In the following we would like to inform you about the types of personal data processed by SIXT RIDE and about the purposes of such data processing. We would also like to inform you about important legal aspects of data protection, such as your rights.
Sixt Ride GmbH & Co. KG, Zugspitzstrasse 1, D-82049 Pullach (hereinafter also referred to as SIXT RIDE) is the controller that will process your data.
If you have any questions regarding data protection, please address your query to the following e-mail address: email@example.com .
You can also contact our data protection officer by writing to the above-stated address (reference: data protection officer).
The following categories of personal data may be processed by us in connection with our services:
Art. 6 (1) sentence 1 point a) of the General Data Protection Regulation (GDPR): Pursuant to this provision, the processing of your personal data is lawful if and to the extent that you have given your consent to such processing.
Art. 6 (1) sentence 1 point b) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the performance of a contract (e.g., transportation service agreement) to which you are a party, or in order to take steps at your request prior to entering into a contract (e.g., when booking a vehicle).
Art. 6 (1) sentence 1 point c) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for compliance with a legal obligation to which SIXT is subject.
Art. 6 (1) sentence 1 point f) GDPR: Pursuant to this provision, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by the controller, i.e., SIXT RIDE, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, i.e., you yourself.
Personal data are collected and processed via websites, the app, the telephone, or an intermediary, for example, if you provide such data, e.g., especially for the purpose of arranging transportation service agreements with third parties transportation service providers for the booking of vehicles, for the purpose of using the platform with a registered account, for the purpose of identification by logging in or for the purpose of communicating with us, e.g., through the forms that you submit to us or by sending e-mails to us. The personal data that we collect include:
We use these data for the purposes described above or for purposes that arise from the respective request, for example, to process specific booking requests or to process your preferences.
The Sixt Ride booking process provides you with the option of storing a credit card and paying for your ride by credit card. (The card will only be charged after the ride has been completed).
Sixt Ride uses a PCI-DSS certified payment service provider (PSP) for credit card payments. This service is required to protect your credit card information.
Sixt Ride itself does not store any of your credit card information. In order to allow you to reuse an already-registered card for future bookings, we simply store a reference number that uniquely identifies your credit card.
For your security and ours, we also use your information to prevent fraud and payment default. For this purpose, we work together with the service provider Kount Inc., 917 Lusk Street, Suite 300, Boise, ID 83706 USA. The service provider analyses your master and contract data to ensure its authenticity and to prevent fraud risks.
Art. 6 (1) sentence 1 point b) GDPR applies to data processing for the fulfilment of transportation service agreements concluded between you and third party transportation service providers (booking vehicles), as well as for the fulfilment of the platform usage contract that was concluded with you. Art. 6 (1) sentence 1 point f) GDPR applies to the processing of data to the extent required to settle accounts vis-à-vis third parties, to assert our own claims, and to mitigate risks.
Our legitimate interest in processing your personal data for purposes of risk prevention is to avoid fraudulent bookings and payment defaults.
We will disclose your data to the following recipients for the purposes named above (in particular to inform the driver company about the booking or to process a payment): financial service providers, risk prevention service providers, SIXT Group companies, and cooperation partners.
We process your master data, communication data and contract data for purposes of promoting customer loyalty, implementing loyalty and bonus programmes (including our own programmes and those of our cooperation partners) and optimising customer offers.
You may object to any processing or use of your data for direct marketing purposes at any time. Please send any objections to: Sixt Ride GmbH & Co. KG, , reference: Widerspruch (Appeals), Zugspitzstrasse 1, D-82049 Pullach or by e-mail: firstname.lastname@example.org .
Art. 6 (1) sentence 1 point a) GDPR applies to data processing for purposes of implementing direct marketing measures that require explicit advance consent.
Art. 6 (1) sentence 1 point f) GDPR applies to data processing for purposes of implementing direct marketing measures that do not require explicit advance consent, and of implementing the marketing measures mentioned (→ Purposes of data processing).
Our legitimate interests in using your personal data for purposes of implementing direct marketing measures and the marketing measures mentioned lie in the fact that we want to convince you of our services and promote a lasting customer relationship with you.
For the purposes described in the foregoing, we disclose your data to IT service providers, call centres, advertising partners and providers of customer loyalty programmes.
In order to ensure that customers can conveniently book to be picked-up from their current location by using the Sixt Ride mobile applications (Android and iOS apps), our apps are able to determine your location, provided that you have consented that your GPS data be transmitted in the app. These location data are not stored and are used only to determine the pick-up point. Further, we are able to determine the coordinates of drivers via their mobile phones, even while you are in the vehicle. This helps us to arrange additional bookings and to conduct booked rides and to provide customers with information about their upcoming ride (for instance what time the driver will arrive).
Art. 6 (1) sentence 1 point a) GDPR applies to the processing of data based on your consent; Art. 6 (1) sentence 1 point b) or f)GDPR applies to the collecting of driver location data.
Our legitimate interest in collecting the location data of drivers lies in offering location-related services and features.
We transmit personal data collected during the booking flow (in particular invoice data, including possibly also in the form of monthly statements) to your employer or the third party who is to pay your invoice.
Art. 6 (1) sentence 1 point b) GDPR provides for data processing for the purposes of booking and customer relations, otherwise Art. 6 (1) sentence 1 point f) GDPR.
Insofar as the processing of data for the purpose of settling the account with your employer or third parties is concerned, our legitimate interest is in being able to assert invoice amounts and other claims or to determine the party against which the damage claim is asserted.
