Favorites

407 800 1784
Mon - Sun: 8:00 AM - 6:00 PM

Privacy Policy

Privacy Policy – DM Car Rental

Effective Date: April 2, 2025
DM Car Rental (referred to as “DM Car Rental,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you interact with our services. It applies to personal information collected through our company’s website (for self-service reservations), our mobile application (Mobile Agent Pro), and in-person interactions (where information is entered into our Rent Centric backend system). We adhere to applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to ensure your rights and information are protected. By using our services, you agree to the practices described in this Privacy Policy.

Information We Collect
We collect various types of information from you in order to provide our car rental services. This includes information you provide directly to us, information collected automatically, and information obtained from third-party verification services. The types of personal information we may collect include:
● Identification and Contact Information: Name, email address, phone number, date of birth, mailing/billing address, and driver’s license or other government identification details. For example, when you make a reservation on our website or Mobile Agent Pro app, or provide information in person at our rental office, we collect your contact details and driver’s license information (including license number and expiration date).
● Account and Reservation Details: Username and password (if you create an online account), reservation details (such as pick-up and drop-off dates, chosen vehicle, and any special requests), and rental history. This information is collected when you use our self-service reservation system or when our agents enter your reservation into our Rent Centric backend.
● Identity Verification Data: In certain cases, we may need to verify your identity to comply with legal requirements and protect against fraud. We utilize Yoti (an identity verification service) to confirm your identity documents. This may involve collecting a scan or photo of your government ID and a selfie or facial image for
comparison. Yoti performs the verification and may collect biometric data as part of this process; however, DM Car Rental does not store the biometric identifiers – we receive only the confirmation of your identity verification and necessary details (such as verification status or ID type).
● Insurance Information: If you are required to show proof of insurance or if we need to verify your coverage, we collect insurance details (e.g. your insurer’s name, policy number, and coverage dates). We use Axle for insurance verification, which allows us to confirm your auto insurance status instantly. This ensures you meet our insurance requirements or helps us offer appropriate insurance options for your rental.
● Payment Information: When you make a payment for your rental, we collect your payment card details (cardholder name, card number, expiration date, billing address). For secure payment processing, we use Cardknox as our payment processor. Your payment information is transmitted directly to Cardknox over encrypted connections; Cardknox processes your payment on our behalf. We do not store your full credit card numbers in our systems (though we may retain a payment token, transaction ID, or last four digits of your card for reference and receipts).
● Device and Usage Information: We may automatically collect certain information about your device and how you interact with our website and app. This can include your IP address, device type, browser type, operating system, unique device identifiers, and browsing/actions on our services (e.g. pages or screens viewed, dates and times of visits, and links clicked). We collect this information through cookies and similar tracking technologies on our website, and through analytics tools within our app. This usage data helps us ensure the website and app function properly, allows us to secure our systems, and provides insights into how we can improve our services.
● In-Person and Communications Data: If you visit our rental location or contact us by phone or email, we may collect the information you share during those interactions. For example, in an in-person rental, our agent might record additional details such as your signature, any notes about the rental (e.g. vehicle condition, fuel level), and questions or preferences you communicate. If you call or email us, we will collect the content of your communication and any contact information you provide so we can respond to your inquiries or support requests.
All personal information collected is stored in our Rent Centric reservation system, which serves as our primary backend database. This means your data (from online, mobile, or in-person collection) is centrally stored and managed through the Rent Centric platform. We ensure that any data stored in this system is handled in accordance with this Privacy Policy and applicable law.

