Privacy Policy

1. Who is the data controller?

The data controller is the service provider listed in the “Service provider” section below.

2. What data we process

We aim to minimize data processing. We process only data that is necessary to provide the Service, keep it secure, manage privacy settings, and operate permitted measurement tools. Depending on how you use the Service, this may include:

• VIN and report parameters you submit (e.g., language/version).
• Order identifiers and payment status (e.g., order ID, timestamps, confirmation that payment succeeded/failed).
• Technical data in server logs (e.g., IP address, user agent, time of request) used for security, abuse prevention, and troubleshooting.
• Contact data and message content if you contact us by email.
• Information about your consent choices and privacy settings.
• Online identifiers, cookie-related identifiers, and event data connected with analytics or advertising measurement tools, but only to the extent enabled by your consent choices.

Payment card details and payment instrument data are processed by payment providers (e.g., Stripe/PayPal). We do not receive your full card number. Depending on the payment method, the payment flow may redirect you to the provider’s page or display the provider’s embedded components. In certain cases, a VIN may constitute personal data if it can be linked to an identifiable individual. In such cases, VIN data is processed in accordance with GDPR.

3. Purposes and legal bases (GDPR)

We process personal data for the following purposes and based on these legal grounds:

• Providing the report and delivering the Service: Contract performance (GDPR Art. 6(1)(b)).
• Handling payments, accounting, and tax obligations: Legal obligation (GDPR Art. 6(1)(c)) and contract performance (GDPR Art. 6(1)(b)).
• Security, fraud prevention, and service integrity: Legitimate interest (GDPR Art. 6(1)(f)).
• Responding to inquiries: Legitimate interest (GDPR Art. 6(1)(f)) or steps prior to entering a contract (GDPR Art. 6(1)(b)) depending on the case.
• Remembering privacy choices and managing consent settings: Legitimate interest (GDPR Art. 6(1)(f)) and, where applicable, processing necessary to operate the Service requested by the user.
• Website analytics and traffic measurement: Consent (GDPR Art. 6(1)(a)), where required.
• Advertising measurement and conversion tracking: Consent (GDPR Art. 6(1)(a)), where required.
• Personalized advertising: Consent (GDPR Art. 6(1)(a)), if this functionality is enabled in the Service.

4. Who we share data with

We share data only to the extent necessary to provide the Service, including with:

• Payment providers (e.g., Stripe, PayPal) to process payments.
• IT/hosting providers that operate the website infrastructure.
• Email service providers used to communicate with you (if applicable).
• Google, to the extent its analytics, tag management, or advertising measurement tools are enabled by your consent settings.
• Providers supporting consent management or related technical implementation, if applicable.
• Public authorities when required by law.

5. International transfers

Some providers (e.g., payment providers, IT providers, or providers of analytics and advertising measurement tools) may process data outside the European Economic Area. Where applicable, such transfers are protected by appropriate safeguards (e.g., Standard Contractual Clauses) in line with GDPR.

6. How long we keep data

We keep data only for as long as necessary for the purposes described above, including:

• Order and accounting records: for the period required by applicable tax/accounting laws.
• Server logs: typically for a limited period necessary for security and troubleshooting.
• Email correspondence: as long as needed to handle your request and for evidence of communication if required.
• Consent choices and privacy settings: for as long as necessary to manage your settings and demonstrate compliance.
• Analytics and advertising measurement data: according to the configuration of the tools used and, where applicable, until consent is withdrawn or the data is no longer needed.

7. Your rights

If you are in the EEA/UK, you may have the right to:

• Access your data and obtain a copy.
• Rectify inaccurate data.
• Request deletion of data (when applicable).
• Restrict processing.
• Object to processing based on legitimate interests.
• Withdraw consent at any time, where processing is based on consent.
• Data portability (when applicable).
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact us using the details below.

8. Automated decision-making

Auto.vin does not use personal data for profiling or automated decision-making within the meaning of GDPR Art. 22.

9. Cookies and similar technologies

Auto.vin uses cookies and similar technologies, including browser storage such as localStorage and sessionStorage. Some of them are necessary for the website to function, provide security, remember privacy settings, and support the order and payment flow.

Subject to your consent, the Service may also use analytics and advertising measurement technologies, including Google tools deployed via Google Tag Manager, such as Google Analytics 4 and Google Ads, in order to analyze traffic and measure campaign effectiveness and conversions. You can accept all, reject optional purposes, or change your settings at any time through the cookie settings available in the Service. Payment providers (e.g., Stripe/PayPal) may also use cookies or similar technologies on their own pages or within embedded payment components, and their own policies apply in such cases.

10. Security

We apply reasonable technical and organizational measures to protect personal data, including access controls, secure transmission where applicable, and measures designed to limit unauthorized access, abuse, and accidental loss of data. No method of transmission is 100% secure, but we maintain safeguards appropriate to the nature of the Service.

11. External links

The Service may contain links to external websites. We are not responsible for the privacy practices of those sites.

12. Changes to this Policy

We may update this Privacy Policy from time to time, in particular when the Service, legal requirements, or the technologies we use change. The “Last updated” date indicates when the latest version was published.