العربية العربية বাংলা বাংলা Čeština Čeština Dansk Dansk Deutsch Deutsch Ελληνικά Ελληνικά English English Español Español Eesti Eesti Euskara Euskara Français Français हिन्दी हिन्दी Hrvatski Hrvatski Bahasa Indonesia Bahasa Indonesia Íslenska Íslenska Italiano Italiano 日本語 日本語 ქართული ქართული 한국어 한국어 Latviešu Latviešu Malti Malti Nederlands Nederlands Norsk Norsk Polski Polski Português Português Română Română Русский Русский Shqip Shqip Svenska Svenska ไทย ไทย Türkçe Türkçe Українська Українська Tiếng Việt Tiếng Việt 简体中文 简体中文
Welcome Fleet Airport Sweet Deals Explore Keflavík
العربية العربية বাংলা বাংলা Čeština Čeština Dansk Dansk Deutsch Deutsch Ελληνικά Ελληνικά English English Español Español Eesti Eesti Euskara Euskara Français Français हिन्दी हिन्दी Hrvatski Hrvatski Bahasa Indonesia Bahasa Indonesia Íslenska Íslenska Italiano Italiano 日本語 日本語 ქართული ქართული 한국어 한국어 Latviešu Latviešu Malti Malti Nederlands Nederlands Norsk Norsk Polski Polski Português Português Română Română Русский Русский Shqip Shqip Svenska Svenska ไทย ไทย Türkçe Türkçe Українська Українська Tiếng Việt Tiếng Việt 简体中文 简体中文

Privacy Policy

How Kef Rent Cars collects, uses, and protects your personal information.

1. Introduction and Scope

Kef Rent Cars ("we", "our", "us") operates from Keflavík, Reykjanesbær, Iceland and provides car hire services to travelers arriving at Keflavik International Airport (KEF) and the wider Reykjanes Peninsula. This Privacy Policy explains how we collect, use, store, and share personal information when you use our website at kefrentcars.com, make a car hire booking, or contact our support team.

This policy applies to all visitors, customers, and prospective renters who interact with our services, whether you are booking a compact hatchback for a weekend drive along Route 41 to Reykjavik, reserving a 4x4 SUV for the Golden Circle, or simply comparing car hire rates online. By using our website or services, you acknowledge this Privacy Policy.

We are committed to processing personal data in accordance with applicable Icelandic law, including Act No. 90/2018 on Data Protection and the Processing of Personal Data, which implements the General Data Protection Regulation (GDPR) into Icelandic law. The Icelandic Data Protection Authority (Persónuvernd) oversees compliance.

2. Information We Collect

We collect personal information in the following categories depending on how you interact with us:

2.1 Personal Identification Details

When you create a booking or make an enquiry, we collect your full name, email address, phone number, and - where required for the rental agreement - your driver's license number, license country of issue, and date of birth. For young driver rates (under 25), we may also collect the date the license was issued.

2.2 Booking and Rental Data

We collect information related to your car hire transaction, including pick-up and drop-off dates, preferred vehicle category, selected extras (such as child seats, GPS units, or gravel protection insurance), pick-up location (KEF Airport shuttle depot or hotel delivery in Reykjanesbær), and any special requests you submit.

2.3 Payment Information

We do not store full card details on our servers. Payments are processed by certified third-party payment processors who comply with PCI DSS standards. We may retain transaction reference numbers, payment method type (such as Visa debit or Mastercard), and billing address for fraud prevention and booking record purposes. Our no-deposit car hire model means we do not place large security holds on your card in most cases.

2.4 Browsing and Technical Data

When you visit kefrentcars.com, we automatically collect technical data including your IP address, browser type and version, device type, operating system, referring URL, pages visited, and session duration. This data is collected via cookies and similar tracking technologies. Please see our Cookie Policy at kefrentcars.com/cookie_policy for full details.

2.5 Location Data

If you permit location access in your browser, we may collect approximate geographic location data to show you relevant pick-up points near Keflavík, route suggestions along the Reykjanes Peninsula, or nearby fuel stations such as Orkan Keflavík. This data is not stored permanently and is used only to improve your browsing experience.

3. How We Use Your Information

We process personal data for the following lawful purposes:

  • Processing bookings: We use your name, contact details, license information, and payment data to confirm and manage your car hire reservation, send booking confirmations, and coordinate pick-up logistics at KEF Airport or in Keflavík town.
  • Customer support: We use your contact details and booking history to respond to enquiries, resolve disputes, handle modifications or cancellations, and assist with roadside support during your rental in Iceland.
  • Service improvement: Aggregated and anonymised browsing data helps us understand how travelers use our site, which vehicle categories are most popular for Reykjanes Peninsula trips, and where our booking flow can be simplified.
  • Marketing communications: With your explicit consent, we may send you promotional emails about seasonal car hire deals, low-season discounts, or new vehicle additions. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting us directly.
  • Legal and regulatory compliance: We process and retain certain data to meet obligations under Icelandic law, including financial record-keeping requirements, insurance claim handling, and responses to lawful authority requests.
  • Fraud prevention and security: We use technical and booking data to detect and prevent fraudulent reservations, chargebacks, and unauthorized access to customer accounts.

