Privacy Policy

Transavia Transport (“we”, “us”, or “our”), a car rental service operating under the laws of the Republic of the Philippines, with its principal office in Parañaque City, Metro Manila, is deeply committed to safeguarding your personal data. We strictly adhere to Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations, as enforced by the National Privacy Commission (NPC).

This Privacy Policy precisely details how we collect, use, disclose, and protect your personal information throughout your engagement with our car rental services, encompassing interactions via our website, mobile application, physical office locations, and third-party booking platforms (collectively, “Services”).

When you engage with our Services, we collect specific categories of personal data, which include:

• Personal Identifiers & Contact Information: Your full legal name, gender, date of birth, nationality, mobile number, email address, and both billing and residential addresses.
• Government-Issued Identification (Sensitive Personal Information): Your Philippine Driver’s License number, expiry date, issuing authority, and a clear image of the license card. For foreign nationals, we collect Passport details (number, expiry date, issuing country, and a clear image of the biographical page). Other valid government-issued IDs may be collected for identity verification where necessary.
• Financial and Transactional Information: Details required for payment processing, such as credit card number, expiry date, and CVC/CVV (processed directly by secure, PCI DSS- compliant third-party payment gateways; we do not store full credit card numbers on our servers). We also collect booking history, specific vehicle rental agreements, and payment records.
• Vehicle Usage Data: Information directly related to your rental, including specific pickup and drop-off locations, total mileage driven, fuel usage at pick-up and drop-off. For vehicles equipped with GPS or telematics systems, and as explicitly disclosed in your rental agreement. This data is collected for purposes of safety, efficient fleet management, asset recovery, and ensuring compliance with the rental agreement.
• Device and Platform Data (from Website/App): Your Internet Protocol (IP) address, approximate geolocation (when device permissions are explicitly granted by you), browser type, operating system, device identifiers, session duration, and data collected via cookies or similar tracking technologies (refer to Section 9).
• Communication Records: Detailed records of your interactions with us, including phone call recordings, email correspondence, and chat messages, for quality assurance, dispute resolution, and reference.
• Emergency Contact Information: The name and contact number of a designated emergency contact person you provide, solely for use in urgent situations.

We process your personal data for the following declared, specific, and legitimate purposes, ensuring proportionality in all our data handling activities:

• Contract Execution: To precisely process and confirm your car rental reservations, prepare and execute your rental agreement, manage payments (including deposits, rental fees, and any additional charges), facilitate seamless vehicle delivery and pick-up, and provide roadside assistance.
  
  
• Identity Verification and Fraud Prevention: To rigorously verify your identity, confirm the validity of your driver's license, assess your legal eligibility to rent and operate our vehicles, and implement robust measures against fraudulent transactions and unauthorized vehicle use.
  
  
• Customer Communication: To send precise booking confirmations, payment status updates, service reminders, and to efficiently respond to your specific inquiries, concerns, or disputes.
  
  
• Safety, Security, and Asset Management: To enhance vehicle and user safety through continuous monitoring (via GPS/telematics where disclosed), enable rapid asset recovery in cases of non-return or emergency, and ensure strict adherence to the terms and conditions of the rental agreement. We also utilize Closed-Circuit Television (CCTV) within our premises for security surveillance and incident recording.
  
  
• Legal and Regulatory Compliance: To strictly comply with all mandatory requirements under Philippine laws and regulations, including those imposed by the Land Transportation Office (LTO), Bureau of Internal Revenue (BIR), Land Transportation Franchising and Regulatory Board (LTFRB), Philippine National Police (PNP), and other relevant government authorities. This includes responding accurately to lawful court orders, subpoenas, or official government requests.
  
  
• Service Enhancement and Business Intelligence: To analyze precise customer behavior patterns, preferences, and service usage data (e.g., website navigation, app feature usage) to continuously improve our Services, optimize our website and mobile application functionality, and develop new products that meet customer needs.
  
  
• Marketing and Promotions: To send you targeted service-related updates, newsletters, and promotional offers, but only with your explicit and freely given consent where required by law. You retain the right to withdraw this consent at any time.

Our processing of your personal data is anchored on the following legal bases stipulated by the DPA:

• Consent: We process data based on your specific, informed, and freely given consent, particularly for marketing communications or for collecting sensitive personal information beyond the minimum required for contract fulfilment. You can withdraw your consent at any time, subject to legal and contractual limitations.
  
  
• Contractual Necessity: Processing is necessary for the performance of our car rental agreement with you or to take steps, at your request, prior to entering into a contract (e.g., processing a reservation).
  
  
• Legal Obligation: Processing is necessary for our compliance with a legal obligation to which we are subject under Philippine law (e.g., tax reporting, crime prevention, LTO regulations).
  
  
• Legitimate Interest: Processing is necessary for the purposes of the legitimate interests pursued by Transavia Transport or a third party, provided these interests do not override your fundamental rights and freedoms as a data subject. This includes interests such as fraud detection and prevention, ensuring network and information security, internal business analytics, and general operational improvements that directly benefit our service delivery without disproportionately impacting your privacy.

We share your personal data only with specific categories of recipients, ensuring adherence to the DPA and subject to strict confidentiality agreements:

• Internal Access: Our authorized employees and agents who require access to your data solely for the performance of their duties related to providing and improving our Services.
  
  
• Third-Party Service Providers (Personal Information Processors): We engage trusted third-party companies that perform essential services on our behalf. These include:
  
  • Payment Gateway Providers: For secure processing of your financial transactions.
  • GPS/Telematics Partners: For vehicle tracking and data analysis where applicable and disclosed.
  • Vehicle Maintenance and Roadside Assistance Providers: For ensuring vehicle functionality and supporting you during breakdowns.
  • IT and Cloud Hosting Providers: For secure data storage and management.
  • Customer Relationship Management (CRM) System Providers: For managing customer interactions.
  • Marketing and Advertising Partners: For delivering consented marketing communications.
  • Professional Advisors: Such as legal and accounting professionals.

