which WAYGO is subject.

For reasons of public interest in the area of public health.

For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

For the establishment, exercise, or defense of legal claims.

In the event of erasure, WAYGO will inform each recipient to whom the data has been transmitted of the erasure unless this proves impossible or involves disproportionate effort. When WAYGO has made personal data public and is obliged to erase it under the right to be forgotten, WAYGO will take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the user has requested the erasure of any links to, or copies or replication of, such personal data.

12. Right to Restriction of the Processing of Personal Data

The user has the right to obtain from WAYGO the restriction of the processing of their data if one of the following applies (restriction consists of marking the retained personal data with the aim of limiting its future processing):

If the user contests the accuracy of the personal data, during a period that allows WAYGO to verify its accuracy.

If the processing is unlawful, and the user opposes the erasure of the data and instead requests the restriction of its use.

If WAYGO no longer needs the data for processing purposes but they are required by the user for the establishment, exercise, or defence of legal claims.

If the user has objected to the processing until it is verified that WAYGO’s legitimate grounds override those of the user.

When the processing of data is restricted, the data can only be processed, aside from being stored, with the user’s consent or for the establishment, exercise, or defence of legal claims, the protection of the rights of another individual or legal entity, or for reasons of significant public interest.

In case of restriction of data processing, WAYGO will inform each recipient to whom the data was disclosed, unless this proves impossible or involves disproportionate effort.

13. Right to Data Portability

The user has the right to receive personal data concerning them, which they have provided to WAYGO, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller if:

The processing is based on the user’s consent or a contract in which the user is a party.

The processing is carried out by automated means.

The right to portability does not include derived or inferred data (i.e., personal data generated by WAYGO as a consequence or result of the analysis of the data being processed). The user also has the right to have personal data transmitted directly from one controller to another when technically feasible.

14. Right to Object to Processing

The user has the right to object, at any time, for reasons related to their particular situation, to the processing of personal data concerning them, based on WAYGO’s legitimate interests or for purposes other than those for which the data was collected, including profiling or data processing for statistical purposes.

WAYGO will cease processing the user’s data unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the user or for the establishment, exercise, or defence of legal claims.

If the user objects to the processing of their data for direct marketing purposes, WAYGO will cease processing the data for that purpose.

The user also has the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for the performance of a contract between the user and WAYGO, is authorized by law, or is based on the user’s explicit consent.

15. Procedures for Exercising User Rights

The right of access, the right to rectification, the right to erasure, the right to restriction, the right to data portability, and the right to object can be exercised by the user by contacting WAYGO’s Data Protection Officer at [email protected] or via written communication to Estrada Real D. Maria II nº7, 2480-109 Pedreiras.

WAYGO will respond in writing (including electronically) to the user’s request within one month of receiving it, unless the request is particularly complex or if there are numerous requests, in which case the response time may be extended to two months.

If the user’s requests are manifestly unfounded or excessive, particularly due to their repetitive nature, WAYGO reserves the right to charge administrative fees or refuse to process the request.

Additionally, the user has the right to lodge a complaint with the relevant supervisory authority:

Portugal:

Proteção de Dados - Comissão Nacional de Proteção de Dados, sita na Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa, com o telefone (+351) 213928400 e email: [email protected]

Espanha:

Agencia Española de Protección de Datos, sita na C/ Jorge Juan, 6 28001-Madrid, com o telefone (+34) 900 293 183 , e através da via eletrónica na seguinte hiperligação.

França:

Commission nationale de l'informatique et des libertés sita na 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07, com o telefone +33 (0)1 53 73 22 22, e através da via eletrónica na seguinte hiperligação.

Bélgica:

L'Autorité de protection des données (APD) sita na Rue de la Presse, 35 à 1000 Bruxelles, com o telefone +32 (0)2 274 48 00 e através da via eletrónica (email): [email protected]

Suiça:

Federal Data Protection and Information Commissioner (FDPIC) sito em Feldeggweg 1

CH - 3003 Berne, com o telefone +41 (0)58 462 43 95 e através da via eletrónica na seguinte hiperligação.

16. Personal Data Breaches

In the event of a data breach that is likely to result in a high risk to the rights and freedoms of the user, WAYGO commits to notify the user without undue delay.

According to the law, WAYGO is not required to notify the user of a breach if:

WAYGO has implemented appropriate technical and organizational protection measures, such as encryption, making the data incomprehensible to unauthorized individuals.

WAYGO has taken subsequent measures to ensure that the high risk to users' rights and freedoms is no longer likely to materialize.

The communication to the user would involve disproportionate effort, in which case WAYGO will issue a public communication or a similar measure to inform the users.

D - Final Part

17. Changes to the Privacy Policy

WAYGO reserves the right to change this privacy policy at any time. In the event of a change, the date of the last modification at the top of this page will also be updated. If the change is significant, a notice will be posted on the site.

18. Applicable Law and Jurisdiction

This privacy policy, as well as the collection, processing, or transmission of user data, is governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and the applicable laws and regulations in Portugal.

Any disputes arising from the validity, interpretation, or execution of this privacy policy or related to the collection, processing, or transmission of user data must be exclusively submitted to the jurisdiction of the judicial courts of the district of Setúbal, without prejudice to any mandatory legal norms that may apply.

July 19, 2024