This site is owned by MODUL TOP RO S.R.L., a Romanian legal entity with headquarters in Bucharest Sectorul 2, Şos. DOBROEŞTI, No. 55-65, CAM. 1, Block S1, Floor 11, Apartment 124, registered at the Trade Register with no. J40/1219/2023, fiscal code 47505360, according to Regulation (EU) 2016/679 and of the Council of April 27, 2016, on the protection of personal data and the free movement of such data, has the obligation to administer in safe conditions and only for the specified purposes, the personal data you provide us about yourself.


We collect the following personal data, on the pages of our website, only with your voluntary consent, in connection with the services offered:

- Reference data, which include: name, surname, address (private and / or business address) of a person, date of birth;

- Communication data, which include, for example, a person's phone number, e-mail address as well as the content of communications carried out during the performance of the contract (for example, e-mails, notifications, faxes);

- Contract data, which includes, for example, rental information (rental car category, pick-up and return dates and locations, reserved services), rental contract number, reservation number, driver's license data, identity card/passport data, the photo of the driver's license and identity document/passport, the license plates of the rented car and information about customer loyalty and partner programs;

- Financial data, such as credit or debit card data used to reserve the car;

- Voluntary information, which you provide to us voluntarily, without us having asked you for it, including information such as your preferences regarding the equipment and category of the rental car;

- Special data categories: In the event of an accident, car breakdown or similar incidents, we process data related to the respective course of events and the damages suffered. This data may be provided by customers, passengers or injured parties. Data processed in such circumstances may include data relating to health, such as data on injuries, blood alcohol levels, driving under the influence of narcotic substances and the like.

- Third party data, which may be provided by you, such as additional driver data.

- Location data, if the car is equipped with a GPS system.


The processing of personal data takes place in accordance with the provisions of the General Data Protection Regulation (GDPR):

- Article 6 paragraph (1) sentence 1 letter a) GDPR - the processing of your personal data is also legal to the extent that you have given your consent for such processing.

- Article 6 paragraph (1) sentence 1 letter b) GDPR - the processing of your personal data is legal if this processing is necessary for the execution of a contract to which you are a party or to take measures at your request before concluding a contract ( for example, when booking the car).

- Article 6 paragraph (1) sentence 1 letter c) GDPR - the processing of your personal data is legal if this processing is necessary to comply with a legal obligation to which we are subject.

- Article 6 paragraph (1) sentence 1 letter f) GDPR - the processing of your personal data is legal if this processing is necessary for the purposes of the legitimate interests pursued by us, except in cases where these interests are overridden by interests or rights and the fundamental freedoms of the data subject.

- Article 9 paragraph (2) letter f) GDPR - certain special categories of personal data may be processed if this processing is necessary for the establishment, exercise or defense of legal claims. These special categories of personal data include your health data in the event of accidents involving our vehicles.


Personal data is collected in good faith, by manual or automated means, to provide the best possible service while visiting our site, to fulfill the following purposes:

A. Reservation and rental of vehicles

In order to implement reservations and facilitate the conclusion and execution of the rental contract, we process the following types of data: basic, communication, contract, financial and any data that you have provided voluntarily.

For the purpose of managing customer relations, for example to resolve any complaints or booking changes, we will use basic data, communication data and contractual data.

If the car reservation will be made through co-contractors, respectively through travel agencies, online travel agencies or other agents, personal data, such as basic data, communication data, rental information and, if applicable case, the financial information will be collected by them and transferred to us.

Once both contracting parties have fulfilled their obligations under the rental agreement, the basic data, financial and contractual data will be stored until the expiry of the legal retention period.

For this purpose, the processing of personal data takes place in accordance with the provisions of the General Data Protection Regulation (GDPR):

- Article 6 paragraph (1) sentence 1 letter b) GDPR applies to data processing to the extent necessary for the implementation of reservations, for the conclusion and execution of contracts and for the purpose of customer relations.

- Article 6 paragraph (1) sentence 1 letter f) GDPR applies to data processing to the extent necessary to settle accounts with third parties, to assert our own claims and to mitigate risks and prevent fraud.

- Article 6 (1) sentence 1 letter c) GDPR applies to data processing to the extent necessary for the detection, prevention and investigation of crimes, examination and storage of driving license data and identification data and compliance with retention periods in accordance with commercial legislation and fiscal.

