Version updated from 25/02/2019
The preservation of your privacy is a priority. We describe through this policy how we collect, use and, where applicable, transfer or store personal information about our customers in connection with the use of the Kirrk application and associated services.
KIRRK SAS, located at 11 rue Cambrai 75019 Paris, is responsible for the use of personal data collected as part of the services offered by the "Kirrk" application.
What is personal data?
It refers to any information that directly or indirectly identifies a natural person. This is the personal information (e. g. driver's license number) that we collect in accordance with the principle of minimization, either when creating the Kirrk user account and using our services, or when renting a vehicle.
What do we mean by data processing?
It is an operation or set of operations carried out with or without automated processes and applied to personal data. For example, the collection, recording, transfer... any form of use or manipulation of information about you.
1. What are the standards and fields of application?
This protection charter applies to all processing of personal data carried out under the responsibility of KIRRK. In particular in the context of activities related to the use of KIRRK or the services offered by KIRRK
This platform has been developed taking into account rigorous functional and security requirements in line with the obligations of the General Data Protection Regulation of 25 May 2018 and the Data Protection Act of 6 June 1978 in its latest version of June 2018.
2. How do we receive your data?
We only collect and use your personal data if you are of legal age and if this information is essential for the proper functioning of the services you have subscribed to. Additional personal information may be provided to us by you or by a clearly identified and authorized partner to improve your experience using our services.
Data related to rental contracts
The proper functioning of the services concerning the rental of vehicles may lead our partners to send us information related to your reservation. In particular the Booking Number; the Booking Date; the Rental Dates; the Booking Price; as well as the Booking Options and Details.
Data related to our Kirrk application
The use of the mobile application "Kirrk" allows us to collect your data as soon as the user account is created, as well as information about the second driver if necessary.
We collect personal information from the Identity Card and Driver's License for the proper performance of the rental agreement. This information is verified by our service provider Acuant to ensure that it is validated, without ever being stored or transferred to any third party.
Subject to your consent, we may obtain your geolocation data from the "Kirrk" application, which we collect only when recovering a vehicle at the beginning of the rental period for security reasons.
We receive Kirrk application usage data from the Apple Store on iPhone or the Play Store on Android. This data is necessary to improve your experience.
Data related to the use of the vehicle
When using the vehicle, we collect, via our service provider 2hire, vehicle geolocation information, as well as information on vehicle use (opening doors, starting the engine, etc.) necessary for the proper functioning of our system, the safety of our vehicle fleet and the improvement of the quality of our services.
We may also collect this information, even if you are not registered on the mobile application, as provided for in the privacy policies of our car rental partners after which you could have booked your rental.
Data related to the use of our website
We apply a policy of cookies and similar technologies to collect information about your device (computer, tablet, smartphone, etc.) in order to facilitate the browsing experience and improve the service during your visit to the website https://www.kirrk.com
We remind you that a cookie is a small data file that is transferred to your device for several uses. For example, to recognize your browser, the language of your system, to keep your preferences... We use so-called "persistent" cookies that remain on your device for 30 days after visiting our website.
3. For what purpose do we use your data?
Your data is used securely and transparently for the production needs of the services we provide to you. This applies both to the steps before, during and after the vehicle rental period involving the legal administrative steps necessary for the vehicle rental contract.
We need your data for the following purposes:
- Validate the creation of the Kirrk account on the mobile application that allows you to check the documents required to rent the vehicle,
- The geolocation of vehicles is necessary to find the rented vehicle via the Kirrk application and guarantee the safety of our operations,
- Manage incidents during the rental period to improve the services provided to customers.
- Enforce existing laws, regulations and administrative provisions (if applicable).
- Recognition of your preferred language through cookies called "language cookies" or an analysis of the performance, functioning and efficiency of the service through "cookies analytics".
- Perform statistics or other research and development analyses to develop new (customized) services and improve the user experience.
Data is exchanged with partners or service providers
The operations involved in the services provided by the Kirrk platform require links with clearly identified external entities. We may rightly provide information about you to our suppliers for the performance of our services.
This may include, for example, payment management or background check organizations; cloud hosts such as Microsoft's AZURE and OVH; data analysis providers; entities that help KIRRK improve the security of its applications; and management partners of a fleet of vehicles using Kirrk services.
Anonymized data will potentially be shared with insurance and finance partners; vehicle solution providers or third-party vehicle suppliers.
