PRIVACY POLICY

PRIVACY POLICY

Last updated: January 16, 2025

This Privacy Policy describes the methods of collection, use, storage and protection of personal data of users who visit and use the Premium Parts website (hereinafter "Site") and the services offered.

Premium Parts, a commercial brand operating in the automotive sector, as Data Controller, is committed to ensuring the confidentiality and protection of users' personal data in compliance with Regulation (EU) 2016/679 (GDPR) and current Italian legislation on personal data protection (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).

1. DATA CONTROLLER

The Data Controller is:
Premium Parts
Operating address: Via Lima 7, 00198 Rome, Italy
VAT Number: IT05405730655
Email: info@premiumparts.it
Tel: +39 380 635 9319

2. TYPES OF DATA COLLECTED

2.1 Data voluntarily provided by the user

During navigation on the Site and use of services, Premium Parts may collect the following categories of personal data voluntarily provided by the user:

  • Identification data: name, surname, company name (for businesses)
  • Contact data: email address, phone number, residential/registered office address
  • Tax data: Tax Code, VAT Number, SDI/PEC code (for electronic invoicing)
  • Order data: products purchased, quantities, prices, purchase date
  • Shipping data: delivery address, courier information
  • Payment data: managed exclusively through secure third-party payment gateways certified (PayPal, Stripe, etc.). Premium Parts does not store or have direct access to credit/debit card data

2.2 Automatically collected data

During navigation on the Site, the following are automatically collected:

  • Navigation data: IP address, browser type, operating system, access time, pages visited, dwell time, referring URL
  • Cookies and similar technologies: as described in the dedicated section

2.3 Sensitive data

Premium Parts does not collect or process sensitive data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning sex life).

3. PURPOSE AND LEGAL BASIS OF PROCESSING

Personal data collected are processed for the following purposes:

3.1 Contractual purposes (art. 6, par. 1, lett. b GDPR)

  • Management and fulfillment of purchase orders
  • Management of shipping and deliveries
  • Issuance of invoices and tax documents
  • Product warranty management
  • Management of any returns or complaints
  • Order-related communications (confirmations, updates, tracking)

Providing data for these purposes is mandatory. Refusal to provide the necessary data makes it impossible to proceed with the purchase and provision of requested services.

3.2 Legal purposes (art. 6, par. 1, lett. c GDPR)

  • Fulfillment of tax, accounting and administrative obligations
  • Fulfillment of obligations required by laws, regulations and European legislation
  • Dispute management and protection of rights in court

Providing data for these purposes is mandatory by law.

3.3 Marketing purposes (art. 6, par. 1, lett. a GDPR - consent)

  • Sending informative newsletters about Premium Parts products and services
  • Sending commercial and promotional communications
  • Sending personalized offers and exclusive discounts
  • Sending updates on new products

Providing data for these purposes is optional. Consent can be revoked at any time without prejudice to the lawfulness of processing based on consent given before revocation.

3.4 Profiling purposes (art. 6, par. 1, lett. a GDPR - consent)

  • Analysis of preferences and purchasing habits
  • Personalization of user experience
  • Sending targeted commercial communications

Providing data for these purposes is optional. Consent can be revoked at any time.

4. PROCESSING METHODS

Personal data are processed using computer and telematic tools, as well as paper media, through procedures and methods strictly necessary to pursue the indicated purposes.

Premium Parts adopts adequate technical and organizational security measures to protect personal data from unauthorized access, loss, destruction or unauthorized disclosure, in accordance with articles 25 and 32 of GDPR.

