Privacy Policy
Last updated: February 26, 2026
1. Data Controller
KlikDeal ("we", "us", "our") operates an online marketplace platform that connects vehicle rental agencies and owners with renters. We are the data controller responsible for the personal data we collect through our platform. If you have questions about this policy or wish to exercise your data protection rights, contact us at:
- Email: info@klikdeal.com
- Contact page: klikdeal.com/contact
2. What Personal Data We Collect
We collect the following categories of personal data:
a) Account Data
When you register: first name, last name, email address, phone number, password (hashed), and optionally a company name. If you register via Google, we receive your name and email from Google.
b) Driver & Booking Data
When you make a booking: driver's license number, license expiry date, date of birth, and any messages you send to vehicle owners.
c) Verification Documents
If identity verification is required: scanned ID documents (passport, national ID, driver's license), document numbers, and expiry dates. These are stored on private, non-publicly-accessible servers and permanently deleted immediately after verification review (whether approved or rejected).
d) Payment Data
Rental payments are arranged directly between renters and rental agencies/owners. KlikDeal does not currently collect or process rental payments. If KlikDeal introduces a platform service fee in the future, payment card details for that fee will be collected and processed exclusively by our payment processor, Stripe. In that case, we will not store your full card number — only a Stripe customer ID and payment intent references.
e) Technical Data
IP address (for security and fraud prevention), browser type, and session data. We use essential cookies for site functionality (session, CSRF protection). See Section 9 for full cookie details.
3. Legal Basis for Processing
Under the EU General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation & management | Performance of a contract (Art. 6(1)(b)) |
| Processing bookings & payments | Performance of a contract (Art. 6(1)(b)) |
| Sharing driver data with vehicle owners | Performance of a contract (Art. 6(1)(b)) |
| Identity verification (document checks) | Legitimate interest in platform safety (Art. 6(1)(f)) |
| Fraud prevention & security (IP logging) | Legitimate interest (Art. 6(1)(f)) |
| Essential cookies (session, CSRF) | Legitimate interest (Art. 6(1)(f)) |
| Functional cookies (reCAPTCHA) | Consent (Art. 6(1)(a)) |
| Analytics cookies (Google Analytics) | Consent (Art. 6(1)(a)) |
4. How We Share Your Data
We share your personal data only when necessary:
- Vehicle owners/renters: When you make a booking, your name, phone number, email, and (for car rentals) driver license details are shared with the vehicle owner to process the rental. This is clearly indicated on the booking form.
- Stripe (payment processor): If a platform service fee is introduced, payment data for that fee will be processed by Stripe Inc. under their own privacy policy. Stripe is certified under the EU-US Data Privacy Framework.
- Google (reCAPTCHA): If you consent to functional cookies, Google reCAPTCHA is used on login and registration forms for bot protection. Google may process your IP address and set cookies. This is only activated with your explicit consent.
- Google (Analytics): If you consent to analytics cookies, Google Analytics is used to collect anonymous usage data (pages visited, session duration, device type). Your IP address is anonymized. Google may set cookies. This is only activated with your explicit consent. See Google's Privacy Policy.
- Google (Maps): On vehicle detail pages, we use Google Maps to display pickup locations. When you view these pages, Google may process your IP address and set cookies. See Google's Privacy Policy.
- Law enforcement: We may disclose data when required by law or to protect the rights and safety of our users.
We do not sell your personal data to any third party.
5. International Data Transfers
Your data is primarily stored within the European Economic Area (EEA). When data is transferred to third-party services outside the EEA (such as Stripe or Google), it is protected by:
- EU-US Data Privacy Framework certification (Stripe, Google)
- Standard Contractual Clauses (SCCs) approved by the European Commission
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Booking records | 6 years after booking (legal/tax obligation) |
| Verification documents (images) | Deleted immediately after review decision |
| Verification status records | Until account deletion |
| Messages between users | Until account deletion |
| Payment references (Stripe IDs) | 6 years (legal/tax obligation) |
7. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data via your account settings.
- Right to Erasure (Art. 17): Delete your account and associated data directly from your account settings. Some data may be retained for legal obligations (e.g., anonymized booking records for tax purposes).
- Right to Data Portability (Art. 20): Export your data in JSON format directly from your account settings.
- Right to Restrict Processing (Art. 18): Request that we limit the processing of your data in certain circumstances.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent (e.g., functional cookies), you may withdraw consent at any time via the cookie settings in our website footer. Withdrawal does not affect the lawfulness of prior processing.
To exercise any of these rights, contact us at info@klikdeal.com. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- HTTPS encryption for all data in transit
- Encryption at rest for sensitive personal data (e.g., government ID numbers, driver license numbers, addresses) using AES-256 encryption
- Verification documents stored on private (non-publicly-accessible) storage
- Passwords hashed using bcrypt
- CSRF protection on all forms
- Access controls and authentication for administrative functions
9. Cookies
We use the following categories of cookies:
Essential Cookies (always active)
- Session cookie — maintains your login session
- CSRF token — protects against cross-site request forgery attacks
- Cookie consent — stores your cookie preferences
- Remember me — keeps you logged in between sessions (if selected)
Functional Cookies (consent required)
- Google reCAPTCHA — used on login and registration forms for bot protection. Google may set cookies and process your IP address. Only loaded after you consent via the cookie banner. See Google's Privacy Policy.
Analytics Cookies (consent required)
- Google Analytics — collects anonymous usage statistics to help us improve the site. Tracks page views, session duration, and user interactions. IP addresses are anonymized. Only loaded after you consent via the cookie banner. See Google's Privacy Policy.
You can manage your cookie preferences at any time using the link in our footer.
10. Children's Privacy
Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.
11. Right to Lodge a Complaint
If you believe we have not handled your data in accordance with the GDPR, you have the right to lodge a complaint with your local Data Protection Authority (DPA). You can find your DPA at edpb.europa.eu.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a prominent notice on our platform. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
For any questions regarding this Privacy Policy or your personal data, contact us at:
- Email: info@klikdeal.com
- Contact page: Contact Us