Privacy Policy

ENGO Privacy Policy

Last updated: 7 December 2025

 

ENGO CARS and ENGO CARE ("we", "ENGO") have developed this Privacy Policy to explain how we may collect, process, share, store and transfer personal data that you provide when visiting our websites, accessing our services or any other website as a visitor or user (collectively, the "ENGO Services"). If you create an Account to use the ENGO Services or otherwise register an ENGO Account, our collection, use and disclosure of your personal data will be governed in all respects by the terms of the Vehicle Rental Agreement you conclude with us.

The protection of your privacy and personal data is very important to us and we take full responsibility for this statement. The fact that you use ENGO services means that you trust us, which is very important to us. We will therefore make every effort to protect the data you provide to us.

This document describes how we use and process your personal data. The content is clear and transparent so that you can understand everything that may be relevant to you. You will also find information on how to contact us if you have any questions regarding your data, which we will be happy to answer.

ENGO offers passenger car rental services and related services. The scope of our services may change over time. In particular, it is likely that we will expand our offering with additional types and scopes of rental. It is also very likely that we will offer our services through multiple sales channels. The rules set out in this Privacy Policy apply equally to all of our services and channels. If we launch additional services, the principles expressed here will also apply to them, as appropriate.

From time to time we may update this document. The protection of personal data is an area strongly linked to current technological solutions, so please visit our website regularly to stay up to date.

Acting in accordance with these principles enables us to provide services to you; therefore, if you do not accept the terms of this Privacy Policy, we will not be able to provide services to you.

1. What kind of data do we collect?

2. On what basis do we share your data with third parties?

3. What procedures do we use to protect and store personal data?

4. How can you control the data you have shared?

5. Who is responsible for processing personal data?

6. Information we receive from other sources

6a. Information we receive from Meta services (Facebook, Instagram) and via Meta tools

7. How do we collect and use data?

8. How do we share your data with third parties?

9. What security measures do we use to protect personal data?

10. Do we transfer personal data outside the European Union?

11. How long do we store your personal data?

12. Can you delete your personal data?

13. When can we refuse to delete your personal data?

14. How can you submit a request to delete personal data?

15. How much time do we have to process your request to delete personal data?

16. Do we use cookies and similar technologies?

17. Do we use Facebook remarketing, Facebook Pixel and Custom Audiences?

18. Do we use Google services for marketing, remarketing and promotion?

19. Complaints

20. How can you contact us?

21. How do we update this Privacy Policy?

 

1. What kind of data do we collect?

We process the data that you voluntarily provide to us or leave with us in order to provide our services to you or in connection with your interest in our offer. In particular, we collect and process personal data that allow us to identify you and confirm your eligibility to use a rented vehicle, such as identification data (e.g. first name, last name, PESEL [Polish national ID number], place of residence, nationality, gender, driving licence), contact data (e.g. telephone number or e-mail address) and other information necessary to conclude a contract.

 

2. On what basis do we share your data with third parties?

Your data may be entrusted to companies cooperating with us in the provision of our services. The largest group of entities we cooperate with are our staff and IT system administrators. They are often self-employed and thus, from a legal perspective, are independent entities. The second group are service providers of various administrative, IT and organisational solutions. We provide them with your data to enable them to deliver services to you at the highest possible level. There are also other entities that may receive some of your data. These include companies whose assistance we use to provide ENGO services to you, such as hosting providers, web traffic monitoring providers or financial institutions. In justified cases, competent public authorities may also receive your data. Below we provide detailed information on how we use and share the data you share with us.

 

3. What procedures do we use to protect and store personal data?

In accordance with EU personal data protection regulations, we comply with procedures designed to prevent unauthorised access to personal data and its misuse.

 

4. How can you control the data you have shared?

You always have the right to access the information we hold. You can request a copy of your data by sending us an e-mail to privacy@engocars.com. To shorten the response time, please include "Request for access to personal data" in the subject line.

