Privacy Policy Version of January 12, 2024

We, autoplatforma.com (hereinafter referred to as "we," "us," "Company"), have developed this Privacy Policy (hereinafter referred to as "Policy") to demonstrate our commitment to safeguarding the privacy of our customers and visitors to our website at https://autoplatforma.com (hereinafter referred to as "Website").

This document outlines our company’s principles regarding the collection, use, and transfer of any personally identifiable information (for USA residents) and Personal Data (for other regions) that we collect through this Website (hereinafter referred to as "Personal Data" or "Data").

Viewing our Website does not require registration or the provision of Personal Data. The information you provide via our Website will be used strictly according to its intended purpose.

This Policy describes:

what Personal Data is;
what Personal Data we collect;
how we process information when you provide us with Data (regardless of whether you visit the Website for viewing, obtaining information, or conducting transactions);
with whom we may share Personal Data;
information about users’ rights concerning personal data protection;
how to contact us if you have questions regarding Data processing.

1. PERSONAL DATA PROTECTION PROVISIONS

Our Website is primarily aimed at users from the United States of America and EU countries, but we understand that our services may attract interest worldwide. Therefore, we strive to make our Website accessible from virtually anywhere in the world.

We make every effort to protect the Personal Data of our customers and Website visitors and strive to comply with all applicable local data protection laws.

Generally, we do not collect Personal Data when you merely visit our Website, except when you explicitly agree to provide us with your information. Providing such data is voluntary, but the lack of certain information may limit your ability to receive requested services via the Website.

All services we offer through the Website concerning the processing and protection of Personal Data are governed by this Policy. By using our services and providing us with any Data, you agree to the terms of this Policy. If you do not agree with our terms, unfortunately, you will not be able to use our services.

The Company acts as a "Data Controller" within the context of the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws when we determine the methods of data collection and their intended use.

We will process your Data only based on one of the following legal grounds:

Processing is necessary for entering into or performing an agreement with you (including any offers and their acceptance) when using our services;
Such processing is required by the laws of the countries where we provide or make our services available;
You have given consent to the processing of your Data;
Processing is required to protect the legitimate interests of the Company or third parties, except where interests concerning the fundamental rights and freedoms of the data subject outweigh these interests.

The Company does not collect or request special categories of Personal Data ("sensitive data").

Please note that this Policy may be updated, including when required by law. We will notify you of changes by sending a message to your email address (if you have provided it) or by posting a notice prominently on our Website. We recommend that you periodically check the Policy for changes. Your continued use of our services after updating the Policy signifies your agreement with the new terms. If you do not agree with the updates, you may discontinue using our services.

You always have the opportunity to delete or modify your Data by contacting us accordingly.

2. WHAT PERSONAL DATA WE COLLECT AND PROCESS

(A) We may collect and process the following types of information about you through our Website and/or services you use:

IP address and geolocation data (country, region, state);
Device information (device model, operating system, browser type and language settings);
Personal details (first name, last name);
Contact information (phone number, email address);
Identity documents (passport, driver’s license);
Billing and/or delivery address (country, postal code, region, city, street);
Google and/or Facebook identifiers;
Transaction information;
Vehicle data (VIN number);
Information collected through cookies and similar technologies (further details can be found in our Cookie Policy).

(B) Additionally, we may process other Data if you voluntarily provide it to us.

(C) Please provide only the information necessary to receive the selected service, newsletter, or response to your inquiry. If you choose to provide us with more data than required, we will ensure its protection and processing. If processing such data is not necessary for using the Website and the services or is not mandated by law, we will delete it.

3. CHILDREN’S DATA

In accordance with the US Children’s Online Privacy Protection Act (COPPA), we do not collect information about children under 13 and do not intend for our Website and services to be used by children. Acceptance of this Policy and the use of our services imply that you are not a child.

4. HOW WE COLLECT PERSONAL DATA

We may obtain your Data from various sources and for different reasons, including:

Registration on our Website;
Updating your account on the Website;
Purchasing our services;
Subscribing to newsletters or promotional materials;
Inquiries through the form on the Website, via email, or by phone.

We may also collect information about your activities on the Website using cookies and similar technologies.