How We Use Your Information
We use the collected personal information for various legitimate business purposes in connection with providing and improving our car rental services. The primary purposes for which DM Car Rental processes your information include:
● Providing and Managing Rentals: We use your information to create and manage your reservations and rental agreements. This includes processing bookings you make through our website or app, scheduling vehicle pick-up and drop-off, and providing the vehicle rental services you requested. We also use your details to manage your account (if you have one) and to identify you as a customer in our system.
● Identity and Eligibility Verification: Your driver’s license and identity details are used to verify that you are legally eligible to rent and drive our vehicles. We use Yoti’s verification service to confirm your identity documents and may verify that you meet our age and driving record requirements. This helps prevent fraud and ensures the person renting the vehicle is properly identified and authorized.
● Insurance Verification and Compliance: We use your insurance information to confirm you have sufficient coverage during the rental period or to determine if you need to purchase supplemental insurance from us. Through Axle, we can instantly verify your insurance policy status. Using this information, we comply with legal and safety requirements and manage any claims or incidents if they arise.
● Payment Processing: We use your payment information to charge you for rentals, deposits, fees, fines, or any other charges related to your use of our services. Payment details are processed via Cardknox, and we use the results (payment confirmation or failure codes) to complete transactions and provide you with receipts or invoices. We also use your contact information to send billing statements or payment confirmations.
● Communications and Customer Service: We use your contact information (email, phone) to communicate with you about your reservations and rentals. This
includes sending booking confirmations, pickup reminders, return instructions, and updates about any changes or important information regarding your rental (for example, emergency notifications like weather-related closures). If you contact us with questions or for support, we will use your information to assist you, investigate and address any issues, and improve our responses.
● Service Improvement and Analytics: Device and usage information helps us understand how our website and mobile app are used. We analyze this data to troubleshoot technical issues, to improve the functionality and user experience of our online services, and to develop new features or services. For instance, understanding which pages of our website are most frequently visited can guide us in improving those pages. We may also use feedback or communication info to enhance our customer service practices.
● Marketing and Promotional Communications: If you have provided consent (where required by law) or if you are an existing customer where applicable law permits, we may use your email or contact info to send you promotional materials. These may include special offers, newsletters, discount codes, or updates about DM Car Rental’s services. You have the right to opt out of marketing emails at any time, and we will only send you such communications in accordance with applicable spam and privacy laws. (Transactional or service messages about your rentals are not considered marketing and will be sent as needed.)
● Legal Obligations and Security: We may process and retain your information as needed to comply with applicable laws, regulations, and lawful requests by public authorities. For example, we might keep certain records to meet financial and tax regulations, or provide information if law enforcement lawfully requires us to in the context of a traffic accident, theft, or fraud investigation. We also use personal information to enforce our rental terms and conditions, to protect our rights and property (or the rights, property, and safety of our customers, employees, or others), and to detect, investigate, and prevent fraud or other illegal activities. This can include using CCTV at our premises (if applicable) or verifying identity to prevent identity theft.
● Other Purposes with Consent: If we ever need to use your personal information for a purpose not listed here, we will explain it to you at the time of collection and, if required, obtain your consent. We will only use your information for those additional purposes if you agree or if otherwise permitted by law.
Our use of your personal information is grounded in one or more legal bases as required under GDPR (for individuals in the EEA/UK). Typically, the processing is necessary to perform the contract for your car rental (e.g. using your information to provide the vehicle and services you requested), to comply with our legal obligations (e.g. verifying driver eligibility, maintaining transaction records), or to pursue our legitimate interests (e.g. improving services, preventing fraud) in a manner that does not override your privacy rights. For certain activities, we rely on your consent (e.g. sending marketing communications). We only retain and use data for as long as it is necessary for the purposes described above.