- Legitimate interest, insofar as Article 6 paragraph (1) letter f) GDPR applies to the type of processing in question. Our legitimate interests in using your personal data to improve our services and customer service are to provide you with the best possible service and to sustainably improve customer satisfaction. To the extent that data processing is necessary to carry out analyzes to prevent damage to our company and our automobiles, our legitimate interests consist in maintaining security for costs and preventing economic disadvantages, such as those arising from non-payment or the loss of our automobiles.

For the purposes described above (in particular to inform the local rental partner about a reservation or to process credit card payments with your credit card company), we disclose your data to the following recipients: IT service providers, call, collection companies, financial service providers, credit agencies, cooperation partners and agencies and franchise partners. As part of our fraud prevention measures, we also transfer - in situations where third parties have been or are at risk of being defrauded - personal data to such third parties who have suffered or are at risk of fraud.

B. Marketing and direct advertising

In order to promote customer loyalty, implement customer loyalty programs and bonuses (including ours and those of our cooperation partners), optimizing customer offers, market research or public opinion, we process the following types of data: basic, communication and data contractual.

You can object to any processing or use of your data for direct marketing purposes at any time. Please send any objections by e-mail to: manager@toprentacar.ro

Legal basis for processing for this purpose: Article 6(1)(1)(a) GDPR applies to data processing for the purpose of implementing direct marketing measures that require explicit prior consent. Article 6 paragraph (1) 1 letter f) GDPR applies to the processing of data for the purpose of implementing direct marketing measures that do not require explicit prior consent and the implementation of said marketing measures. Legitimate interest, insofar as Article 6(1)(f) GDPR applies to the type of processing in question. Our legitimate interests in using your personal data for the purpose of implementing direct marketing measures and said marketing measures are that we want to convince you of our services and foster a lasting customer relationship.

For the purposes described above, we disclose your data to IT service providers, call centers, advertising partners and providers of customer loyalty and bonus programs.

C. Damages, accidents, administrative offences

If during the rental period you discover damage to the rental car, if you or another person causes such damage, or if you or another person is involved in an accident with the rental car, we will process master data, communication data, contract data, financial data and, if applicable, health data for the following purposes:

- receiving and processing complaints;

- providing customer services in case of damage;

- settlement of claims (for example regarding insurance companies);

- processing damages resulting from accidents (processing based on information provided by you and third parties, such as the police, subsequent tenants, witnesses, etc.);

- for the provision of damage assistance services;

- fulfilling legal obligations (for example, providing information to investigative authorities).

We also process your basic data, communication data, financial data, contract data and, where applicable, health data for the purpose of confirming and asserting any claims we may have against you, for example claims arising from non-payment or damage to our vehicles.

Legal basis for processing - Article 6 paragraph (1) sentence 1 letter b) GDPR applies to the processing of data for the purpose of handling complaints, providing services to customers in cases of damages and processing damages resulting from accidents. Article 6 paragraph (1) sentence 1 letter c) GDPR applies to data processing for the purpose of processing damages caused by accidents. Article 6 paragraph (1) sentence 1 letter f) GDPR applies to the processing of data for the purpose of settling claims, asserting any claims we may have against you and dealing with claims relating to administrative offences. Article 9 paragraph (2) letter f) GDPR applies to the processing of health data for the purpose of establishing, exercising or defending legal claims.

Our legitimate interests, to the extent that Article 6 paragraph (1) sentence 1 letter f) GDPR applies to the type of processing in question, in using your personal data for the purpose of settling claims and asserting any claims we may have against you. it is in our desire to eliminate damage to our company and ensure that we can provide our customers with undamaged automobiles. We are also obliged, in accordance with our contractual relationships with third parties (for example, insurance companies), to process your data in order to settle claims. Our legitimate interests in this regard are to ensure our contractual fidelity.

For the purposes described above, we disclose your data to the following recipients: public authorities (investigative authorities; regulatory authorities; police authorities), collection companies, experts, support service providers, lawyers and insurance companies.