Security measures implemented include:

  • Encryption of sensitive data (SSL/TLS)
  • Authentication and access control systems
  • Firewalls and perimeter protection systems
  • Periodic backups and disaster recovery procedures
  • Training of personnel authorized to process data
  • Security incident management procedures

5. DATA RETENTION PERIOD

Personal data are stored for the time strictly necessary to pursue the purposes for which they were collected:

  • Contractual data: 10 years from the conclusion of the contractual relationship (tax and civil obligations)
  • Marketing data: until consent revocation or opposition to processing
  • Profiling data: until consent revocation
  • Navigation and log data: maximum 24 months
  • Litigation data: for the entire duration of the litigation and subsequently for applicable limitation periods

At the end of the retention period, data will be deleted or made anonymous irreversibly.

6. DATA RECIPIENTS

Personal data may be communicated to or accessible by the following categories of recipients:

6.1 Authorized personnel

Employees and collaborators expressly authorized to process data and bound by confidentiality obligations.

6.2 External data processors

Third parties providing services on behalf of Premium Parts, appointed as Data Processors pursuant to art. 28 GDPR:

  • Hosting and cloud service providers
  • E-commerce management services and CMS platforms
  • Couriers and logistics companies for shipping
  • Payment gateways and banks
  • Tax consultants, accountants and law firms
  • Email marketing and CRM services
  • IT technical assistance and maintenance service providers
  • Web analytics and digital marketing companies

6.3 Public entities

Judicial authorities, law enforcement agencies, tax authorities and other public authorities when required by law.

6.4 Entities with legitimate interest

Other parties to whom it is necessary to communicate data for purposes related to contractual relationships (e.g., insurance companies, credit institutions).

Personal data will under no circumstances be subject to dissemination (communication to unidentified parties).

7. EXTRA-EU DATA TRANSFER

Personal data are stored on servers located in the European Union.

Should it be necessary to transfer personal data to third countries outside the European Economic Area (EEA), Premium Parts guarantees that the transfer takes place in compliance with Chapter V of GDPR, through:

  • Adequacy decisions of the European Commission (art. 45 GDPR)
  • Standard contractual clauses approved by the European Commission (art. 46 GDPR)
  • Binding Corporate Rules
  • Approved certifications (e.g., Privacy Shield, where applicable)

The updated list of extra-EU countries to which data may be transferred and the safeguards adopted is available upon request by contacting the Controller.

8. DATA SUBJECT RIGHTS

In accordance with articles 15-22 of GDPR, the user has the right to:

8.1 Right of access (art. 15 GDPR)

Obtain confirmation as to whether or not personal data concerning them are being processed and, if so, obtain access to the data and information on processing.

8.2 Right to rectification (art. 16 GDPR)

Obtain rectification of inaccurate personal data and integration of incomplete data.

8.3 Right to erasure/"right to be forgotten" (art. 17 GDPR)

Obtain erasure of personal data when:

  • Data are no longer necessary in relation to the purposes
  • The user withdraws consent and there is no other legal basis
  • The user objects to processing and there are no overriding legitimate grounds
  • Data have been unlawfully processed
  • Data must be erased to comply with a legal obligation

8.4 Right to restriction (art. 18 GDPR)

Obtain restriction of processing when:

  • The user contests the accuracy of data
  • Processing is unlawful but the user opposes erasure
  • Data are necessary to establish, exercise or defend a legal claim
  • The user has objected to processing pending verification

8.5 Right to data portability (art. 20 GDPR)

Receive personal data in a structured, commonly used and machine-readable format, and transmit them to another controller without hindrance.

8.6 Right to object (art. 21 GDPR)

Object at any time to processing of personal data for:

  • Reasons related to their particular situation (for processing based on legitimate interest)
  • Direct marketing purposes (at any time, without need for justification)

8.7 Right to withdraw consent

Withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given before withdrawal.

8.8 Right to lodge a complaint

Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

  • Website: www.garanteprivacy.it
  • Email: garante@gpdp.it
  • PEC: protocollo@pec.gpdp.it
  • Address: Piazza Venezia n. 11 - 00187 Rome, Italy
  • Tel: +39 06.696771

Exercise of rights:
To exercise the above rights, the user can contact Premium Parts at the following addresses:

  • Email: info@premiumparts.it
  • Phone: +39 380 635 9319
  • Postal address: Via Lima 7, 00198 Rome, Italy

Premium Parts will respond to requests without undue delay and, in any case, within one month of receipt. This period may be extended by two months in case of particular complexity of the request, with prior communication to the user.

