Privacy policy

In accordance with Article 10 of Act 34/2002, of 11 July, on Information Society Services and Electronic Commerce, we inform you that XTRA AUTO SLU (GRUPO XTRA), with tax ID B57320244 and address at AVDA ELS ARCS, 24 - 46940 MANISES (VALENCIA) is responsible for the management and operation of the site www.clickparking.es is registered in the Companies Register of ISLAS BALEARES S 8 , H V 214561. The owner of the domain is CLICK & RENT SL, with C.I.F. B57696031, belonging to Grupo XTRA.

If you wish to contact us, you can do so by post to the address above or by email to rgpd@grupoxtra.es.

You may access our domain directly or through any existing redirection, and the Privacy Policy applies to this domain.

 

PRIVACY POLICY

This Privacy Policy describes how we process your personal data (e.g. collection, use, disclosure, storage and protection of your personal information) and provides information about your rights as a data subject.

XTRA AUTO SLU (GRUPO XTRA) is the data controller responsible for the processing, as well as for the collection, use, communication, storage and protection of your personal data, in accordance with the General Data Protection Regulation, internal rules and policies or any applicable national regulations.

In compliance with Framework Act 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, XTRA AUTO SLU (GRUPO XTRA) hereby informs you:

 

Data controller identity and contact details

Our identifying information:

XTRA AUTO SLU (GRUPO XTRA)

You can contact us

• By post: AVDA ELS ARCS, 24 - 46940 MANISES (VALENCIA)
• By email: rgpd@grupoxtra.es
• By telephone: +(34) 961 666 660
• Website: clickparking.es

We inform you that in accordance with Article 37.1 GDPR, a Data Protection Officer must be appointed, who you may contact by email or telephone and to whom you may address any questions, doubts, suggestions or exercise your rights under this Regulation in relation to the processing of your personal data.

Details of our DPO:

- Vicente M. Sancho Rodríguez (Caler Consultores, S.L.)

- rgpd@grupoxtra.es

 

Personal data categories

We process the following personal data categories:

• Identification data- name and surname, ID card or equivalent.
• Administrative data - company name, address, bank details and contact persons.
• Contact details- email, telephone number and address.
• Digital data - cookies, IP address, websites and social media, and other data publicly accessible on the Internet, etc.
• Social media data - public social media profile data of followers and visitors.
• Ethics channel data - details of the incident or the person submitting the incident, related to the incidents received on the ethics channel.
• Business data - suppliers, customers, directors and partners.
• Other data necessary for processing - for more information on the personal data category used in our Activity, please consult our Activity Log.

 

How do we collect your data?

We collect information about you from the following sources:

From our website:

• Through the Contact form.
• Through the I’m Interested form.
• Through the Subscription form.
• Through the Online Chat.
• Through the ethics channel https://xtra-auto.factorial.es/complaints

From other Internet tools:

• Through our social media.
• By email to customers or suppliers with whom there has been a previous business relationship.
• By email to prospective customers or data subjects without a business relationship for whom we do not yet have explicit consent.
• By email to data subjects whose consent we have obtained through the different contact forms.

From other sources:

• When communicating or interacting with you by telephone, email or other means of contact from our company.
• When you visit our facilities.
• Through a commercial visit.

For more information on the different data collection mechanisms in our activity, please consult our Activity Log.

 

How long do we keep your data? (Storage Period)

Data will be kept for as long as there is a commercial, contractual or professional relationship with the data subject and thereafter for the years necessary to comply with the corresponding legal obligations in each case. Without prejudice to the foregoing, they shall be kept for as long as they are necessary for processing and the data subject does not request their deletion.

With regard to accounting and tax documentation, for tax purposes, the accounting books and other compulsory registers in accordance with the applicable tax regulations (personal income tax, VAT, corporate income tax, etc.), as well as the documentary media that justify entries recorded in the books (including computer programs and files and any other supporting documents with tax implications), must be kept for at least the period during which authorities have the right to verify and investigate and, consequently, to settle tax debts, according to Articles 66 to 70 of the General Tax Act, which will be 4 years.

With regard to accounting and tax documentation, for commercial purposes, books, correspondence, documentation and supporting documents concerning your business, duly sorted as of the last book entry, except as established by general or special provisions, this commercial obligation extends to both the obligatory books (income, expenses, capital goods and inventories), as well as documentation and supporting documents for entries recorded in the books (invoices issued and received, receipts, rectifying invoices, bank documents, etc.), in accordance with Article 30 of the Commercial Code, which will be 6 years.