Sharing and Disclosure of Information
DM Car Rental respects the confidentiality of your personal information. We do not sell your personal data to third parties. However, in order to run our business and provide services to you, we may share your information with certain trusted third parties and under certain circumstances, as detailed below. When we disclose information, we ensure appropriate safeguards are in place to protect your data.
● Service Providers (Processors): We share your information with third-party service providers that perform services and functions on our behalf to support our operations. These include:
○ Rent Centric: Our primary backend and reservation system is provided by Rent Centric. All the data you provide (through the website, app, or in-person) is stored on Rent Centric’s secure servers. Rent Centric acts as a data processor for us, meaning they host and manage our database but only use your information under our instructions and for our purposes. They are contractually obligated to implement strong security measures and to protect your data in compliance with privacy laws.
○ Yoti: We use Yoti for identity verification services. When you submit identification (e.g. driver’s license or passport) for verification, Yoti receives and processes that information to confirm your identity. Yoti may temporarily handle your personal data (including any biometric data used for facial recognition matching) strictly to provide verification results to us. Yoti is a trusted third-party provider bound to protect your information and not use it for any purpose other than identity verification.
○ Axle: We share necessary information with Axle (or receive information via Axle) to verify your auto insurance coverage. For instance, we may provide your name and policy details to Axle, which then communicates
with insurance carriers to confirm your coverage status. Axle acts as a service provider in retrieving up-to-date insurance information so that we can ensure you meet our insurance requirements or to facilitate insurance services for your rental. Axle is contractually required to safeguard any personal information in this process.
○ Cardknox: We use Cardknox as our payment processor. When you provide payment card information, it is submitted to Cardknox for processing. Cardknox will process your payment and may store your payment details (e.g. in the form of a secure token) on our behalf to enable rental charges, refunds, or future transactions. Cardknox is PCI-DSS compliant (Payment Card Industry Data Security Standard) and is required to protect your payment information. We only receive limited information from Cardknox necessary to confirm payment (such as a payment confirmation code and partial card details for receipt).
○ Other Vendors: We may also use other vendors for services such as email communication (e.g., sending confirmation or marketing emails), customer support tools, cloud storage or IT support, or analytics services. In all cases, these service providers only receive the information necessary for them to perform their specific functions for us and are not permitted to use your data for their own purposes. They are bound by confidentiality and data protection agreements.
● Within Our Company and Affiliates: Within DM Car Rental, your information will be accessed only by authorized personnel who need it to perform their job duties (for example, rental agents, customer service representatives, billing personnel, or IT administrators managing the Rent Centric system). If DM Car Rental operates through affiliated companies or branches, we may share information with them for the same purposes described in this policy, and those affiliates will treat the information in accordance with this policy. (At present, DM Car Rental does not have separate affiliates using your data, but if that changes, we will update you accordingly.)
● Legal Requirements and Protection: We may disclose your information if required to do so by law or legal process, or if we have a good-faith belief that such action is necessary to (i) comply with applicable laws, regulations, legal notices or government requests (such as court orders, subpoenas, or requests related to tax or insurance regulations); (ii) enforce our Terms and Conditions or other agreements, including investigation of potential violations; or (iii) detect, prevent,
or address fraud, security, or safety issues, and to protect the rights, property, or safety of DM Car Rental, our customers, or the public. For example, in the event of a traffic violation, accident, or law enforcement inquiry involving a rental vehicle, we may provide relevant rental information to the authorities as required by law.
● Business Transfers: If DM Car Rental is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your personal information may be transferred to the successor or affiliate as part of that transaction. In such an event, we will ensure that the new entity is bound to protect your personal data at least to the same degree as set out in this Privacy Policy and that you are notified of any choices you may have regarding your information.
● With Your Consent or At Your Direction: Aside from the cases above, we will share your personal information with third parties only with your consent or at your explicit direction. For instance, if you request that we share your information with a third-party referral service or partner, or if you opt-in to a program where data sharing is necessary, we will do so only with your knowledge. You will have the opportunity to agree to such sharing beforehand.
No Sale of Personal Information: We do not sell your personal information to third parties for monetary consideration or any other valuable consideration. “Selling” personal information refers to disclosing it to an unrelated third party for their own marketing or commercial use. In accordance with the CCPA, we also confirm that in the past 12 months we have not sold any personal information and we have no intention to do so. Because we do not sell your data, we do not provide a “Do Not Sell My Personal Information” opt-out link on our website. If this ever changes in the future, we will update this Privacy Policy and provide appropriate notice and opt-out mechanisms as required by law.