You can also contact us if the personal data we hold are incorrect or if you believe that we are no longer entitled to use them, as well as if you have other questions regarding how we use your personal data or about this Privacy Policy.

 

5. Who is responsible for processing personal data?

The controllers of your personal data are:

ENGO CARS sp. z o.o. and ENGO CARE sp. z o.o., with their registered office at ul. Konstruktorska 12A, 02-673 Warsaw, Poland.

 

6. Information we receive from other sources

We receive information about you not only directly from you. We may also receive data about you from other sources, including our business partners, intermediaries or resellers. Data about you are also provided to us by electronic service providers such as Google Analytics. Any information we receive from them may be combined with information you have provided to us. When you use their services, you provide your data to our business partner, who then passes it on to us. Our partners may share information about you with ENGO. Whenever we obtain data from such sources, we ensure that every partner is required to apply electronic, organisational and physical security standards at least as strict as ours.

6a. Information we receive from Meta services (Facebook, Instagram) and via Meta tools

We use tools provided by Meta Platforms (Facebook and Instagram), such as Lead Ads forms, Meta Pixel, Messenger, Instagram Direct and application programming interfaces (e.g. Graph API). Through these tools we may receive data that you provide to us, in particular: first name and last name, e-mail address, telephone number, company information, preferences regarding the vehicle or method of financing, and other data entered into a form or sent in a message.

We use data obtained from Meta solely for the following purposes:

  • responding to your enquiry and preparing an offer,

  • contacting you by phone or e-mail,

  • handling enquiries in our CRM system,

  • conducting direct marketing — only on the basis of consent you have given,

  • analysing the effectiveness of advertising campaigns.

The legal basis for processing is Article 6(1)(b) of the GDPR (taking steps prior to entering into a contract), Article 6(1)(f) of the GDPR (our legitimate interest in handling enquiries) and Article 6(1)(a) of the GDPR (marketing consent, if it has been given).

Meta Platforms processes data as a separate controller in accordance with its own privacy policy: https://www.facebook.com/privacy/policy

 

7. How do we collect and use data?

Data concerning you may be used in the following ways:

7.1 Account data and profile data: creating an Account requires you to provide personal data. Such data may include, for example, your first and last name, e-mail address and telephone number. If you log in to the service via an external authentication service offered by entities over which we have no control, such as Facebook Connect, we only obtain your data in the form of your e-mail address and solely for the purpose of such login.

7.2 Vehicle rental: we obtain your data in order to provide the vehicle rental service to you. For this purpose, we need to identify you and record relevant data about you and your entitlement to drive the vehicle. According to our terms and conditions, specific entitlements and age are required to drive particular vehicle classes. Therefore, we must verify whether you meet these requirements before handing over the vehicle to you.

7.3 Customer service: as part of our service, we collect and process your data when you contact our customer support team. These data may be necessary to conduct our communication (e.g. to respond to your questions). Contact may also be made using the data provided for this purpose in your User Account or via chat. Where permitted by applicable law, we may also obtain (and otherwise process, e.g. store) other personal data concerning communications, such as information about support requests or feedback from you.

7.4 Direct marketing: we may offer our services to you directly (direct marketing), additionally tailoring them to your needs using combined data from various sources and creating a profile (profiling for marketing purposes) (legal basis: Article 6(1)(a) of the GDPR).

7.5 Communication with you: we may contact you on other occasions, including by e-mail, traditional mail or SMS — the method will depend on the information you have provided. If you use our services, we may send you a questionnaire or ask you to rate your experience with ENGO.

7.6 Research and development: we may use the information collected to test, research, analyse and develop products. This enables us to enhance and improve the security and protection of our services, develop new features and products, and provide insurance and financial solutions related to our services.

7.7 Market research: from time to time we may ask our customers to take part in market research. Any personal data used for such research will be used only with your consent.

