Privacy Policy

Last updated: August 29, 2025

Introduction and Scope

This Privacy Policy explains how Car Rental Gateway Ltd. (“Car Rental Gateway”, “we”, “us”, or “our”) collects, uses, and protects your personal data when you use our website. It covers personal data gathered through our website forms and through your general use of the site. This Policy does not apply to any third-party websites or services that we may link to – those services have their own privacy policies. By using our website or submitting information through our site, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the site.

Who We Are (Data Controller)

Car Rental Gateway Ltd. (Office 17, Access House, Manor Road, West Ealing, London W13 0AS, United Kingdom) is the data controller responsible for your personal data processed via this website. If you have any questions or concerns about this Privacy Policy or your personal data, you can contact us at info@carrentalgateway.com or by mail at the address above.

Personal Data We Collect

We only collect personal data on our website that you choose to provide to us or that is collected automatically in the course of using our site. We do not publicly display or publish your personal data on our website, and we do not sell your personal information to anyone.

The types of data we collect include:

1. Information You Provide Voluntarily

Job Application Data: On our Careers page, if you apply for a position, we collect the personal information you provide in the application form. This typically includes your name, email address, phone number, CV/résumé, cover letter, and any other details you choose to share about your employment history or qualifications. We use this data solely to evaluate your application, contact you about the recruitment process, and (if successful) proceed with hiring steps.
Contact/FAQ Inquiry Data: On our FAQ or contact page, you may submit questions or requests. When you fill out our question submission form (for instance, if you didn’t find an answer in the FAQ section), we collect your name, email address, and the content of your inquiry. We use this information to respond to your question and provide assistance or information you requested.

Note: The information you send us through these forms is used only for its intended purpose (processing your application or answering your query). We will not post or publish your name, contact details, or messages on our website. We treat these submissions as private correspondence between you and Car Rental Gateway.

2. Information Collected Automatically

Server Logs: Like most websites, our servers automatically record certain data when you visit our site. This log data may include information such as your IP address, the date and time of your visit, the pages or resources you accessed, the URL that referred you to our site (for example, a search engine or linking page), the browser type and version you are using, your operating system, and other technical details. This information is collected by our web server for the purposes of delivering the site to you and maintaining security. For example, we use log data to troubleshoot issues, analyze traffic patterns, and protect against fraudulent or unauthorized activity. This automatically collected data generally does not identify you directly, and we do not use it to try to identify individual visitors. It is used in aggregate or for technical monitoring of the website’s performance and integrity.
Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar technologies to ensure our website functions properly and to enhance your experience. For instance, some cookies are essential for navigation or to remember your preferences. We also use cookies for analytics as described in the next section. The information collected via cookies may include non-personal details about your device and browsing actions – for example, your device’s IP address, browser type, operating system, language settings, and how you interact with our site (pages visited, time spent, and navigation history). This data helps us understand how the site is used and how we can improve it. You can control cookies through your browser settings (see Cookies and Analytics Tools below for more detail).

Cookies and Analytics Tools

We utilize a few third-party tools and cookies to analyze website traffic and improve our services. We value your privacy, so we use these tools in a privacy-conscious manner. Where required by law, we will ask for your consent before using non-essential cookies or analytics.

Below are the tools we use and what they do:

