Privacy policy

In the following we would like to inform you about the types of data processed by SIXT and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.

A: Data controller

The party responsible for processing your data (controller) is TRANSPORENT SIA, Reg. No. 40003722171, Address: : Malduguņu street  2, Mārupe,., LV-2167(hereinafter also referred to as SIXT).
If youhave any questions regarding data protection, please address your query to thefollowing email address: gdpr@sixt.lv

B: Categories of personal data that may be processed by us in connection with our service SIXT+:

  • Master data: These include, for example, a person’s first name, surname, address (private and/or business), date of birth.
  • Communication data: These include, for example, a person’s telephone number, email address (private and/or business) fax number if applicable, as well as the content of communications (e.g. emails, letters, faxes).
  • Contract data: These include, for example, the rental information (vehicle category, pick-up and return dates, pick-up and return branch, booked extras/services), rental contract number, reservation number, driver’s licence data, driver’s licence photograph, license plates of the vehicle you rented, and information on customer loyalty and partner programmes.
  • Financial data such as credit card data.
  • Voluntary data: These are data that you provide to us on a voluntary basis, without us having explicitly requested them, and include information such as your preferences with regard to the vehicle’s equipment and category.
  • Special data categories: In the event of an accident, damage to the vehicle, or similar incidents, we process data relating to the respective course of events and the damage incurred. These data may be provided by customers, passengers or injured parties. The data processed in such circumstances can include health-related data such as data on injuries, blood alcohol levels, driving under the influence of narcotic substances, and the like.
  • Third-party data: If, within the scope of your vehicle rental, you provided us with personal data of third parties (e.g. family members, second drivers, passengers), then we will also process these data.
  • Location data: Location data are data that we may process using telematics in a vehicle.

C: The legalbasis for data processing at SIXT

Art. 6 (1) sentence 1 point a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.
Art. 6 (1) sentence 1 point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract (e.g. when making the vehicle reservation).
Art. 6 (1) sentence 1 point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which SIXT is subject.
Art. 6 (1) sentence 1 point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., SIXT, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.
Art. 9 (2) point f) GDPR: Pursuant to this provision, certain special categories of personal data can be processed if such processing is necessary for the establishment, exercise or defence of legal claims. These special categories of personal data include the health data of the data subjects.

D: The purposesof data processing at SIXT

1. Vehicle rent using service SIXT+

Purposes of data processing

We process your basic data, communication data, contract data, financial data and all data that you have submitted voluntarily in order to fulfill your reservations and facilitate the conclusion and implementation of the contract for the SIXT+ service.

We also use basic data, communication data and contract data for customer service purposes, for example to process any complaints or changes in service provision that you have contacted us about.

We are furthermore legally obliged – for purposes of preventing and investigating criminal offences – to compare your master and communication data with official perpetrator lists provided to us. Such comparisons also serve to ward off dangers and to facilitate prosecution by the state authorities.

We furthermore use your data for your and our security, for example to avoid payment defaults and to prevent property offences (in particular fraud, theft, embezzlement).

When providing the SIXT+ service, we use technology that verifies the authenticity of ID documents (especially the driver's license) and records data electronically instead of manually.

Once both contracting parties have fulfilled their obligations under the rental contract, your master data, financial and contract data will be stored until the statutory retention period expires.

Legal basis for the above processing

Art. 6 (1) sentence 1 point b) GDPR applies to the processing of data to the extent required to implement reservations, to conclude and perform contracts and for customer relations purposes.

Art. 6 (1) sentence 1 point f) GDPR applies to the processing of data to the extent required to settle accounts vis-à-vis third parties, to assert our own claims, and to mitigate risks and prevent fraud.

Art. 6 (1) sentence 1 point c) GDPR applies to the processing of data to the extent required to detect, prevent and investigate criminal offences, to examine and store driver’s licence data, and to comply with preservation periods under commercial and tax law.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in using your personal data to improve our services and customer services lie in the fact that we want to offer you the best possible services and to sustainably improve customer satisfaction.

To the extent that data processing is required to perform analyses with a view to preventing damage to our company and our vehicles, our legitimate interests lie in maintaining security for costs and preventing economic disadvantages such as those arising from non-payment or the loss of our vehicles.

Categories of recipients

For the purposes described in the foregoing wedisclose your data to the following recipients: IT service providers, callcentres, financial services providers, credit agencies, SIXT group companies.

As part of our measures to prevent fraud, we alsotransmit – in situations where third parties have been, or are atrisk of being, defrauded – personal data to such third parties having suffered,or at risk of, fraud.

2. Damage, accidents, administrative offences

Purposes of data processing

If you discover damage to our vehicles, if you or another person cause/causes such damage, or if you or another person are/is involved in an accident with one of our vehicles, then we will process you master data, communication data, contract data, financial data and, if applicable, data concerning health for the following purposes:

  • receiving and processing complaints
  • providing customer services in cases of damage
  • settling claims
  • processing damages resulting from accidents (processing based on information provided by you and third parties such as the police, subsequent renters, witnesses, etc.)