Data Retention and Security
Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, as outlined in this Privacy Policy, and for the duration required by legal, accounting, or reporting obligations. The specific retention periods can vary depending on the type of information and the purpose of processing. For example:
● We keep your rental records, contracts, and transaction history for a period required under local law (such as tax regulations or statutes of limitations for
contractual claims) or our business needs, typically at least several years. This is to ensure we can answer any questions about past rentals, handle any disputes, and comply with financial record-keeping requirements.
● Identification and verification documents (such as copies of your driver’s license or verification reports from Yoti) are retained as long as needed to confirm your eligibility and for the duration of your rental relationship or as mandated by law. In jurisdictions where keeping a copy of your ID is required or standard for car rentals (for fraud prevention and liability reasons), we will store it securely in our Rent Centric system. If not required after verification, we may delete or anonymize such data.
● Insurance verification data obtained via Axle is kept as part of your rental record (to show you had valid coverage or what coverage you elected) and may be retained for a similar period as rental records (e.g., until claims can no longer arise).
● Payment records (not your full card details, but transaction logs, receipts, and last-four-digits for reference) are retained for accounting and dispute resolution purposes, typically in line with financial record retention requirements.
● If you have an online account with us, we will keep the information associated with your account (such as your name, contact info, and login credentials) until you deactivate your account or request deletion, and thereafter only as necessary (e.g., to honor opt-outs or as required by law).
● For marketing communications, if you have opted in, we retain your contact details until you opt out or unsubscribe from such communications (or until we determine that our emails are not deliverable to you). We maintain suppression lists to ensure we respect your choice not to receive marketing, even if our main database is purged.
● Any information that is no longer needed for the purposes stated or for legal obligations will be securely deleted, destroyed, or anonymized so that it can no longer be associated with you. For example, we may remove outdated records from our active systems and archives when the retention period expires. We may retain aggregated or de-identified data (which is not personally identifiable) indefinitely for analytics and business planning, since it no longer relates to any individual.
Data Security: We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards to protect it from loss, theft, misuse, and unauthorized access or disclosure. Our security measures include, but are not limited to:
● Encryption and Secure Transmission: Whenever you provide sensitive information (such as payment details or login credentials) through our website or app, we protect it by using encryption protocols like Secure Sockets Layer (SSL)/Transport Layer Security (TLS). This ensures that data transmitted between your device and our systems (or our processors like Cardknox) is encrypted and cannot be easily intercepted. Our Mobile Agent Pro app and website are designed to enforce secure connections.
● Secure Storage and Access Controls: Personal data stored in our Rent Centric system or other databases is protected by firewalls and network security measures to prevent unauthorized access. We (and Rent Centric on our behalf) employ access controls so that personal information is only accessible to employees and service providers who have a legitimate need to access it. Each authorized individual has unique credentials, and access is restricted and monitored. Rent Centric’s platform is designed with security in mind and follows industry best practices for cloud data security.
● Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks. We use anti-virus and anti-malware protection on our systems and stay up-to-date with security patches. Our service providers (like Cardknox, Yoti, Axle, and Rent Centric) also attest to maintaining high security standards such as PCI compliance for payments and SOC 2 compliance or similar audits for data handling. Where possible, we conduct or review security assessments of our third-party processors to ensure your data is handled safely.
● Physical Security: If any personal information is stored or accessible at our physical premises (for example, paper rental agreements, or terminals accessing digital records), we secure those locations. This can include locked cabinets for paper documents, and secure facilities with alarms or surveillance for our offices. Our employees are trained to secure documents and devices when not in use.
● Employee Training and Policies: We maintain internal policies and provide training to employees regarding the importance of privacy and security. Employees are required to keep customer information confidential and are subject to disciplinary measures if they fail to do so. We also have procedures in
place to handle any suspected data security incident.
While we strive to protect your personal information using the measures above, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your information. In the event of a data breach or security incident that affects your personal data, we will notify you and the appropriate authorities as required by applicable law (for example, we will follow GDPR and state law requirements for breach notification). We also will take all reasonable steps to mitigate the impact and prevent any further unauthorized access.

