Last Updated September 29th, 2025

This Privacy Policy explains how personal data is collected, processed, and protected by the Marketplace Owner when users interact with the Marketplace at www.autocinetica.com. This Policy applies to all users, including Sellers, Operators, and Buyers, and forms an integral part of the Terms of Use.

By registering or using the Marketplace, users confirm that they have read, understood, and accepted this Privacy Policy.

The data controller for the purposes of this Policy is the Marketplace Owner, who owns and operates the Marketplace.

Information about the Marketplace Owner is published on www.autocinetica.com

The Marketplace Owner may collect and process the following categories of personal data when users register on or interact with the Marketplace:

2.1. Identification and Contact Data

• Full name, company name, position;
• Email address, phone number, country of residence or registration;
• National or tax identification numbers (e.g., VAT ID);
• User credentials (login, password – stored securely).

2.2. Business and Account Information

• Details of the registered legal entity or entrepreneur;
• Registration certificates and legal documentation;
• Marketplace role (Seller, Operator, Buyer) and related access rights.

2.3. Transactional Data

• Order history and related documentation;
• Invoices, delivery notes, and payment information (excluding banking credentials);
• Communications between users.

2.4. Technical Data

• IP address, browser type and version, device identifiers;
• Log data, cookies, and interaction history with the Marketplace;
• Time zone and location data derived from browser settings.

2.5. Usage Data

• Pages visited, features used, actions taken within the Marketplace;
• Feedback, support requests, and ratings.

Personal data is collected directly from users during registration, profile setup, use of the platform, or communication with the Marketplace Owner.

The Marketplace Owner processes personal data only when there is a lawful basis under Article 6 of the General Data Protection Regulation (GDPR). Processing is carried out for the following purposes:

3.1. Contractual Necessity

To perform obligations under the Terms of Use and ensure the proper functioning of the Marketplace, including:

• User registration and account creation;
• Enabling commercial transactions between users;
• Order processing, document exchange, and communication.

3.2. Legitimate Interests

To pursue the Marketplace Owner’s legitimate interests, provided that such interests are not overridden by users' fundamental rights. This includes:

• Ensuring Marketplace security and preventing fraud;
• Monitoring usage to improve performance and resolve issues;
• Protecting the legal rights of the Marketplace Owner and other users;
• Collecting and analyzing user feedback and ratings to improve platform quality and resolve disputes.

3.3. Compliance with Legal Obligations

To fulfill obligations under applicable laws, such as:

• Responding to lawful requests from public authorities;
• Maintaining proper accounting and transaction records.

3.4. User Consent

Where required by law, the Marketplace Owner will obtain user consent, for example:

• For the use of optional cookies or tracking technologies;
• For sending marketing communications (if applicable).

Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4.1. Personal data is shared only when necessary and in accordance with the GDPR. The Marketplace Owner may disclose personal data to the following categories of recipients:

• Other Users of the Marketplace
  To facilitate transactions, certain data (e.g., company name, representative name, contact details, order history) may be made visible to counterparties involved in the same transaction.
• Service Providers and Contractors
  Trusted third parties that provide technical, legal, security, or communication services to the Marketplace may be granted access to personal data solely for the purposes of fulfilling their contractual duties.
• Public Authorities
  In response to lawful requests or legal obligations, the Marketplace Owner may disclose personal data to courts, law enforcement agencies, tax authorities, or regulatory bodies.

Such processing is based on the legitimate interest of the Marketplace Owner to operate the Marketplace efficiently or on contractual necessity where applicable.

4.2. All third-party processors are contractually bound by data protection agreements that ensure compliance with the GDPR and guarantee the confidentiality and security of user data. Each data processor is engaged under a written data processing agreement in accordance with Article 28 of the GDPR, which specifies the subject matter, duration, nature and purpose of processing, types of personal data involved, and the obligations and rights of both parties.

4.3. The Marketplace Owner does not sell, rent, or otherwise make personal data available to third parties for commercial purposes without the user’s explicit consent.

4.4. If personal data is transferred outside the European Economic Area (EEA), such transfer will occur in accordance with Chapter V of the GDPR, using appropriate safeguards (e.g., Standard Contractual Clauses or adequacy decisions). Where data is transferred to jurisdictions without an adequacy decision, appropriate safeguards will be used, such as Standard Contractual Clauses approved by the European Commission.

