Privacy4Cars® – Business Privacy Notice
Detailed Disclosure Table
The following table provides detailed information for data protection authorities, regulators, and legal teams.
For our business privacy notice written in plain language in narrative format, click here.
This privacy notice is for our business users, customers, and prospective customers. If you are looking for our consumer/individual privacy notice, click here.
Last updated: March 27, 2026
| 1. WHO WE ARE | |
|---|---|
| Organisation Name | Privacy4Cars, Inc. |
| Address | P.O. Box 287433, New York, NY 10128, USA |
| Email / Phone | +1 (833) 774-4227; info@privacy4cars.com |
| Privacy Rights | privacyrights@privacy4cars.com |
| Data Protection Officer (EU/UK GDPR) | Privacy.DPO@privacy4cars.com Data Protection Officer (DPO): Abhishek Bansiwal, LL.M, CIPP/E, ISO 27001 LA, 27701 LI |
| UK Representative | Contact Email: Privacy.UKRep@privacy4cars.com Name: Martin Wilson Registered Address: Tek21, 13-17 Hursley Road, Chandler’s Ford, Eastleigh, England, SO53 2FW |
| 2. WHAT PERSONAL DATA WE COLLECT | |
|---|---|
| Categories of Personal Data | Business customer profile: organisation name, corporate contact details, account/contract IDs, subscription tier, billing details.
Business users: user ID, name, job title/role, work email, work phone, authentication metadata. Audit & Compliance records: workflow history, deletion status, certificates, Vehicle Privacy Report usage. Communications and support: support tickets, emails, call notes, in-app messages, attachments. Marketing, events, and training: registrations, subscription preferences, resource downloads, engagement metrics. B2B email engagement: business contact information and metadata from tools such as CRM and marketing automation providers, sales engagement and email outreach providers, and lead generation and contact intelligence providers. Mobile app data: account details, workflow data, camera (VIN scan, documentation capture), location (when enabled), device/phone ID. |
| Sensitive / special category data | Under some jurisdictions, precise location data is considered sensitive data. When you choose to share it, we collect precise location information from your mobile device (e.g. smartphone) when using the Privacy4Cars app, which some business customers may require for their audit & compliance logging. |
| Sources of Data | Directly from you or your organisation.
Automatically through your use of our websites, portals, or applications. Via marketing channels, such as social media, event attendance lists, web forms for content downloads, and prospecting lists. |
| 3. WHY WE COLLECT AND USE YOUR DATA | |
|---|---|
| Purposes of Processing | Provide and operate our B2B services, including platform, mobile app, deletion/remediation workflows, and compliance logging.
Manage accounts, authenticate users, and administer access. Respond to requests, support queries, and privacy/data-access requests. Process payments and reconcile transactions. Maintain security, prevent fraud, monitor misuse, and keep audit logs. Enhance and develop our services using aggregated or de-identified data. Communicate and market appropriately (service messages, B2B updates, webinars). Comply with legal, regulatory, and record-keeping obligations. |
| Lawful basis (EU/UK GDPR) | Contract (Art. 6(1)(b)): B2B platform access, support, subscriptions.
Legitimate interests (Art. 6(1)(f)): service operation/security/improvement, B2B relationship management, internal analytics (balanced via LIA). Legal obligation (Art. 6(1)(c)): regulatory, tax, and accounting compliance. Consent (Art. 6(1)(a)): non-essential cookies and marketing communications where required. |
| Legitimate interests pursued | Operating, securing, and improving our services.
Preventing fraud and misuse. Maintaining accurate records. Supporting business relationships. Conducting internal analytics and service development. We assess these interests against the rights and expectations of individuals. |
| Is providing data required? | Certain data is contractually required to create an account, access services, or complete transactions.
If you choose not to provide required information, we may be unable to provide the requested services. Other information, such as allowing camera access on our app, is voluntary but may limit functionality (ie the ability to scan vehicle device identifiers, which can also be inputted manually). |
| 4. WHO WE SHARE YOUR DATA WITH | |
|---|---|
| Categories of Third-Party Recipients | Service providers / support vendors (hosting, payment processing, security monitoring, error logging).
Your employer / our customer (where you hold a Business User account). Mobile platform providers (Apple App Store, Google Play). Government authorities, courts, regulators, law enforcement (where required by law). Corporate transaction recipients (buyers/successors in mergers, acquisitions, or asset sales). |
| Do we sell personal information? | No. We do not sell personal information for monetary consideration and do not engage in data brokerage. |
| Do we share data for targeted advertising? | No, we do not share personal data for cross-context behavioural advertising. |
| Categories sold/shared in past 12 months (CCPA) | None. |
| 5. INTERNATIONAL DATA TRANSFERS | |
|---|---|
| Do we transfer data outside the EEA? | Yes, data is transferred to and from the US, India, the EU, and UK. |
| Do we sell personal information? | Yes. |
| Do we disclose data to overseas recipients? (Australia) | Yes. Data is transferred to and from US, India, EU, and UK. |
| Countries where recipients are located | USA, EU, UK, and India. |
| Safeguards used (EU/UK GDPR) | EU Standard Contractual Clauses (2021).
