Privacy Policy

At JIMPISOFT, Sociedade de Distribuição de Produtos Microinformática, Unipessoal, Lda. (“JIMPISOFT”) we care deeply about the protection of your personal data and we are determined to respect your privacy.

In this Privacy Policy, we describe how we collect and process personal data of all those who use our services or products as well as those who access and browse our website.

We have tried to make this policy as self-explanatory as possible, but if anything is unclear, please contact us at the following e-mail address:


Your personal data shall be processed in a way to ensure compliance with the applicable legislation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 or General Data Protection Regulation (“GDPR”) and Law no. 58/2019 of 8 August, which ensures the execution of the GDPR in the Portuguese legal system.


JIMPISOFT, with registered office at Avenida António Bernardo Cabral de Macedo, nos. 33 and 33A, Paço de Arcos, legal entity identification number 501919678, is the entity responsible for the processing of your data. 

Throughout this Policy, references to “we” or “us” shall mean JIMPISOFT.

If you have any questions about this Privacy Policy, or about how we treat your data, please refer to the “CONTACT US” section below.


Since its founding in 1987, JIMPISOFT has developed and distributed user-friendly software. Working with rent-a-car companies for over 30 years, we have extensive experience in this business and our software can be the cornerstone of your business success. Over the years, we have worked closely with our clients, in permanent dialogue, adapting our system, making Rentway® a solution to compete in the new millennium. We also understand that software is constantly evolving, and, with the help of our partners, we improve it every day.

Tailor-made, secure and dynamic, this software is the solution of choice for rent-a-car companies of any size. Our product also provides Fleet Management and System Maintenance modules. 


Personal data are any information, of any nature and regardless of its medium, relating to an identified or identifiable natural person. Pursuant to the GDPR, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

The information we collect about you and how we collect it may vary depending on the products or services you use, subscribe to or contract. 

We only collect the data we consider to be essential for you to browse our website, to provide you with the products or services you request, to manage your orders, to register and invoice your requests, to ensure that these are provided to you and, if you show interest, to let you know about our news.

In order to consult the purposes and legal basis for processing your data, please refer to the Section “WHY WE PROCESS YOUR DATA AND FOR WHICH PURPOSES” (below).

In particular, we process the following categories and types of personal data:

Identification data: name, tax identification number, date of birth.

Contact details: delivery address, e-mail address, phone number.


JIMPISOFT will process your personal data on the following legal basis:

  • Compliance with contractual obligations or pre-contractual endeavours;
  • Compliance with applicable legal obligations;
  • For certain processing we will require your consent;
  • Legitimate interests, insofar as the necessity of the processing of personal data is balanced with your interests or fundamental rights and freedoms.

We use the data we collect from you to provide you with the best possible experience. In particular, we collect and process personal data for:

  • Communications with customers;
  • Clarification of queries;
  • Requests for information; 
  • Service proposals;
  • Communication of offers, new services or products, commercial campaigns, events, satisfaction surveys and other advertising and marketing communications.

The following table identifies some of the purposes for which we collect and process your personal data:


Categories of data

Legal basis

New customer registration

Identification and contact details

Performance of a contract with the customer

Management of the service provided

Identification data, contact data, location data

Performance of a contract with the customer

Management of the product supplied

Identification data, contact data, location data

Performance of a contract with the customer

Management of our relationship with the client (contacts, notification of modifications to our terms and conditions of sale)

Identification data, contact data

Performance of a contract with the customer;

Compliance with legal Obligations;

Legitimate interests of the controller (for example, to understand how we can offer better services and products to our customers).

Ensuring full functioning of our website

Identification data, contact data, connection and location data

Legitimate interests of the controller (for example, to keep our online services fully functional and secure);

Compliance with legal obligations.

Sending newsletters and other marketing communications

Identification and contact data.

Consent of the data subject


In the context of the rendering of our services or products, we may use service providers and intermediaries, such as companies that provide technological support and electronic payment processing companies, which must have access to some of your personal data.

However, these communications are made solely and exclusively for the fulfilment of the purposes for which the data are collected and in accordance with our instructions, in strict compliance with the regulations on the processing of personal data and information security. In any case, we will share all information regarding such communications with you.

We may also communicate your personal data to third parties where:

  • you have expressly consented to it; or
  • the communication is made in order to comply with a legal obligation or a court order.

