Privacy Policy

  1. General principles
  2. What is the definition of capitalized terms?
  3. What is the purpose of a Charter?
  4. What Data is collected?
  5. Why is your Data used?
  6. How long is Your Data kept?
  7. With whom is Your Data shared?
  8. Is your Data transferred outside the European Union?
  9. How is Your Data protected?
  10. What are your rights?
  11. How does GRIP500 collect Data about minors?
  12. What about cookies and similar tracking technologies?
  13. How will you be notified of changes to the Charter?
  14. How to contact us?


The company GRIP500 SLU, a company under Andorran law in the form of a societat limitada unipersonal with capital of 3.000 euros, registered in the Andorra Trade and Companies Register under number 17485, with registered office at Carrer Prat de la Creu 59, AD500, ANDORRA LA VELLA (Principality of Andorra), email:,(hereinafter referred to as "GRIP500"), which carries out an e-commerce activity, offers the sale of tyres and related products via the website (hereinafter referred to as the "Site").

In the course of this activity, GRIP500 may collect online or by telephone Data that directly or indirectly identifies customers, users of the Site or third parties (hereinafter referred to indiscriminately as "Data Subjects" or "You") and process such Data. GRIP500 never collects Data from Data Subjects indirectly, i.e. from a third party source.

GRIP500, whose contact details are mentioned above, is responsible for processing the Data insofar as it determines the purposes and means of such Processing.

With respect to certain Banking Data, GRIP500 shares responsibility for processing such Banking Data with GoCardless SAS, a simplified joint stock company registered in the Paris Trade and Companies Register under number 834422180, whose registered office is located at 7 rue de Madrid in Paris (75008). Further information on how GoCardless handles Your Banking Data and Your data protection rights is available here.

With respect to certain Browsing Data collected by cookies, GRIP500 shares responsibility for processing such Browsing Data with third party companies, a list of which and further details of which are available on the cookie page.

GRIP500 has appointed a Data Protection Officer pursuant to Article 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the "GDPR") whose contact details are

The Data collected by GRIP500 are more specifically processed by the branch of AD TYRES established on the territory of Malta, namely AD TYRES INTERNATIONAL EU, registered under the number OC 1277, whose registered office is located at Level 3, (Suite No. 2407), Tower Business Centre, Tower Street, Swatar, BIRKIRKARA BKR 4013 (Malta)

These Data Processings are therefore considered as carried out on the territory of the European Union pursuant to Recital 22 and Article 3.1 of the GDPR and are subject to this legislation.

In addition, the Malta Data Protection Act 2018 (Cap 586) is also applicable to the Processing of Data by virtue of section 4(2)(a) of that Act.

You are invited to read this Privacy Policy (hereinafter the "Policy") carefully and to take note of its contents.


Words or expressions beginning with a capital letter have the definition specified below.

means the company identified in the first paragraph ofArticle 1.
has the definition referred to inArticle 1.
Customer account
is the account that any customer can create from the page.
means any personal data, i.e. any information relating to an identified or identifiable natural person, it being understood that an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Banking data
has the definition referred to inArticle 4.
Order Data
has the definition referred to inArticle 4.
Navigation Data
has the definition referred to inArticle 4.
Technical Data
has the definition referred to inArticle 4.
Person(s) concerned
has the definition referred to inArticle 1.
means the tyre or related products (rims, chains, etc.) offered for sale by GRIP500 on the Site.
has the definition referred to inArticle 1.
has the definition referred to inArticle 1.
means any operation or set of operations carried out or not carried out using automated processes and applied to the Data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, deletion or destruction.
has the definition referred to inArticle 1.


This Policy is made available to You at the time of collection of Your Data in order to ensure full transparency of the Processing of Your Data by GRIP500 by providing concise, easily accessible, easy to understand information in clear and simple terms.

In the event that any of the information is not sufficiently clear, we invite You to contact us at Your convenience either by sending an email to or by using the contact form accessible here.

The Policy applies to Your Data collected and processed by GRIP500 in the context of the following activities and for which GRIP500 is the Data Controller:

  • Your use of the Site, including browsing the Site;
  • the creation and use of Your Customer Account via the Site;
  • the purchase of Products offered by GRIP500 via the Site; or
  • any contact with customer service.

This Policy does not apply to any other Data Processing carried out in a context other than that described above and for which GRIP500 is not the Data Controller.



GRIP500 makes an express request to You to collect Your Data at various times and in particular during :

  • use of the Site;
  • placing an order on the Site;
  • the creation of a Customer Account on the Site; or
  • any communication with customer service.

The Data collected (hereinafter the "Order Data") consists in particular of :

  • Your first name ;
  • Your name ;
  • Your date of birth ;
  • Your postal address ;
  • Your e-mail address ;
  • Your telephone number ;
  • Your country ;
  • Your intra-community VAT number.

For payment purposes, this Data collected at our express request (hereinafter the "Banking Data") consists of Your credit card number, the expiry date and the CVC (or visual cryptogram located on the back of the card), which are transmitted to the payment service providers:, Hipay or Braintree.

As regards payment by the Paypal service provider, the banking data are directly collected by this company from You when creating your account. The Paypal company is then solely responsible for processing this data.

We use GoCardless to manage direct debits via Your IBAN. Further information on how GoCardless handles your Banking Data and your data protection rights is available here.

Certain Order Data (first name, last name, address, telephone number, country, e-mail address) and Bank Data are required to conclude the contract with GRIP500. Consequently, any failure on Your part to communicate these Data to us will prevent You from finalising Your order.