4. Data Sharing with Third Parties

We do not sell your personal data to third parties. We share data only where necessary to deliver our car hire service and only with trusted partners who are contractually bound to protect your information:

4.1 Payment Processors

Your payment details are transmitted directly to our certified payment processing partners. These processors operate under PCI DSS compliance and applicable GDPR/Icelandic data protection standards. We receive only a transaction reference and masked card details.

4.2 Insurance Providers

Where you purchase collision damage waiver, gravel protection, or supplementary insurance through our booking system, we share relevant rental and personal details with our insurance partners to issue coverage documents and process any claims arising from your hire period in Iceland.

4.3 Booking Integrators and Fleet Partners

To fulfil your car hire reservation, we share booking data with our local supplier network and fleet management partners based in Keflavík and Reykjanesbær. These partners are bound by data processing agreements consistent with Icelandic data protection law.

4.4 Legal Authorities

We may disclose personal data to Icelandic law enforcement, courts, or regulatory bodies where required by applicable law, court order, or to protect the rights and safety of our customers, staff, or the public.

4.5 International Transfers

Some of our technology service providers may be located outside Iceland or the European Economic Area. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

5. Data Retention Periods

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law:

  • Booking records: Retained for 7 years from the rental end date to comply with Icelandic financial and tax regulations.
  • Customer account data: Retained while your account remains active, plus 2 years after your last booking or account closure request.
  • Marketing consent records: Retained until you withdraw consent, plus 12 months for audit trail purposes.
  • Technical/browsing logs: Retained for up to 90 days for security monitoring and service improvement purposes.
  • Insurance and claims data: Retained for the duration of the insurance policy plus any applicable statutory limitation period, typically up to 6 years.

6. Your Rights Under Icelandic and GDPR Data Protection Law

As a data subject under Act No. 90/2018 and the GDPR, you have the following rights regarding your personal data:

6.1 Right of Access

You may request a copy of all personal data we hold about you, including your booking history, contact details, and any preferences recorded in our system.

6.2 Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request correction without undue delay. This is particularly important for driver's license details and contact information used in rental agreements.

6.3 Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the original purpose, where consent has been withdrawn, or where processing was unlawful. Please note that we may be required to retain certain data for legal and financial compliance purposes despite an erasure request.

6.4 Right to Data Portability

You may request your personal data in a structured, commonly used, and machine-readable format, and have it transmitted directly to another service provider where technically feasible.

6.5 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests where your particular circumstances warrant it.

6.6 Right to Restrict Processing

In certain circumstances, you may request that we restrict the processing of your data - for example, while the accuracy of data is being contested or while an objection is being assessed.

6.7 Exercising Your Rights

To exercise any of the above rights, please contact us using the details in Section 10 below. We will respond within 30 days. You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) at www.personuvernd.is if you believe your data has been processed unlawfully.

7. Data Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, accidental loss, destruction, or disclosure. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our servers.
  • Access controls ensuring that only authorized staff with a legitimate need can access personal booking data.
  • Regular security assessments and vulnerability monitoring of our web platform.
  • Third-party payment processing that removes the need to store full card details on our infrastructure.
  • Staff training on data protection responsibilities and Iceland-specific GDPR obligations.

While we apply industry-standard protections, no system is entirely immune to risk. If you have reason to believe your data has been compromised, please contact us immediately.

8. Cookies and Tracking Technologies

Our website uses cookies to provide core functionality, remember your booking preferences, and analyze how visitors use the site. Cookies are small text files stored on your device. You can manage or withdraw cookie consent at any time through your browser settings or our cookie preference tool. For a full breakdown of the cookies we use and their purposes, please read our Cookie Policy.

9. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business practices. When we make material changes, we will update the "Last updated" date at the bottom of this page and, where appropriate, notify you by email if you have an active account or recent booking with us.

We encourage you to review this page periodically. Your continued use of kefrentcars.com or our car hire services following any update constitutes acceptance of the revised policy.

10. Contact Us About Privacy

If you have any questions, concerns, or requests relating to this Privacy Policy or the personal data we hold about you, please contact our team:

Kef Rent Cars
Keflavík, Reykjanesbær, Iceland
[email protected]
+1 (367) 215-0573

We aim to respond to all data protection enquiries within 5 business days. For urgent matters related to a current rental in Keflavík or at KEF Airport, please call us directly.

Last updated: June 2025