Shall apply from 25 May 2018

1. Content of the Data Protection Terms

In the data protection terms for the client, we explain and describe the procedure for processing Personal Data of the client (hereafter “you“), which is valid for ELMO Rent OÜ and Elmo Rent Eesti OÜ (hereinafter “we“).

In data protection terms we provide an overview of the following:

(1) About us as the responsible processor of Personal Data (article 2);

(2) Which Personal Data do we process? (article 3);

(3) For what purpose do we process Personal Data? (article 4);

(4) On what legal basis do we process Personal Data? (article 5);

(5) What are your rights relating to Personal Data? (article 6);

(6) Which Personal Data security measures do we apply? (article 7);

(7) What do you do in the case of a Personal Data breach? (article 8);

(8) Whom do we disclose Personal Data to? (article 9);

(9) For how long do we preserve Personal Data? (article 10);

Our general principles and values relating to Personal Data processing and information relating to cookies are described in our Data protection rules.


2. About us/Responsible processor

The responsible processor of Personal Data are Elmo Rent OÜ, Registry code 12994939, location Harju County, Lääne-Harju Municipality, Paldiski City, 12 Kivi St, 78605, e-mail:,

Elmo Rent Eesti OÜ, register code 14980864, address of location 12 Kivi St, Paldiski City 78605, e-mail:

3. Which Personal Data do we process?

We process the following Personal Data:

(1) Personal Data, such as name, personal identification number, date of birth;

(2) Contact details, e.g. address, e-mail address, telephone numbers;

(3) the contact person data of the business client, e.g., name, title, communication language;

(4) Data related to the use of our services, e.g. information on the use, purchase and cancellation of services;

(5) payment details, e.g. account number, payment card data, data of the selected payment method and payment behaviour (including payment delays);

(6) Agreement/disagreement to accept our marketing notifications;

(7) feedback data to us, such as your satisfaction data and comments about our services;

(8) “cookies” data, that allows us to map and remember the various actions, operations and preferences related to you or your behaviour on our web page. E.g. the type and version of the web browser, IP address, the length and time of the web page visit session, the pages visited, and demographic information, such as the preference and location of the language being used.


4. For what purpose do we process Personal Data?

We process Personal Data for the following purposes:

(1) To execute the Agreement concluded between you and us, incl. to prepare and conclude the agreement, to exercise rights arising from an agreement and to fulfil obligations arising from an agreement;

(2) To exercise rights and fulfil obligations arising from legislation;

(3) maintaining and developing the relationship with you;

(4) To develop our business and customer service, including facilitating the use of our web page, monitoring and analysing car rental choices and wishes;

(5) To advertise our services;

(6) For our regular buyer loyalty programme-related activities, including registration for discounts.


5. On what legal basis do we process Personal Data?

We process Personal Data in accordance with the requirements of the current legislation in Estonia.

We mainly process Personal Data for the execution of your contracts (data protection articles 4(1) and 4(6)), fulfilling legal compliance (data protection article 4(2)) and based on our legitimate interest (data protection articles 4(3), (4) and 4(5)).

We Process Personal Data as both a Controller and an authorised Processor. We primarily process Personal Data as a Controller when we have received Personal Data directly from you. We primarily process Personal Data as an authorised Processor when we have received Personal Data from our Contractual partner.


6. What are your rights relating to Personal Data?

You have the following rights related to your Personal Data:

(1) Right to familiarise yourself with the Personal Data – the right to know which Personal Data we store about you and how we Process them, incl. the right to know the purpose of Processing, persons to whom we disclose the data, information regarding automated decision-making and the right to get copies of Personal Data.

(2) Right to rectify Personal Data – request insufficient, incomplete and incorrect Personal Data to be rectified.

(3) Right to the erasure of Personal Data (‘the right to be forgotten’) – you have the right to demand that we erase your Personal Data (e.g. Personal Data is no longer needed for the purposes for which they were collected). We have the right to refuse to erase Personal Data when the Processing of Personal Data is necessary to fulfil our legal obligations, to exercise the right to freedom of expression and information, to the establishment, exercising or defence of legal claims or if it is in the public interest.

(4) Right to the restriction of Processing – In certain cases you have the right to forbid or restrict the Processing of your Personal Data for a limited time (e.g. you have objected to the Processing of Personal Data).

(5) Right to object – You have the right, to object to us Processing your Personal Data, if the Processing of your Personal Data is performed due to our legitimate interest or in the public interest or for marketing purposes. In response to the objection to the processing of Personal Data for direct marketing purposes, we respond promptly.

(6) Right to lodge a complaint – You have a right to lodge a complaint about us with the Estonian Data Protection Inspectorate in connection with Personal Data Processing (

For more information about your rights, see Section 3 of the General Data Protection Regulation.

If you would like to exercise your right in relation to Personal Data or to enquire about the Data Protection Terms, please submit a corresponding request via e-mail to: We shall generally respond to your application via e-mail no later than within one month. Please note that before we can issue you the information that you have requested about your Personal Data, we have to verify your identity.


7. Which Personal Data security measures do we implement?

We implement various measures (physical, technical, organisational) to protect Personal Data from illegal or unauthorised destruction, loss, alteration, disclosure of, acquisition or unauthorised access to them.

We have set access restrictions to the Personal Data.

We only use those authorised processors that have provided us with sufficient collateral and whose ability to process personal information securely we trust. We conclude written contracts with all of our authorised processors to ensure that each one of our Authorised Processors implements sufficient safeguards with respect to Personal Data.


8. What do you do in the case of a Personal Data breach?

Please inform us immediately of any Personal Data breach or threat of a breach at We take the issue of Personal Data security very seriously and respond immediately to any possible case of breach.


9. Who do we disclose personal information to?

We will disclose your Personal Data or give access to personal data to the authorities or the supervisory institutions if we have the respective legal obligation.

We shall disclose your Personal Data to our authorised Processors, as well as to persons who have a legal right to receive Personal Data.

As a rule, we process Personal Data within the European Economic Area (in addition to the EU countries Norway, Iceland and Liechtenstein). In the case that we need to forward Personal Data outside the EEA the transfer shall proceed in accordance with the requirements of the General Regulation on the protection of Personal Data.


10. For how long will we keep Personal Data?

We shall retain the Personal Data for as long as it is required or permitted according to legislation or necessary for the purposes set out in the Data Protection terms.

For instance, Personal Data processed for the purpose of a legal obligation will be retained for as long as the corresponding legal obligation is valid (e.g., 7 years set in the accounting law). We keep Personal Data relating to the fulfilment of the agreement and disputes until the claim expires.

At the end of the Personal Data preservation period we shall delete the Personal Data permanently.


11. Validity and availability of the data protection terms

The data protection terms for the client are available on our web page

Please note that we may change the data protection terms from time to time. We will notify you of the changes in a reasonable time in advance.