Privacy Policy

Effective date: 2026-01-01

Who we are

This Privacy Policy applies to NorthVector Auto Repair Spain (“NorthVector”, “we”, “us”, “our”), located at Calle de Alcalá 123, 28009 Madrid, Spain. You can contact us at [email protected] or by phone at +34 911 23 45 67.

We operate an auto repair workshop and related services in Spain and process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

Scope

This policy explains how we collect, use, disclose, and protect personal data when you use our website and when you contact us for diagnostics, maintenance, repairs, estimates, or other workshop services. It also covers basic device data collected for website security and performance.

What data we collect

We only collect data that is necessary for providing our services, responding to requests, maintaining security, and meeting legal obligations. Depending on your interaction with us, we may collect:

  • Contact details (such as name, email, phone number) when you submit forms or request a callback.
  • Service and vehicle details you provide (such as vehicle make/model, VIN if shared, symptoms, preferred appointment times, requested services).
  • Local preferences stored on your device using localStorage, such as selected services, favorites, or cart choices (where available on our website).
  • Technical and security data such as IP address, user agent/browser type, approximate timestamps, referral pages, and server log information.
  • Customer service records such as communications, estimates, invoices, warranty notes, and workshop documentation when required to provide services.

How we use your data

We use personal data to operate our website and to deliver auto repair services. Typical purposes include:

  • Responding to inquiries and providing customer support.
  • Booking appointments, managing workshop capacity, and confirming schedules.
  • Preparing estimates, invoices, and service records.
  • Ordering parts and coordinating with suppliers when necessary for your repair (limited to what is required).
  • Improving our service quality, troubleshooting issues, and maintaining website performance.
  • Protecting our website, systems, and customers against fraud, abuse, or security incidents.
  • Complying with legal obligations under Spanish and EU law (e.g., accounting and warranty requirements).

Legal basis for processing (GDPR)

We process personal data only when we have a valid legal basis under GDPR. The main legal bases we rely on are:

  • Art. 6(1)(b) (contract): processing needed to provide a requested service or take steps at your request before entering a contract (e.g., quotes, bookings).
  • Art. 6(1)(c) (legal obligation): processing required to comply with legal obligations (e.g., accounting, warranty, consumer protection).
  • Art. 6(1)(f) (legitimate interests): security, abuse prevention, basic analytics for stability, and improving our services, provided your rights do not override these interests.
  • Art. 6(1)(a) (consent): where required, for example for optional cookies/consent features or specific marketing communications (if applicable).

Data sharing and disclosures

We do not sell personal data. We only share personal data when necessary to provide services, comply with law, or protect our rights. Depending on your request, we may share limited data with:

  • Parts suppliers (to order components necessary for your repair; typically vehicle part requirements and delivery details).
  • Payment processors (to process payments where applicable; data depends on the payment method used).
  • Professional advisors (e.g., accountants, legal advisors) when necessary for compliance.
  • Authorities where required by law or to respond to lawful requests.

When we use service providers, we aim to ensure appropriate contractual safeguards are in place, including data processing agreements where required.

International data transfers

Our primary operations are in Spain (EU/EEA). If any service provider processes data outside the EEA, we will implement appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses (SCCs), or other mechanisms recognized under GDPR, where applicable.

Data retention

We retain personal data only for as long as needed for the purposes described in this policy and as required by applicable law. Retention periods may vary depending on the nature of the data and the purpose:

  • Customer and service records may be retained for the period required by Spanish law and warranty obligations.
  • Contact form entries are typically kept for up to 24 months unless a longer period is needed for ongoing service or legal reasons.
  • Server logs are kept for a limited period necessary for security monitoring and diagnostics.

Cookies and local storage

Our website may use a simple consent cookie to remember your choice and localStorage to store preferences such as favorites or cart items. Local storage is stored in your browser and can be cleared via your browser settings.

You can usually control cookies through your browser settings. If you disable cookies or local storage, some site functionality may be limited.

Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no system can be guaranteed as 100% secure; you should use caution when submitting information online.

Your rights (GDPR)

Subject to applicable conditions and exceptions, you have the following rights under GDPR:

  • Right of access (obtain confirmation and a copy of your personal data).
  • Right to rectification (correct inaccurate or incomplete data).
  • Right to erasure (“right to be forgotten”) where applicable.
  • Right to restriction of processing in certain cases.
  • Right to object to processing based on legitimate interests.
  • Right to data portability for data you provided to us in a structured, commonly used format (where applicable).
  • Right to withdraw consent at any time (if processing is based on consent).

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have been infringed.

How to contact us about privacy

For privacy-related requests, email [email protected] and include “Privacy Request” in the subject line. We may request additional information to verify your identity before fulfilling certain requests.

northvector.top