PrivacyPolicy

Last updated: March 2026

We are committed to protecting your personal data.

1. Introduction

DIVO d.o.o. ("we", "us", "our"), operating as DivoCars, is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Slovenian data protection law. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, mobile applications, or engage with our vehicle rental services. This policy applies to all visitors, customers, and users of our services.

2. Data We Collect

We collect the following categories of personal data: Identification data (full name, date of birth, personal identification number, driving license number and validity, ID/passport number); Contact data (email address, phone number, postal address); Payment data (credit card information processed securely through our payment provider Stripe -- we do not store full card details on our servers); Booking and rental data (vehicle preferences, rental dates, pickup/drop-off locations, mileage, fuel level); Technical data (IP address, browser type and version, device information, operating system); Usage data (pages visited, click patterns, time spent on pages, referral source); Communication data (messages sent through our contact forms, email correspondence, support requests).

3. Cookie Policy

Our website uses cookies and similar tracking technologies. Necessary cookies are essential for basic site functionality including page navigation, secure areas access, and booking system operation -- these cannot be disabled. Analytics cookies (Google Analytics) help us understand how visitors interact with our site by collecting anonymized information about page views, session duration, and user journeys. Marketing cookies are used to track visitors across websites to display relevant advertisements and measure campaign effectiveness. You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Disabling certain cookies may affect site functionality.

4. Data Storage and Security

Your personal data is stored on secure servers within the European Economic Area (EEA). We implement appropriate technical and organizational measures to protect your data, including: SSL/TLS encryption for all data transmissions; secure payment processing via Stripe (PCI DSS Level 1 compliant); access controls and role-based permissions for employee data access; regular security audits and vulnerability assessments; encrypted database storage for sensitive personal information; automated backup systems with encrypted storage. We retain your data for the following periods: booking and rental data for 5 years (legal requirement); payment records for 7 years (tax regulations); customer account data until account deletion request; marketing consent records until consent withdrawal; website analytics data for 26 months; communication records for 3 years.

5. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data: Right of access -- you may request a copy of the personal data we hold about you; Right to rectification -- you may request correction of inaccurate or incomplete data; Right to erasure -- you may request deletion of your personal data ("right to be forgotten"); Right to restriction -- you may request that we limit the processing of your data; Right to data portability -- you may request your data in a structured, machine-readable format; Right to object -- you may object to processing based on legitimate interests or for direct marketing; Right to withdraw consent -- you may withdraw consent for data processing at any time without affecting the lawfulness of processing based on consent before withdrawal. To exercise any of these rights, please contact us using the details provided in Section 8. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec).

6. Third-Party Services

We use the following third-party services that may process your personal data: Stripe (payment processing) -- processes payment transactions securely. Stripe's privacy policy governs the handling of your payment data. We do not have access to your full credit card details. Google Analytics (website analytics) -- collects anonymized data about website usage to help us improve our services. IP anonymization is enabled. Google Gemini (AI-powered services) -- may be used to enhance customer support and service recommendations. Data shared with Gemini is processed in accordance with Google's data processing terms. All third-party service providers are required to comply with GDPR and have appropriate data processing agreements in place. We do not sell your personal data to any third party.

7. Legal Basis for Processing

We process your personal data on the following legal bases: Contract performance -- processing necessary to fulfill rental agreements, reservations, and provide our services; Legitimate interests -- processing for fraud prevention, service improvement, business analytics, and security purposes; Consent -- processing for marketing communications, non-essential cookies, and newsletter subscriptions (you may withdraw consent at any time); Legal obligation -- processing required for tax documentation, legal compliance, insurance claims, and regulatory reporting.

8. Contact for Data Requests

For any questions regarding this Privacy Policy, to exercise your data protection rights, or to report a data protection concern, please contact us: DIVO d.o.o., Bratovševa ploščad 24, 1000 Ljubljana, Slovenia. Email: info@divocars.si. Phone: +386 (0)40 876 304. We will respond to all legitimate requests within 30 days. In certain circumstances, we may need to verify your identity before fulfilling your request. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.