D. GPS tracking

Rental cars may have GPS tracking installed that allows us to process location data as well as information about the car's condition, such as the car's lock, its speed, the status of sensors and the activation of safety systems (eg airbags). This data is processed exclusively to prevent the violation of property rights, if the car is not returned within the agreed rental period or is used outside the contractually agreed region (as well as near the border or in port areas) and to determine, check and investigate car damage and accidents.

The legal basis for processing is represented by article 6 paragraph (1) sentence 1 letter f) GDPR. Our legitimate interest in using your personal data to prevent property crime and to determine, verify and investigate car damage and accidents is to protect our fleet of cars and our contractual and non-contractual rights.

E. Processing based on legal provisions

We process your basic data, communication data, contract data and financial data for the purpose of fulfilling legal obligations. These require us to process the data, for example, to comply with disclosure obligations to the authorities and to comply with the processing requirements set out in commercial and tax law provisions (for example, the retention period of record documents and accounting records).

The legal basis for processing is represented by article 6 paragraph (1) sentence 1 letter c) GDPR.

Categories of recipients are the authorities who may request that we disclose your data to them for the purposes described above.

F. Improving Our Processes and Offerings

We process your basic data, communication data and contractual data, as well as any voluntarily provided data, in order to optimize our processes and offers. This involves, for example, developing and evaluating rental reports, implementing capacity planning to improve car allocation procedures, establishing a data warehouse, analyzing and rectifying sources of error, and conducting customer satisfaction surveys.

In order to improve the quality of our offer and our customer services, we process your basic data and contractual data based on an algorithm, to create, for example, the creation of profiles and probability values in relation to future rentals and for takeover rates for our offers.

We also process your basic data, communication data and contractual data in connection with our collaboration with franchise partners, cooperation partners and agency partners and for the purpose of optimizing related processes and offers.

We also process address data from external service providers to update our address database and to ensure that the master data we use for contract management is correct.

The legal basis is represented by Article 6 paragraph (1) sentence point 1 a) GDPR, which applies if consent is required for the implementation of measures intended to optimize our processes and offers. Our legitimate interests, to the extent that Article 6(1)(f) GDPR applies to the type of processing in question, in using your personal data to improve our services and customer services consist in the fact that we want to provide you with the best services possible and to sustainably improve customer satisfaction.

For the purposes described above, we disclose your data to the following recipients: IT service providers, call centers, cooperation partners, agency partners and franchise partners.


Personal data will be kept securely by a service provider. Our agreements with them protect the information we collect from any unauthorized use.

We undertake to use the collected data only in accordance with the stated purposes and not to make public, sell, rent, license, transfer, etc. the database containing information about your personal data of any third party not involved in the fulfillment of the declared purposes. An exception to these provisions will be the situation in which the transfer/access/viewing etc. is required by the competent state bodies in the cases provided by the regulations in force on the date of the occurrence of an event.

In the event of damage and/or accidents sustained in a third country, we may send your personal data and the data of any additional drivers to the relevant authorities and insurance companies in that third country.

The transfer of your data to a third country is based on an adequacy decision of the European Commission. If there is no decision of suitability of the European Commission for the respective third country, then the transfer to the third country will take place subject to the appropriate guarantees, according to art. 46 (2) GDPR. Third countries are countries outside the European Economic Area. The European Economic Area includes all the countries of the European Union, as well as the countries of the so-called European Free Trade Association, which are Norway, Iceland and Liechtenstein.


Personal data will be kept for the period of time necessary or permitted for the fulfillment of the previously indicated purposes, in compliance with the applicable legislative provisions. The criteria used to determine the retention period of personal data include:

- The duration of the business relationship established with you and the duration of the provision of our services to you (for example, during your use of the rented car). If you have not rented from us for five years, your customer account will be deleted for inactivity;

- Existence of an applicable legal obligation (for example, certain laws require the preservation of records related to certain operations for a certain minimum period of time). If we have a legal obligation to store personal data, the storage of personal data will take place for the retention period provided by law. The retention period for commercial documents, which include record documents and accounting records (including invoices), is up to 10 years. During this period, your data may be subject to a restricted use within daily operations, if their processing does not serve other purposes;

- The preservation of personal data is advisable considering a certain legal situation (for example, the existence of some litigations, the existence of some limitation periods or the carrying out of some control missions of the regulatory authorities).