Google Analytics 4: We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 uses cookies or similar identifiers to collect information about website usage, such as the pages you view, the time you spend on pages, clicks and navigation, and technical information about your device (including IP address, which is anonymized in GA4). Google Analytics compiles this data to give us aggregate reports on website traffic and usage patterns. This helps us improve site content and user experience. The information generated by the Google Analytics cookies (including a truncated IP address) may be transmitted to and stored by Google on servers in other countries (e.g., the United States). However, Google Analytics 4 is configured not to collect personally identifying information, and Google truncates (anonymizes) IP addresses in the EU/EEA to protect user privacy. We have also configured Google Analytics to respect any consent requirements. Data collected by GA4 is used for statistical analysis; we do not receive information that personally identifies any visitor. (For more details on how Google may process this data, you can refer to Google’s Privacy Policy.) You are free to opt out of Google Analytics – for example, by not consenting to analytics cookies on our site, by using browser settings or extensions to block analytics, or by using Google’s opt-out tools. Disabling Google Analytics will not affect your ability to use our website.
Google Tag Manager: Our site uses Google Tag Manager to manage scripts and tracking tags in a convenient way. Google Tag Manager is a tool that allows us to deploy analytics and other code on our website from a single interface. Importantly, Google Tag Manager itself does not collect any personal data. It does not set cookies or track you; instead, it simply “triggers” other tags that we have installed (such as Google Analytics). Google Tag Manager does not access any data you submit; it only helps load the other tools. If you opt out of a particular tag (for example, if you disable analytics cookies), the Tag Manager will honor that and prevent the disabled tool from running.
Google Search Console: We use Google Search Console (GSC) to monitor our website’s presence in Google search results and to understand how our site is performing in organic search. Unlike analytics tools, Google Search Console does not collect any personal data from our site visitors. It operates within Google’s systems and provides us with aggregated information such as overall search query volumes, our site’s click-through rates, and technical site health metrics. GSC does not use any cookies or tracking on our website, and it does not identify individual users. Because of this, we do not need to obtain consent specifically for Search Console – it’s simply a reporting tool that helps us improve our site’s SEO and fix website errors. No personal user information is received by us through Search Console.

Your Choices: When you first visit our website, you may be presented with a notice or banner about cookies. If required by applicable law, we will request your consent before setting non-essential cookies (such as Google Analytics cookies) on your device. You can always choose to disable or delete cookies through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or alert you when new cookies are being set. Please note that if you disable all cookies, some parts of our site might not function correctly (for example, essential features may not work). However, disabling analytics cookies will not significantly affect your ability to use the site; it will only limit our ability to collect insights about your usage. We honor Do Not Track signals and other global privacy controls as applicable.

How We Use Your Personal Data

We use the personal data collected through our website for the following purposes:

To Respond to Inquiries and Provide Information: If you contact us via a form (for example, asking a question through the FAQ page or requesting information), we will use your name, email, and the content of your inquiry to communicate with you and answer your questions or provide the requested information. We process this data in order to fulfill your request and provide good customer service.
To Process Job Applications: If you apply for a job with us, we use the personal details you provide (CV, contact info, etc.) to evaluate your qualifications, contact you for interviews or updates, and otherwise manage the recruitment process. If your application is successful, this information will be used to facilitate the hiring and onboarding process. If not, we will retain or delete your data as described in the Data Retention section below.
To Operate and Improve Our Website: We use usage data (both the automatically collected technical data and aggregated analytics insights) to operate, maintain, and improve our website. This includes using data to debug and fix errors, to analyze how users navigate our site, which pages or content are most popular, and to make informed decisions about enhancements or new features. It also includes ensuring the stability and security of the site – for example, using log data to detect and prevent fraud or abuse.
To Ensure Security and Legal Compliance: We may process personal data when necessary to protect the rights, property, or safety of Car Rental Gateway, our users, or others. For instance, IP addresses and log files may be used to detect malicious activity and guard against cyber-attacks. We may also use or disclose personal data if required to comply with a legal obligation, a court order, or to establish or defend legal claims.

We will only use your personal data for the purposes for which we collected it, as explained above. If we need to use your information for an unrelated purpose, we will notify you and, if required, seek your consent.

Legal Bases for Processing

We rely on the following legal grounds to process personal data (as applicable under the General Data Protection Regulation (GDPR) and similar laws):

Performance of a Contract or Request: When you apply for a job or ask us a question, we process your personal data to take steps at your request prior to entering into a contract or to fulfill our obligations to you. For example, processing an application is considered part of entering an employment contract process, and answering your inquiries is providing a service you requested (Art. 6(1)(b) GDPR).
Legitimate Interests: We process certain data to pursue our legitimate business interests in a way that is not overridden by your rights. For instance, it is in our legitimate interest to understand how our website is used, to secure our systems, and to improve our services. When we collect server log data or use Google Analytics (with your consent), or when we keep a record of communications, it may be under the lawful basis of legitimate interests (Art. 6(1)(f) GDPR) – ensuring our website’s proper functioning, security, and efficiency are interests we believe align with both our and our users’ expectations. We always consider your privacy rights and will implement safeguards (like anonymization or opt-outs) to minimize impact on you.
Consent: In certain cases, we rely on your consent to process personal data. For example, where required by law, we will obtain your consent before setting analytics cookies or sending you any marketing communications (which we currently do not do without request). If we ask for consent, you have the right to withdraw that consent at any time, and we will stop the processing in question. Withdrawing consent will not affect the lawfulness of any processing we already performed based on your consent before it was withdrawn.

If you have any questions about the legal basis of how we process your personal data, feel free to contact us for more information. In all cases, we ensure that we have a valid legal basis to collect and use your data and that we honor your rights regarding your data.

Sharing and Disclosure of Personal Data

We treat your personal data with care and confidentiality. We do not sell, rent, or trade your personal information to third parties.

We only share or disclose data in the following circumstances:

With Service Providers (Processors): We may share personal data with trusted third-party service providers who help us operate our website and business. This includes, for example:
- Website Hosting and IT providers: who manage our website infrastructure and storage of data.
- Analytics and Tag Management providers: such as Google (as described above, Google Analytics acts as our data processor for usage data).
- Recruitment management services: We may use third-party software or platforms to collect and process job applications (for instance, an online recruitment portal or applicant tracking system). These providers will receive the data you submit in your application in order to forward it to us and help administer the hiring process.
- Customer Support tools: (if we use any to manage incoming queries) which would process inquiry data on our behalf.
These service providers only process your data on our instructions and for the purposes we specify. We require them to keep your data secure and confidential. We have agreements in place (Data Processing Agreements) where appropriate to ensure your data is protected.
Within Our Corporate Group: Car Rental Gateway is a business operating internationally. If we have affiliates or branch offices (for example, an EU-based branch or a related company), we may share data with them as necessary for internal administrative purposes or to respond to your requests. In such cases, access to personal data is limited to those who need to know it for the functions described in this Policy and is subject to confidentiality obligations.
For Legal Reasons: We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., law enforcement or regulatory agencies). We may also disclose information if we believe in good faith that it is necessary to: (a) comply with a legal obligation or court order; (b) protect and defend the rights or property of Car Rental Gateway; (c) prevent fraud or investigate possible wrongdoing in connection with our website or services; or (d) protect the personal safety of our users or the public.
Business Transfers: In the event that Car Rental Gateway is involved in a merger, acquisition, sale of assets, or reorganization, personal data may be transferred to the parties involved in that transaction as part of the business assets. If such a transfer occurs, we will ensure your personal data remains protected and inform you of any significant changes to how it is used.

In all cases, we minimize the personal data shared and only share what is necessary for the purpose. Whenever personal data is shared with a third party, we take steps to ensure it will be treated with the same level of care and security as if we were handling it directly.

International Data Transfers

Car Rental Gateway is based in the United Kingdom, and our website is accessible to users around the world. When you interact with us, your personal data may be transferred to or stored in servers located in countries other than your own. In particular, some of our service providers are located outside the UK/European Economic Area (EEA). For example, the analytics and tag services we use are provided by Google, which may process data on servers in the United States or other locations. We understand that different countries may have different data protection laws. When we transfer personal data internationally, we take steps to ensure an adequate level of protection for your information in line with applicable legal requirements.

These steps may include:

Relying on countries that have been deemed “adequate” by the European Commission (meaning they offer similar protections to EU law), or
Implementing standard contractual clauses (SCCs) or equivalent legal safeguards in our contracts with the third-party recipients, obligating them to protect your data, or
Ensuring the recipient is certified under an approved data protection framework (for instance, as of 2023, the EU–US Data Privacy Framework for applicable US recipients) providing legally recognized protection.

By using our website or submitting your information to us, you understand that your personal data may be transferred to our facilities and those third parties with whom we share it as described above, even if they are in other countries. However, we will always protect your data in accordance with this Privacy Policy and applicable laws. If you have questions about international data transfers or need more specific information about transfers regarding your personal data, please contact us.

Data Retention

We keep personal data only for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required or permitted by law.

In general:

Inquiry Data: If you contact us with a question (for example, via the FAQ contact form), we will retain the personal data you provided (like your email and the content of your inquiry) for as long as it takes to respond to you and resolve your question, plus a reasonable period thereafter. This additional period allows us to refer back to your inquiry if you follow up, and to improve our customer service. Typically, routine inquiries are not kept for more than 12 months after resolution. In some cases, we may need to keep a record of communications for longer (for example, if it involves a legal matter or a complaint that needs follow-up).
Job Application Data: If you apply for a job and are unsuccessful, we will not retain your application data longer than necessary. Normally, we will delete or anonymize your personal data after the recruitment process for that position is completed, typically within 6 months after the position is filled. This retention allows us to address any potential legal issues (such as discrimination claims) and to keep your application on file in case the position re-opens or a similar role becomes available, if you have permitted us to do so. If you would like us to consider you for future opportunities, you may be given the option to consent to a longer retention of your application (for example, to be kept in our talent pool for up to 1–2 years). If you do provide such consent, we will retain your data as per that agreement or until you withdraw consent. If you are hired for a position at Car Rental Gateway, your application data will be retained and transferred to your employee file, and then kept in accordance with our internal employee data retention policies.
Analytics Data: Data collected via cookies and analytics tools is typically stored in aggregated form. Google Analytics data may be retained by Google for a set period (Google Analytics 4’s standard retention for user-level data can be 14 months by default, with aggregated reports kept longer). We do not store identifiable analytics information on our own systems. Any identifiers (like cookies) stored on your browser will expire over time (GA4 cookies usually expire after up to 2 years if not deleted sooner). You can also clear these cookies at any time to remove the data from your device.
Server Logs: Our web server logs are kept for a limited period, generally no more than a few months. We rotate and purge logs periodically. We retain logs long enough to ensure website security and investigate incidents if they arise but not longer than necessary for those purposes.

After the applicable retention period ends, we will either delete your personal data or anonymize it (so it can no longer be linked to you). If deletion or anonymization is not feasible (for example, because the data is stored in secure backups), we will store the data securely and isolate it from further use until deletion is possible.

Data Security

We are committed to protecting your personal data. We have implemented appropriate technical and organizational security measures to safeguard the information we collect against unauthorized access, alteration, disclosure, or destruction.

These measures include, for example:

Encryption: Our website uses Transport Layer Security (TLS) encryption (often referred to as HTTPS) for all data transmissions. This means that any personal data you submit through our forms is encrypted in transit to prevent eavesdropping. You can verify that TLS is in use by looking for the padlock symbol or “https://” at the beginning of our website URL in your browser.
Access Controls: Personal data is stored on secure servers, and we limit access to those servers and data. Only authorized Car Rental Gateway personnel and service providers who have a “need to know” are granted access to personal data, and they are required to treat it confidentially.
Organizational Policies: We train our staff on data protection best practices and ensure that anyone with access to personal data is aware of their responsibilities to protect it. We have procedures in place to address potential data security incidents, and we continuously review our practices to enhance security.
Secure Infrastructure: We use reputable hosting providers and data centers with robust security certifications. Our systems are protected by firewalls, and we utilize up-to-date security software to protect against viruses and malware. We also backup critical data to prevent loss.
Testing and Updates: We regularly update our software and platforms to apply security patches and mitigate vulnerabilities. We may also perform security testing on our website to identify and address potential weaknesses.

While we strive to protect your information, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Thus, we cannot guarantee absolute security of your data. However, we will continue to follow industry best practices to ensure your data is as safe as possible. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect a vulnerability or have noticed a security issue), please contact us immediately.

Your Rights and Choices

As an individual whose personal data we process, you have certain rights under privacy and data protection laws (such as the GDPR, if you are in the European Union or United Kingdom). We respect these rights and have processes in place to enable you to exercise them.

These rights include:

Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data we hold about you. We will provide you with a copy of your information in a concise, transparent, and easily accessible form.
Right to Rectification: If any of your personal data that we have is incorrect or incomplete, you have the right to request that we correct or update it. We encourage you to let us know if your information changes so we can keep it accurate.
Right to Erasure: You have the right to request that we delete your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing it. We will honor valid deletion requests and, when we delete data, we will also inform any service providers or partners who have received the data to also erase it (to the extent required by law).
Right to Restrict Processing: You can ask us to restrict or “pause” the processing of your personal data in certain situations. For instance, if you contest the accuracy of the data or have objected to our processing (see below), you can request the restriction of processing while your concern is being resolved. When processing is restricted, we will still store your information, but not use it until the issue is resolved.
Right to Data Portability: For data that you have provided to us and that we process by automated means based on your consent or on a contract with you, you have the right to request a copy in a structured, commonly used, machine-readable format. You also have the right to request that we transmit that data to another controller (for example, to another company), where technically feasible.
Right to Object: You have the right to object to our processing of your personal data in certain circumstances. This includes:
- Direct Marketing: If we were to send you marketing communications (which we currently only do if you have explicitly signed up), you can opt out at any time and we will stop sending you further marketing messages. (We provide an unsubscribe option in such communications or you can contact us directly.)
- Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you can object if you feel it impacts your rights or freedoms. In such cases, we will reconsider our processing. We will continue to process your data only if we have compelling legitimate grounds that override your interests, rights, and freedoms, or if it is needed for legal claims.
Right not to be subject to Automated Decisions: We do not use your personal data to make any decisions about you that are made solely by automated means (with no human involvement) and that produce legal or similarly significant effects on you. In the event that we ever decide to implement automated decision-making (e.g., for hiring or profiling purposes), you would have the right to not be subject to such decisions without your consent or without an opportunity for human review. (At this time, this right is mainly mentioned for completeness – we do not engage in automated decision-making that would invoke this right.)
Right to Withdraw Consent: If we rely on your consent to process any personal data (for example, for optional analytics cookies or for keeping your job application on file for future openings), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we conducted prior to your withdrawal. If you withdraw consent for a specific purpose, we will stop the processing of your data for that purpose. For example, if you consented to analytics cookies and then withdraw, we will stop collecting your data via Google Analytics for future visits.
Right to Be Informed: You have the right to be informed about how we collect and use your data. This Privacy Policy is intended to fulfill that right by providing detailed information about our practices. If you have any questions that are not answered here, please let us know.

To exercise any of your rights, please contact us at info@carrentalgateway.com with your request. For security, we may need to verify your identity before fulfilling certain requests, especially for access, deletion, or portability, to ensure we do not disclose or erase the wrong person’s information. We will respond to your request as soon as possible, and in any event within the timeframes required by law (generally within one month for GDPR-related requests, extendable by an additional two months if necessary, with notification to you).

If you feel that we have not addressed your privacy concerns or handled your personal data lawfully, you also have the right to lodge a complaint with a data protection supervisory authority. If you are in the UK, this would be the Information Commissioner’s Office (ICO). If you are in the EU/EEA, you can contact your national Data Protection Authority. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider reaching out to us first, and we will do our best to resolve the issue.

Updates to This Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify users by posting a prominent notice on our website or by other appropriate means. The “Last updated” date at the top of this Policy indicates when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after any changes to this Privacy Policy have been posted will signify your acceptance of those changes, provided that for any material changes that expand how we use or disclose personal data, we will obtain your consent or give you a clear opportunity to opt out, as may be required by law.

Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us. You can reach our privacy team by email at info@carrentalgateway.com.

You may also write to us at:

Car Rental Gateway Ltd.
Office 17, Access House
Manor Road, West Ealing
London W13 0AS
United Kingdom

We value your feedback and your privacy. Thank you for trusting Car Rental Gateway with your personal data – we are committed to keeping that trust.