Privacy policy

Version updated on 25/02/2019

Preserving your privacy is a priority. This policy describes how we collect, use and, if necessary, transfer or store personal information about our customers in connection with the use of the Kirrk application and related services.  

KIRRK, located at 36 rue Friant 75014 Paris, is the company responsible for the use of personal data collected in the context of the services offered by the "Kirrk" application.

What is personal data?

It is any information that can directly or indirectly identify a natural person. It is personal information (e.g. driving licence number) that we collect in accordance with the principle of minimisation, either when creating a Kirrk user account and using our services, or when renting a vehicle.  

What do we mean by data processing?

Data processing is an operation or a set of operations carried out with the help of automated or non-automated processes and applied to personal data. For example, the collection, recording, transfer, etc. of any form of use or manipulation of information about you.

What are the standards and fields of application?

This protection charter applies to all processing of personal data carried out under the responsibility of KIRRK. In particular, in the context of activities linked to the use of KIRRK or the services offered by KIRRK.

This platform has been developed taking into account rigorous functional and security requirements in alignment with the obligations of the General Data Protection Regulation of 25 May 2018 and the Data Protection Act of 6 June 1978 in its latest version of June 2018.  

How do we receive your data?

We only collect and use your personal data if you are of legal age and if this information is essential for the proper functioning of the services you have subscribed to. Additional personal information may be provided to us by you or a clearly identified and authorised partner to enhance your experience when using our services.

Rental Agreement Data

In order to operate our car rental services, our partners may need to provide us with information relating to your booking. This includes the Booking Number; the Date of Booking; the Dates of Hire; the Price of the Booking; and the Options and Details of the Booking.

Data related to our Kirrk application

By using the "Kirrk" mobile application, we collect your data from the moment you create an account, as well as information about the second driver if applicable.

We collect personal information from the ID card and driving licence for the proper execution of the rental contract. This information is verified by our service provider Acuant to ensure its validity and is never stored or transferred to any third party.

Subject to your consent, we may obtain your geo-location data from the "Kirrk" application, which we collect only when collecting a vehicle at the start of a rental for security reasons.

We receive usage data from the Kirrk app from the Apple Store on iPhone or the Play Store on Android. This data is necessary to improve your experience.

Vehicle usage data

When using the vehicle, we collect, via our service providers, vehicle geolocation information, as well as information about the use of the vehicle (door opening, engine starting, etc.) which is necessary for the proper functioning of our system, the safety of our vehicle fleet and to improve the quality of our services.

We may also collect this information, even if you are not registered on the mobile application, as set out in the privacy policies of our car rental partners with whom you may have booked your rental.

Data related to the use of our website

We apply a policy of cookies and similar technologies in order to collect information about your device (computer, tablet, smartphone, etc.) to facilitate the browsing experience and improve the service during your visit to the website https://www.kirrk.com  

We remind you that a cookie is a small data file that is transferred to your device to serve several purposes. For example, to recognise your browser, the language of your system, to keep your preferences... We use so-called "persistent cookies" which remain on your device for 30 days after visiting our website.

What do we use your data for?

Your data is used securely and transparently for the purposes of producing the services we provide to you. This applies both to the steps before, during and after the vehicle rental period involving the legal administrative steps necessary for the vehicle rental contract.

We need your data for the following purposes:  

To validate the creation of the Kirrk account on the mobile application which allows the verification of the documents necessary for the rental of the vehicle,

The geolocation of vehicles is necessary to find the rented vehicle via the Kirrk application and to guarantee the security of our operations,

Manage incidents during the rental period to improve the services provided to customers.

Enforce applicable legal, regulatory and administrative requirements (if any).

Recognition of your language preference through so-called "language cookies" or analysis of the performance, operation and efficiency of the service through "analytics cookies".

Carrying out statistical or other research and development analyses in order to develop new (personalised) services and improve the user experience.

Data is exchanged with partners or service providers

The operations involved in the services provided by the Kirrk platform require links with clearly identified external entities. We may need to provide information about you to our suppliers in order to perform our services.

This may include, for example, payment management or background check organisations; cloud hosting providers such as Microsoft's AZURE and OVH; data analysis providers; entities that help KIRRK improve the security of its applications; fleet management partners using Kirrk services.  

Anonymised data will potentially be shared with insurance and financial partners; vehicle solution providers or third party vehicle suppliers.

How secure is your data?

Our platform is entirely housed in the Cloud. Consequently, it benefits from the proven security measures put in place by our hosting and cloud service providers, namely OVH and Azure, each of which is a leader in its field and complies with GDPR obligations.

We organise the security of data processing flows through technical and physical cyber security measures. Access control devices, firewalls and data encryption techniques have been implemented.  

What are your rights?

According to the Regulation, you have several rights, the first of which is the right to be informed about all actions taken on your data. This is the "right to information" which is the basis of this privacy statement.

In the event of a request for access to your information by exercising the "right of access", it is up to us to inform you of the purposes of our processing, the various data in our possession, their sources, the potential recipients, etc.

The right of rectification allows you to obtain a modification of information concerning you on simple request.

You have the possibility to demand that Kirrk deletes all information relating to your person by exercising the "right to erasure", also known as the "right to be forgotten".   In this case we will have to delete your data as soon as possible without failing to inform our partners about your request so that they too can apply it.  

By means of the "right to object" you can, on request, object to the processing of your data by us until such time as it has come to an end. We will implement your request without delay, provided that your request does not cause Kirrk to violate its own obligations with regard to the applicable regulations.

The "right to portability" allows you, upon written request, to receive your data in our possession in a usable format (e.g. CSV).

If you wish to reduce the scope of use or certain categories of your data, for example, you can exercise the "right to restrict processing". Once your request has been considered by Kirrk, we require our partners and suppliers to comply with this action.

How can you exercise your rights?

You can exercise your rights by contacting us via the contact form available on the application interface, or by writing to the DPO (Data Protection Officer) via the contact form (help.kirrk.com).

In order for your request to be processed, you must be logged in to the application or to Kirrk online support (help.kirrk.com) to validate your identity. In addition, your message must contain the following information: the nature of the request; the scope of the request; the type of data concerned; your telephone number known to our services.

Alternatively, the DPO can also be contacted by e-mail at dpo@kirrk.com. Only complete requests will be considered. A complete request must contain the nature of the request, the scope concerned, the type of data concerned, an identity document and your telephone number.

You have the possibility to refer to the CNIL

In addition, without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), if you consider that the processing applied to your data constitutes a violation of the Regulation or a deprivation of your rights and freedoms.

What are our obligations?

Obligation to inform you and our partners

We are committed to informing you about all our activities concerning your data, as well as any possible changes to our platform. We do everything necessary to facilitate the exercise of your rights by implementing accessible and rapid communication channels. We respond to your requests in a timely manner.

Our compliance ecosystem protects your data

We educate our partners and service providers to take into account regulatory requirements to ensure the overall protection of personal data entrusted to them.  A compliance charter is submitted to subcontractors and contractual clauses integrating data protection are adopted.

KIRRK does not transfer personal data to a third country or to any other international organisation outside the EU.

Notification of data breaches  

In the event of a personal data breach, KIRRK undertakes to notify the competent supervisory authority (CNIL) no later than 72 hours after becoming aware of it in accordance with Article 33 of the EU Regulation 2016/679.

Where a personal data breach is likely to result in a high risk to the rights and freedoms of an individual, KIRRK undertakes to inform the data subject of the said breach as soon as possible in accordance with Article 34 of the EU Regulation 2016/679.

We ask for your consent for specific processing

Information from e.g. geolocation or cookies is only collected if you have given your consent. You can freely withdraw your consent at any time, but in this case we will inform you about the risks of deterioration in the quality of the services provided.

For example, you can deactivate the geolocation of the Kirrk Access application on your mobile phone at any time via the settings on your phone. You will understand that without the geolocation function of the smartphone, we cannot direct you to the location of the vehicle you wish to pick up.

We give you the opportunity to choose the cookies.

As a user of the Kirrk services, you are free to authorise or refuse the storage of cookies in your terminal with the appropriate settings in your browser. On this point, Kirrk invites you to consult the advice on how to use these settings, depending on the browser used, which can be found on the CNIL website: http://www.cnil.fr/vos-libertes/vos-traces/les-cookies/.

The configuration of each browser is specific to its design; it can be found in the help menu which allows you to know how to modify your choices regarding cookies. The user can manage cookies according to the browsers used:

For Internet Explorer™

For Safari

For Chrome

For Firefox

For Opera

We have defined the retention period  

Your data is collected to serve only the purposes expressed in the subscribed service contracts. We proceed to systematically delete your information as soon as it is no longer needed, in particular when the user account is closed.

Changes to this policy

KIRRK reserves the right to modify and update this policy at any time and without prior notice, in particular if new features, new services or new partnerships enrich KIRRK's offers or if we introduce modifications following recommendations made by the supervisory authorities.

The new version will in this case be published on our Website and our application. The changes made are binding on you and you are therefore required to refer to them each time you log on in order to be aware of the current provisions with which you must comply. Notification of these changes constitutes acceptance of the policy, unless you indicate otherwise via our help centre.

Cookies policy

Kirrk uses cookies and similar technologies to power, protect and improve the Kirrk Platform. This policy explains how and why we use these technologies and the choices available to you.

A cookie is a small data file that is transferred to your device (e.g. your phone or computer). For example, one cookie may allow us to recognise your browser, while another may store your preferences. Two types of cookies are used on the Kirrk Platform: (1) "session cookies" and (2) "persistent cookies". Session cookies normally expire when you close your browser, whereas persistent cookies remain on your device after you close your browser and can be used again the next time you visit the Kirrk Platform.

We also use other technologies that provide similar functionality to cookies, such as web beacons, pixels, mobile device identifiers, and tracking URLs, to obtain Login Data (as described in the Privacy Policy). For example, our e-mails may contain web beacons and tracking URLs to determine whether you have opened a particular message or accessed a particular link.

Why does Kirrk use these technologies?
We use these technologies for a number of reasons, for example to:

  • Allow you to use and access the Kirrk Platform and Payment Services.
  • Enable, facilitate and simplify the operation of and your access to the Kirrk Platform.
  • To better understand how you navigate and interact with the Kirrk Platform and to improve it.
  • To provide you with personalised advertising (on the Kirrk Platform and on third party websites).
  • To send you content (including advertisements) that is more relevant to you.
  • Monitor and analyse the performance, operation and effectiveness of the Kirrk Platform and advertisements.
  • To enforce legal agreements governing the use of the Kirrk Platform.
  • For fraud detection, prevention and investigation purposes.
  • For our own customer service, analysis, research, product development and regulatory compliance.