UK International Data Transfer Agreement (IDTA) or UK Addendum. Transfer impact assessments with supplementary measures. Comparable contractual safeguards and vendor due diligence for other jurisdictions. |
| How to obtain a copy of safeguards | Contact us at privacyrights@privacy4cars.com |
| 6. HOW LONG WE KEEP YOUR DATA | |
|---|---|
| Retention periods or criteria | Customer and contact records: retained for the duration of the relationship and 7 years afterward (aligned with compliance lifecycle and regulatory inquiry window).
Technical and security logs: retained per centralised IT security log retention policy (aligned with industry standards for incident investigation); compliance records and regulatory documentation retained in archive for up to 7 years. Deletion/compliance logs and certificates: retained for up to 7 years after last meaningful interaction, unless longer required by law. Support and data subject request files: duration of customer relationship + 7 years. Marketing lists: retained until consent is withdrawn or you unsubscribe. When no longer required, data is deleted or irreversibly anonymised. |
| 7. YOUR RIGHTS | |
|---|---|
| Right to access / know | Email: privacyrights@privacy4cars.com |
| Right to correct / rectify | Email: privacyrights@privacy4cars.com |
| Right to delete / erase | Email: privacyrights@privacy4cars.com |
| Right to data portability | Email: privacyrights@privacy4cars.com |
| Right to restrict processing | Email: privacyrights@privacy4cars.com |
| Right to object to processing | Email: privacyrights@privacy4cars.com |
| Right to opt out of sale/sharing* | Not applicable.
* Note regarding opt-out of sale/sharing and targeted advertising: We do not sell personal information, engage in data brokerage, or share personal information for cross-context behavioural advertising. Where applicable law defines certain disclosures as a “sale” or “sharing,” we will honour valid opt-out requests in accordance with law. |
| Right to opt out of targeted advertising* | Not applicable.
* Note regarding opt-out of sale/sharing and targeted advertising: We do not sell personal information, engage in data brokerage, or share personal information for cross-context behavioural advertising. Where applicable law defines certain disclosures as a “sale” or “sharing,” we will honour valid opt-out requests in accordance with law. |
| Right to limit use of sensitive data | Email: privacyrights@privacy4cars.com |
| Right to opt out of profiling | Email: privacyrights@privacy4cars.com |
| Right to withdraw consent | Where consent applies. |
| Right to non-discrimination | Email: privacyrights@privacy4cars.com |
| Right to opt out of direct marketing | Email: privacyrights@privacy4cars.com |
| How to submit a request | Email: privacyrights@privacy4cars.com
Mail: Privacy4Cars, P.O. Box 287433, New York, NY 10128, USA |
| Response timeline | EU/UK: One month, generally within 30 days.
U.S. states: Generally within 30–45 days. Other jurisdictions: Within timeframes required by applicable law. Extensions may apply for complex requests where permitted. |
| Appeal process | If we decline your request under applicable law, you may appeal by replying to our decision email or contacting privacyrights@privacy4cars.com. If we deny your appeal, we will tell you how to contact the relevant regulator where required by law. You also have the right to lodge a complaint with your local supervisory authority. |
| Right to complain to a regulator | EU: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Australia: https://www.oaic.gov.au/privacy/privacy-complaints |
| 8. AUTOMATED DECISION-MAKING & AI | |
|---|---|
| Do we use automated decision-making or profiling? | No. |
| Do we use AI to make decisions that significantly affect individuals? | No. |
| Do we use personal data to train AI/LLMs? | No. |
| 9. COOKIES, TRACKING & ELECTRONIC COMMUNICATIONS | |
|---|---|
| Cookies and tracking technologies used | We do not place first-party cookies. Third-party providers supporting essential operations may use their own cookies. |
| Do we honour Global Privacy Control? | Yes. We do not sell or share data or use it for cross-contextual advertising, so GPC signals are detected and automatically honoured. |
| How to manage cookie preferences | Refer to our Cookie Policy for details on active third-party providers and management options.
You can block or delete cookies through your browser settings, but this may affect certain features. |
| Electronic marketing practices | B2B marketing emails are sent to contacts who have subscribed or with whom we have a legitimate business relationship. You can opt out at any time via unsubscribe links or by contacting us. |
| 10. CHILDREN’S DATA | |
|---|---|
| Do we knowingly collect data from children? | No. |
| Age thresholds applied | We do not knowingly collect data from anyone under 18. This product is intended for business-users. |
| Parental Consent Mechanism | N/A — business services are not directed at children. |
| 11. DATA SECURITY | |
|---|---|
| Security measures | Role-based access controls and least-privilege access.
Multi-factor authentication for system access. Encryption of data in transit and at rest where appropriate. Secure cloud infrastructure with monitoring and logging. Firewalls and network protections. Secure software development practices. Employee confidentiality obligations and security training. Controlled data retention and secure deletion practices. |
| 12. OPT-OUT LINKS & MECHANISMS | |
|---|---|
| “Do Not Sell or Share My Personal Information” link | Not applicable. We do not sell personal information or share it for cross-context behavioural advertising. |
| “Limit the Use of My Sensitive Personal Information” link | Email: privacyrights@privacy4cars.com. We do not intentionally collect sensitive personal data except where voluntarily provided. |
| Universal opt-out mechanism (GPC) | GPC signals are detected and automatically honoured. We do not sell or share data or use it for cross-contextual advertising. |
| 13. ABOUT THIS POLICY | |
|---|---|
| Effective date | 27 March 2026 |
| Last updated | 27 March 2026 |
| How we notify you of changes | By posting the updated policy on our website and updating the date above; material changes communicated via email. |
| Languages available | English |