For more information on data storage in our activity, please consult our Activity Log.

 

Who do we disclose your data to?

Depending on the purpose of the processing, your personal data may be transferred or processed to different categories of recipients:

• External partners or professionals
• Public authorities (Public authorities using them in the legitimate exercise of their powers)
• Tax, accounting and labour consultancy firms
  1. Purpose: Accounting and tax management and compliance with tax and labour obligations.
  2. Data provided: Customer/supplier/employee identification data, financial data, invoicing and payroll.
  3. Legal basis: Legal obligation (Art. 6.1.c GDPR).
• Insurance companies
  1. Purpose: Taking out insurance policies associated with rented vehicles and claims management.
  2. Data provided: Driver's identification and contact details, driving licence number, accident history.
  3. Legal basis: Performance of contract (Art. 6.1.b GDPR) and, in some cases, legitimate interest (Art. 6.1.f).
• Maintenance, repair and roadside assistance companies
  1. Purpose: Assisting the driver during the rental (e.g. in case of breakdown).
  2. Data provided: Customer’s name, telephone number and location.
  3. Legal basis: Contract performance.
• Financial institutions or payment platforms
  1. Purpose: Processing of payments, collections and refunds.
  2. Data provided: Bank and card details, customer identification details.
  3. Legal basis: Contract performance and compliance with legal obligations.
• Fleet management and geolocation companies
  1. Purpose: Operational management of the rental, vehicle security and location in case of theft.
  2. Data provided: Geolocation data of the vehicle, associated to the contract.
  3. Legal basis: Legitimate interest (security of leased property) and contract performance.
• Law enforcement agencies
  1. Purpose: In case of court summons, traffic fines or investigations.
  2. Data provided: Identity of the driver, rental contract details, vehicle registration number.
  3. Legal basis: Compliance with a legal obligation.
• Software or hosting companies (technology providers)
  1. Purpose: Technical support, data hosting, billing systems or CRM management.
  2. Data accessed: Remote access to systems where customer data is hosted.
  3. Legal basis: Contractual relationship with the provider as data processor (not a transfer as such, but relevant).
• Marketing companies or satisfaction surveys
  1. Purpose: Customer loyalty, service improvement.
  2. Data provided: Name, email, telephone.
  3. Legal basis: Consent or legitimate interest.

However, we disclose your data only to the extent strictly necessary and in the manner required to carry out the purposes described in this privacy policy and only to entities with which we have entered into agreements protecting your rights and freedoms in relation to your personal data. These entities and/or professionals considered as Data Processors shall be governed by the provisions of Art. 28 GDPR and this entity is responsible for ensuring that they take all necessary security measures in accordance with the aforementioned regulation.

We also inform you that your data may be processed by our group companies for commercial, administrative, statistical and/or financial purposes. For more detailed information, please consult the website https://grupoxtra.es.

For more information on the transfer of data to third parties in our activity, please consult our Activity Log.

 

Where do we process your data?

In order to carry out our activity, provide our services and/or sell our products, we process your personal data in accordance with the conditions set out in this privacy policy within the European Union (EU).

For more information on where we process data in our activity, please consult our Activity Log.

 

For what purposes do we process your data?

Your data will be collected for the relevant processing operations for the following purposes:

Purposes of the elements of our website:

• Contact Form:
  • Receive contact information or other requests made by you.
  • Other purposes of the same form.

• I'm Interested form:
  • Receive information about the requested product
  • Tracking interest
• Subscription form:
  • Receive our newsletter
• ONLINE CHAT/ONLINE AGENT: Resolve doubts or questions related to our products or services. Personal data will not be used for any other purpose.
• OFFLINE CHAT/OFFLINE AGENT: Use the contact details provided through the specific form to resolve doubts raised by the user.
• Ethics channel:
  • Incident monitoring and management.
  • Contact if necessary with the person who reported the incident.
  • Use of data incorporated for correct incident resolution.
• Specific processing on social media (see social media section)
• In the case of prospective customers or data subjects for whom we do not have explicit consent, this will be requested via email in order to be able to continue communication.

General purposes of our activity:

• Receive contact information or other requests made by you through any of our communication channels.
• Administrative tasks derived from the provision of our services.
• Administrative tasks derived from the sale of our products.