We will only transfer your personal data outside the European Union or the European Economic Area, i.e. to a third country, ensuring strict compliance with European legislation on the transfer of data to third countries and will provide all necessary information, including, for example, an indication of the safeguards for such transfer:

  • Adequacy decisions: where the European Commission determines that a third country offers an adequate level of data protection, personal data may be sent to that country without implementing any other measures mentioned above;
  • Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection of personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards, including the obligation to implement appropriate technical and security measures.


Your personal data will only be kept for the period of time necessary for the purposes for which they were collected or for the periods of time required by law.

The purchasing and invoicing data will be kept during the performance of the contract and, after its termination, may still be kept for a reasonable period, should you decide to use our services again or to comply with our legal obligations, namely of a fiscal nature.


We make every effort to ensure that your personal information is accurate, up-to-date and complete in accordance with the purposes for which we use that information.

According to the GDPR, you have the right, at any time, to access and object to the processing of your personal information, as well as the right to update, correct and delete data collected by us that is incomplete, incorrect, out of date, or prohibited by law. You may exercise these rights by contacting us using the contact details provided below (“CONTACTS“).

We explain your rights briefly below:

  • Right to be informed

You have the right to obtain clear, transparent and easily understandable information about how we use your personal data.

  • Data subject’s right of access 

You can request a copy of the data we hold about you.

  • Right of rectification

You have the right to rectify your personal data if it is incorrect or out of date and/or to complete it if it is incomplete.

  • Right to erasure of data (“right to be forgotten”)

This right is not absolute, as we may have legal or legitimate reasons to retain your personal data.

  • Right to, at any time, object to the processing of data on the basis of consent

You may object to the processing of data where such processing is based on consent. Withdrawing consent does not affect the lawfulness of the consent previously given. 

  • Right to data portability

You have the right to receive personal data concerning you, in a structured, commonly used and machine-readable format, and the right to transmit this data to another organisation. This applies only to data you have provided whose processing is based on your consent or on a contract, and if the processing is carried out by automated means.

  • Right to limit processing

You can ask us to limit the use of your data to storage only, to stop using it for all other purposes or to retain data that should be deleted.

  • Lodging a complaint to the CNPD

You also have the right to lodge a complaint with the data protection supervisory authority in Portugal when your rights have been violated or your personal information is or is being used in a way that you believe is not in accordance with applicable law. The contact details of the Portuguese Data Protection Commission are available here, along with details on how to make a complaint.


You can exercise any of these rights by using the contact details provided below (“CONTACTS“).


We do not anticipate that any decisions which have legal or other effects on you will be made using purely automated means; however, we will update this policy if this situation changes and notify you of such changes. 


We implement the technical and organisational measures that ensure the confidentiality of your personal data, protecting it from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful forms of data processing.

For example, we take the following measures:

  • Pseudonymisation and encryption of personal data;
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services;
  • The ability to detect a personal data breach, resolve it and report it;
  • The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • A process to regularly test, assess and evaluate the effectiveness of technical and organisational measures to ensure security of processing;
  • Identification, disclosure and documentation of the roles and duties of personnel with access to personal data;
  • Maintenance of a written record of all processing activities carried out, as per GDPR requirements;
  • Definition and implementation of a written incident log procedure;
  • Appointment of a security officer or, where appropriate, a Data Protection Officer, who shall be appointed where required by law;
  • Definition and implementation of physical access controls;
  • Implementation of security policies and procedures;
  • Adherence to a code of conduct on personal data protection, in accordance with the RGPD;
  • Definition and implementation of a procedure for the destruction or return of personal data and documents, in a secure and confidential way (making it impossible to recover them later and certifying the absence of copies), when the contractual relationship ends (except when there is an obligation to keep personal data for an additional period, in which case the personal data and documents shall be blocked).

Any entity we outsource to will be bound by equivalent security measures, acting at all times under our duly documented instructions.


As practices regarding the processing of personal data may change from time to time, this Privacy Policy will need to be updated accordingly and on a regular basis, so we advise you to check it periodically. If there is a significant change, we will inform you directly by email.


If you have any questions about this Privacy Policy or want to exercise your rights to access, update or correct any personal information, please contact us through the following contacts:

Address: Avenida António Bernardo Cabral de Macedo, n.º 33, 2780-195 Oeiras

Telephone: (+351) 214 542 050