Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)
thecarspec applies particular commitment and care in processing the information referring to you in accordance with applicable privacy regulations.
Please read this Privacy Policy carefully in order to be fully informed about our data protection policy.
 
A. Who processes your personal data?
thecarspec (“we” or the “Data Controller”) is the company that collects and processes your personal data as Data Controller.

B. Who is our DPO?
DPO is the Data Protection Officer pursuant to Article 37 of the GDPR);
You may, at any time, contact the DPO to request information in relation to the processing of your personal data at the following
e-mail: arrabbiata@thecarspec.com

C. What data do we process?
Depending on the cases and within the limits of the purposes referred to under letter D), the Data Controller processes the following categories of personal data:
* personal data (e.g. name, surname, place and date of birth, tax code);
* contact details (e.g. address, telephone number, e-mail);
* details related to the contract (e.g. products and/or services purchased);
* bank details;
* your image.
Subject to your explicit consent and exclusively for the purpose of carrying out Customer Care activities, the Data Controller may process particular categories of personal data as provided for in Article 9.1 of the GDPR);
Finally, we inform you that, through our website (or “Website”) and only with your consent, the Data Controller may process geolocation data useful to provide the services offered online and requested by you. Your consent will be requested via the pop-up system.

D. Why are we processing your personal data?
1. Provision of services and online sale of products
The data provided when filling in the forms on the Website will be processed to allow the sale of products or the provision of services, offered in each instance, such as:
*to respond to voluntary requests for information material on products and services;
* for sales activities of products offered on the Website;
* to give you access to promotions and offers presented on the Website;
* to accept your request to participate in our Community and to subscribe to our Newsletter;
2. Compliance with legal obligations
Your personal data may be processed in order to comply with the legal obligations to which the Data Controller is subject (e.g. tax, accounting, anti-money laundering) and following the instructions given by Authorities and Control Bodies to the Data Controller.
The legal basis for this processing purpose is the need to comply with legal obligations to which the Data Controller is subject; it would not be possible for the Data Controller to fulfil its legal obligations without using your personal data.
3. Statistical Surveys
We will use your personal data to carry out internal statistical surveys as part of the Data Controller’s business activities. The statistical surveys carried out will be used only for internal reporting purposes, in the interest of the Data Controller to improve its products and services and to implement a more effective management of its customer portfolio and its operations; such statistical surveys are not, in any case, aimed at carrying out operations and activities directly towards customers (e.g. marketing campaigns).
The legal basis for this processing purpose is the need to protect a legitimate interest of the Data Controller; the protection of this legitimate interest would not be possible without using your personal data.
4. Defence of the rights of the Data Controller
We will use your personal data to defend our rights in and out of court in the event of contractual or non-contractual breaches to the detriment of the Data Controller, for example to take possible actions for the recovery of the debt, if this should become necessary due to the non-payment of the sums provided for in the contract within the agreed deadlines.
The legal basis for this processing purpose is the need to protect a legitimate interest of the Data Controller; the protection of this legitimate interest would not be possible without using your personal data.
5. Commercial communications on products and/or services similar to those purchased
The Data Controller may send you, exclusively through the e-mail address provided by you, promotions and offers on products and services that may be of interest to you and similar to those you have already purchased (so-called Soft Spam). We believe, in fact, that it might be of interest to you to receive advantageous offers relating to products and services for which you have shown interest in the past, as it is of interest to the business needs of the Data Controller to advertise products similar to those purchased by you. Contacts for this purpose will be made only by e-mail, and you will in any case be guaranteed the possibility of deciding at any time not to receive such communications.
The legal basis for this processing purpose is the need to protect a legitimate interest of the Data Controller; the protection of this legitimate interest would not be possible without using your personal data.
6. Marketing activities
Subject to your specific and free consent, images published by you on your Instagram or Facebook accounts and tagged with the official tags of our social channels may, for promotional purposes, be used for our digital communication (such as sharing on our social media profiles, publication on our sites and on our emails used for direct mailing activities).
The legal basis for these processing purposes is given by your consent, which will be specifically collected. Should you decide not to give your consent, no processing of your personal data will be carried out in relation to these purposes.
In any case, failure to give consent on your part will not have any type of effect on the signing and execution of the contract between you and the Data Controller, nor will there be any negative consequences for you.
7. Profiling activities
Subject to your specific consent, the Data Controller may process, directly or through the Subsidiaries, appointed as Data Processors, your personal data collected online, at trade fairs and events to analyse your data and to know your preferences and habits for a personalised offer of products and services in line with your tastes and needs.
The processing of your personal data for the above purposes will be carried out only after specific consent has been obtained. Failure to give consent will not affect the signing and execution of the contract between you and the Data Controller, nor will there be any negative consequences for you.
You will, in any case, have the right to revoke the consent previously given at any time.