In the event of an automobile accident arising out of transportation services arranged for you by Sixt ride, we may process your master data, communication data, contract data and, if applicable, data concerning health for the following purposes:
We also process your master data, communication data and contract data for purposes of fulfilling legal obligations (e.g. providing information to investigating authorities).
Should the competent authorities suspect of an administrative or criminal offence involving an automobile accident in connection with transportation services arranged for you by Sixt ride, then we will process not only the master data pertaining to you that we have stored, but also the data conveyed to us by the competent authorities.
Art. 6 (1) sentence 1 point b) GDPR applies to data processing for purposes of complaints management, providing customer services in cases of damage, and processing damages resulting from accidents.
Art. 6 (1) sentence 1 point c) GDPR applies to data processing for purposes of investigations carried out by competent legal authorities in connection with processing damages and handling claims resulting from accidents.
Art. 9 (2) point f) GDPR applies to the processing of data concerning health for purposes of establishing, exercising or defending the customers legal claims.
For the purposes described in the foregoing, we disclose your data to the following recipients: public authorities (investigating authorities; regulatory authorities; police authorities), experts, assistance services providers, independent transportation service providers, lawyers and insurance companies.
Our websites use “cookies”, and our App uses corresponding analytics tools. Cookies are small text files that are copied from a web server onto your hard disk. Cookies contain information that can later be read by a web server within the domain in which the cookie was assigned to you. Cookies cannot execute any programmes or infect your computer with viruses. The cookies used by us contain no personal data and are not linked to any such data. Analytics tools store data about the use of the app either in the app itself, or they transmit (anonymised) usage evaluations to the operator of the app.
Art. 6 (1) sentence 1 point f) GDPR applies where personal data is processed.
Our legitimate interests in processing your personal data via our websites and app lie in our desire to optimise our Internet offering and, as such, offer our customers best possible services and increase customer satisfaction.
If you book rides with us in third countries, we will transfer your personal data to your contract partner (e.g. third party platform / transportation service provider) in the third country on the basis of an adequate decision according to Art. 45 of GDPR or on the basis of the requirements of Art. 49 (1) (b) or (c) GDPR, insofar as the transfer is necessary to conduct pre-contractual or contractual provisions requested by you.
In all other cases, the transfer of your data to a third country is based on an adequacy decision by the European Commission. If no adequacy decision by the European Commission exists for the respective third country, then the transfer to that third country will take place subject to appropriate safeguards as per Art. 46 (2) GDPR. In particular, as per Art. 46 (2) (c) GDPR, SIXT RIDE will sign the European Commission’s standard data protection clauses with data controllers and processors based in third countries where no adequacy decision exists. You can request copies of the aforementioned safeguards from SIXT RIDE by writing to the address specified above (cf. → Controller). Third countries are countries outside the European Economic Area. The European Economic Area comprises all countries of the European Union as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.
SIXT RIDE stores your personal data until they are no longer necessary for the purposes for which they were collected or otherwise processed (cf. → Purposes of data processing at SIXT RIDE). Where SIXT RIDE is under legal obligation to store personal data, it will store personal data for the preservation period stipulated by law. The preservation period for commercial documents, which include bookkeeping documents and accounting records (including invoices), is 10 years. During this period, your data may be subject to restricted use within day-to-day operations if its processing serves no further purposes. The data that are recorded by the mobile phones of drivers (cf. → GPS tracking) are erased after a period of three months.
You have the right to, at reasonable intervals, obtain information about your personal data under storage (Art. 15 GDPR). The information you are entitled to includes information about whether or not SIXT RIDE has stored personal data concerning you, about the categories of personal data concerned, and about the purposes of the processing. Upon request, SIXT RIDE will provide you with a copy of the personal data that are processed.
You also have the right to obtain from SIXT RIDE the rectification of inaccurate personal data concerning you (Art. 16 GDPR).
You furthermore have the right to obtain from SIXT RIDE the erasure of personal data concerning you (Art. 17 GDPR). We are under obligation to erase personal data in certain circumstances, including if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you withdraw the consent on which the processing is based, or if the personal data have been processed unlawfully.
Under certain circumstances, you have the right to have the processing of your personal data restricted (Art. 18 GDPR). These include circumstances in which you contest the accuracy of your personal data and we then have to verify such accuracy. In such cases, we must refrain from further processing your personal data, with the exception of storage, until the matter has been clarified.
Should you opt to change to a competitor of SIXT RIDE, you have the right either to receive, in a machine-readable format, the data that you provided to us based on your consent or on a contractual agreement with us, or to have us transmit, also in a machine-readable format, such data to a third party of your choice (Right to data portability, Art. 20 GDPR).
You are not contractually or legally obliged to provide us with your personal data. Please note, however, that you cannot enter into a contract for our services if we are not permitted to collect and process the data as required for the purposes specified in the foregoing (see → The purposes of data processing at SIXT RIDE)
If the processing of your data by SIXT RIDE is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) sentence 1 point (e) GDPR) or if it is necessary in the legitimate interests of SIXT RIDE, then you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. SIXT RIDE will then end the processing, unless we can present compelling legitimate grounds for such processing that supersede the grounds for ending the processing.
You may object, at any time and without restriction, to the processing of your personal data for purposes of direct advertising.
If data processing at SIXT RIDE is based on your consent, then you have the right to, at any time, withdraw the consent you granted. The withdrawal of consent shall not affect the lawfulness of processing between the time consent was granted and the time it was revoked.
You have the right to lodge complaints with the supervisory authority responsible for SIXT RIDE. Please send such complaints to the following address:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Last amended in: March 2020