• MotoGS Rental
  • GTC
  • Privacy and Cookie Policy of MotoGS Rental & MotoGS WorldTours Croatia/Germany

Privacy and Cookie Policy of MotoGS Rental & MotoGS WorldTours Croatia/Germany

Privacy and Cookie Policy of MotoGS Rental & MotoGS WorldTours Croatia/Germany

Privacy Policy & Cookie Policy – MotoGS Rental (motogsrental.com)

As of: 26.12.2025

This privacy policy applies to the website motogsrental.com (motorcycle rental). There is a separate privacy policy for the tour website (motogsworldtours.com).

1) Controller

MotoGS WorldTours – Tour Operator (sole proprietorship, Germany)
Owner: Frank Merklinger
Seffnerstraße 2, 06217 Merseburg, Germany
VAT ID: DE358041050
E-mail: info@motogsworldtours.com / rental@motogsrental.com
Phone/WhatsApp: +49 151 44288997 / +385 99 6750140

Service/handover location (Meet & Greet, Croatia):
Kralja Tomislava 13, 21220 Seget Donji – Trogir, Croatia
(Note: This is an operational location for the provision of services; the controller remains the entity stated above.)

2) Data protection contact

Data protection requests (access, rectification, erasure, objection, withdrawal of consents):
info@motogsworldtours.com

3) Legal bases

We process personal data in accordance with the GDPR. Depending on the purpose, we base processing in particular on:

  • Art. 6(1)(b) GDPR (contract / pre-contractual measures – e.g., rental enquiry, booking, vehicle handover/return, communication)
  • Art. 6(1)(c) GDPR (legal obligations – e.g., retention under tax law)
  • Art. 6(1)(f) GDPR (legitimate interests – e.g., IT security, misuse/fraud prevention, enforcement/defence of claims)
  • Art. 6(1)(a) GDPR (consent – e.g., statistics/marketing technologies)

For cookies and similar technologies, the TDDDG also applies. Non-essential cookies/tracking are used only after consent.

4) Hosting (WMD) & server log files

This website is technically operated/hosted by:
WMD d.o.o., Augustin Harambašića 10, 43000 Bjelovar, Croatia.

When you visit the website, information is automatically processed by the web server (e.g., IP address, date/time, page/file accessed, referrer URL, browser type, operating system, amount of data transferred).

Purpose: Provision of the website, stability/security, error analysis, defence against attacks.
Legal basis: Art. 6(1)(f) GDPR.
Storage period: Log data is generally stored for a limited period (typically up to 30 days) insofar as this is required for security and operational purposes; in the event of security-relevant incidents, possibly longer for clarification.
Note: Within the scope of hosting/support, WMD may obtain access to systems as a processor (e.g., for troubleshooting). This occurs only to the extent necessary.

5) Cookies & consent management (Cookiebot)

We use cookies and similar technologies. We distinguish between:

  • Technically necessary cookies (required for operation/functionality)
  • Optional cookies (statistics/marketing), which are set/read only after consent

We use Cookiebot (Usercentrics A/S, Havnegade 39, 1058 Copenhagen K, Denmark) as a consent management platform. You can give, refuse, or change/withdraw your consent at any time via the Cookie-Settings link on our website

5.1 Logging of consent

To comply with data protection documentation obligations, we log your consent decision via Cookiebot (e.g., consent status, timestamp, technically necessary identifiers).
Purpose: Management and proof of consents.
Legal basis: Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR (proof of consent) and/or Art. 6(1)(f) GDPR (compliance/proof interest).

6) Contact (e-mail / form / WhatsApp)

If you contact us (e-mail, form, phone/WhatsApp), we process the data you provide (e.g., name, e-mail, phone number, content of the message).