9. COOKIES AND SIMILAR TECHNOLOGIES

The Site uses cookies and similar technologies to ensure proper functioning, improve browsing experience and analyze Site usage.

9.1 Types of cookies used

Technical cookies (do not require consent)

  • Navigation/session cookies: necessary for Site functioning
  • Functionality cookies: store user preferences (e.g., language, currency)
  • First-party analytics cookies: collect aggregated information on Site usage

Profiling and marketing cookies (require consent)

  • Profiling cookies: create user profiles to send targeted advertising messages
  • Third-party cookies: installed by external services (e.g., Google Analytics, Facebook Pixel, Google Ads)

9.2 Third-party cookies

The Site may use third-party services that install cookies:

  • Google Analytics: aggregate statistical traffic analysis (can be configured in anonymous mode)
  • Google Ads / Facebook Ads: remarketing and personalized advertising
  • Social media plugins: content sharing on social networks

For information on third-party cookies and opt-out methods, please refer to their respective privacy policies.

9.3 Cookie management and disabling

Users can manage cookie preferences through:

  • Cookie banner present on first access to the Site
  • Browser settings: each browser allows blocking or deleting cookies (consult your browser's guide)
  • Opt-out tools: provided by analytics and advertising cookie providers

Useful links for cookie management:

  • Chrome: https://support.google.com/chrome/answer/95647
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
  • Edge: https://support.microsoft.com/en-us/help/4027947

Disabling technical cookies may compromise Site functionality and use of some services.

More information on cookies is available in the complete Cookie Policy of the Site.

10. MINORS

Premium Parts services are not intended for minors under 18 years of age. Premium Parts does not knowingly collect personal data from minors without parental consent or consent from those exercising parental responsibility.

Pursuant to art. 8 GDPR, for information society services offered directly to minors, processing of the minor's personal data is lawful if the minor is at least 14 years old. Below this age, processing is lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility.

Should Premium Parts become aware of having collected personal data from minors without the required authorizations, it will immediately proceed to delete such data.

11. DATA SECURITY

Premium Parts adopts appropriate technical and organizational security measures to ensure a level of security adequate to the risk, in accordance with art. 32 GDPR.

However, Premium Parts cannot guarantee absolute security of data transmitted via the Internet. The user is aware that data transmission via the Internet involves inherent risks and accepts such risks by using the Site.

In case of personal data breach, Premium Parts will:

  • Notify the Supervisory Authority within 72 hours of discovering the breach, where applicable
  • Communicate the breach to the data subject when it poses a high risk to the rights and freedoms of natural persons
  • Document each personal data breach in the breach register

12. LINKS TO THIRD-PARTY SITES

The Site may contain links to third-party websites. Premium Parts is not responsible for the privacy practices and content of such external sites. It is recommended to read the privacy policies of third-party sites before providing personal data.

13. CHANGES TO PRIVACY POLICY

Premium Parts reserves the right to modify or update this Privacy Policy at any time to comply with regulatory changes, technological developments or changes in business practices.

Substantial changes will be communicated to users through:

  • Publication of the updated version on the Site with indication of the last update date
  • Email notification to registered users (when possible)
  • Informational banner on the Site

Continued use of the Site after publication of changes constitutes acceptance of the updated Privacy Policy.

Please consult this page regularly to stay informed about personal data protection methods.

14. CONTACTS

For any information, request or clarification regarding the processing of personal data and the exercise of rights provided by GDPR, please contact:

Premium Parts
Via Lima 7, 00198 Rome, Italy
VAT Number: IT05405730655
Email: info@premiumparts.it
Phone: +39 380 635 9319

Last updated: January 16, 2025
Version: 1.0