Your Rights
You have rights regarding your personal information, and DM Car Rental is committed to honoring those rights. This section describes the rights you have under privacy laws and how you can exercise them. Your rights may vary depending on your location and the applicable law, but we include here rights under both the European GDPR and the California CCPA. We provide equal respect and consideration to all individuals, regardless of location, so you can contact us with any concerns or requests and we will do our best to accommodate them in line with the strictest applicable standard.

Your Rights Under the GDPR (for EU/EEA and UK Individuals)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the GDPR (General Data Protection Regulation) regarding the personal data that we hold about you. These include:
● Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to access that data. Upon request, we will provide you with a copy of your personal information that we have, in a common electronic format, along with details on how we use it . This is sometimes called a “Data Subject Access Request.”
● Right to Rectification: If any of your personal information is incorrect or incomplete, you have the right to request that we correct or update it . For example, if you change your phone number or notice an error in your address, you can ask us to fix it.
● Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances . This “right to be forgotten” applies, for instance, if the
data is no longer necessary for the purposes it was collected, if you withdraw consent (where the processing was based on consent) or if you object to processing and we have no overriding legitimate grounds to continue, or if we are required to delete it to comply with law. Please note this right is not absolute – sometimes we must retain certain information for legal reasons (e.g., transaction records for auditing or safety reasons) and in such cases we will inform you of our need to retain that data.
● Right to Restrict Processing: You have the right to ask us to limit or pause the processing of your personal data in certain situations. For example, if you contest the accuracy of the data or have objected to our processing, you may request restriction while the issue is resolved. When processing is restricted, we will still store your data but not use it until the restriction is lifted.
● Right to Object: You have the right to object to our processing of your personal information when such processing is based on our legitimate interests or for direct marketing purposes. If you object on grounds relating to your particular situation, we will evaluate your request and will no longer process the data unless we have compelling legitimate grounds that override your interests, rights, and freedoms or if needed for legal claims. If you object to processing for direct marketing, we will honor that unconditionally – for example, if you opt out of marketing emails, we will stop sending them.
● Right to Data Portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible . This right applies when the processing is based on your consent or a contract and is carried out by automated means. In plain terms, this allows you to reuse your data across different services.
● Right to Withdraw Consent: In cases where we rely on your consent to process your personal information (such as for sending marketing communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing that is based on other legal grounds. If you withdraw consent for marketing, we will stop the specific activity you consented to, such as sending promotional emails.
● Right to Lodge a Complaint: If you believe we have infringed your privacy rights or GDPR requirements, you have the right to lodge a complaint with a Data
Protection Authority (DPA) in your country of residence or work, or where an alleged infringement took place. We encourage you to contact us first at [email protected] so we can address your concerns directly, but you are free to reach out to your DPA at any time.
To exercise any of your GDPR rights, please contact us using the contact information provided in the “Contact Information” section below. We may need to verify your identity before fulfilling your request (for example, by asking you to confirm some details we have on file). We will respond to your request within one month, or inform you if we need more time as allowed by law. Exercising these rights is generally free of charge.

