GDPR Compliance

Our Commitment to GDPR

VIN2COC is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

How We Comply with GDPR

Lawful Basis for Processing

We process your personal data based on the following lawful bases:

• Contract: Processing necessary for performing our COC services
• Legitimate Interest: Improving our services and preventing fraud
• Legal Obligation: Compliance with tax and regulatory requirements
• Consent: Marketing communications (where applicable)

Data Minimization

We only collect and process personal data that is necessary for providing our services. We regularly review our data collection practices to ensure compliance.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Access controls and authentication
• Regular security audits and updates
• Staff training on data protection

Data Retention

We retain personal data only for as long as necessary:

• Customer and order data: 7 years (legal requirement)
• Uploaded documents: 90 days (automatic deletion)
• Website analytics: 26 months
• Marketing data: Until consent is withdrawn

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Certification schemes and codes of conduct

Data Protection Officer

Our Data Protection Officer (DPO) oversees our GDPR compliance and is available to answer your questions about data protection.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the methods below. We will respond to your request within 30 days.

What to Include in Your Request

• Your full name and email address
• Description of your request and which right you want to exercise
• Any relevant order numbers or account information
• Proof of identity (for security purposes)

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

You can contact your local data protection authority or the authority in the country where we are established. We encourage you to contact us first so we can address your concerns directly.

Cookies and Tracking

We use cookies and similar technologies in compliance with GDPR requirements:

• Essential cookies: No consent required (necessary for service functionality)
• Analytics cookies: Based on legitimate interest with opt-out option
• Marketing cookies: Require explicit consent
• Third-party cookies: Subject to their respective privacy policies

You can manage your cookie preferences through your browser settings or our cookie consent banner.

Regular Compliance Reviews

We regularly review and update our GDPR compliance measures:

• Annual privacy impact assessments
• Regular staff training on data protection
• Ongoing monitoring of data processing activities
• Updates to privacy policies and procedures
• Third-party security audits

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or by email.