Subject to certain legal conditions, you have the following rights in relation to the processing of your personal data:

- the right to obtain, at reasonable intervals, information about your personal data in storage, about the purposes of the processing, the categories of personal data concerned, the recipients or the categories of recipients to whom the personal data was or will be disclosed, especially recipients from third countries or international organizations, where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to establish this period, according to art. 15 GDPR. Upon request, we can provide you with a copy of the personal data that is being processed. If you exercise this right in a way that is manifestly abusive or unfounded, we reserve the right to reimburse you for the necessary costs incurred for the processing of such copies and for the return of the copies within a reasonable period of time;

- the right to obtain the rectification of inaccurate personal data concerning you, according to art. 16 GDPR;

- the right to obtain the deletion of your personal data, according to art. 17 GDPR. We are required to delete personal data in certain circumstances, including if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you withdraw the consent on which the processing is based, and if the personal data has been illegally processed;

- In certain circumstances, you have the right to restrict the processing of your personal data, according to art. 18 GDPR. This includes circumstances where you dispute the accuracy of your personal data, and we then need to verify such accuracy. In such cases, we must refrain from further processing your personal data, except for storage, until the matter is clarified.

- according to the right to data portability provided by art. 20 GDPR, if you choose to switch to another car rental company, you have the right to either receive, in an automatically processable format, the data you have provided to us based on your consent or a contractual agreement with us, or to have also transmitted such data to us in an automatically processable format to a third party of our choice;

- If the processing of your data by us is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority conferred by the operator (Article 6 paragraph (1) sentence 1 point (e) GDPR) or if it is necessary in our legitimate interest, then you have the right to object at any time, for reasons related to your particular situation, to the processing of your data. After this date, we will cease processing, unless we can demonstrate compelling legitimate grounds for such processing that supersede the grounds for ending processing. You can obtain, at any time and without restrictions, the processing of your personal data for the purpose of direct advertising. In this case, you have the right to object at any time to the processing for this purpose of your personal data, including the creation of profiles, insofar as it is related to the respective direct marketing;

- If data processing is based on your consent, then you have the right, at any time, to withdraw the consent you have given. Withdrawal of consent does not affect the legality of processing between the time consent was given and the period in which it was revoked.

You are not contractually or legally obliged to provide us with your personal data. Please note, however, that you cannot enter into a car rental agreement with us or use other services provided by us if we are not allowed to collect and process the data as necessary for the purposes specified above.

If you wish to exercise the rights listed above, please send a letter or an e-mail to the following address: manager@toprentacar.ro We may ask you to prove your identity by sending us a copy of a valid means of identification for to comply with our security obligations and to prevent unauthorized disclosure of data.

In accordance with the applicable regulation, if you believe that any right has been violated, you have the right to file a complaint with the competent supervisory authority: ANSPDCP - www.dataprotection.ro .


This website uses small files called "cookies" to help us offer you the most pleasant experience when you browse our website.

What is a cookie?

Cookies are small files, made up of letters and numbers, stored by the browser you use (for example: Google Chrome, Internet Explorer, Mozilla, etc.) to browse the Internet from your PC, laptop or mobile device. These small files allow websites to retain and store useful information about user preferences. You can imagine the cookie as a kind of personal memory of each website you visit, so that it recognizes you when you return and reacts by exposing your favorite information as quickly as possible.

How does a cookie work?

The cookie is installed through the request issued by a web server to an Internet browser and is completely "passive" (it does not contain software programs, viruses or spyware and cannot access information from the user's hard drive).

A cookie consists 2 parts: the name and the content or value of the cookie. Only the web server that sent the cookie can access it again when a user returns to the website associated with that web server. The cookies themselves do not require personal data to be used and in most cases do not personally identify Internet users.

What are the advantages of cookies?

A cookie contains information that connects a web browser (the user) and a specific web server (the website). If a browser accesses that webserver again it can read the information already stored and react accordingly. Cookies provide users with a pleasant browsing experience and support the efforts of many websites to offer comfortable services to the users (for example: online privacy preferences, website language options, shopping carts or relevant advertising).

What is the lifetime of a cookie?

Cookies are managed by web servers. The lifetime of a cookie can vary significantly, depending on the purpose for which it is placed.

