GDPR Compliance

Last Updated: June 26, 2026

deft-pulse is committed to protecting the privacy rights of individuals in accordance with the General Data Protection Regulation (GDPR). This document outlines how we comply with GDPR requirements and explains your rights under this regulation.

Data Controller Information

deft-pulse operates as the data controller for personal information collected through our services. Our contact details are:

Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual Necessity: Processing required to fulfill vehicle rental agreements and reservations
• Legitimate Interests: Business operations, customer service improvement, and fraud prevention
• Consent: Marketing communications and optional services where explicit consent is provided
• Legal Obligations: Compliance with applicable laws and regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information.

Right to Erasure

You may request deletion of your personal data when it is no longer necessary for the purposes collected, or when you withdraw consent.

Right to Restriction of Processing

You can request that we limit the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Staff training on data protection principles
• Incident response procedures for data breaches

Data Retention Periods

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected:

• Reservation and rental records: 7 years for accounting and legal compliance
• Marketing communications data: Until consent is withdrawn
• Website analytics data: 26 months
• Customer support correspondence: 3 years

International Data Transfers

If your personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, or inform you if an extension is required.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our practices or legal requirements. Significant updates will be communicated through our website.