For more information on the purposes of data processing in our activity, please consult our Activity Log.

You may withdraw your consent at any time free of charge, exercising your rights by sending your request in writing and attaching your identity document to our address AVDA ELS ARCS, 24 - 46940 MANISES (VALENCIA) or by email to the following address rgpd@grupoxtra.es. For more detailed information on how to exercise your rights, please consult our Activity Log.

 

Why may we process your data? (Legitimation)

The use of your data under the conditions described above is permitted by European and Spanish data protection regulations in accordance with the following legal bases:

 

Art.6. GDPR

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Ethics channel.

For the ethical channel, processing is based on Act 2/2023 of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption.

For more information on the legal basis for data processing in our activity, please consult our Activity Log.

 

What are your rights?

Data protection legislation allows you to exercise your rights of access, rectification, opposition, erasure ("right to be forgotten"), restriction of processing, portability and the right not to be subject to individualised decisions with the Data Controller.

Any data subject has the right to be provided, BEFORE his/her data are collected, with basic information at a first level, in summary form, at the same time and in the same medium in which his/her personal data are collected and, on the other hand, to be provided with the rest of the information, in a medium more suitable for its presentation and comprehension.

The information to be provided in layers or levels would be as follows:

 

1st Layer Information

• Identity of the Data Controller.
• What data will be processed.
• For what purpose.
• Where and how they were obtained.
• The legal basis for processing.
• Whether they will be communicated, transferred or processed by third parties.
• Reference to the procedure for exercising rights.

 

2nd Layer Information

• Data controller contact details. Identity and details of the representative (if any). Data protection officer contact details (if any).
• Extended description of the purposes of processing. Data storage periods or criteria. Automated decisions, profiling and applied logic.
• Details of the legal basis for processing, in cases of legal obligation, public interest or legitimate interest. Obligation or not to provide data and consequences of not doing so.
• Recipients and recipient categories. Adequacy decisions, guarantees, binding corporate rules or specific applicable situations.
• How to exercise the rights of access, rectification, erasure and portability of data, and limitation or opposition to their processing.
• Right to withdraw consent.
• Right to complain to the Supervisory Authority.

 

(The table below indicates what your rights are).

 

Right of access	To find out which of your data are being processed, for what purpose they are being processed, where data has been obtained and whether they will be or have been disclosed to anyone.
Right of rectification	To modify your inaccurate or incomplete data.
Right of cancellation	To cancel your inappropriate or excessive data.
Right to object	To prevent the processing of your data or to stop the processing of your data, but only in the cases provided for by law.
Right to restrict processing	To request the suspension of data processing in the cases established by law.
Right to data portability	To be able to receive your data in a structured, commonly used electronic format and be able to transfer it to another Controller.
Right not to be subject to individualised decisions	So that no decision is taken about you, which produces legal effects or affects you, based solely on the processing of your data.

 

These rights are characterised as follows:

• Exercising is free of charge.
• You can exercise your rights directly or through a legal representative.
• If the request is submitted by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.
• Before exercising your rights, we must identify you in order to protect your personal data against fraudulent attempts.
• Your request will be dealt with within one month.
• The controller is obliged to inform you about the means of exercising these rights. These means must be accessible and this right cannot be denied solely on the grounds that another means is chosen.
• If the controller does not comply with the request, it shall inform, at the latest within one month, of the reasons for its failure to act and the possibility to complain to a supervisory authority.

If you wish to exercise any of the rights described above, you may contact us through our Data Protection Officer:

• By post:

XTRA AUTO SLU (GRUPO XTRA)

Att. Data Protection Officer

AVDA ELS ARCS, 24 - 46940 MANISES (VALENCIA)

 Or by email to the address: rgpd@grupoxtra.es

We inform you that in accordance with Article 37.1 GDPR, a Data Protection Officer must be appointed, who you may contact by email to the address indicated and to whom you may address any questions, doubts, suggestions or exercise your rights, duly identified with an identification document, under this Regulation in relation to the processing of your personal data.

 

Supervisory Authority

If you wish to make a complaint in relation to the processing of your data by XTRA AUTO SLU (GRUPO XTRA), please contact the Spanish Data Protection Agency, C/ Jorge Juan, 6 28001-Madrid http://www.agpd.es

 

Cookies

Cookies are files that are downloaded to your computer to collect standard internet log information and information about browsing habits. This information is used, for example, to track visitor usage of the website and compile statistical reports on website activity.