4. How is your data secured?
Our platform is entirely hosted in the Cloud. As a result, it benefits from the security measures already proven, implemented by our hosts and cloud service providers, namely OVH and Azure, which are each leader in their domain and comply with GDPR obligations.
We organize the security of data processing flows through technical and physical measures in the field of cyber security. Information access control devices, firewalls and data encryption techniques have been implemented.
5. What are your rights?
In the event of a request for access to your information through the exercise of the "right of access", it is our responsibility to inform you about the purposes of our processing, the different types of data in our possession, their origins, potential recipients, etc.
The right of rectification allows you to obtain a modification of information concerning you on simple request.
You have the possibility to request that Kirrk delete all information relating to your person by exercising the "right to erase" also known as the "right to forget". In this case we will have to delete your data as soon as possible, without failing to inform our partners at the same time about your request so that they too can apply it.
Thanks to the "right of opposition" you can oppose yourself on request until the final stop of the operations that we carry out on your data. We will immediately apply your wishes, provided that your request does not lead Kirrk to take a position that would violate its own obligations with regard to the regulations in force.
The "right to portability" allows you, upon written request, to receive your data in our possession and in a usable format (Example CSV).
If you wish to reduce the scope of use or certain categories of your data, for example, you can exercise the "right to limit processing". Once your request is taken into account at Kirrk, we require the alignment of our partners and suppliers with this action.
6. How can you exercise your rights?
You can exercise your rights by contacting us via the contact form or by writing to the DPO (Data Protection Officer).
In order to process your request, your message must contain the following information: the nature of the request; the scope concerned; the type of data concerned; your telephone number known to our services.
The DPO can be contacted by email at firstname.lastname@example.org. Only complete applications will be considered. A complete request must contain the nature of the request, the scope involved; the type of data involved, an identity document and your telephone number.
You have the possibility to enter the CNIL
In addition, without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) if you consider that the processing applied to your data constitutes a violation of the regulation or a deprivation of your rights and freedoms.
7. What are our obligations?
Obligation to inform you and raise awareness among our partners
We are committed to informing you about all our activities regarding your data, as well as any changes that may occur to our platform. We do what is necessary to facilitate the exercise of your rights by implementing Accessible and fast communication channels. We answer your requests within the deadlines in force.
Our compliance ecosystem protects your data
We make our partners and service providers aware of the regulatory requirements in order to guarantee the overall protection of the personal data entrusted to them. A compliance charter is submitted to subcontractors and contractual clauses incorporating data protection are adopted.
KIRRK does not transfer personal data to a third country or to another international organisation outside the EU.
Notify in case of data breach
In the event of a violation of personal data, KIRRK undertakes to notify the competent supervisory authority (CNIL) no later than 72 hours after becoming aware of it in accordance with Article 33 of EU Regulation 2016/679.
When a violation of personal data is likely to create a high risk to a person's rights and freedoms, KIRRK undertakes to inform the data subject of the violation as soon as possible, in accordance with Article 34 of EU Regulation 2016/679.
We ask for your consent for specific processing operations
Information such as geolocation or cookies is only collected if you have given your consent. You have the possibility to withdraw it freely at any time; but in this case we do not fail to inform you about the risks of deterioration in the quality of the services provided.
For example, you can disable the geolocation of the Kirrk Access application on your mobile at any time by using your phone's settings. You will understand that without the smartphone's geolocation function, we cannot direct you to the location of the vehicle you want to recover.
We give you the opportunity to choose cookies
As a user of Kirrk's services, you are free to allow or refuse the recording of cookies in your device with the appropriate settings in your browser. On this point, KIRRK invites you to consult the instructions for using these parameters, depending on the browser used, accessible on the CNIL website page: http://www.cnil.fr/vos-libertes/vos-traces/les-cookies/.
The configuration of each browser is specific to its design and can be found in the help menu, which allows you to find out how to modify your cookie choices. The user can manage cookies according to the browsers used:
We have defined the retention duration
Your data is collected to serve only the purposes expressed in the service contracts you have signed. We systematically delete your information as soon as it is no longer needed, in particular when closing the user account.
8. Changes in this policy
KIRRK reserves the right to modify and update this policy at any time and without notice, in particular if new features, new services or new partnerships are added to KIRRK's offers or if we make changes following recommendations made by the supervisory authorities.
The new version will then be published on our Website and application. The modifications made are binding on you and you are therefore required to refer to them at each connection in order to be aware of the provisions in force with which you must comply. Notification of these changes constitutes acceptance of the policy, unless you indicate otherwise via our help centre.