5. PURPOSES OF PROCESSING PERSONAL DATA

We use Personal Data for the following purposes:

Providing access to our services and their use (contract performance);
Working on and improving services (contract performance, legitimate interest);
Providing customer support (contract performance, legitimate interest);
Personalizing user experience and offering the most relevant content and offers (consent);
Administrative, analytical, and statistical purposes (legitimate interest);
Sending promotional information about our services (consent);
Managing subscriptions and opt-outs (consent);
Protection against abuse and ensuring security (legitimate interest);
Compliance with legal requirements, including responding to data subjects’ and regulatory authorities’ requests (legitimate interest).

page.privacy.data_processing_consent_intro

6. SHARING AND DISCLOSING PERSONAL DATA

Your Personal Data will not be transferred, sold, or disclosed to third parties outside the Company and its affiliated structures, except in the following cases:

When we have your consent or request for data disclosure;
To comply with government, federal, or other regulatory authorities as part of property or title transfers;
In response to a court order or official request within legal, administrative, or arbitration proceedings;
To protect the rights of the Company or its affiliates in the event of claims;
To investigate and prevent user fraud;
If necessary to protect the interests of the Company or other related parties;
If necessary to provide services.

We do not use third-party sites to collect user data. Any information collected by third-party sites is not transferred or stored by our Company.

In case of the Company being acquired or merged with another organization, you agree that your information may be transferred to the new company according to applicable law. We will notify you of such a change via email or prominently on the Website before transferring data and including them in the new privacy policy.

7. DATA RETENTION PERIOD

We will retain your data only as long as necessary to fulfil the purposes for which it was collected and processed, or to comply with legal requirements. The retention period varies depending on the type and category of Personal Data, the purposes of processing, and the possibility of achieving these purposes by other means.

We retain your data in accordance with tax, accounting, and financial legislation requirements, if mandated by our obligations to financial partners.

Be aware that the laws of some countries may require different data retention periods. For example, if the laws of the user’s country of residence establish statute of limitations periods for claims, we may retain your data during this period to provide necessary evidence.

Additionally, we may need to retain data to fulfil legal obligations to you or regulatory authorities. Over time, we may reduce the amount of your data we use or anonymize it such that it no longer identifies you. In this case, we may continue to use such information without additional notice, as it will no longer be considered Personal Data.

You can always request the deletion or modification of your data. To do this, please contact our data protection specialist (contact information below) or use the "unsubscribe" button in our email. If you find any data outdated, please let us know.

If your Personal Data is processed based on your consent (e.g., for marketing communications), you can withdraw your consent at any time to stop further processing. Instructions for opting out are included in every message.

8. TECHNICAL, ADMINISTRATIVE, AND OTHER DATA PROTECTION MEASURES

We take special care to protect your Personal Data. Various technical and administrative measures are implemented to safeguard Data from unauthorized or illegal access, as well as accidental loss, destruction, or damage. These measures are regularly tested to ensure their effectiveness and reliability.

Firstly, we conduct regular malware scanning.

Certain Personal Data transmission is encrypted using Secure Socket Layer (SSL) technology. Most browsers display a lock icon during such transactions, confirming the use of SSL, particularly when dealing with credit cards and other payment data.

In addition, we employ various technical protection methods such as data encryption, firewalls, and password protection.

We also adhere to the principle of data minimization, processing only the information necessary to perform specific functions or purposes, or provided by you with consent. Access to your Data is granted to a limited number of employees who need it to perform their duties. Our staff undergoes training to strictly follow privacy, security, and compliance policies.

Please note that email is not always a reliable means of transmitting information. We recommend not sending us Personal Data such as identification or credit card details via email. If you need to transmit such information, please use secure web pages on our Website if available.

Your Personal Data is stored on secure servers that are not accessible to the public. We make every effort to protect them, but no method of data transmission over the Internet or electronic storage can ensure 100% security. Therefore, we cannot guarantee absolute security of your data. If a security breach is detected, we will try to notify you via email so you can take necessary measures. We may also post a notice on our Website. Depending on your location, you may have the right to receive written notice of such incidents.

In accordance with GDPR, we ensure an adequate level of protection when transferring data outside the European Economic Area, based on standard contractual clauses approved by the European Commission or other applicable measures specified in Article 46 GDPR.

9. FINANCIAL INFORMATION PROTECTION

We employ a range of security measures to protect your data when placing orders via our Website.

After placing an order, you will be prompted to pay for the ordered services. All financial transactions are processed through an external payment provider, and credit card details are not stored or processed on our servers.

We use Stripe (provided by Stripe Inc.) as a third-party payment processor. Stripe allows us to process payments via credit cards, bank transfers, and other online methods.

The payment form on our Website directly transmits your credit card information to Stripe, where it is processed according to Stripe’s privacy policy. We receive only aggregated data about performed transactions, such as the amount needed to provide you with the vehicle history report.

10. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small text files that are placed on your device when you visit websites. They allow our Website to remember your preferences and actions over a period, so you don't have to re-enter them. Typically, cookies do not identify a specific user, but rather the device used to access the site.

We use cookies and other tracking technologies on our Website for various purposes, including ensuring the proper functioning of the site, tracking traffic, and improving advertising. These technologies help enhance the quality of our services.

A detailed list of cookies and other tracking technologies used on our Website can be found in our separate Cookie Policy.

Please note that some browsers allow you to block cookies and other tracking technologies. However, disabling cookies may limit the functionality of our Website or application, making it difficult to use all its features and causing some functions to not work correctly.

11. DATA SUBJECT RIGHTS

When contacting us to protect your rights regarding Personal Data, you may need to undergo an identification process and provide specific requirements so that we can process your request in accordance with the law. A full list of information we are required to provide is contained in Articles 13 and 14 of the GDPR.

If we cannot identify you based on the provided messages or a support request, or if we have reasonable doubts about your identity, we may ask you to provide identification. This is necessary to prevent your data from being disclosed to individuals impersonating you. Any additional information collected for verification will be used solely for this purpose.

We strive to process requests promptly; however, providing a complete and lawful response to requests concerning Personal Data may take up to a month or more. If additional time is required, we will notify you.

Data Subject Rights under the GDPR

Right to Information
You can find out what Personal Data we process by contacting us. We will provide information about your data if you request it through our data protection officer.
Right to Rectification
If you find that your Personal Data is incorrect or outdated, please inform us. In some cases, changes may not be possible if the data has already been used in legal documents or for other reasons established by law.
Right to Data Portability
In certain cases, you may request that your Personal Data be provided in a structured, commonly used, and machine-readable format, or request that this data be transferred to a third party.
Right to Restriction of Processing
You may request the restriction of the processing of your data, which means that we will stop processing the data except for its storage under certain circumstances.
Withdrawal of Consent to Data Processing and Right to Erasure
If we process your data based on your consent (e.g., for marketing communications), you can withdraw your consent at any time. If an opt-out option is available, follow the instructions in each message. You may also exercise your right to erasure. We will delete the data if provided for by Article 14 of the GDPR, except when the data is necessary to fulfill legal obligations. If you are the parent of a child under the age of 13 (or any other age set by law) and believe that your child has disclosed information to us, please notify us, and we will delete the data.
Rights Regarding Automated Decision-Making and Profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal consequences or significant impacts on you. We do not use your data for automated marketing or online profiling.
Complaints
If you are located in the EEA, you may file a complaint with the European Data Protection Authority. UK residents may direct requests or complaints to the UK Information Commissioner’s Office.

Data Subject Rights under the California Online Privacy Protection Act (CalOPPA)

The California Online Privacy Protection Act ("CalOPPA") was enacted to protect the privacy rights of California residents. Under CalOPPA, we commit to the following:

Users can visit our Website anonymously.
A link to this Policy is located on the homepage of our Website or, at a minimum, on the first significant page after entering the site.
The link to the Policy contains the word "privacy" and is easily accessible on the mentioned page.
We will notify users of any changes to the Policy on the Website page.
Users can modify their Data:
A "Do Not Track" (DNT) request is a setting that can be activated on a device to limit data collection.

We do not track users of our Website over time and across third-party websites, so we do not respond to browser signals to prohibit tracking (DNT). However, even when adhering to DNT settings, we cannot control how third parties, such as Google Analytics or AdWords, handle DNT.

Data Subject Rights under the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act ("CCPA") grants California residents certain rights to manage their data:

The right to request access to your personal information.
The right to request the deletion of your personal information.
The right to opt out of the sale of your data.

However, the CCPA does not apply to our company and our activities. The law applies only to businesses that:

Have an annual gross revenue of more than $25 million.
Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices.
Derive 50% or more of their annual income from selling the personal information of California residents.

12. CONTACT US

If you have any questions or complaints about this Policy, you can contact us:

By email: [email protected]

We are ready to assist you and answer any of your questions or concerns.