Privacy Policy

Last updated:

Welcome to xtrabimmer.com (“we”, “our”, “us”).
We respect your privacy and are committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, and safeguard your information
when you visit our website, purchase automotive accessories, or use any of our services.

1. Information We Collect

1.1 Personal Identification Data

  • Name
  • Email address
  • Billing and shipping address
  • Phone number
  • Account login information

1.2 Order & Transaction Data (WooCommerce)

  • Order details (products purchased, price, currency)
  • Payment method (we do NOT store full credit card details)
  • Invoices & receipts

1.3 Automotive-Specific Data

  • Vehicle model, production year, trim
  • Electronic module compatibility data
  • VIN or partial VIN (if voluntarily provided)

This information is collected ONLY for the purpose of confirming product compatibility, installation support, or warranty claims.

1.4 Technical Data

  • IP address
  • Browser type
  • Device type
  • Cookies & analytics data

1.5 Customer Support Data

  • Messages sent via contact forms
  • Installation inquiries (photos/videos optional)
  • Warranty or return request information

2. How We Use Your Information

Your data is used strictly for lawful and legitimate purposes, including:

  • Processing and fulfilling orders
  • Providing installation guidance and compatibility confirmation
  • Sending order updates and shipping notifications
  • Account management on the My Account page
  • Fraud prevention and website security
  • Improving our products and services

We do NOT sell personal data. We do NOT share personal data with advertisers.

3. Legal Basis for Processing (GDPR)

  • Contract performance – to process your orders.
  • Legitimate interest – to improve website security and performance.
  • Consent – for newsletter subscriptions and non-essential cookies.
  • Legal obligation – tax, anti-fraud, and accounting documentation.

4. How We Store and Protect Your Data

We implement strict technical and organizational security measures including:

  • SSL encryption on all pages
  • Encrypted payment gateways (Stripe, PayPal, etc.)
  • Firewall & malware protection
  • Regular security audits

Payment data is processed exclusively by secure third-party processors;
we never store full credit card numbers on our servers.

5. How Long We Keep Your Data

  • Order records: 6–7 years (legal requirement)
  • Customer accounts: until you request deletion
  • Emails and support messages: 12–24 months
  • Cookies: 1–24 months (depending on type)

6. Your Rights

If you are located in the EU, UK, or California, you have the following rights:

GDPR / UK Data Protection Rights

  • Right to access
  • Right to rectification
  • Right to erasure (“Right to be forgotten”)
  • Right to data portability
  • Right to object
  • Right to restrict processing

CCPA Rights (California)

  • Right to know what personal data is collected
  • Right to request deletion
  • Right to opt-out of data selling (we do not sell data)
  • Right to non-discrimination

You may submit a request using our Contact Us form or email below.

7. Cookies & Tracking Technologies

We use cookies to enhance your experience and enable essential site features.

Types of cookies we use:

  • Essential WooCommerce cookies (cart, checkout, account)
  • Analytics (Google Analytics, Cloudflare)
  • Preference cookies
  • Security cookies

You can adjust cookie permissions in your browser settings at any time.

8. Sharing of Information

We only share personal data with the following categories of trusted partners:

  • Payment processors (Stripe, PayPal, etc.)
  • Logistics partners (DHL, UPS, FedEx, SF Express)
  • Fraud prevention services
  • IT security providers

We never sell or share data for advertising purposes.

9. International Data Transfers

Some data may be processed outside your country (e.g., US, EU, UK, Hong Kong).
All transfers comply with GDPR adequacy decisions or Standard Contractual Clauses (SCCs).

10. Children’s Privacy

We do not knowingly collect data from children under 16.
If you believe such data was submitted, please contact us for removal.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

Email: sales@xtrabimmer.com
Website: https://xtrabimmer.com
Data Controller: Xtrabimmer Team

12. Updates to This Policy

We may update this Privacy Policy to reflect operational or legal changes.
The updated version will always be posted on this page.