This includes the processing of the aforementioned data categories for purposes of settling claims, for example vis-à-vis insurance companies.
When dealing with damages and accidents, we also process your master data, communication data and contract data for providing damage assistance services.
We also process your master data, communication data and contract data for purposes of fulfilling legal obligations (e.g. providing information to investigating authorities).
Should the competent authorities suspect you of having committed an administrative or criminal offence with one of our vehicles, then we will process not only the master data pertaining to you that we have stored, but also the data conveyed to us by the competent authorities.
We also process your master data, communication data, financial data, contract data and, if applicable, data concerning health, for purposes of upholding and asserting any claims that we may have against you, for example claims resulting from non-payment or damage caused to our vehicles.

Legalbasis for processing

Art. 6 (1) sentence 1 point b) GDPR applies to data processing for purposes of complaints management, providing customer services in cases of damage, and processing damages resulting from accidents.
Art. 6 (1) sentence 1 point c) GDPR applies to data processing for purposes of processing damages resulting from accidents.
Art. 6 (1) sentence 1 point f) GDPR applies to data processing for purposes of settling claims, asserting any claims that we may have against you, and handling claims relating to administrative offences.
Art. 9 (2) point f) GDPR applies to the processing of data concerning health for purposes of establishing, exercising or defending legal claims.

Legitimateinterest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to thetype of processing concerned

Our legitimate interests in using your personal data for purposes of settling claims and asserting any claims that we may have against you lies in our desire to ward off damage to our company and to ensure that we can provide our customers with undamaged vehicles. We are moreover obliged, pursuant to our contractual relations with third parties (e.g. insurance companies), to process your data for purposes of settling claims. Our legitimate interests in this respect lie in ensuring our contractual fidelity.

Categoriesof recipients

For the purposes described in the foregoing, we disclose your data to the following recipients: public authorities(investigating authorities; regulatory authorities; police authorities),collecting companies, experts, assistance services providers, lawyers and insurance companies.

3. Connected vehicles

Purposes of data processing

SIXT vehicles may have so-called “connected vehicle” functionalities which enable us to process location data as well as vehicle status information such as vehicle locking, vehicle speed, status of sensors and activation of safety systems (e.g. airbags). These data are processedexclusively to prevent property offences if the vehicle is not returned with in the agreed rental period or is used outside the contractually agreed region (as well as near the border or in port areas) and to determine, verify and investigate car damages and accidents.

Legalbasis for processing

Art. 6 (1) sentence 1 point f) GDPR.

Legitimate interest, to the extent that Art. 6 (1) sentence 1 point f) GDPR applies to the type of processing concerned

Our legitimate interest in using your personal data to prevent property offences and to determine, verify and investigate car damages and accidents is to protect our vehicle fleet and our contractual and non-contractual rights.

Categories of recipients

For specific countries and car categories we partner with providers of geolocalisation services to prevent property offences.

4. Processing based on statutory provisions

Purposes of data processing

We process your master data, communication data, contract data and financial data for purposes of fulfilling the legal obligations to which SIXT is subject. These require us to process data, for example in order to comply with duties of disclosure vis-à-vis authorities and to comply with the processing requirements as stipulated by commercial and tax law provisions (e.g. the preservation period for bookkeeping documents and accounting records).

Legal basis for processing

Art. 6 (1) sentence 1 point c) GDPR

Categories of recipients

The authorities may require us to disclose your data to them for the purposes described above.

5. Cookies

Purposes of data processing

Our websites use “cookies”. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us neither contain personal data nor are they connected to any such data.

Further information on cookies and on deactivating them can be found in the cookie policy of the respective website (accessible via the link in the respective cookie banner and under the menu item “privacy policy”).

Legal basis for the above processing

The legal basis for this data processing is found in Art. 6 (1) sentence 1 point b) (precontractual processing) and f) GDPR, as far as personal data is processed.

Legitimate interest, to the extent that Art. 6 (1) point f) GDPR applies to the type of processing concerned

Our legitimate interests in processing data via our websites lie in our desire to optimise our internet offering and, as such, offer our customers best possible services and increase customer satisfaction.

E: Transfer to third countries

When providing the SIXT+ service, we do not intend to transfer or receive data from third countries.

However, relevant data processing may be carried out if you have violated the conditions specified in the SIXT+ service contract, which prohibits the vehicle from entering a country that is not located in the European Union. If this condition is violated, and violations of the law have been committed in the respective country, then the transfer of data to the respective country is carried out as far as it is necessary for the defence of SIXT's legal interests.

F: Storage duration/criteria for storage duration

SIXT stores your personal data until it is no longer necessary for thepurposes for which it was collected or otherwise processed (see → Purposes ofSIXT data processing). We will ensure that we delete your data within 30 daysof receiving your request to purchase the SIXT+ service if your application isrejected.

