Privacy Policy EU and Greece)

Last updated: [26.09.2025]

1. Controller
The controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Greek data protection laws is:

JMK Service IKE Department Lentas Car Rentals
Lentas, Papadogiannis, Crete
Email: eMail 
Phone: +69 46 40 94 33

2. Supervisory Authority in Greece
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority in Greece:

Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων (DPA) (DPA)
Kifisias 1-3, 11523 Athens, Greece
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://www.dpa.gr

3. Applicable Law
In addition to the GDPR, the processing of personal data is also governed by Greek Law 4624/2019, which implements and supplements the GDPR in Greece.

4. Collection and Use of Personal Data
We collect and process personal data only for specific, legitimate purposes, including, but not limited to:

Operating and improving our website

Providing our services to you

Applying for your benefits

Compliance with legal obligations

The legal bases for processing include, but are not limited to, consent (Art. 6 (1) (a) GDPR), performance of a contract (Art. 6 (1) (b) GDPR), legal obligations (Art. 6 (1) (c) GDPR), and legitimate interests (Art. 6 (1) (f) GDPR).

5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies.

Strictly necessary cookies are required for the operation of our website.

Analytical and marketing cookies are used only with your official consent and in accordance with the Greek ePrivacy Rules and the guidelines of the Greek Data Protection Authority.

You can revoke your consent or adjust your cookie settings at any time via our cookie banner or browser settings.

6. Use of Analysis Tools
When using analysis services (e.g., Google Analytics), IP addresses are anonymized wherever possible. If such services involve data transfers outside the European Union/EEA, we ensure appropriate security measures (e.g., standard contractual clauses).

You can deactivate Analytics tracking at any time.

7. Data Transfers Outside the EU/EEA
When transferring personal data to a third country (outside the EU/EEA), we ensure that adequate protection is guaranteed in accordance with Articles 44–49 of the GDPR, for example, through EU adequacy decisions or standard contractual clauses.

8. Data Retention
We only retain your personal data for as long as necessary for the purposes set out in this Privacy Policy or as required by law.

9. Your rights under the GDPR and Greek law
You have the following rights:

Access to your personal data (Art. 15 GDPR)

Reporting inaccurate or incomplete data (Art. 16 GDPR)

Erasure of your data ("right to be forgotten", Art. 17 GDPR)

Restriction of processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Objection to processing based on legitimate interests (Art. 21 GDPR)

Revocation of consent at any time (Art. 7 GDPR)

Furthermore, you can exercise these rights directly with the Greek Data Protection Authority in accordance with Greek Law 4624/2019.

10. Security
We take appropriate technical and organizational measures to ensure the security of your personal data, including encryption, access controls, and secure data storage.

11. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with the date of the last update.