Purpose: Processing your enquiry, communication, preparation/handling of the rental.
Legal basis: Art. 6(1)(b) GDPR (pre-contract/contract) or Art. 6(1)(f) GDPR (efficient communication).
WhatsApp note: If you contact us via WhatsApp, processing also takes place by WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Processing/transfer to third countries (e.g., USA) cannot be ruled out. Further information: https://www.whatsapp.com/legal/privacy-policy-eea/revisions/20230717
Storage period: until final processing; beyond that only as required (e.g., evidence/claims/legal obligations).

7) Booking/rental enquiry and rental

In the context of the rental enquiry/booking, we process in particular the following data:

  • Name
  • Address
  • E-mail address
  • Phone number
  • Rental period, vehicle/model preference, pickup/return information
  • Driving licence: During the booking process you confirm that you hold a valid driving licence. A visual check is carried out at vehicle handover.

Purpose: Processing your enquiry, availability check, organization of pickup/return, performance of the rental, customer service.
Legal basis: Art. 6(1)(b) GDPR.

7.1 Documentation of driving licence / passport / ID (at handover)

For identity verification, performance of the rental, and safeguarding claims, we may take a copy or photo of your driving licence and/or passport/national ID card at handover, insofar as this is necessary in the individual case. We limit collection to what is required (data minimization). Where possible, a visual inspection is carried out first; a copy/photo is taken only if this is necessary in the individual case (e.g., fraud prevention, documentation/claims handling).

Purpose: Identity verification, fraud prevention, documentation, handling of damages/claims.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.
Storage period: only as long as required for the rental and any subsequent handling (e.g., damages/claims); thereafter deletion unless legal obligations prevent this.
Access: restricted internally; storage is protected/access-restricted.

8) Deposit (pre-authorisation) & handling of damages/claims

To secure the rental, a deposit reservation (pre-authorisation) may be made on the payment card at handover. The amount is reserved (not finally charged).

Note on reservation period: The duration of the reservation depends on the card scheme and the issuing institution and typically ranges between 7 days and up to 30 days, and may also differ.

Note on release: After proper return, we initiate the release or completion of the reservation; however, the actual lifting of the hold by the card-issuing institution may still vary in time.

In the event of damage, a (partial) finalisation / (partial) charge may be carried out from the reservation, where permissible and in accordance with the agreed conditions. If a reservation is not (or no longer) available, handling may, depending on the case, be performed via procedures supported by the payment service provider (e.g., reference-/token-based subsequent transactions) or alternative payment methods.

Purpose: Securing the rental, documentation, handling of damages/claims, fraud prevention.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

8.1 Documentation of the payment card (no storage of full card data)

To allocate the deposit reservation and for documentation purposes, we may record card-specific reference data, e.g., card type, cardholder name, expiry month/year, last 4 digits, as well as transaction/authorisation references, amount, and date.

Important: We store no full card number (PAN) and no security code (CVV/CVC).

9) Payment processing (online & on site)

Payment processing is carried out via payment service providers. The data required for payment (e.g., name, amount, currency, transaction data, possibly billing/contact details) is transmitted to the respective payment service provider. Depending on the payment method, payment service providers process data partly as independent controllers.

Legal basis: Art. 6(1)(b) GDPR (payment processing) and, if applicable, Art. 6(1)(f) GDPR (fraud prevention/chargeback management).

9.1 Card payment on site (Nexi Germany – terminal)

On-site card payments as well as deposit reservations (pre-authorisation) are processed via Nexi Germany GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.
Privacy information: https://www.nexi.de/de/legal-footer/datenschutzerklaerung

9.2 WSPay (Monri / WSPay)

Online payments may be made via WSPay. Provider:
Monri Payments d.o.o., Ulica grada Vukovara 269/F, 10000 Zagreb, Croatia.
Privacy information: https://www.wspay.eu/cd/240/privacy-policy

9.3 PayPal

If you pay via PayPal, processing is carried out via PayPal (Europe):
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
Privacy information: https://www.paypal.com/ie/legalhub/paypal/privacy-full

9.4 Stripe (incl. Apple Pay, depending on integration)

If you pay via Stripe, processing is carried out via Stripe. Depending on the checkout, Apple Pay may also be offered as a payment method.
Privacy information: https://stripe.com/privacy

9.5 Amazon Pay

If you pay via Amazon Pay, processing is carried out via Amazon Payments.
Privacy information (Amazon Payments Europe): https://pay.amazon.eu/help/201212490

10) Analytics & marketing (only with consent)

On motogsrental.com, analysis and marketing technologies are used – if you have consented. Prior to your consent, optional tags/cookies are not set or read (controlled via consent management).

