Privacy Policy
Updated on 17/03/2026
This Privacy Policy is intended to inform users of the website fullcarhistory.com (the “Site”) about how we collect, use, share, and protect their personal data, as well as about their rights.
Because we offer our services internationally, we adopt the format of the GDPR (Regulation (EU) 2016/679), often considered one of the strictest models in terms of transparency.
ARTICLE 1. DEFINITIONS
Personal data: any information relating to an identified or identifiable natural person.
Processing: any operation performed on data (collection, storage, consultation, use, disclosure, deletion, etc.).
French Data Protection Act: Law No. 78-17 of 6 January 1978.
Data controller: entity determining the purposes and means of processing.
GDPR: Regulation (EU) 2016/679 of 27 April 2016.
Recipient: entity receiving communication of personal data.
ARTICLE 2. ACCEPTANCE
By using the Site, in particular by clicking on “Continue”, “Pay now” or any equivalent button (account creation, login, payment), you acknowledge that you have read this Policy.
In the event of modification, the version published on the Site shall apply from the date it is put online.
ARTICLE 3. USERS UNDER 18 YEARS OF AGE
The Site is not intended for minors. No person under 18 years of age should provide personal data.
If you believe that a minor has provided us with information, please contact us at [email protected] so that we may delete it.
ARTICLE 4. DATA COLLECTED AND PURPOSES
We do not store full bank card data. Payments are processed by our payment service providers.
We may receive transaction-related information (e.g. payment identifier, status, amount, currency, card country, brand, last 4 digits), depending on the provider.
| PURPOSE | DATA PROCESSED | LEGAL BASIS | RETENTION PERIOD |
|---|---|---|---|
| Account creation and management | Email, password (hashed), account identifiers, preferences | Performance of the contract | Until account deletion, then 2 years max after the end of the relationship (unless legal obligations apply) |
| Login and security | Access logs, technical identifiers, IP, security data | Performance of the contract + legitimate interest (security) | Up to 2 years (shorter periods where possible) |
| Vehicle identification (VIN/plate) | VIN and/or plate, country, search parameters, limited identification results | Performance of the contract/service | History linked to the account: 6 months (or account deletion) |
| Generation and delivery of Reports | VIN/plate, country, report content, history, consumed credits | Performance of the contract/service | Reports accessible for 6 months from generation (or account deletion) |
| Payments, subscriptions, renewals, additional purchases | Transactional data, email, information necessary for billing | Performance of the contract + legal obligation (accounting) | Transaction evidence: 13 months (or 15 months for deferred debit); accounting: 10 years |
| Transactional emails (Mailjet) | Email, order/subscription information (amount, status, dates), sending logs | Performance of the contract | Duration of the relationship + 1 year (logs) |
| Contact form / requests via the Site | Name (if provided), email, message content, information useful for processing | Legitimate interest (responding) or performance of the contract (if related to the service) | 3 years max after the last interaction |
| Customer support | Email, content of exchanges, supporting documents if necessary | Performance of the contract + legal obligation (management of rights) | Support: 3 years max; GDPR requests: 5 years; ID document: strictly necessary time only |
| Fraud / abuse prevention | Usage logs, IP, anti-abuse indicators | Legitimate interest | Logs: 6 months; IP: 1 year |
| Statistics / improvement (cookies) | Cookie identifiers, browsing events (depending on configuration) | Consent where required (or possible exemption for strictly limited audience measurement) | Up to 13 months max (depending on settings) |
ARTICLE 5. HOSTING
The Site and associated data are hosted by OVH, in France.
ARTICLE 6. DATA CONTROLLER & RECIPIENTS
The Data Controller is PROFILEADS LIMITED (United Kingdom): 24 Linacre House Archdale Close, Chesterfield, England, S40 2GE
Contact: [email protected]
Recipients may include:
- PROFILEADS LIMITED (authorised internal personnel),
- OVH (hosting provider – France),
- Mailjet (transactional email delivery provider),
- technical service providers (maintenance, security, analytics depending on cookie choices),
- payment service providers,
- advisors (accountants, lawyers) where necessary.
We do not sell your data.
We may disclose data where required by law, to protect our rights and security, or as part of a restructuring operation (merger/transfer), with appropriate safeguards.
ARTICLE 7. INTERNATIONAL TRANSFERS (United Kingdom / outside the EEA)
As the publishing company is based in United Kingdom, some operations may involve processing in United Kingdom.
United Kingdom benefits from an adequacy decision by the European Commission, which allows, where that decision applies, the transfer of data to United Kingdom without additional safeguards.
However, some service providers may process data from countries outside United Kingdom and/or outside the EEA. In such cases, we implement appropriate safeguards (standard contractual clauses, transfer agreements, etc.), in accordance with the GDPR.
ARTICLE 8. SECURITY
We implement appropriate technical and organisational measures (access controls, secure data flows, logging, etc.).
You must protect your credentials and avoid sharing them.
ARTICLE 9. YOUR RIGHTS
Depending on the applicable law, you may exercise:
- right of access,
- right to rectification,
- right to erasure,
- right to restriction,
- right to portability,
- right to object (in particular to processing based on legitimate interest),
- post-mortem instructions (depending on the law).
You may lodge a complaint with:
- the CNIL (France) or the competent supervisory authority in your country, and/or
- the ICO (United Kingdom).
ARTICLE 10. EXERCISING YOUR RIGHTS
Contact: [email protected] (or via the Contact page of the Site).
We may request proof of identity in case of reasonable doubt.
We usually respond within 1 month (extendable by 2 months in case of complexity).
ARTICLE 11. COOKIES
Some cookies are necessary for the functioning of the Site, while others (audience measurement, personalisation, marketing) may require your consent.
The detailed list of cookies and trackers used (name, purpose, retention period and provider) is available in our Cookiebot cookie manager, accessible from the consent banner and at any time via the “Cookie settings” link (or equivalent) available on the Site.
11.1 Third-party cookies
Depending on your configuration and choices, third-party cookies may be used (e.g. audience measurement tools, tag management, anti-fraud solutions).
11.2 Cookie management
During your first visit, a cookie banner allows you to accept, refuse or configure cookies.
You may change your preferences at any time from the Site.
ARTICLE 12. DO NOT TRACK (DNT)
We do not guarantee systematic support for browser “Do Not Track (DNT)” signals.
We will update this section if our implementation evolves.