Preskočiť na obsah
RIVAL AutopožičovňaRIVAL Autopožičovňa

Privacy first

Data protection

We process the minimum of data necessary to conclude a contract. This document summarises the key points under the GDPR Regulation (EU 2016/679).Last updated: máj 2026

Data controller

  • Rival Slovakia s. r. o., Doležalova 15C, Banská Bystrica, IČO 54 281 067.
  • GDPR requests: gdpr@pozicauto.sk · General contact: info@pozicauto.sk · Phone: +421 907 633 517.

Purpose of processing

  • Handling the reservation and concluding the vehicle rental contract.
  • Communication regarding the reservation, vehicle, fines and invoicing.
  • Fulfilment of legal obligations (accounting, archiving of contracts).
  • Marketing (only with explicit consent — newsletter, offers).

Scope of processed data

  • Identification: first name, surname, date of birth, ID card and driving licence number.
  • Contact: email, phone, address.
  • Payment: card details for online payment (processed by the payment gateway).
  • Technical: IP address, cookies, log files when visiting the website.

Retention period

  • Contracts and invoices: 10 years (legal obligation).
  • Marketing data: until you withdraw your consent.
  • Contact forms: 3 years from the last communication.
  • Cookies: more on the separate /cookies page.

Your rights

  • Right of access to data — you may request a copy of the processed data.
  • Right to rectification of inaccurate data.
  • Right to erasure (right to be forgotten) after the statutory retention period ends.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing for direct marketing purposes.
  • Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (uoou.sk).

Data recipients

  • Accounting firm (invoices, tax returns).
  • External service providers: Supabase (database), Resend (emails), Vercel (hosting).
  • Public authorities where required by law (police, courts, tax office).
  • Insurance companies when settling claims.

Security

  • Encrypted connection (HTTPS / TLS 1.3).
  • Data in the database is protected by Row Level Security policies.
  • Passwords are hashed (bcrypt via Supabase Auth).
  • Only authorised persons with 2FA have access to the database.

How to exercise your rights

  • Send your request to gdpr@pozicauto.sk or by post to the company's registered office.
  • We process requests within 30 days (we may extend by a further 60 days in more complex cases).
  • We may request additional data to verify your identity.

Questions about GDPR? Write to gdpr@pozicauto.sk and we will reply within 30 days.