Your California Privacy Rights (CCPA/CPRA)
If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Under the CCPA, California consumers have specific rights regarding their personal information. We are committed to extending those rights and disclosures to you. These rights include:
● Right to Know (Disclosure of Information Collection and Sharing): You have the right to request that we disclose to you the specific pieces and categories of personal information we have collected about you . This includes the categories of personal information, the categories of sources from which the information was collected, the business or commercial purpose for collecting (or sharing) the information, and the categories of third parties with whom we share personal information. Essentially, you can ask us to detail what personal data we have about you and what we do with it. Much of this information is already provided in this Privacy Policy. You also have the right to request a copy of the specific personal information we collected about you over the past 12 months, which we will provide to you in a readily usable format (either electronically or by mail).
● Right to Deletion: You have the right to request that we delete personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. For example, we may retain information needed to complete the transaction for which it was collected (such as fulfilling an ongoing rental or providing a refund), to detect security incidents or protect against illegal activity, to comply with a legal obligation (like maintaining records for legal compliance/taxation), or for other internal uses consistent with the context in which you provided the information (as permitted by CCPA). If an
exception applies, we will inform you in our response.
● Right to Correct Inaccurate Information: Under the CPRA amendments (effective 2023), California residents have the right to request correction of inaccurate personal information maintained about them. If you become aware that information we have about you is incorrect, you can request that we correct it. Upon verifying your identity and the accuracy of the new information, we will correct our records accordingly.
● Right to Opt-Out of Sale or Sharing of Personal Information: The CCPA gives consumers the right to direct a business that sells personal information to stop selling it, and the CPRA extends this to sharing for cross-context behavioral advertising. However, as stated above, DM Car Rental does not sell your personal information to third parties, and we do not share your data for targeted advertising purposes. Because we don’t sell or share your data in that manner, you do not need to take any action to opt out. If in the future we ever consider selling personal data, we will provide a clear “Do Not Sell or Share My Personal Information” option on our website as required by law.
● Right to Limit Use of Sensitive Personal Information: The CPRA also gives California consumers the right to limit how a business uses “sensitive personal information” (SPI) if it’s used for purposes beyond what is necessary to provide services. Sensitive information can include things like driver’s license numbers, precise geolocation, and financial information. In our case, we collect certain sensitive pieces of data (for example, your driver’s license number and possibly a government ID image for verification, which could be considered sensitive). We only use such sensitive information for purposes necessary to perform the rental services (e.g., verifying your identity and eligibility, fraud prevention, legal compliance). We do not use or disclose sensitive information for purposes like profiling or targeted advertising. Therefore, the right to limit use of SPI is not applicable to our practices, since we are already limiting our use to what is permitted. If you have any questions or specific requests regarding sensitive data usage, you may contact us.
● Right to Non-Discrimination: We will never discriminate or retaliate against you for exercising any of your rights under the CCPA. This means if you choose to exercise your privacy rights (such as requesting deletion or opting out of certain uses of your data), we will not deny you services, charge you a different price, or provide a different level of service unless permitted by the CCPA. In some cases, if the exercise of your rights affects our ability to provide the service (for example,
if you request deletion of all your data, we may not be able to continue a current rental), we will explain the situation to you. But we will not punish you for making a privacy rights request.
Exercising Your California Rights: If you are a California resident and wish to exercise your Right to Know, Right to Delete, or Right to Correct, please submit a verifiable consumer request to us using the contact information in the “Contact Information” section below. In your request, please specify which right you seek to exercise and provide enough information for us to verify your identity. Typically, we will ask you to provide at least two or three pieces of information that we have on file (such as your past reservation details, email address, or driver’s license number) to confirm you are the consumer (or an authorized agent of the consumer). You may also make a request on behalf of your minor child. We will confirm receipt of your request within 10 business days and respond to your request within 45 calendar days. If needed, we may take up to an additional 45 days (90 days total) but will let you know the reason for the delay. There is no fee for making a request unless it is excessive or unfounded, in which case we will inform you of the reason and provide a cost estimate before proceeding.

Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or to comply with new legal requirements. If we make material changes to how we collect, use, or share your personal information, we will notify you by (for example) prominently posting a notice of the changes on our website or app, and/or by contacting you at the email address we have on file. The “Effective Date” at the top of this policy will be updated to the date of the latest revisions. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any update to this Privacy Policy will signify your acceptance of the changes, to the extent permitted by law.

Contact Information
If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, or if you wish to exercise any of your rights regarding your personal data, please contact us as follows:
DM Car Rental
Email: [email protected]
Please include “Privacy Inquiry” or “Privacy Request” in the subject line of your email, and provide your name and contact information along with a clear description of your question or request. We will respond as promptly as possible.
If you are contacting us to exercise a privacy right, we may need to request additional information to verify your identity for security purposes. Any information collected for verification will only be used to confirm your identity or authority to make the request and for record-keeping regarding the request.
Thank you for trusting DM Car Rental with your personal information. We are dedicated to protecting your privacy and providing a safe, secure experience for all our customers.