7.8 Monitoring telephone calls: when you call our customer service team, ENGO may use an automatic caller identification system to match your number with our customer database. This helps save time spent verifying your identity and improves the quality of service. Our staff may still ask you to provide specific data to ensure that all details of your orders remain confidential.

7.9 Legal aspects: in certain cases, it may be necessary to use your data to resolve legal disputes, for administrative or court proceedings, or in matters related to compliance with legal regulations.

7.10 Legitimate interest: we may use your data in our legitimate interest, including to provide you with the best possible website content and e-mails, as well as for administrative purposes, fraud prevention and legal purposes.

After the service has been completed, we may process your data to present you with potential future offers, to settle the service or to pursue claims relating to payment for the use of our services.

 

8. How do we share your data with third parties?

In certain circumstances, we will share your personal data with third parties.

8.1 Data administration: at ENGO we use a range of technological solutions to improve data management and vehicle rental processes. We use our own software and external service providers. The recipients of your personal data will include companies cooperating with us in the field of IT services, accounting and archiving services, and marketing services. By working with such providers, we are able to optimise our operations and offer you lower service prices. However, in order to achieve these goals, we use third-party providers that help us.

8.2 Communication intermediaries: ENGO uses external service providers to improve communication with you. In particular, we use messaging applications and data archiving services to facilitate the administration of your data.

8.3 Competent authorities: we share personal data with law enforcement authorities to the extent necessary to prevent, detect and prosecute crime and fraud.

8.4 Advertising partners: ENGO services are advertised by external business partners (to ensure that relevant ads are shown to the right audience), therefore we may share personal data with advertising partners, including your e-mail address. We only share encrypted e-mail addresses so that they match current customer databases. We do not share e-mail addresses for any other purpose.

 

9. What security measures do we use to protect personal data?

In accordance with the personal data protection regulations in force in the European Union, we have implemented appropriate procedures to prevent unauthorised access to personal data or their unlawful use.

We use appropriate systems and procedures to protect the personal data you entrust to us and to ensure their security. We have also implemented security procedures and technical and physical restrictions to prevent access to personal data stored on our servers and their use. Only authorised personnel may access private information and only for the purpose of performing their duties.

 

10. Do we transfer personal data outside the European Union?

Our partners are based mainly in Poland and other countries of the European Economic Area (EEA). Some of our service providers are based outside the EEA. In connection with the transfer of your data outside the EEA, we ensure that our providers offer a high level of protection for personal data. These safeguards result in particular from their commitment to use standard contractual clauses adopted by the European Commission or their participation in the "Privacy Shield" programme established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.

 

11. How long do we store your personal data?

We store your personal data for the period necessary to perform the contract or provide the service. If we process your data based on our legitimate interest, your personal data will be stored until you lodge an objection, subject to the period in which your data will be necessary to establish, pursue or defend claims. Your personal data processed for the purposes of direct marketing will be stored for a maximum of 5 years or only until you withdraw your consent or object, in which case we will stop processing your data for this purpose.

 

12. Can you delete your personal data?

As the controller of your data, ENGO is obliged to delete your data if you request us to do so, where:

  • Your data (or part of it) is no longer necessary for the controller to achieve the purpose for which it was collected or otherwise processed;
  • You withdraw your consent to the processing of your data (if you have given your consent, you always have the right to withdraw it);
  • You lodge an objection, justified by your particular situation, to the processing of your data by the controller for the performance of a task carried out in the public interest or in the exercise of official authority, or necessary for purposes arising from the legitimate interests pursued by the controller;
  • Your data has been processed unlawfully (e.g. there is no legal basis for processing or it is used for another purpose);
  • The obligation to delete the data arises from applicable legal regulations;
  • The personal data have been collected in connection with the provision of information society services to a child.

If any of the above conditions are met, ENGO is obliged to delete the data.

 

13. When can we refuse to delete your personal data?

Please note that the data controller will not always be able to comply with your request. The processing period for many categories of data is often determined by legal regulations (employee data, data processed for tax purposes, etc.). The controller will refuse to delete your personal data if they are necessary for:

  • the exercise of the right to freedom of expression and information;
  • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the exercise of the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing;
  • the establishment, exercise or defence of legal claims.