5.1. Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable legal, regulatory, or contractual obligations.

5.2. Specific retention periods include:

• 10 years for accounting and tax documentation (under applicable EU law);
• 3 years for user support or communication history (for legal defense);
• Until account deletion for user profile and transaction history.

5.3. Upon expiration of the applicable retention period, personal data will be securely deleted, anonymized, or archived in a manner that prevents unauthorized access and use.

5.4. Users may request deletion of their data at any time by contacting the Marketplace Owner. However, such requests may be refused if data must be retained to comply with legal obligations or to resolve disputes.

Under the General Data Protection Regulation (GDPR), users have the following rights regarding their personal data:

6.1. Right of Access
To obtain confirmation as to whether their personal data is being processed and, if so, access to such data and relevant information.

6.2. Right to Rectification
To request correction of inaccurate or incomplete personal data.

6.3. Right to Erasure (“Right to be Forgotten”)
To request deletion of personal data under certain conditions, such as when it is no longer necessary for the purposes for which it was collected or processed.

6.4. Right to Restriction of Processing
To request the restriction of processing in specific circumstances (e.g., during the verification of contested accuracy or pending an objection).

6.5. Right to Data Portability
To receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

6.6. Right to Object
To object to processing based on legitimate interests or for direct marketing purposes.

6.7. Right to Withdraw Consen
To withdraw previously given consent at any time without affecting the lawfulness of prior processing. Consent may be withdrawn by sending a request to the contact email provided in Section 9.4. The withdrawal shall not affect the processing carried out before its receipt.

6.8. Right to Lodge a Complaint
To file a complaint with a supervisory authority in the EU member state of their habitual residence, place of work, or the location of the alleged infringement.

Users may exercise their rights by submitting a request to the contact address indicated in Section 1 of this Policy. The Marketplace Owner will respond within the time limits set by the GDPR.

7.1. The Marketplace uses cookies and similar technologies to ensure functionality, improve performance, and analyze user interactions.

7.2. Types of cookies used include:

• Essential cookies – required for basic platform functionality, such as authentication and secure login;
• Analytical cookies – used to collect statistical data on how users interact with the Marketplace;
• Functional cookies – used to remember user preferences and settings;
• Marketing cookies – used (if applicable) to deliver relevant advertisements and track effectiveness.

7.3. Upon first visit, users are informed about the use of cookies through a cookie banner and may provide or deny consent for non-essential cookies. Users may also configure their browser settings to block or delete cookies at any time. Users may also access the cookie management tool embedded in the Marketplace interface to modify or withdraw their preferences at any time.

7.4. Disabling some types of cookies may affect the proper functioning of the Marketplace.

7.5. The Marketplace may also use third-party analytics and advertising tools (such as Google Analytics) that collect anonymous usage data in accordance with their own privacy policies.

8.1. The Marketplace Owner implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

These measures include, but are not limited to:

• Secure data transmission protocols (e.g., HTTPS, SSL);
• Access control and authentication mechanisms;
• Encryption of sensitive data;
• Regular security audits and vulnerability assessments;
• Employee training and confidentiality agreements.

8.2. Users are responsible for maintaining the confidentiality of their login credentials and must promptly report any unauthorized access or suspected data breach. If the user suspects unauthorized access, they must promptly notify the Marketplace Owner and may request a reset of credentials or account restrictions.

8.3. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Marketplace Owner shall notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required under Article 33 GDPR.

Where the breach is likely to result in a high risk to users, the Marketplace Owner shall also inform the affected individuals without undue delay.

All affected users will be notified via the email address associated with their Account or through a notice posted in the User Account interface.

9.1. The Marketplace Owner reserves the right to update or amend this Privacy Policy at any time to reflect changes in law, technology, or the operation of the Marketplace. The date of the latest version will be indicated at the top of the document.

9.2. Users will be informed of material changes through appropriate channels, such as the Marketplace interface or registered email. Continued use of the Marketplace after the publication of updates constitutes acceptance of the revised Policy.

9.3. Users are encouraged to review this Privacy Policy periodically to stay informed about how their data is protected.

9.4. For any questions, concerns, or requests related to personal data, users may contact the Marketplace Owner at the contact details published on www.autocinetica.com