Privacy Policy
Last updated: May 2026 · GDPR Compliant
1. Data Controller
EZZYRENT EU ("we", "the Controller") is responsible for the processing of your personal data. Contact: privacy@ezzyrent.eu
2. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Identity | Full name, date of birth | Rental contract, age verification (25+) |
| Contact | Email address, phone number | Booking confirmation, KYC link delivery |
| Payment | Barion payment token (no card numbers stored) | Payment processing, penalty enforcement |
| Verification | KYC result (verified/rejected, no documents stored) | Identity verification via Didit.me |
| Technical | IP address, user agent, consent timestamp | Legal compliance, fraud prevention |
3. Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to fulfill your rental booking.
- Legal obligation (Art. 6(1)(c) GDPR): Tax and accounting records retention.
- Legitimate interest (Art. 6(1)(f) GDPR): Fraud prevention and platform security.
4. Data Sharing
We share personal data only with the following processors, solely for the purposes described:
- Barion Payment Zrt.(Hungary) — Payment processing and fraud prevention.* We use the Base Barion Pixel on our website to collect and share browsing data with Barion Payment Zrt. strictly for fraud prevention and risk management purposes. By accepting our cookies, you consent to this data sharing.
- Didit.me — Identity verification (KYC)
- Resend Inc. — Transactional email delivery
- Supabase Inc. (US, EU data region) — Database hosting
- Vercel Inc. (US) — Website hosting (no PII stored)
We do not sell your personal data to any third party.
5. Data Retention
- Booking records: 2 years (730 days) from creation date.
- After 730 days, all personally identifiable information is automatically anonymized via an automated database process (pg_cron). Names become "ANONYMIZED", emails become "REDACTED".
- Anonymized statistical data may be retained indefinitely for business analytics.
6. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten", Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
To exercise any of these rights, contact privacy@ezzyrent.eu. We will respond within 30 days.
7. International Transfers
Some of our processors operate outside the EEA. Where this occurs, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
8. Security
- No credit card numbers are stored on our servers (PCI-DSS compliance via Barion tokenization).
- All database access is protected by Row Level Security (RLS).
- KYC documents are processed by Didit.me and never stored on our infrastructure.
9. Changes
We may update this policy from time to time. Material changes will be communicated via email to active customers. The latest version is always available at this URL.