You can set your browser to not accept cookies. However, some first party cookies are necessary to enable the website user session to use our services.

For more information, please see our website Cookies Policy.

 

Social media

CLICKRENT is present on social media, such as: Facebook, Whatsapp and Instagram, the purpose of personal data processing is as established in the terms of service. If personal data associated with a user account are used to register for certain services, we inform you that we will share certain information contained in your account. XTRA AUTO SLU (GRUPO XTRA) reminds you that you should be aware of the privacy policies of social media or networks on which you are registered in order to avoid sharing unwanted information.

You have the privacy and account management settings on social media to manage your privacy, identity, advertising and other related preferences.

If personal data associated with a user account are used to register for certain services, we inform you that we will share certain information contained in your account.

The purposes of the data collected from the various social media are:

• Advertising and commercial prospecting.
• Management of customer databases from campaigns or promotions in the dissemination of our activities and services among our followers.
• E-commerce and order tracking.
• Communication with customers or data subjects.

Detailing each of the social networks: on Facebook, when a user becomes a fan of the official Fan Page by clicking "Like", they authorise their personal data to be used solely on this Facebook platform for "Fan Page" management and two-way communications with those followers through chat, posts, comments, messages or other means of communication that the social network allows now and in the future. This processing will be subject to the social network’s privacy policies, which the user can consult at the following link: https://www.facebook.com/policy.php. By becoming a fan you will have access to the list of members or followers who have joined the Fan Page. Please also note that when a user becomes a fan, news posted will also appear on their home page and, if the fan user comments on these posts, their comments will be accessible to other fans as well as their profile name and, if applicable, the photograph they have on their profile or according to their privacy settings, or biography and tagging. In any case, the user is responsible for use of the social network.

With regard to WhatsApp, when a user joins us as a contact, we will have access to the public data entered by them and their status updates. We will also be able to communicate with them through it. The privacy policy is available at https://www.whatsapp.com/legal/.

In relation to Instagram, when a user follows our profile by clicking on the "Follow" button, we will have access to the profile page of the people who follow them, specifically, the user's name, photographs (if the user has posted a photograph on the profile), and posts made by the user, as well as other information published on the user's profile, such as users who are followed or their followers. The data of users who follow our profile on Instagram are only used to manage information exchanged between the two. The privacy policy that governs this social network can be consulted at the following link: https://help.instagram.com/519522125107875

In relation to TikTok, when a user follows our profile by clicking on the "Follow" button, we will have access to the user's profile page, username, videos and posts made by the user, as well as all other information published on the user's profile, such as users who are followed or followers. The data of users who follow our profile on TikTok are only used to manage the information exchanged between the two. The privacy policy that governs this social network can be consulted at the following link: https://www.tiktok.com/legal/page/eea/privacy-policy/es

 

Cancellation Request

To request the cancellation of any service you have registered for, please note that you may exercise your right to cancel or oppose the processing of your data by contacting us at AVDA ELS ARCS, 24 - 46940 MANISES (VALÈNCIA) or by sending a message to the following email address rgpd@grupoxtra.es with the subject UNSUBSCRIBE REQUEST, indicating your details and the email address with which you are registered. We will respond to your request indicating the status of your request or if we require further information.

 

Minors

The User certifies that he/she is over 14 years of age and therefore has the necessary legal capacity to consent to the processing of his/her personal data in accordance with the provisions of this Privacy Policy.

If you wish to use our services through the website and you are 14 years old or younger, we will need the consent of your legal guardian to store your data. If we do not have it, we may block or delete them.

 

Security

XTRA AUTO SLU (GRUPO XTRA) adopts organisational and technical measures with the aim of guaranteeing personal data security and avoiding their alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

 

Updates

We review our privacy policy and may change it from time to time (primarily to comply with legal and data protection practices).

Updated versions will be published on our website.

 

Applicable law and competent courts

The terms and conditions that govern this website, as well as the relationships that may arise from it, are protected by and subject to Spanish law. For the resolution of any type of controversy, dispute or discrepancy that may arise between the user and XTRA AUTO SLU (GRUPO XTRA) by using this website, they agree to submit to the courts of VALENCIA, Spain.

 

Last update: 21 MAY 2025