If SIXT is legally bound to store personal data, it will store personal data for the duration of the statutory retention period. The retention period for commercial documents, which includes accounting documents and accounting records (including invoices), is 10 years. During this period, your data may be of limited use in daily activities if there are no purposes for their processing

G: Your rights

1. Rights pursuant to Art. 15 - 18, 20 GDPR

You have the right to, at reasonable intervals, obtain information about your personal data under storage (Art. 15 GDPR). The information you are entitled to includes information about whether or not SIXT has stored personal data concerning you, about the categories of personal data concerned, and about the purposes of the processing. Upon request, SIXT will provide you with a copy of the personal data that are processed.

You also have the right to obtain from SIXT the rectification of inaccurate personal data concerning you (Art. 16 GDPR).

You furthermore have the right to obtain from SIXT the erasure of personal data concerning you (Art. 17 GDPR). We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, and if the personal data have been unlawfully processed.

Under certain circumstances, you have the right to have the processing of your personal data restricted (Art. 18 GDPR). These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified.

2. No contractual or legal obligation to provide data/consequences of failure to provide data

You are not contractually or legally bound to provide us with your personal data. However, note that you cannot conclude a contract for the use of the SIXT+ service with us, if we do not collect and process data as necessary for the purposes mentioned above (see → Purposes of data processing SIXT)

3. Right to object pursuant to Art. 21 GDPR

If the processing of your data by SIXT is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) sentence 1 point (e) GDPR) or if it is necessary in the legitimate interests of SIXT, then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data. SIXT will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.

You may object, at any time and without restriction, to the processing of your personal data for purposes of direct advertising.

4. Right to withdraw consent at any time

If data processing at SIXT is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.

5. Right to lodge a complaint

You have the right to lodge complaints with thesupervisory authorities according to Art. 77 GDPR.

Cookies policy

By using this website, you agree that the performance/analytical cookies placed on this page are used with the aim of improving the quality of the services provided and the operation of the website for your service purposes.

If you do not agree to the use of Google Analytic cookies placed on this page, you can change your browser settings to refuse new cookies, turn off existing ones or simply receive information about new cookies being sent to your computer.

How to control and delete cookies

It is usually possible to change your browser settings to refuse new cookies, turn off existing ones, or simply notify you about new cookies being sent to your computer. To do this, you need to activate the instructions in the browser (usually located in the "Help", "Tools" or "Editing" section). More information is available at webpage -  www.aboutcookies.org.  
However, please note that if you refuse or turn off cookies, some functionality on the website may not work.

In addition to the opt-out option, you can opt out of the collection of information by Google Analytics by downloading and activating the Google Analytics browser option http://tools.google.com/dlpage/gaoptout?hj=de

What are cookies?

Cookies are small text files that are sent to your computer's memory when you visit a website. On each subsequent visit, cookies are sent back to the originating website or to another website that recognizes the cookie. Cookies act as a memory for a specific website, allowing this page to remember your computer on subsequent visits, including cookies can remember your settings or improve user comfort.

Additional information about cookies, including what cookies are set on your computer and how to manage or delete them, can be found on the website www.aboutcookies.org.

Google Analytics

This website uses the "Google Analytics" program of the company "Google Inc", which uses text cookies that are stored on your computer and allow to analyze how you use the respective website. The information generated by these cookies about how you use this website is sent to a Google server in the USA and stored there. When using IP-anonymization, your IP address is shortened within the territory of the European Union or the European Economic Area and can only be transferred to Google servers in the USA for processing in exceptional cases. Google uses this information to evaluate how you use the website, to prepare reports for website operators about activities on the website and to provide other services related to website and internet use.

Under no circumstances will Google associate the IP address received here with any other information held by Google. Also, if necessary, Google provides this information to third parties, if it is required by law or if third parties process this data on behalf of Google.

Types of cookies

This website uses the following cookies, which ensure the performance of specific functions with a specific way of storing the information contained within the respective cookie
Name: _ga  
Type: Analytics
Description: The _ga cookie installed by Google Analytics calculates visitor, session and campaign data and tracks website usage for a website analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Duration: 2 years

Name: _gid
Type: Analytics
Description: The _gid cookie installed by Google Analytics stores information about how visitors use the website, while creating an analytical report on the performance of the website. Some of the data collected includes the number of visitors, their source and the pages they visit anonymously.
Duration: 1 day

Name: _gat
Type: Performance
Description: This cookie was installed by Google Universal Analytics to limit the number of requests and thus limit data collection on websites with high data traffic Duration: 1 minute

Contact information

Website www.sixtplus.lv personal data processing manager for data processing related to user identification for receiving e-services or improving the quality of services: SIA Transporent, registration number 40003722171, Malduguņu street 2, Marupe, Marupes prov., LV – 2167, Latvia. In case of questions, please write to e-mail address: gdpr@sixt.lv

Operator of personal data processing for the improvement of the quality of e-services: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Inc., obligations regarding the processing of data of natural persons: here
In case of questions about the use of cookies or processing of personal data, please write to e-mail: gdpr@sixt.lv

Contact us:

Download SIXT+ BALTICS App