Privacy Notice

At CarFlexi we aim to help you with your travels and adventures. We want you to travel and explore with comfort and safety. Whatever your destination and specific needs we focus on providing you with vehicles in a budget friendly and trouble-free manner. Looking after the personal data you share with us is an important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more unique and inspiring experience.

CarFlexi is owned by "EMMANKO AG" Our company "EMMANKO AG" is registered in Switzerland and our registration number is CH- Our registered offices in Switzerland are at Gotthardstrasse 14 6300 Zug. The data controller is "EMMANKO AG" and our data processor officer "EMM. KOKOLOGIANNIS & SONS SA" (referred to in this Notice as "we" or "us"). You can always reach us at for further ways to contact us please visit "contact us".

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:

What types of personal data we collect and why we collect it. When and how we may share personal data with third parties The choices you have, including how to access and update your personal data.

We have tried to keep this Notice as simple as possible, but if you are not familiar with terms please contact us at and we will be more than happy to assist you.


We respect your privacy and we will not distribute your personal information to any third party which is not involved in your car rental enquiry. We also use the latest online secure encoding technology to protect the transfer and storage of your private personal data.


In order to help you book the right vehicle to cover your needs and expectations, we ask you for specific information. This is usually the expected standard information, such as your full name, email address, phone number, as well as the exact time of your vehicle reservation

Foremostly we ask you to provide us with personal information in order to ensure that you choose the right vehicle for you and to offer you accordingly the best deal. We may also use your information in order to contact you about new or/and updated services and special offers.

Furthermore, we also collect information from your electronic/digital device from which you access and use our services such as your IP address, the browser you use to access our site, your language settings and other information that can determine your interests and preferences in relation to our services. We may also collect data related to you automatically or from others/third parties

Supplying third parties with your data in order to fulfil our services

In order to provide our services, there are several reasons that we collaborate with third parties and share your data with them. The main reason for sharing your information is to furnish the supplier and car rental provider of your choice with the necessary information to complete your vehicle reservation and (if applicable) the relevant extras (such as insurance).

In order to provide our services we may supply your data to advertisers. Please note that, we may be required by law, to supply your data to state authorities.

How we share your data with third parties

The third parties integrated to our services are the following:

The car rental provider and/or supplier of your choice.

Information we share can include all or some of the following (depending on the car rental provider/supplier: your name and contact details and your particular preferences in relation to your booking with us.

The car rental provider/supplier of your choice may share information with us on whether you have prior bookings with them and about any prior relevant misconduct on your part, in order for the car rental provider/supplier to justify the grounds on which may refuse to provide you with a vehicle. In such cases we cannot be held responsible for the car rental provider's/supplier's refusal at any given time (except in cases where you have informed us of such a possibility beforehand)

In cases of disputes/claims by the car rental provider/supplier we may supply them with specific details directly related to resolving the dispute/claim pertaining to your booking and/or cancellation

Please read carefully the privacy statement of your chosen car rental provider/supplier in order to familiarize yourself with their policy on how they may further process your data supplied by us.

We also use third parties such as financial institutions in order to process payments and chargebacks. In each case we provide said financial institutions with information about your booking and any other information strictly necessary in alleged frauds for detection and prevention purposes.

Furthermore, in order to ensure that relevant advertisement is directed to the right audience we share your data with Google who is our advertising partner. Please note that, when we use your email address for marketing purposes we ensure that, it cannot be used for other purposes. You can always opt out from our marketing emails by simply clicking the "unsubscribe" link found in the main body of said email.

To the extent required by law we may share your personal information with the competent authorities in order to prevent fraud and other crimes.

Please note that, within EU further rules apply for sharing your financial details:

In order to provide the Services, certain of the information we collect (as set out in this Privacy Policy) may be required to be transferred to other related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the Services constitutes your consent to our transfer of such information to provide you the Services.

Specifically, you consent to disclose necessary information to: (i) the police and other law enforcement agencies; (ii) security forces; (iii) competent governmental, intergovernmental or supranational bodies; (iv) competent agencies, departments, regulatory authorities, self-regulatory authorities or organizations, and other third parties, including companies, that: (a) we are legally compelled and permitted to comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US Foreign Account Tax Compliance Act ("FATCA Law") and 18 December 2015 on the OECD common reporting standard ("CRS Law"); (b) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity; or (c) to conduct investigations of violations of our terms and conditions (including without limitation, your funding source or credit or debit card provider).

If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities.

We may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing).

How we share your data within our company "EMMANKO AG"

Within our company we share your personal information for customer support purposes such as to manage your booking and/or handle payments. Also, in order to improve our services through analysis of general data, to market our services to you within the restrictions and requirements of applicable law, to ensure security of your stored data and safeguard both of us from fraudulent activity to the possible extent.

You can also reach our social media via our website. We may use personal data you allow us to collect via our social media. For personal data collected by the social media provider(s) please read and understand their privacy policy(ies).

The techniques and procedures we use in order to prevent unauthorized use and/or misuse of your personal data are such as to ensure security to the possible extent as we impose technical and physical restrictions (only authorized personnel) on our server(s)

However, please note that, the security of your data also depends on you, this includes that you are responsible to safeguard a given password and/or voucher/order number, the details you share with us and make sure that you access our services from a safe device and environment.

Collecting and processing personal information for marketing and advertising purposes

Marketing cookies

We and third parties use marketing cookies in order to collect information over time according to your behaviour on the internet in general. These cookies collect help us inform you about specific products that are most likely to be of your interest.

Thus, we may use retargeting ads on our website and/or across internet.

Please note that, when you interact via our social media, the social media provider may collect information when you click "like" or "share" and we may use a review posted by you and/or other information that may help us interact effectively with you and present you with offers of your interest.

