Privacy Notice
- Privacy Notice – (Inclusive of third-party services and third-party installations)
Xotic Group trading as Xotic Car Parts is a registered company in the State of Nevada (referred to as “we”, “our”, or “us” hereinafter).
Xotic Car Parts is affiliated with companies within the Xotic Group of companies (collectively referred to as “Xotic Group”, “we”, “us”, “our”). We uphold your privacy rights and your authority over the distribution and other handling of your personal information.
This Privacy Notice (“Notice”) pertains to our websites, including www.xoticcarparts.com (“Websites”), and any mobile applications or other online and/or mobile applications associated with us or related to our Websites (“Apps”). Collectively, the Websites and Apps are referred to as the “Service” in this Notice. This Notice outlines how the Service gathers information from you, the types of information collected, how we may utilise the information you provide, our collection practices, and your privacy rights.
This Notice governs the collection, usage, safeguarding, storage, and disclosure of information through the Service. By using the Service, you acknowledge your comprehension of this Notice’s terms. Prior to using the Service or submitting information to us, we encourage you to thoroughly review this Notice.
Please note that this Notice exclusively pertains to Xotic Group’s companies. For other Xotic Group services or affiliations with users, suppliers, or customers, distinct privacy terms may apply. This Notice does not cover third-party sites that might be linked to or from the Service. Xotic Group assumes no responsibility for the privacy terms of such third-party sites.
- Summary content
- Safeguarding the security of your personal data is of utmost importance to us, and we are dedicated to honouring your privacy rights.
- This notice, including its application to the Websites or our listings on third-party marketplaces (such as eBay and Amazon) (“our marketplace listings”), offers insight into:
- How we employ your data;
- The personal data we gather;
- Parties with whom we share your data;
- Measures taken to ensure your privacy; and
- Your rights concerning your personal data.
- We urge you to carefully read the following to understand our stance and practices related to your personal data and its treatment.
- Information we may gather from you and other sources
- While the specific personal information collected may vary based on the purpose, we may collect and process the following data about you:
- Information you provide through forms on our social media pages or our Websites. This includes details given when registering for our Websites, subscribing to our service, making purchases through our Websites or marketplace listings, submitting material, or requesting additional services. We may also request information when you report an issue with our Websites.
- If you contact us via phone, email, or other means, and provide information voluntarily, we may retain records of such correspondence.
- Please note that we might record and monitor telephone conversations with you, exclusively for training and quality control. Personal or confidential details disclosed via phone will not be shared with third parties (unless legally mandated) or used for marketing. Recorded conversations are typically deleted within three months.
- We may also invite you to complete surveys for research purposes, though participation is optional.
- Information about your transactions on our Websites or marketplace listings, essential for order fulfilment.
- Information about your visits to our Websites, including traffic data, location data, weblogs, and communication data. This might be necessary for billing or other purposes, along with resources accessed.
- We collect browsing, transactional, and behavioural data from you to enhance the service and provide a tailored online shopping experience.
- Information about your browsing device, such as IP address, operating system, and browser type, for administration and aggregate reporting. This information is anonymous and statistical, not identifying individuals. Some of this is collected via Cookies. We may also collect personal information shared on your public profile of a third-party social network.
- We also obtain personal information from sources external to our business. This includes information from public databases, retail and supplier partners, trade customers, third-party collection and recovery agencies, insurance and accident management company referrals, joint marketing partners, and social media platforms. This additional data helps us provide accurate services, enhance data accuracy, and measure marketing effectiveness, including online advertising.
- How your information is utilised
- We employ information held about you in the following ways:
- To optimise the presentation of content from our Websites on your browsing device.
- To deliver requested information, products, or services, provided you have agreed to be contacted for such purposes.
- To fulfil contractual obligations arising from agreements between you and us. For example, passing your contact information to courier companies for order delivery confirmation.
- To enable participation in interactive features of our service.
- To enhance user experience on our Websites.
- To notify you about changes to our Service.
- For existing customers, electronic communication (email or telephone) is used for information about our goods and services. Unsubscribed users or those registered with the Telephone Preference Service won’t receive such communication.
- For new customers, electronic communication occurs only with consent.
- Urgent safety notices or product recalls may involve contacting you using your personal information to prevent or minimise potential harm.