Legal basis: Art. 6(1)(a) GDPR (consent) and for the setting/reading of non-essential cookies/similar technologies Section 25(1) TDDDG.
You can change or withdraw your consent at any time via Cookie-Settings.

10.1 Google (Analytics / Tag Manager)

If enabled, we use Google services such as Google Analytics (reach measurement/statistics) and the Google Tag Manager (technical tag management). In doing so, usage data (e.g., page views, interactions, approximate origin/region, technical information about browser/device) may be processed. Google may use cookies/similar technologies for this purpose.
Google privacy information: https://policies.google.com/privacy

10.2 Google Ads conversion tracking

If enabled, Google Ads conversion tracking may be used to measure whether users perform certain actions on the website after clicking an ad (e.g., booking enquiry). Cookies/similar technologies may also be used for this purpose.
Google privacy information: https://policies.google.com/privacy

10.3 Microsoft/Bing (Microsoft Advertising)

If enabled, technologies from Microsoft Advertising (e.g., Bing/Microsoft conversion tracking, Universal Event Tracking – UET) may be used to measure and optimize campaigns. Usage/device information may be processed and cookies/similar technologies may be used.
Microsoft privacy information: https://www.microsoft.com/en-us/privacy/privacystatement
Microsoft Advertising policies/info: https://about.ads.microsoft.com/en/policies/legal-privacy-and-security

11) Recipients / sharing of data

We share data only where necessary. Recipients may include in particular:

  • Hosting/IT service providers (e.g., WMD – operation of the website/servers/support)
  • Consent management (Cookiebot/Usercentrics – management/logging of consents)
  • Payment service providers (Nexi Germany, WSPay/Monri, PayPal, Stripe, Amazon Pay; and, where applicable, terminal/acquirer components)
  • Tax advisor (accounting/tax obligations)
  • Insurers / workshops / towing services (only in the event of an incident and only to the extent necessary)
  • Authorities (only if we are legally obliged to do so or if required for legal enforcement)

12) Transfers to third countries

Depending on the tools used (e.g., certain analytics/marketing or communication services), processing in third countries (in particular the USA) cannot be ruled out. Where required, we rely on appropriate safeguards for transfers (e.g., Standard Contractual Clauses and/or applicable adequacy decisions). For certain providers, certification under the EU-U.S. Data Privacy Framework (DPF) may also apply (provider-/service-dependent).

13) Storage period

We store personal data only as long as necessary for the respective purpose. In addition, we store data where statutory retention obligations exist (in particular for tax-relevant documents) or where this is necessary to assert/defend claims.

14) Your rights

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consents (Art. 7(3) GDPR)

15) Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). For our registered office in Saxony-Anhalt, the competent authority is:

State Commissioner for Data Protection Saxony-Anhalt
Otto-von-Guericke-Straße 34a, 39104 Magdeburg, Germany
Website: https://datenschutz.sachsen-anhalt.de/

16) Data security

We implement technical and organizational measures to protect data against loss, manipulation, and unauthorized access. This includes, in particular, encrypted transmission of data (TLS/SSL), where technically available. However, complete protection on the internet cannot be guaranteed.

16.1 No automated decision-making

We do not carry out automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

16.2 Requirement to provide data

Providing certain data may be necessary for processing enquiries and for concluding and performing the rental contract. Without this data, rental or processing may not be possible or may be possible only to a limited extent.

17) Changes to this privacy policy

We update this privacy policy when processes, tools, or legal requirements change. The current version published on this website shall apply.