There are 2 large categories of cookies:

- "Session" cookies - these are temporarily stored in the cookies folder of the web browser so that it remembers them until the user leaves the respective website or closes the browser window (for example: at the time of logging in/ logouts on a webmail account or on social networks).

- "Persistent" cookies - these are stored on the hard drive of a computer or equipment (and generally depends on the preset lifetime for the cookie). Persistent cookies also include those placed by a website other than the one the user is visiting at the time - known as 'third party cookies' - which can be used anonymously to remember the interests of a user so that the most relevant advertising for users is delivered.

However, cookies, regardless of the category can be deleted by a user at any time through the browser settings.

What are cookies placed by third parties?

Certain sections of content on some sites may be provided through third parties/providers (eg: news box, a video or an advertisement). These third parties can also place cookies through the website and they are called "third party cookies" because they are not placed by the owner of the respective website. Third-party providers must also comply with the law in force and the privacy policies of the website owner.

How cookies are used by this site?

A visit to this website may place cookies for the purposes of:

- Website performance cookies;

- Cookies for user analysis;

- Cookies for geotargeting;

- Registration cookies;

- Cookies for advertising;

- Advertising provider cookies;

- Performance cookies.

Website performance cookies

This type of cookie remembers the user's preferences on this site, so that there is no longer a need to set them each time the site is visited (for example: the volume settings for the video player, the video streaming speed with which the browser is compatible).

User analysis cookies

Every time a user visits this site, the analytics software provided by a third party generates a user analysis cookie. This cookie tells us if you have visited this site before. The browser will tell us if you have this cookie, and if not, we will generate one. It allows the monitoring of unique users who visit us and how often they do so.

As long as you are not registered on this site, this cookie cannot be used to identify you, they are used only for statistical purposes. If you are registered on this site, we can know the details you have provided us, such as your e-mail address and username - these being subject to confidentiality and the provisions of the General Rental Conditions, the Privacy Policy as well as the legislation in force regarding the protection of personal data.

Cookies for geotargetting

These cookies are used by a software that determines which country you come from. It is completely anonymous and is only used to target the content - even when you are on our page in Romanian or in another language, you receive the same advertisement.

Cookies for registration

When you register on this site, we generate a cookie that tells us if you are registered or not. Our servers use these cookies to show us the account you are registered with and if you have permission for a specific service. It also allows us to associate any comment you post on our site with your username. If you have not selected "keep me registered", this cookie will be automatically deleted when you close your browser or computer.

Cookies for advertising

These cookies allow us to find out if you have viewed an online advertisement or not, what is its type and how much time has passed since you saw the advertising message. We also use these cookies to target online advertising. We may also use cookies belonging to a third party for better targeting of advertising to show, for example advertisements about vacations and if the user has recently visited an article on the website about vacations. These cookies are anonymous, they store information about the viewed content, not about users. We also set anonymous cookies through other sites on which we advertise. By receiving them in this way we can use them to recognize you as a visitor of that site. If you later visit our site we will be able to deliver advertising based on this information.

Cookies of advertising providers

A large part of the advertising you find on this site belongs to third parties. Some of these parties use their own anonymous cookies to analyze how many people have been exposed to an advertising message, or to see how many people have been exposed to the same advertisement several times.

The companies that generate these cookies have their own privacy policies, and this site does not have access to read or write these cookies. Third-party cookies can be used to show you targeted advertising on other sites as well, based on your browsing on this site.

Other third-party cookies

On some pages, third parties can set their own anonymous cookies, in order to track the success of an application or to customize an application. Due to the way of use, this site cannot access these cookies, just as third parties cannot access the cookies owned by this site.

For example, when you share an article using the social network button on this site, that social network will record your activity.

What type of information is stored and accessed through cookies?

Cookies store information in a small text file that allows a website to recognize a browser. The web server recognizes your browser until the cookie expires or is deleted.

The cookie stores important information that improves the Internet browsing experience (for example: the language settings in which you want to access a site; keeping a user logged in to the webmail account; online banking security; keeping the products in the shopping cart).

Why are cookies important for the Internet?

Cookies represent the central point of the efficient functioning of the Internet, helping to generate a friendly browsing experience adapted to the preferences and interests of each user. Rejecting or disabling cookies may make some sites unusable.