- Third-party Links.
- Our Websites or marketplace listings may include links to third-party websites, plugins, and applications. Clicking or enabling such connections allows third parties to collect or share data. We don’t control these third-party websites and aren’t liable for their privacy statements. When you leave our Websites, we advise reviewing the privacy statements of visited sites.
- Disclosure of your information
- To provide specific services, we may need to share your data with third parties, especially when third parties offer services like goods installation.
- We may disclose your personal information to:
- Xotic Group entities, which include our subsidiaries, ultimate holding company, and their subsidiaries.
- Trusted service providers performing functions like web hosting, web analytics, customer service, order fulfilment, data analysis, infrastructure provision, email marketing, auditing, and other services.
- Third-party collection and recovery agencies.
- Third-party courier companies for order delivery.
- Selected third parties with consent from new customers.
- Affiliate Websites that use your information as outlined in the “how we use your information section” or in connection with complementary products and services.
- Third-party suppliers managing our secure payment platform and credit card processing.
- In case of selling or purchasing business or assets, personal data may be disclosed to prospective buyers or sellers.
- If substantially all business assets are sold or we’re acquired, customer data may be transferred.
- If legally obligated or for enforcing agreements, protecting rights, property, safety, fraud prevention, or credit risk reduction, personal data may be shared.
- International transfers
- Sharing data outside the European Economic Area (EEA) may be necessary, typically due to service providers or your location.
- In such cases, data transfers adhere to relevant data protection laws, including the GDPR.
- We usually use standard contractual clauses approved by the European Commission for such transfers. Where standard clauses aren’t used, appropriate security measures and contracts are in place, and service providers may adhere to the EU-US Privacy Shield for data transfer to the US.
- The Service is designed for users above 18 and not intended for children under 18 (“Children”). We don’t knowingly collect data from Children. If a child provides personal information without parental consent, contact us using details in section 12 (Privacy Questions) at the end of this Notice to remove the data and terminate the child’s account.
- Protection of your data
- We prioritise the security of your personal data and employ various measures, including:
- Employing TLS 1.2 technology with RSA 2048-bit security or appropriate standards for Website and data support.
- Monitoring and auditing service providers to ensure PCI DSS-compliant protection.
- Initiating credit and debit card transactions via our secure online shopping basket.
- Secure storage of all information provided to us. For registered users with passwords, keeping passwords confidential is their responsibility.
- We implement reasonable technical, organizational, administrative measures to safeguard data. However, internet transmission isn’t entirely secure. Although we strive to protect data, we can’t guarantee security during transmission. After receiving data, we use strict procedures and security features to deter unauthorised access.
- Legal basis for processing your personal data
- Personal data provided for purchasing goods, and personal data generated for transactional agreements are processed due to contractual obligations.
- All other personal data is processed for legitimate interests and legal compliance.
- Consent-based processing is generally employed to contact new customers via electronic means and/or send marketing communications to them.
- You possess the entitlement to revoke your consent at any given moment.
- Your rights
- Right to review: If you request access to your personal data (“Access Request”) and we cannot fulfil it, we will provide an explanation. You can lodge a complaint as detailed in section 12 (Privacy Questions).
- You can exercise Access Rights by contacting us as per section 12 (Privacy Questions).
- Our Websites may have links to third-party partner networks, advertisers, and affiliates. Note that these websites have their own privacy notices/policies and we hold no responsibility for them. Review these notices/policies before submitting personal data.
- Data retention
- We retain personal data only for necessary purposes, including legal, accounting, or reporting obligations.
- Our data retention process retains customer data for 7 years or longer to support parts warranty.
- The email unsubscribe function removes details from marketing lists; confirmation is sent to your email.
- Data backups can take up to 60 days to remove specific data.
- We comply with Article 17 of the GDPR for data subject requests.
- Changes to our privacy notice
- We may update this Notice at our discretion. Changes will be indicated by revising the “Issue Date” at the bottom. Check the Service periodically to stay informed. By using the Service after an update, you agree to the revised Notice.
- Privacy questions
- For questions not addressed here, email: [email protected]
- To exercise Rights of Access regarding your data, contact us via Legal Department, Xotic Car Parts.
Notice Issue Date: September 2023