E. What data is required?
Failure to provide the data processed for the purposes referred to in letter D) no. 1., 2., will make it impossible to purchase our products and use our services, while the failure to provide the data for the purposes referred to in letter D) no. 6. will make it impossible to receive advertising material about our services and products similar to those already acquired by you.
Failure to give your consent for the processing of your data for the purposes under letter D) 7. will make it impossible to receive advertising material, including personalised material, on our services and products and to be updated on events.

F. When is your consent required?
Your specific consent will be required in all cases of processing of your Personal Data for the purposes specified in letter D) no. 7 and 8.
We remind you that any consent given by you will be revocable at any time.

G. Who are your data communicated to?
Within the limits of the purposes set out in letter D), your personal data may be communicated to the following categories of persons appointed, if necessary, as Data Processors pursuant to Article 28 of the GDPR:
* service providers for the management of IT systems and the Website;
* providers of legal, accounting and tax consulting services;
* company used by the Data Controller to provide the requested service;
* banks and other financial institutions for the management of payments;
* supervisory and control authorities and bodies, and in general public or private entities with functions of a public nature;
You can request a complete updated list of the parties to whom your personal data may be communicated by going to the registered office of the Data Controller or by contacting the Group DPO at the references indicated in letter B).
Your personal data may come to the knowledge, within the limits of their respective remits, of employees, posted or administered workers and collaborators of the Data Controller who will act as persons authorised to process them in accordance with Article 29 of the GDPR.
Your personal data will not be disclosed.

H. Is your data transferred to a non-EU country?
Your personal data may be transferred to a Subsidiary established in a non-EU country.
The transfer will take place in compliance with the guarantees provided by the applicable legislation, on the basis of an decision on appropriateness pursuant to Article 45 of the GDPR or the adoption and signing of standard contractual clauses approved by the EU Commission in the regulation of the relationship between the Data Controllers and the Subsidiaries involved.
By simply requesting the references in letter B), you can receive more information on the transfer of your personal data.
 
I. Our CRM
thecarspec manages the Customer Relationship Management (or “CRM”) system through servers located in Usa. All your data collected by thecarspec in the manner and for the purposes set out in letter D. above and by the subsidiaries, including through their dealers and distributors, is transferred to the CRM system 
Your personal data contained in the CRM system may be processed by thecarspec in aggregate form for statistical purposes and, with your consent, for marketing and/or profiling purposes
In order to carry out advertising/marketing campaigns for the thecarspec will process your personal data contained in the CRM system as Data Controller and will, if necessary, appoint Data Processors to whom your data will be communicated for the local management of marketing campaigns.
thecarspec guarantees to you that it has implemented all the necessary security measures to guarantee the integrity of your data contained in the CRM system.

J. How do we process your data?
We will process your personal data with correctness, lawfulness and in compliance with all the principles set out in Article 5 of GDPR, with and without the use of electronic tools.
The activities of analysis of your tastes and preferences which, with your consent, may be carried out for profiling purposes, will always involve human intervention and will never take place in an exclusively automated manner.
The security and confidentiality of your personal data will be guaranteed by taking appropriate measures to prevent, among other things, disclosure, unauthorised access, alteration and loss of information processed.

