Privacy Policy
Last updated: 31 May 2026
This Privacy Policy explains how phoenixcarsEV(“we”, “us”) collects and processes your personal data when you sign up for and use our electric car-sharing service, in line with the EU General Data Protection Regulation (GDPR).
This is a template provided for development and should be reviewed by a qualified legal advisor before production use. It is not legal advice.
1. Who is responsible (Data Controller)
phoenixcarsEV is the data controller for the personal data described here. For any privacy request, contact privacy@phoenixcars.gr.
2. What data we collect
- Account data: email address and password (stored hashed).
- Identity & contact: full name, phone number, date of birth.
- Driving licence images: photographs of the front and back of your driving licence, used to verify your eligibility to drive.
- Usage & trip data: vehicle location, trip times, and battery/lock state while you use a vehicle.
- Technical data: essential cookies needed to keep you signed in (see our Cookie Policy).
3. Why we use it and our legal basis
- To provide the service (create your account, unlock vehicles, billing): performance of a contract.
- To verify your driving licence and age (18+): legal obligation and our legitimate interest in road safety and fraud prevention. Processing of licence images is carried out on the basis of your explicit consent given at sign-up.
- To send service emails (registration, activation, account notices): performance of a contract.
- Optional marketing emails: only with your separate consent, which you can withdraw at any time.
4. How long we keep it
We keep your account and licence data for as long as your account is active and as required to meet legal, accounting and fraud-prevention obligations. Licence images are deleted once verification is complete or when your account is closed, whichever is sooner, unless we are required to retain them.
When you exercise your right to erasure, we anonymise your account: your name, email, phone, date of birth and licence images are irreversibly removed and your login is disabled. Records we must retain for accounting (such as trip and payment history) are kept only in de-identified form that can no longer be linked back to you.
5. Who we share it with
We share data only with service providers acting on our behalf (for example email delivery and payment processing) under appropriate data processing agreements, and with authorities where legally required. We do not sell your personal data.
6. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your data (“right to be forgotten”);
- restrict or object to processing;
- data portability;
- withdraw consent at any time (without affecting prior processing); and
- lodge a complaint with your national data protection authority.
To exercise any of these rights, email privacy@phoenixcars.gr. We will respond within one month.
7. Security
Passwords are hashed with bcrypt. Driving licence images and sensitive credentials are encrypted at rest using AES-256-GCM, so they are never stored in readable form in our database. Traffic is served over HTTPS, and access to personal data is restricted to authorised administrators. We apply appropriate technical and organisational measures to protect your data.
8. Changes
We may update this policy. Material changes will be notified and the version date above will be updated.