 

14. How can you submit a request to delete personal data?

A request for deletion of personal data should be submitted electronically to privacy@engocars.com with the subject line: "Request for deletion of personal data".

 

15. How much time do we have to process your request to delete personal data?

ENGO will endeavour to process your request without undue delay. However, we reserve one month as the maximum time to fulfil your request. Within one month of submitting your request, you should receive information on whether your data has been deleted or whether we refuse to delete it. In special cases, where the request is complex or ENGO has received a large number of requests, we may inform you of an extension of the deadline by up to a further two months.

 

16. Do we use cookies and similar technologies?

ENGO uses cookies and other identification technologies on its websites, applications, e-mails and online advertisements for the purposes described in this Policy. Cookies are small text files stored in the browser or on the device by websites, applications, online media and advertisements.

We use cookies and similar technologies for the following purposes:

  • remembering user preferences and settings;
  • determining the popularity of content;
  • conducting advertising campaigns and measuring their effectiveness;
  • analysing traffic and trends on websites and generally understanding online behaviour and interests of people using our services.

We may also allow others to provide us with audience measurement and analytics services, deliver ads on our behalf across the internet and track and report on their performance. These entities may use cookies, web beacons, SDKs and other technologies to identify your device when you visit our website or use our services and when you visit other websites and online services.

 

17. Do we use Facebook remarketing, Facebook Pixel and Custom Audiences?

ENGO, taking into account its own legitimate interests (i.e. interests related to the analysis, optimisation and operation of our online offer), uses the so-called "Facebook Pixel" of the social network Facebook, which is integrated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or — if the user's registered office is located within the territory of the European Union — by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook Pixel works using cookie technology and enables the display of Facebook ads to users who have visited the website. With the help of Facebook Pixel, we can also check the effectiveness of our Facebook ads for statistical and market research purposes by seeing whether a user was redirected to our website after clicking on our ad on Facebook. Facebook processes data on the basis of Facebook's privacy policy. More information on Facebook remarketing and general information on the display of Facebook ads can be found in Facebook's privacy policy: www.facebook.com/policy.php

 

18. Do we use Google services for marketing, remarketing and promotion?

Taking into account our legitimate interests (i.e. interests related to the analysis, optimisation and operation of our online offer within the meaning of Article 6(1)(f) of the GDPR), ENGO uses marketing and remarketing services (collectively "Google Marketing Services") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Marketing Services enable us to display adverts for our website and on our website in a more targeted way, so that users are shown only those ads that potentially match their interests. For this purpose, when our website and other websites on which Google Marketing Services are active are accessed, Google executes a code and so-called remarketing tags are embedded in the website. These tags enable an individual cookie, i.e. a small file (or comparable technology), to be stored on the user's device. This file records which websites the user has visited, which content he or she is interested in and on which offers he or she has clicked, as well as further technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer.

The Google Marketing Services we use include, among others, the online advertising programme "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and have been redirected to a page with a conversion tracking tag. However, they do not receive any information that would allow them to identify individual users.

 

19. Complaints

If you have any concerns regarding the way we process your personal data, you may submit a complaint to: privacy@engocars.com

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), who is the supervisory authority in Poland in the field of personal data protection. Information on how to lodge a complaint can be found at: https://uodo.gov.pl/

 

20. How can you contact us?

If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us:

ENGO CARS sp. z o.o. / ENGO CARE sp. z o.o.
ul. Konstruktorska 12A, 02-673 Warsaw, Poland
e-mail: privacy@engocars.com

 

21. How do we update this Privacy Policy?

We may update this Policy from time to time. We consider transparency to be an ongoing obligation, therefore we will regularly review and update this document. We encourage you to periodically review this Policy to obtain the latest information about our privacy practices.