Privacy Policy

Introduction

This Privacy Policy describes how commonoybi B.V. ("we", "our", or "us") collects, uses, and protects your personal information when you use our automotive repair services or visit our website at commonoybi.life. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

Data Controller

commonoybi B.V. is the data controller responsible for your personal information. Our registered office is located at Lindelaan 217, 4890 IL Breda, North Brabant, Netherlands. Registration Number: 71930584, VAT Number: NL894620173B01.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, postal address, vehicle information, and service history when you book appointments, request quotes, or use our services. We may also collect technical information about your device and usage patterns when you visit our website, including IP address, browser type, and pages visited. Additionally, we collect payment information when processing transactions, though payment card details are handled securely by our payment processors and are not stored on our systems.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract performance: To provide automotive repair services you have requested
• Legitimate interests: To improve our services, communicate with customers, and operate our business
• Legal obligations: To comply with accounting, tax, and other legal requirements
• Consent: For marketing communications and cookies (where required)

How We Use Your Information

We explain how we use your information for several purposes: to provide and deliver the automotive repair services you request, including scheduling appointments, performing vehicle diagnostics and repairs, and maintaining service records. We use of your data also includes processing payments, sending service confirmations and updates, responding to your enquiries and customer service requests, and improving our services through analysis of customer feedback and usage patterns. Additionally, we may use your information to send you marketing communications about our services (with your consent), comply with legal obligations such as tax and accounting requirements, and protect our business interests and prevent fraud.

Data Sharing

We do not sell your personal information to third parties. We may share your data with:

• Service providers who help us operate our business (payment processors, booking systems, email services)
• Professional advisors (lawyers, accountants, auditors)
• Regulatory authorities when required by law
• Emergency services if necessary for safety reasons

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Customer contact information and service records are typically retained for 7 years after the last service for warranty, insurance, and legal compliance purposes. Website usage data and cookies are retained for shorter periods as outlined in our Cookie Policy. Marketing consent records are kept until you withdraw consent or we determine the data is no longer needed.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another organisation
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing or cookies

Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes secure data transmission, access controls, regular security assessments, and staff training on data protection principles.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure adequate protection through appropriate safeguards such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Cookies

Our website uses cookies to improve your browsing experience and provide personalised content. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, want to exercise your rights, or need to contact us about your personal data, please contact us at:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.