Privacy Policy

Heraklion Car Hub — your data, your rights, our responsibility

1. Introduction

Welcome to Heraklion Car Hub ("we", "us", "our"), a car rental aggregator operating at heraklioncarhub.com. We are committed to protecting your personal data and your right to privacy in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the applicable Greek national data protection legislation, as supervised by the Hellenic Data Protection Authority (HDPA) at dpa.gr.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data. By using our website, you agree to the terms of this Privacy Policy.

Last updated: April 2026

2. Data Controller

Company name: Heraklion Car Hub
Website: heraklioncarhub.com
Email: book@heraklioncarhub.com

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the email address above.

3. What Personal Data We Collect

We collect only the minimum personal data necessary to provide our car rental aggregation service. This may include:

  • Contact information: name, email address, phone number (when you submit an enquiry or make a booking)
  • Booking details: pickup/return location, rental dates, selected vehicle category, insurance options
  • Driver information: driving license number, date of birth, nationality (required by rental partners for vehicle handover)
  • Payment data: we do not store full card details. Payment processing is handled by secure third-party payment providers; we only receive booking confirmation
  • Technical data: IP address, browser type and version, pages visited, time on site, referral source, device type (collected via analytics tools)
  • Cookie data: see our Cookie Policy section below

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

  • To process and fulfil car rental reservations — legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • To communicate with you about your booking — confirmation emails, booking vouchers, and service updates — legal basis: performance of a contract
  • To transmit required data to rental partner companies to enable vehicle handover at Heraklion Airport or your hotel — legal basis: performance of a contract
  • To comply with legal obligations (tax, accounting, anti-fraud requirements) — legal basis: legal obligation (Art. 6(1)(c) GDPR)
  • To improve our website and services through anonymised analytics — legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • To respond to your enquiries submitted via email — legal basis: legitimate interest or consent

5. Data Sharing and Third Parties

Heraklion Car Hub is an aggregator platform. To fulfil your car rental booking, we share necessary personal data with:

  • Partner rental companies operating in Heraklion and Crete — who require your name, contact details and driver information to complete the rental agreement
  • Booking and payment system providers (LocalRent affiliate system at localrent.com) — for reservation processing
  • Analytics providers (Yandex Metrika) — for anonymised website usage analysis

We do not sell, rent or trade your personal data to third parties for marketing purposes. All partner companies are required to handle your data in compliance with GDPR.

6. Cookies

Our website uses cookies to improve your browsing experience and analyse traffic. We use the following types of cookies:

  • Essential cookies: required for the basic functioning of the website and booking widget. These cannot be disabled.
  • Analytics cookies: used by Yandex Metrika to collect anonymised data on how visitors use our site (pages visited, time spent, device type). No personally identifiable information is stored.
  • Functional cookies: remember your preferences (e.g. language settings) during your session.

By continuing to use our website, you consent to our use of cookies as described above. You can control and manage cookies through your browser settings at any time.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Booking records and related personal data: retained for up to 3 years after the booking date for accounting and legal compliance purposes
  • Email enquiries: retained for up to 2 years unless you request earlier deletion
  • Analytics data: retained in anonymised/aggregated form indefinitely

After the retention period expires, your data will be securely deleted or anonymised.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — you can request that we delete your personal data, subject to certain legal exceptions
  • Right to restriction of processing — you can request that we limit how we use your data in certain circumstances
  • Right to data portability — you can request that we provide your data in a structured, machine-readable format
  • Right to object — you can object to our processing of your data based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us at book@heraklioncarhub.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at dpa.gr.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure or destruction. These include SSL/TLS encryption for all data in transit, restricted access to personal data within our organisation, and regular review of our data security practices.

However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

10. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe we have inadvertently collected data from a minor, please contact us at book@heraklioncarhub.com and we will promptly delete it.

11. Third-Party Links

Our website may contain links to third-party websites (such as rental company websites, Google Maps, or our booking partner localrent.com). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we offer. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

Continued use of our website after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: