Version updated on 25/02/2019
Preserving your privacy is a priority. This policy describes how we collect, use and, if necessary, transfer or store personal information about our customers in connection with the use of the Kirrk application and related services.
KIRRK, located at 36 rue Friant 75014 Paris, is the company responsible for the use of personal data collected in the context of the services offered by the "Kirrk" application.
What is personal data?
It is any information that can directly or indirectly identify a natural person. It is personal information (e.g. driving licence number) that we collect in accordance with the principle of minimisation, either when creating a Kirrk user account and using our services, or when renting a vehicle.
What do we mean by data processing?
Data processing is an operation or a set of operations carried out with the help of automated or non-automated processes and applied to personal data. For example, the collection, recording, transfer, etc. of any form of use or manipulation of information about you.
This protection charter applies to all processing of personal data carried out under the responsibility of KIRRK. In particular, in the context of activities linked to the use of KIRRK or the services offered by KIRRK.
This platform has been developed taking into account rigorous functional and security requirements in alignment with the obligations of the General Data Protection Regulation of 25 May 2018 and the Data Protection Act of 6 June 1978 in its latest version of June 2018.
We only collect and use your personal data if you are of legal age and if this information is essential for the proper functioning of the services you have subscribed to. Additional personal information may be provided to us by you or a clearly identified and authorised partner to enhance your experience when using our services.
Rental Agreement Data
In order to operate our car rental services, our partners may need to provide us with information relating to your booking. This includes the Booking Number; the Date of Booking; the Dates of Hire; the Price of the Booking; and the Options and Details of the Booking.
Data related to our Kirrk application
By using the "Kirrk" mobile application, we collect your data from the moment you create an account, as well as information about the second driver if applicable.
We collect personal information from the ID card and driving licence for the proper execution of the rental contract. This information is verified by our service provider Acuant to ensure its validity and is never stored or transferred to any third party.
Subject to your consent, we may obtain your geo-location data from the "Kirrk" application, which we collect only when collecting a vehicle at the start of a rental for security reasons.
We receive usage data from the Kirrk app from the Apple Store on iPhone or the Play Store on Android. This data is necessary to improve your experience.
Vehicle usage data
When using the vehicle, we collect, via our service providers, vehicle geolocation information, as well as information about the use of the vehicle (door opening, engine starting, etc.) which is necessary for the proper functioning of our system, the safety of our vehicle fleet and to improve the quality of our services.
We may also collect this information, even if you are not registered on the mobile application, as set out in the privacy policies of our car rental partners with whom you may have booked your rental.
Data related to the use of our website
We apply a policy of cookies and similar technologies in order to collect information about your device (computer, tablet, smartphone, etc.) to facilitate the browsing experience and improve the service during your visit to the website https://www.kirrk.com
We remind you that a cookie is a small data file that is transferred to your device to serve several purposes. For example, to recognise your browser, the language of your system, to keep your preferences... We use so-called "persistent cookies" which remain on your device for 30 days after visiting our website.
Your data is used securely and transparently for the purposes of producing the services we provide to you. This applies both to the steps before, during and after the vehicle rental period involving the legal administrative steps necessary for the vehicle rental contract.
We need your data for the following purposes:
To validate the creation of the Kirrk account on the mobile application which allows the verification of the documents necessary for the rental of the vehicle,
The geolocation of vehicles is necessary to find the rented vehicle via the Kirrk application and to guarantee the security of our operations,
Manage incidents during the rental period to improve the services provided to customers.
Enforce applicable legal, regulatory and administrative requirements (if any).
Recognition of your language preference through so-called "language cookies" or analysis of the performance, operation and efficiency of the service through "analytics cookies".
Carrying out statistical or other research and development analyses in order to develop new (personalised) services and improve the user experience.
Data is exchanged with partners or service providers
The operations involved in the services provided by the Kirrk platform require links with clearly identified external entities. We may need to provide information about you to our suppliers in order to perform our services.
This may include, for example, payment management or background check organisations; cloud hosting providers such as Microsoft's AZURE and OVH; data analysis providers; entities that help KIRRK improve the security of its applications; fleet management partners using Kirrk services.
Anonymised data will potentially be shared with insurance and financial partners; vehicle solution providers or third party vehicle suppliers.
Our platform is entirely housed in the Cloud. Consequently, it benefits from the proven security measures put in place by our hosting and cloud service providers, namely OVH and Azure, each of which is a leader in its field and complies with GDPR obligations.
We organise the security of data processing flows through technical and physical cyber security measures. Access control devices, firewalls and data encryption techniques have been implemented.
According to the Regulation, you have several rights, the first of which is the right to be informed about all actions taken on your data. This is the "right to information" which is the basis of this privacy statement.
In the event of a request for access to your information by exercising the "right of access", it is up to us to inform you of the purposes of our processing, the various data in our possession, their sources, the potential recipients, etc.
The right of rectification allows you to obtain a modification of information concerning you on simple request.
You have the possibility to demand that Kirrk deletes all information relating to your person by exercising the "right to erasure", also known as the "right to be forgotten". In this case we will have to delete your data as soon as possible without failing to inform our partners about your request so that they too can apply it.
By means of the "right to object" you can, on request, object to the processing of your data by us until such time as it has come to an end. We will implement your request without delay, provided that your request does not cause Kirrk to violate its own obligations with regard to the applicable regulations.
The "right to portability" allows you, upon written request, to receive your data in our possession in a usable format (e.g. CSV).
If you wish to reduce the scope of use or certain categories of your data, for example, you can exercise the "right to restrict processing". Once your request has been considered by Kirrk, we require our partners and suppliers to comply with this action.
You can exercise your rights by contacting us via the contact form available on the application interface, or by writing to the DPO (Data Protection Officer) via the contact form (help.kirrk.com).
In order for your request to be processed, you must be logged in to the application or to Kirrk online support (help.kirrk.com) to validate your identity. In addition, your message must contain the following information: the nature of the request; the scope of the request; the type of data concerned; your telephone number known to our services.
Alternatively, the DPO can also be contacted by e-mail at firstname.lastname@example.org. Only complete requests will be considered. A complete request must contain the nature of the request, the scope concerned, the type of data concerned, an identity document and your telephone number.
You have the possibility to refer to the CNIL
In addition, without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), if you consider that the processing applied to your data constitutes a violation of the Regulation or a deprivation of your rights and freedoms.
Obligation to inform you and our partners
We are committed to informing you about all our activities concerning your data, as well as any possible changes to our platform. We do everything necessary to facilitate the exercise of your rights by implementing accessible and rapid communication channels. We respond to your requests in a timely manner.
Our compliance ecosystem protects your data
We educate our partners and service providers to take into account regulatory requirements to ensure the overall protection of personal data entrusted to them. A compliance charter is submitted to subcontractors and contractual clauses integrating data protection are adopted.
KIRRK does not transfer personal data to a third country or to any other international organisation outside the EU.
Notification of data breaches
In the event of a personal data breach, KIRRK undertakes to notify the competent supervisory authority (CNIL) no later than 72 hours after becoming aware of it in accordance with Article 33 of the EU Regulation 2016/679.
Where a personal data breach is likely to result in a high risk to the rights and freedoms of an individual, KIRRK undertakes to inform the data subject of the said breach as soon as possible in accordance with Article 34 of the EU Regulation 2016/679.
We ask for your consent for specific processing
Information from e.g. geolocation or cookies is only collected if you have given your consent. You can freely withdraw your consent at any time, but in this case we will inform you about the risks of deterioration in the quality of the services provided.
For example, you can deactivate the geolocation of the Kirrk Access application on your mobile phone at any time via the settings on your phone. You will understand that without the geolocation function of the smartphone, we cannot direct you to the location of the vehicle you wish to pick up.
We give you the opportunity to choose the cookies.
As a user of the Kirrk services, you are free to authorise or refuse the storage of cookies in your terminal with the appropriate settings in your browser. On this point, Kirrk invites you to consult the advice on how to use these settings, depending on the browser used, which can be found on the CNIL website: http://www.cnil.fr/vos-libertes/vos-traces/les-cookies/.
The configuration of each browser is specific to its design; it can be found in the help menu which allows you to know how to modify your choices regarding cookies. The user can manage cookies according to the browsers used:
We have defined the retention period
Your data is collected to serve only the purposes expressed in the subscribed service contracts. We proceed to systematically delete your information as soon as it is no longer needed, in particular when the user account is closed.
KIRRK reserves the right to modify and update this policy at any time and without prior notice, in particular if new features, new services or new partnerships enrich KIRRK's offers or if we introduce modifications following recommendations made by the supervisory authorities.
The new version will in this case be published on our Website and our application. The changes made are binding on you and you are therefore required to refer to them each time you log on in order to be aware of the current provisions with which you must comply. Notification of these changes constitutes acceptance of the policy, unless you indicate otherwise via our help centre.
A cookie is a small data file that is transferred to your device (e.g. your phone or computer). For example, one cookie may allow us to recognise your browser, while another may store your preferences. Two types of cookies are used on the Kirrk Platform: (1) "session cookies" and (2) "persistent cookies". Session cookies normally expire when you close your browser, whereas persistent cookies remain on your device after you close your browser and can be used again the next time you visit the Kirrk Platform.
Why does Kirrk use these technologies?
We use these technologies for a number of reasons, for example to: