1. This section contains information regarding DRIVALIA's data handling practices in reference to the processing of data from the drivalia.it website’s users.

2.  The information is also valid for the purposes of art. 13 of Legislative Decree no. 196/2003, Code for the protection of personal data, and for the purposes of Article 13 of the EU Regulation no. 2016/679 (GDPR), concerning the protection of individuals with regard to the processing of personal data and the free circulation of such data, for those who interact with the home page: www.drivalia.it

3. The information is provided only for the DRIVALIA websites, and not for other websites that may be consulted by the user through links contained therein.

4. The purpose of this document is to provide information on the methods, timing and nature of the information, that the data controllers must provide to users when connecting to DRIVALIA’s web pages, regardless of the purpose of the connection, according to Italian and European legislations.

5. The information may undergo changes due to the introduction of new rules in this regard, therefore the user is invited to periodically check this page.


1 – Data Controller

1. The data controller is the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the processing personal data. He also deals with security profiling.

2. With regards to this website, the data controller is: DRIVALIA S.p.A., and for any clarification or to exercise the rights of the user, the following email address is available for the user: privacy@drivalia.it.

2 – Data Processor


1. The data processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

2. Pursuant to Article 28 of EU Regulation no. 2016/679, upon the appointment by the data controller, the data processor of the DRIVALIA website is: IM*MEDIA S.r.l. with registered office in Palermo, via Generale Magliocco, 27.

3 – Where the data is processed

  1. The processing of the data generated by the use of drivalia.it takes place at the registered office, administrative and operational headquarters of the Data Controller. For more information, contact the Controller.
  2. In case of necessity, the data related to the newsletter service can be processed by the Data Processor or subjects appointed by it for this purpose at their own headquarters or offices.


1 – Types of Cookies

1. The DRIVALIA website uses cookies to make the user's browsing experience easier and more intuitive: cookies are short text strings used to store information that may concern the user, his preferences or the device used to access the Internet (computer, tablet or mobile phone) and are mainly used to adapt the operation of the website to the user's expectations, offering a more personalized browsing experience and memorizing the choices made previously.

2. A cookie consists of a reduced set of data transferred to the user's browser from a web server and can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.

3. Cookies do not record any personal information and any identifiable information will not be stored. If the user wishes to, the user can prevent the saving of some or all cookies. However, in this case the use of the website and the offered services could be compromised. To proceed without changing the options related to cookies, the user can simply continue browsing.


Here are the types of cookies that the website uses: see page COOKIE POLICY available for any further information at the following link https://www.drivalia.it/en/customer-service/cookie/



1 – How the data is processed

1.  Among the Personal Information collected from this website, either independently or through third parties, there are: Name, Surname, Date of Birth, Telephone Number, Address, Fax Number, Country, State, Province, Email and Postal Code. Other Personal Data collected may be indicated in other sections of this privacy policy or through informative messages displayed at the time such Data might be collected.
Personal Data may be provided voluntarily by the User, or collected automatically during the use of this website.

2.  Like all websites, this website also makes use of log files in which information collected in an automated manner during user’s visits is recorded. The information collected could be the following:

- internet protocol (IP) address;
- type of browser and parameters of the device used to connect to the website;
- name of the Internet service provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and of exit;
- possibly the number of clicks.

3. The above information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the website and for security reasons. This information will be processed according to the legitimate interests of the holder.

4. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts of damage to the website itself or to cause damage to other users, or in any case harmful activities or activities constituting a crime. Such data is never used for the identification or profiling of the user, but only for the protection of the website and its users, such information will be treated according to the legitimate interests of the owner.

5. If the website allows to create comments, or in case of specific services requested by the user, including the possibility of sending the Curriculum Vitae for a possible working relationship, the website automatically detects and records some identification data of the user, including the e-mail address. This data is considered as voluntarily provided by the user at the time of requesting the specific service. By inserting a comment or other information the user expressly accepts the privacy policy, and in particular agrees that the contents inserted are freely provided to third parties. The received data will be used exclusively to provide the requested service and only for the time needed to provide the service.

6. The information that users of the website decide to make public by using the services and tools made available to them, is provided by the user knowingly and willingly, exempting this website from any liability regarding any violation of the laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international regulations.

2 – Purposes of data processing

1. The data collected by the website during its operation is used for the purposes indicated above and for the following purposes:

  • The personal data collected by DRIVALIA S.p.A. will be used primarily to make reservations and provide the related car rental services, to provide assistance to customers, to prepare accounting documentation, tax documentation and possible statements of accounts. It may happen that some of the aforesaid services are carried out by affiliated companies or companies collaborating with DRIVALIA S.p.A. In the moment in which the customer communicates his or her data, for the purpose of making a reservation or concluding a rental contract, he consents to the use of his or her personal data according to the indications and procedures contained in this paragraph.


  • DRIVALIA SpA can use or communicate customer’s personal data:

▪     for the purpose of protecting its assets or its commercial activity

▪     to implement the necessary solutions or to limit damage deriving from the customer’s failure to comply with the provisions of the rental agreement

▪     to implement the recovery of due credits

▪     for the resolution of unlawful acts of any kind before competent judicial and administrative bodies (eg misappropriation and theft)

▪     for communications connected to acquisitions and / or transfer of holdings; as part of possible corporate actions including investments in other companies or in the event that other companies acquire financial interests in DRIVALIA S.p.A., the latter could include personal data as commercial assets to be transferred. These transfers of data will take place in any case in compliance with the Privacy Law and regulations.

▪     Personal data may be disclosed to third parties (eg law enforcement agencies or debt collection companies) without notice

Once the consent has been given by the user, in regards to the use of personal data for commercial and marketing purposes, the customer is informed that the collection and use of the data for the aforementioned purposes involves the analysis of the same data, aimed at the development of programs and commercial offers or personalized services of both our company and third parties. The customer's consent can therefore determine the commercial contact for:

▪     communications of various kinds from our company (commercial programs, offers, promotions, etc.)

▪     communications of various kinds from our partners (commercial programs, offers, promotions, etc.)

▪     communications of various kinds jointly offered by our company and / or agents and / or business partners.

For the use of the data referred to above, DRIVALIA S.p.A. may communicate the data collected to third parties such as: Affiliates, agents, business partners, etc.

2. The Data will be retained: for the period strictly necessary to achieve the aforementioned purpose and in any case not exceeding 2 years for marketing purposes and any profiling, and for a maximum duration of 10 years for purposes related to legal obligations regarding document preservation for tax purposes. After this period, in the absence of a new prior consent, the data will be automatically deleted or will be made anonymous for statistical purposes.

3. The data used for security purposes (to block attempts to damage the website) is kept for the time strictly necessary to achieve the previously indicated purpose.

N.B.: In any case, the user’s rights will always be respected and guaranteed as described in paragraph V.

3 – Data provided by the user

1. As indicated above, the optional, explicit and voluntary sending of e-mails to any of the addresses indicated on this website entails the subsequent acquisition of the sender's e-mail address, necessary to respond to requests, as well as any other personal data included in the message.

4 – Support for browser configuration

1. The user can manage cookies through the settings of his browser. However, deleting cookies from your browser may remove the preferences you have set for this website.

2. For further information and support it is also possible to visit the specific help page of the web browser you are using:

5 – Social Network Plugins

1. This website also incorporates plugins and / or buttons for social networks, in order to allow easy sharing of content on your favourite social networks. These plugins are programmed not to set any cookies when accessing the page, to safeguard the privacy of users. Cookies may be set, if so provided by social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user browses while being logged into the social network then he has already agreed to the use of cookies conveyed through this website when registering to the social network.

2. The collection and use of the information obtained by means of the plugin are governed by the respective privacy policies of the social networks. For further details please refer directly to their policies:

▪     Facebook: https://www.facebook.com/help/cookies

▪     Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter

▪     Google+: http://www.google.com/policies/technologies/cookies

▪     Pinterest: https://about.pinterest.com/it/privacy-policy

▪     AddThis: http://www.addthis.com/privacy/privacy-policy

▪     Linkedin: https://www.linkedin.com/legal/cookie-policy


1. Article. 13, c. 2 of EU Regulation 2016/679 lists the user's rights.

2. The DRIVALIA website therefore wants to inform the user about the existence of:

– the user's right to ask to the holder for access to his or her personal data (Article 15 of the EU Regulation), to request the data is updated (Article 7, paragraph 3, letter a) of Legislative Decree 196/2003), its rectification (Article 16 of the EU Regulation), its integration (Article 7, paragraph 3, letter a) of the Legislative Decree 196/2003) or that the processing that concerns it is limited (Article 18 of the EU Regulation), or to refuse, for legitimate reasons, that the data may be processed (Article 21 EU Regulation), in addition to the right to data portability (Article 20 EU Regulation);

- the right to request the cancellation (Article 17 of the EU Regulation), the transformation into anonymous form or the blocking of data processed in violation of the law, including that which does not need to be kept in relation to the purposes for which the data was collected or subsequently processed (Article 7, paragraph 3, letter b) of Legislative Decree 196/2003);

– the right to obtain confirmation that the operations of updating, rectification, integration of data, cancellation, blocking of data, transformation have been brought to the attention, also in terms of their content, of those to whom the data was communicated to or diffused, except in the case in which this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right (Article 7, paragraph 3, letter C) Legislative Decree 196/2003);

3. Requests can be sent to the data controller, without formalities or, alternatively, using the template provided by the The Italian Data Protection Authority (Garante per la protezione dei dati personali), or by sending an email to: privacy@drivalia.it

4. If the data processing is based on art. 6, paragraph 1, lett. a) - express consent to the use - the user has the right to withdraw the consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.


5. Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the The Italian Data Protection Authority (Garante per la protezione dei dati personali), the authority responsible for monitoring data processing in Italy.

6. For a more in-depth examination of the user’s rights, please refer to articles 15 et seq. of the 2016/67 EU Regulation and the art. 7 of Legislative Decree no. 196/2003.

7. The user is informed in case there is an obligation to provide personal data as well as the possible consequences of not communicating such data (example: requests from law enforcement).


1. This website may share some of the data collected with services located outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of EU Regulation 2016/679, for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

2. Data will never be transferred to third countries that do not comply with the conditions set out in Article 45 et seq. of the EU Regulation.


1. This website treats users' data in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Data Processing is carried out using IT and / or telematics tools, with organizational methods and with logics strictly related to the indicated purposes.

2. In addition to the Data Controller, in some cases, categories of employees involved in the organization of the website (staff from administrative, commercial, marketing, legal departments and system administrators), or external subjects (as suppliers of third party technical services, mail carriers, hosting providers, IT companies, communication agencies) could have access to the data.



1. The present document, published at: https://www.drivalia.it/it/customer-service/privacysito/ constitutes the privacy policy of this website.

The user will find information regarding the processing of personal data with specific reference to the rental service at:https://www.drivalia.it/it/customer-service/privacyservizio/

These may be subject to changes or updates. Users are invited to periodically consult these pages to keep up-to-date with the latest legislative updates.

2. The document was updated on 21/05/2018 to comply with the relevant regulations, and in particular in compliance with EU Regulation 2016/679 (GDPR).