Privacy Policy

1. Who is the data controller?

The data controller is the service provider listed in the “Service provider” section below.

2. What data we process

We aim to minimize data processing. We only process data that is necessary to provide the Service and keep it secure. Depending on how you use the Service, this may include:

• VIN and report parameters you submit (e.g., language/version).
• Order identifiers and payment status (e.g., order ID, timestamps, confirmation that payment succeeded/failed).
• Technical data in server logs (e.g., IP address, user agent, time of request) used for security, abuse prevention, and troubleshooting.
• Contact data and message content if you contact us by email.

Payment card details and payment instrument data are processed by payment providers (e.g., Stripe/PayPal). We do not receive your full card number. Depending on the payment method, the payment flow may redirect you to the provider’s page or display the provider’s embedded components. In certain cases, a VIN may constitute personal data if it can be linked to an identifiable individual. In such cases, VIN data is processed in accordance with GDPR.

3. Purposes and legal bases (GDPR)

We process personal data for the following purposes and based on these legal grounds:

• Providing the report and delivering the Service: Contract performance (GDPR Art. 6(1)(b)).
• Handling payments, accounting, and tax obligations: Legal obligation (GDPR Art. 6(1)(c)) and contract performance (GDPR Art. 6(1)(b)).
• Security, fraud prevention, and service integrity: Legitimate interest (GDPR Art. 6(1)(f)).
• Responding to inquiries: Legitimate interest (GDPR Art. 6(1)(f)) or steps prior to entering a contract (GDPR Art. 6(1)(b)) depending on the case.

4. Who we share data with

We share data only to the extent necessary to provide the Service, including with:

• Payment providers (e.g., Stripe, PayPal) to process payments.
• IT/hosting providers that operate the website infrastructure.
• Email service providers used to communicate with you (if applicable).
• Public authorities when required by law.

5. International transfers

Some providers (e.g., payment providers) may process data outside the European Economic Area. Where applicable, such transfers are protected by appropriate safeguards (e.g., Standard Contractual Clauses) in line with GDPR.

6. How long we keep data

We keep data only for as long as necessary for the purposes described above, including:

• Order and accounting records: for the period required by applicable tax/accounting laws.
• Server logs: typically for a limited period necessary for security and troubleshooting.
• Email correspondence: as long as needed to handle your request and for evidence of communication if required.

7. Your rights

If you are in the EEA/UK, you may have the right to:

• Access your data and obtain a copy.
• Rectify inaccurate data.
• Request deletion of data (when applicable).
• Restrict processing.
• Object to processing based on legitimate interests.
• Data portability (when applicable).
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact us using the details below.

8. Automated decision-making

Auto.vin does not use personal data for profiling or automated decision-making within the meaning of GDPR Art. 22.

9. Cookies and similar technologies

Auto.vin does not use cookies or similar tracking technologies on its website (no analytics and no marketing cookies).

Please note that payment providers (e.g., Stripe/PayPal) may use cookies on their own pages or within embedded payment components as part of payment processing. Their policies apply in such cases.

10. Security

Auto.vin does not use its own analytics or marketing cookies and does not run tracking on the website.

11. External links

The Service may contain links to external websites. We are not responsible for the privacy practices of those sites.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates when the latest version was published.