Rejecting or deactivating cookies does not mean that you will no longer receive online advertising, but only that it will no longer be able to take into account your preferences and interests, highlighted by your browsing behavior.

Examples of important uses of cookies (which do not require the authentication of a user through an account):

- Content and services adapted to the user's preferences - news categories.

- Offers tailored to the interests of users - password retention, language preferences (for example: displaying search results in Romanian).

- Retention of child protection filters regarding Internet content (family mode options, safe search functions).

- Limiting the frequency of broadcasting of advertisements – limiting the number of displays of an advertisement for a certain user on a site.

- Providing more relevant advertising for the user.

- Measurement, optimization and analytics features - such as confirming a certain level of traffic on a website, what type of content is viewed and how a user arrives at a website (for example: through search engines, directly, from other websites etc). The websites carry out these analyzes of their use in order to improve the sites for the benefit of the users.

How can I stop cookies?

Disabling and refusing to receive cookies can make certain websites impractical or difficult to visit and use. Also, refusing to accept cookies does not mean that you will no longer receive/see online advertising.

It is possible to set the browser so that these cookies are no longer accepted or you can set the browser to accept cookies from a specific site. But, for example if you are not registered using cookies, you won`t be able to leave comments.

All modern browsers offer the possibility to change cookie settings. These settings are usually found in the "options" or "preferences" menu of your browser. To understand these settings, the following links may be useful, otherwise you can use the "help" option of the browser for more details:

- Cookie settings in Internet Explorer

- Cookie settings in Firefox

- Cookie settings in Chrome

- Cookie settings in Safari

Security and privacy issues

Cookies use plain text formats, they are not made up of pieces of code, so they cannot be executed or run autonomously. Consequently, they cannot be duplicated or replicated on other networks to run or replicate again. Since they cannot perform these functions, they cannot be considered viruses.

Cookies can still be used for negative purposes. Because they store information about the preferences and browsing history of users, both on a specific site and on several other sites, cookies can be used as a form of Spyware. Many anti-spyware products are aware of this fact and constantly mark cookies to be deleted during anti-virus/anti-spyware deletion/scanning procedures.

In general, browsers have integrated privacy settings that provide different levels of cookie acceptance, validity period and automatic deletion after the user has visited a certain site.

Since identity protection is very valuable and represents the right of every internet user, it is advisable to know the problems that cookies can create. Because through them, information is constantly transmitted, in both directions, between the browser and the website, if an attacker or unauthorized person intervenes during data transmission, the information contained in the cookie can be intercepted. Although very rare, this can happen if the browser connects to the server using an unencrypted network (for example, an unsecured WiFi network).

Other cookie-based attacks involve missetting cookies on servers. If a website does not require the browser to use only encrypted channels, attackers can use this vulnerability to trick browsers into sending information through unsecured channels. The attackers then use the information to gain unauthorized access to certain websites. It is very important to be careful in choosing the most suitable method of personal information protection.

Tips for safe and responsible browsing, based on cookies.

Due to their flexibility and the fact that most of the most visited and largest sites use cookies, they are almost unavoidable.

To ensure that you navigate without worries with the help of cookies, you can consider the following tips:

- Customize your browser settings regarding cookies to reflect a comfortable level of cookie security for you.

- If you don't mind cookies and you are the only person using the computer, you can set long expiration periods for storing browsing history and personal access data.

- If you share access to the computer, you can consider setting the browser to delete individual browsing data every time you close the browser. This is an option to access the sites that place cookies and to delete any visit information when closing the browsing session.

- Install and constantly update your antispyware applications. Many of the spyware detection and prevention applications include detection of attacks on websites. Thus, it prevents the browser from accessing websites that could exploit the vulnerabilities of the browser or download dangerous software.

- Make sure your browser is always updated. Many of the attacks based on cookies are carried out by exploiting the weak points of the old versions of the browsers.

Cookies are everywhere and cannot be avoided if you want to enjoy access to the best and biggest sites on the Internet - local or international. With a clear understanding of how they operate and the benefits they bring, you can take the necessary security measures so that you can surf the Internet with confidence.

Customer Support
Rating : 90.8% based on 26 reviews
© 2024 Top Rent A Car Ltd. All Rights Reserved Winner of Tripadvisor Travellers’ Choice award 2023