These Personal Information Processors are contractually obligated to protect your data with the same level of care as us, and to process it strictly according to our instructions and in full compliance with the DPA.

• Insurance Providers: In the event of vehicle damage, accidents, or for processing insurance claims.
  
  
• Government and Law Enforcement Agencies: We disclose data when legally compelled by valid court orders, subpoenas, official requests from government authorities (e.g., LTO, BIR, PNP), or to assist in criminal investigations.
  
  
• Emergency Services: In critical situations involving your safety or that of others, such as medical emergencies or immediate threats.
  
  
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will ensure that the acquiring entity commits to upholding privacy standards consistent with this Policy.

We categorically state that we do not sell, rent, or trade your personal data to any third parties for their independent commercial gain.

We retain your personal data for the shortest period necessary to fulfil the specific purposes for which it was collected, to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements.

• Standard Retention: We maintain transaction records for a minimum of five (5) years from the date of your last interaction for audit, tax, and legal compliance purposes, or as otherwise mandated by specific Philippine laws.
  
  
• Extended Retention: Data may be retained longer if required to resolve ongoing disputes, enforce specific contractual terms, or for the establishment, exercise, or defence of legal claims.

Upon expiration of the retention period, or when data is no longer necessary for the stated purposes, we implement secure destruction, anonymization, or archiving methods to prevent any further processing, unauthorized access, or disclosure, in full accordance with DPA regulations.

As a data subject under the Data Privacy Act of 2012, you are entitled to the following rights, which you may exercise by contacting our Data Protection Officer:

• Right to be Informed: You have the right to be fully informed about the nature, scope, and purpose of personal data processing concerning you.
  
  
• Right to Object: You have the right to object to the processing of your personal data, including for direct marketing, automated processing, or profiling. We shall cease processing your data unless there are compelling legal grounds or legitimate interests that override your objection.
  
  
• Right to Access: You have the right to obtain a copy of your personal data that we hold, as well as to ascertain whether your personal data is being processed, and to obtain specific information about our processing activities.
• Right to Rectification (Correction): You have the right to dispute any inaccuracy or error in your personal data and demand its immediate and appropriate correction.
  
  
• Right to Erasure or Blocking (Deletion): You have the right to demand the suspension, withdrawal, blocking, removal, or destruction of your personal data from our filing systems under specific conditions (e.g., if the data is incomplete, outdated, false, unlawfully obtained, or no longer necessary for the purpose).
  
  
• Right to Data Portability: You have the right to obtain a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another personal information controller without hindrance.
  
  
• Right to Lodge a Complaint: You have the right to file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.
  
  
• Right to Damages: You may seek damages from us if you suffer injury due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, or for any violation of your rights as a data subject.

To exercise any of these rights, please contact our Data Protection Officer (DPO) (refer to Section 10). We will require specific information from you to verify your identity and ensure the security of your personal information prior to fulfilling your request.

We implement stringent organizational, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of your personal data, thereby protecting it from accidental or unlawful destruction, alteration, and unauthorized access, disclosure, or other unlawful processing. Our key measures include:

• Organizational Controls: Appointment of a qualified Data Protection Officer (DPO); establishment and strict adherence to a comprehensive Privacy Manual; mandatory data privacy and security training for all employees; and inclusion of confidentiality clauses in all employment and service agreements.

• Physical Security: Imposing strict physical access controls to our data processing facilities and offices; secure, locked storage for physical documents containing personal information; and continuous CCTV surveillance within our premises for security and incident monitoring

• Technical Security: Deployment of robust firewalls, intrusion detection/prevention systems, and enterprise-grade antivirus software; implementation of strong encryption (SSL/TLS) for data in transit and, where appropriate, for data at rest; strict role-based access controls ensuring data access only by authorized personnel with a legitimate need-to-know; enforcement of strong password policies and multi-factor authentication; regular security audits and vulnerability assessments; and comprehensive data backup and recovery procedures.

While we are committed to using commercially reasonable and industry-standard security measures, we acknowledge that no method of transmission over the Internet or method of electronic storage can guarantee absolute security.

Our website and mobile application utilize cookies and similar tracking technologies (e.g., web beacons, pixels, local storage) to enhance your user experience, remember your preferences, analyze website traffic, and understand user behavior. Cookies are small text files stored on your device. You have the option to configure your browser or device settings to refuse all or some cookies, or to alert you when cookies are being sent. Please be aware that disabling cookies may
affect the functionality and accessibility of certain features or services on our website or app.

For any questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or to exercise your data subject rights, please contact our designated Data Protection Officer:

Transavia Transport – Designated Data Protection Officer
Email: ivanreysorongon@transaviarentacar.com
Hotline: +632 87850368
Office: Transavia Transport Office, G/F Skyfreight Building Center, Ninoy Aquino International Airport Avenue, Santo Nino, Parañaque City, Metro Manila, Philippines 1703

We reserve the right to update or modify this Privacy Policy periodically to reflect changes in our business operations, legal and regulatory requirements, or technological advancements. All updates will be posted on our website and/or mobile application, and the Effective Date at the top of this policy will be revised accordingly. We encourage you to review this Privacy Policy regularly. Your continued use of our Services after the effective date of any revised policy signifies your explicit acceptance of its terms.

Thank you for choosing Transavia Transport. We are dedicated to protecting your data while delivering smooth, safe, and reliable car rental services.