CarBiz Legal & Help Center
This single document contains three sections:
- Privacy Policy – how we collect, use, and protect personal data.
- Terms of Service – the rules that govern use of the CarBiz platform.
- Frequently Asked Questions (FAQ) – quick answers for users and dealers.
Important Notice
These materials are provided for information only and do not constitute legal advice. Review them with qualified counsel and insert your official company details before publishing.
1. Privacy Policy
Effective date: 01.02.2025
1.1 Who We Are
CarBiz (the “Platform”) is a Software‑as‑a‑Service solution that lets premium car dealers and dealerships create white‑label storefronts, manage inventory, and automate communication and analytics.
Contact: info@premiumcarseu.com
1.2 Summary of Key Points
- We collect only the information needed to run the service, support users, and improve the product.
- We never sell personal data.
- Data are stored on trusted infrastructure partners (Supabase EU region, AWS Amplify, n8n Cloud) with industry‑standard security.
- You can access, correct, delete, or export your data at any time.
1.3 Data We Collect
| Category | Examples | Purpose & Legal Basis* |
|---|---|---|
| Account Data | Name, email, phone, password hash, role | Create and secure your account (Contract) |
| Dealer Profile Data | Dealership name, address, VAT/ID, branding assets | Provide white‑label site (Contract) |
| Listing Data | Vehicle details, images, price, status, rental terms | Publish inventory (Contract) |
| Transaction & Payment Data | Subscription tier, invoices, payment method | Billing & accounting (Contract / Legal Obligation) |
| Usage Data | Listing views, search interactions, click stream, session logs, device & browser info, IP address | Service optimization, analytics (Legitimate Interest) |
| Communication Data | Messages, contact‑inquiry forms, support tickets, outreach logs | Respond to requests, prevent abuse (Contract / Legitimate Interest) |
| Marketing Preferences | Opt‑in consents, unsubscribes | Send newsletters and offers (Consent) |
*Parenthetical text indicates the primary GDPR legal basis.
1.4 How We Use Data
- Provide and maintain the Platform.
- Personalize dashboards, recommendations, and search results.
- Process payments and manage subscriptions.
- Communicate service updates, security alerts, and marketing (if opted‑in).
- Analyze performance and improve features.
- Detect and prevent fraud or misuse.
- Comply with law and enforce our Terms.
1.5 Sharing & Disclosure
| Recipient | Reason |
|---|---|
| Infrastructure providers (Supabase, AWS) | Hosting, storage, backups |
| Automation platform (n8n) | Intent parsing, email/WhatsApp workflows |
| Payment processor ([insert]) | Subscription billing |
| Analytics & error-tracking services ([insert]) | Product diagnostics |
| Professional advisers & auditors | Legal, accounting, compliance |
| Authorities | When required by law or court order |
We sign Data Processing Agreements (DPAs) with all sub‑processors and publish an up‑to‑date list at [insert URL].
1.6 International Transfers
Data may be transferred outside your home jurisdiction where our partners operate. We rely on adequacy decisions, Standard Contractual Clauses, or equivalent safeguards under GDPR Art. 46.
1.7 Retention
We keep personal data:
- For active accounts: as long as you use the Platform.
- After closure: generally 30 days, then securely delete or anonymize, unless longer retention is required for legal claims or bookkeeping.
1.8 Security
- Encryption in transit (HTTPS/TLS 1.2+)
- Encryption at rest
- Row‑Level Security in Supabase
- Least‑privilege access controls
- Regular backups
- Third‑party penetration testing
1.9 Your Rights (GDPR & Swiss FADP)
- Access a copy of your personal data
- Correct inaccurate data
- Delete (“right to be forgotten”)
- Port data to another provider
- Restrict or object to processing
- Withdraw consent at any time (marketing)
- Lodge a complaint with your local supervisory authority (e.g., EDÖB or your EU DPA)
1.10 Children
The Platform is intended for users 18 years and older. We do not knowingly collect data from children.
1.11 Changes
We will notify users of material changes via email or in-app notice at least 30 days before they take effect.