By using comparable information marketing/advertising cookies provide information about your internet/browser behaviour helping us show you personalised ads.

Please familiarize yourself with facebook privacy policy and how Google uses information collected

Emails and pixels

In order to determine whether the information we send to you interests you we place pixels in our emails. It is important that you understand how pixels work. Unlike cookies, pixels do not store any information on your device. We may also use techniques, such as pixels, which we don't mark as cookies because they do not store any information on your device. When we send you an email such as a newsletter, we place an electronic file called pixel which is loaded when you open the email. This technique allows us to see if our email is delivered, whether you opened/read it and whether you clicked on a link contained in our email. We are using the following pixels: Google Tag Manager, Universal Google Analytics, Goolge Analytics 4, Google Ads (Ex AdWords) Remarketing and Conversion Pixel, Yandex Metrika Pixel (analytics, Session Record, Remarketing, Conversion Tracking), Facebook Pixel (analytics and Marketing), Microsoft Clarity Pixel (Analytics & Session Record), Microsoft Universal Event Tracking (Remarketing & Conversion Tracking), Criteo Pixel (Analytics, Remarketing, Conversion tracking)


Always remember that you can opt – out our newsletter by simply clicking the "unsubscribe" link found in the main body of said email.

Personal data of children

Our websites, are not directed to children under the age of majority. We do not knowingly collect information, including personal data, from children or other individuals who are not legally allowed to use our websites, unless you have provided with such information for specific purposes. However, if we realise that we have collected personal data from a child under the age of majority we will delete it immediately. Please contact us if you know or believe that we have mistakenly or unintentionally collected information from a child under the age of majority.

How is your personal data shared and further processed in case you accept our offer(s) to provide you with protection services?

We may need to ask you in order subsequently decide on the extent of your relevant protection, additional personal information required for the relevant extent of our liability, such as names of additional drivers, age, driving license details, driver's condition (e.g. drunk or otherwise, eligible to drive, designated driver or not etc)

In case you make a claim we may ask you to provide us with additional related personal information and any relevant reports such as police reports.

For any clarifications and further information, you may need, please contact as via appropriate channels such as our website, email, telephone, post.

Malicious communication

Please note that, we reserve the right to block or not receive digital/electronic communication that we consider fraudulent or spam or in other way dangerous and/or malicious to either our company or our users/customers. We make sure you always have choices regarding your personal data. Please note that, you can always change your privacy choices with us on our website and you can always visit the Cookie setting of your browser in order to choose the cookies you accept or reject.

Always remember that, choosing to block functional cookies may present you with problems when using our features and services.

You may choose to visit or to learn how to opt out of customised ads.

For more information about cookies please visit

For how long do we keep your personal data

We always keep your personal data for us long as it is lawful and necessary, upon the end of such time we safely delete your data.

In cases where you make an enquiry, or agree to receive marketing emails, we will keep your data in order to ensure we provide the best possible customer service to you. We retain your personal data for as long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for up to 2 years, or such other time that may be required for our legal and audit purposes or that is required by law. After this period, we will safely erase your personal data. If your personal data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this personal data.

If you provide any personal data to us for the purpose of completing a booking with us, such personal data will be retained indefinitely in order to allow you to access the details of any bookings you have made with us, including upcoming and past bookings

User engagement and behavioural data will be anonymised and stored for as long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for up to 5 years, or such other time that may be required for our legal and audit purposes or that is required by law. After this period, we will securely erase your personal data.

Right to object, withdraw consent, delete information

If you previously gave your consent to us to use your personal data, you can contact us at and withdraw your permission at any time. Once you've withdrawn your permission we will no longer use your personal data.

If we process your personal data on the basis of our own legitimate interest or as part of a task in the public interest or for an official authority, you may have the right to object. In some specific cases, public interest may prevail and in this case we may continue using your personal data.

For direct marketing emails that promote particular brands or products, your prior consent is required. However, if you are an existing customer we can send you direct marketing emails about our own similar services. You have the right to object at any time to receiving such direct marketing and we have to stop using your data immediately.

You will always be informed of your right to object and/or unsubscribe.

You can request access to the personal data we have about you, and you have the right to request a copy of your data, free of charge, in an accessible format. We will reply to you within one (1) month and will give you a copy of your personal data and any relevant information about how we used or use your data.

If we have stored personal data about you that isn't correct or is incomplete, then you can always ask us to correct or update your data.

If it is technically possible, you may have the right to ask us to transfer your data directly to another company. This is known as "data portability".

If your personal data is no longer needed or you suspect that we use it unlawfully then you can ask us to erase your data. This is known as "the right to be forgotten".

If we suspect that your personal information is stolen, lost or illegally accessed (personal data breach) our data protection officer will report it to the national data protection authority. The data protection officer will also inform you directly if there are serious risks related to your personal data or privacy due to the breach.

If you think your data protection rights have not been respected by us, you can make a complaint directly to your national data protection authority or file a case in court.

Important Notice for users/customers outside EU

Please note that, we are doing our very best to comply with data protection laws worldwide. In case you visit us from a third country outside EU and/you are a citizen in a third country outside EU and you notice any behaviour on our part not complying with the relevant third country's legislation or in case you have any such doubts or you need any such assurances please contact us at and will be more than happy to clarify matters with you and/or comply accordingly.

How to contact us

For any enquiries or/and questions relating to our Privacy Policy, including the use of cookies, please send us an email to

Our Privacy Policy and our use of cookies may be amended and/or updated at any time. Therefore, please visit this policy often for any updates. In cases that our updates are substantial and may impact your data protection rights, we will take appropriate measures to alert and inform you accordingly.