Data Protection Policy of Carinfos.net

1. Introduction

1.1. At Carinfos.net, we are committed to protecting the privacy and security of personal data. This Data Protection Policy outlines how we handle personal data to comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

1.2. This policy applies to all personal data collected and processed by Carinfos.net, including data gathered through our website, services, and other business operations.

1.3. The purpose of this policy is to outline our data protection practices and inform individuals of their rights regarding their personal data.

2. Our Commitment to Data Protection

2.1. Carinfos.net is committed to processing personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: We process personal data in a lawful, fair, and transparent manner.
  • Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes.
  • Data Minimization: We collect only the personal data that is necessary for the intended purpose.
  • Accuracy: We ensure that personal data is accurate and up to date.
  • Storage Limitation: Personal data is retained only for as long as necessary.
  • Integrity and Confidentiality: We protect personal data with appropriate security measures.

3. Data Collection and Processing

3.1. We collect personal data for various purposes, including:

  • Providing services through our platform (e.g., vehicle history reports).

  • Managing customer relationships and communications.

  • Processing payments and fulfilling legal obligations.

  • Improving our services through analytics and user feedback.

  • Responding to customer inquiries and support requests.

    3.2. We collect personal data through:

  • Information directly provided by users (e.g., registration, service usage).

  • Automatically collected data (e.g., IP addresses, cookies, usage data).

  • Third-party services (e.g., payment processors, analytics providers).

4. Legal Basis for Processing Personal Data

4.1. We rely on the following legal bases for processing personal data:

  • Contractual Necessity: When processing is required to provide the services you request (e.g., user account creation, report generation).
  • Legal Obligation: To comply with legal requirements, such as financial regulations.
  • Legitimate Interest: To improve our services, protect our users, or for business operations.
  • Consent: When we request your explicit consent, such as for marketing communications.

5. Data Security

5.1. We implement a range of security measures to protect personal data from unauthorized access, loss, or damage, including:

  • Data Encryption: Sensitive data is encrypted during transmission and storage.
  • Access Control: Access to personal data is restricted to authorized personnel only.
  • Multi-Factor Authentication (MFA): MFA is required for accessing sensitive systems.
  • Regular Audits: We regularly review our security measures and systems through audits.
  • Data Backups: We conduct regular backups to protect data against accidental loss or damage.

6. Data Retention

6.1. Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations.

6.2. After the retention period, personal data is securely deleted or anonymized.

6.3. If you would like more information on our data retention practices, you can contact us at [email protected].

7. Data Transfers

7.1. Carinfos.net may transfer personal data outside of the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Binding agreements with service providers that guarantee data protection standards.

    7.2. We only transfer data to countries or entities that offer adequate levels of protection as defined by GDPR.

8. Data Subject Rights

8.1. As a user of Carinfos.net, you have the following rights regarding your personal data:

  • Right to Access: You can request access to the personal data we hold about you.

  • Right to Rectification: You can request corrections to any inaccurate or incomplete data.

  • Right to Erasure: You can request the deletion of your personal data in certain circumstances.

  • Right to Restrict Processing: You can request restrictions on how your personal data is processed.

  • Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.

  • Right to Object: You can object to the processing of your personal data for legitimate interests or marketing purposes.

  • Right to Withdraw Consent: You can withdraw your consent for processing based on consent at any time.

    8.2. To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity before processing your request.

    8.3. If you are not satisfied with how we handle your request, you have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).

9. Data Breach Response

9.1. In the event of a personal data breach, we will promptly assess the risk to individuals and, if necessary, notify the relevant data protection authority within 72 hours.

9.2. If the breach poses a high risk to your rights and freedoms, we will notify you directly without undue delay.

10. Monitoring and Updates

10.1. We regularly review this Data Protection Policy to ensure compliance with changes in data protection regulations or our business practices.

11. Contact Information

11.1. If you have any questions regarding this policy or how we protect your personal data, please contact us at [email protected].