K. How long do we keep your data?
Your personal data will be kept exclusively for the time necessary to satisfy your request, to fulfil the legal obligations to which the Owner is subject and in any case for what is strictly necessary to pursue the purposes for which they were collected in accordance with letter D. above, as well as the following summary table.
We inform you that, in case of revocation of your consent and, in any case, on the expiry of the above mentioned terms, we will delete or anonymise from our archives all the information referring to you.

L. What are your rights?
By simply communicating the references indicated in letter B), you can exercise your rights under Articles 15 to 22 of GDPR.
In particular, you may ask the Data Controller to access the data concerning you, to modify and/or delete them, as well as to limit the processing in the cases referred to in Article 18 of the GDPR.
In the manner specified in Article 21 of the GDPR, you may, at any time, object to the processing of your personal data and receive the information referring to you and/or have it transmitted to another Data Controller.
We remind you, moreover, that any consent given will always be revocable as easily as it was granted.
The Data Controller will, without undue delay and, in any case, at the latest within one month from the exercise of the right, provide you with all the information requested and/or communicate the actions taken in order to satisfy your request.
Exclusively in the event of manifestly unfounded or excessive requests, as well as due to their repetitiveness, the Data Controller may charge you a reasonable expense contribution or deny the satisfaction of your request.
Finally, we inform you that if you exercise any of the above rights, you may be asked to provide certain information necessary to confirm your identity.

M. Who can you contact in order to lodge a complaint?
If, for example, you believe that our processing breaches the provisions of the GDPR, you may complain to the Data Protection Authority or to the Office for Data Protection of the Member State where you habitually reside, work or the place where the alleged breach has occurred.

N. Updating
COOKIE POLICY
We hereby inform you that thecarspec uses cookies to make the web browsing experience better for all Users who visit the Website.
A cookie is a small file that the Website transfers to the User’s browser, where they are stored to be retransmitted to the Website at the next visit by the same User.
The cookies are used for different purposes such as: running computer authentication, session tracking, storing information about specific configurations of users accessing the server.
Cookies allow the Website to remember User's data for the length of the duration of the visit or for subsequent visits, allowing the User to browse between pages efficiently, storing the User's preferences, and allowing the User to interact with social networks such as Facebook, Google+, Instagram; they also offer Google Map services.
Cookies may also be used to store the login data of the User and therefore automatically recognise the User (making it unnecessary to login every time the User accesses the Website).
Data is processed with the aid of electronic or in any case automated, computerised or telematic devices, using approaches strictly connected to the purposes indicated above and, in any case, to ensure the security and confidentiality of the data.
Technical cookies (which do NOT require your consent)
Profiling cookies (which require your CONSENT)
First-party and third-party cookies
Blocking cookies
Users can select which cookies to allow through the appropriate procedure provided below, as well as authorise, block or delete (in whole or in part) cookies through specific functions of their browser: nevertheless, in the event that all or some cookies are disabled, it is possible that the website cannot be consulted or that some services or certain functions of the website are not available or are not working properly and/or Users could be forced to change or manually enter certain information or preferences each time they visit the website.
If you want to modify your cookie settings, brief instructions are provided below on how to do this in the four most popular browsers:
Microsoft Internet Explorer
Click the 'Tools' icon in the upper right corner and select 'Internet Options'. In the pop-up window select 'Privacy'. Here you can adjust your cookie settings.
Google Chrome
Click the 'wrench' icon in the upper right corner and select 'Settings'. Then select ‘Under the hood’ and change the settings in the 'Privacy' section.
Mozilla Firefox
From the pull-down menu in the upper left corner, select 'Options'. In the pop-up window select 'Privacy'. Here you can adjust your cookie settings.
Safari
From the pull-down menu in the upper right corner, select 'Preferences'. Select 'Security' and here you can adjust the settings of your cookies.
As already envisaged in the banner that immediately appears when first visiting the website, consent to the use of all cookies can be provided by Users by selecting the virtual acceptance key (e.g. an OK, a tick, etc.) or by continuing to browse the website (e.g. ignoring the banner/pop-up and performing further operations). Users will also have free access to the extended disclosure link, complete with all cookie information (description, purpose and storage), in which the User will be able to provide consent only for certain categories of cookies.