GRIP500 may collect, in particular during Your browsing on the Website, some of Your Data automatically through Your device (computer, tablet, mobile phone, etc.). This Data may be collected even if no order is placed. This collection is generally carried out using cookies.

This Data (hereinafter the "Technical Data") consists in particular of :

  • Your IP address (the identification number assigned to Your device as part of its connection to the Internet) ;
  • Your MAC address (physical identification number stored on your network card or network interface) ;
  • Your IMEI number (your mobile phone identification number) ;
  • the operating system of Your device (Microsoft Windows, Mac OS X, Android, iOS, etc.);
  • Your mobile phone operator ;
  • Your Internet Service Provider ;
  • the browser You are using (Internet Explorer, Google Chrome, Firefox, etc.); or
  • the time zone used by Your device.

The Data collected automatically through Your device also consists of Data about Your browsing (hereinafter "Browsing Data") such as:

  • the pages you have visited;
  • the date of Your visit ;
  • the time spent on each page visited;
  • the links you have activated;
  • the offers you have consulted;
  • the Products you are looking for;
  • the orders You have placed; or
  • Your consumption habits of the Products.


Personal data may only be processed if the processing is based on :

  • a legal justification as referred to in Article 6.1 GDPR (consent, performance of contract, compliance with a legal obligation, safeguarding vital interests, public interest task or legitimate interest of the controller); and
  • explicit, legitimate purpose(s) determined by the controller.

The table below lists the Processing carried out by GRIP500 with the purposes, legal justification and Data concerned for each of them.

Name of the Treatment GoalsLegal justificationData concerned
  • Respond to all Your requests to place an order
  • Take into account and execute Your order
  • Carrying out the delivery and possibly the assembly
ContractOrder Data
Single transaction by credit card
  • Execute Your order payment
  • Managing rejected bank transactions
ContractBank details (CB)
Facilitating future purchases
  • Save bank details to facilitate future purchases
ConsentBank details (CB)
SEPA Direct Debit
  • Transmission of Your IBAN to the GoCardless provider
ContractBank details (IBAN)
Claims on payments
  • Handle any complaints from the holder of the credit card used to pay for the order
ContractBanking data
After-sales service
  • Managing Your Complaints
  • Notify the modification of the Charter or the general sales conditions
  • Manage customer relations (requests, comments and suggestions) following an order
  • Managing refunds
  • Order Data
  • Banking data
Customer account
  • Facilitate your subsequent orders by avoiding the re-entry of elements already communicated to GRIP500
ConsentOrder Data
Newsletter (including GRIP500 commercial offers)
  • Execute your subscription to our newsletter (including GRIP500 commercial offers)
ConsentOrdering data (e-mail address)
Targeted advertising
  • Tailor our advertising messages to your needs and habits
Consent (cookies)
  • Technical Data
  • Navigation Data
User experience
  • Personalise Your experience of the Site according to Your needs and habits
  • Speed up Your navigation on the Site
Consent (cookies)
  • Technical Data
  • Navigation Data
  • Conducting and analysing statistical studies
Legitimate interest (1) and consent (cookie)
  • Order Data
  • Technical Data
  • Navigation Data
  • To analyse technical problems encountered in the use of the Site
  • Detecting anomalies in the information system
Legitimate interest (2)
  • Technical Data
  • Navigation Data
  • Detecting counterfeiting and technology fraud
Legitimate interest (3)
  • Order Data
  • Technical Data
  • Navigation Data

(1 ) GRIP500's legitimate interest is to be able to evaluate and improve itself through the statistical tool.

(2 ) GRIP500's legitimate interest is to ensure the quality of its service.

(3 ) GRIP500's legitimate interest is to prevent fraud.


GRIP500 makes it a point of honour to keep Your Data in a form that allows Your identification for no longer than is necessary for the purposes for which it is processed.

The table below shows the retention periods for each type of Data according to the Processing for which it is used.

Data TreatmentShelf life in active base (1)Intermediate storage period (2)
Order Data Ordering3 years from the last ordern/a*
After-sales service 3 years from the last ordern/a
Customer account 3 years from the last connection to the Customer Account or until withdrawal of consent if earliern/a
Newsletter Until You unsubscribe or 3 years from the last login to the Customer Account if this is earliern/a
Statistics 3 years from the last ordern/a
Fraud n/a5 years from the collection of the Data concerned
Banking data (3) Transaction (CB)Until full payment of the ordern/a
Claims on payments n/a13 months from the date of debit or 15 months in case of deferred payment
After-sales service Until the expiry of the period for which GRIP500 undertakes to reimburse You for an order (in particular the withdrawal period or the period for cancelling the order)n/a
SEPA Direct Debit (IBAN) The time of transmission of the IBAN to GoCardlessn/a
Facilitation of subsequent purchases (CB) Until consent is withdrawn or the validity of the bank card expires, if earliern/a
Technical Data Targeted AdvertisingSee Cookiesn/a
User Experience
Navigation Data Targeted AdvertisingSee Cookiesn/a
User Experience

*n/ameans not applicable.

(1 ) Active storage is the storage of the Data concerned in the database used for the purpose of the Processing concerned.

(2) Intermediate archiving consists of keeping the Data under conditions of restricted access (i) either in a specific archive base separate from the active base, with access restricted to only those persons who have an interest in knowing about it by virtue of their function, (ii) or in the active base, provided that the archived Data are isolated by means of logical separation (management of access rights and authorisations) to make them inaccessible to persons who no longer have an interest in processing them.

(3) The Banking Data are never kept by GRIP500 but by its payment partners (, Hipay, Braintree, Gocardless depending on the case).


GRIP500 may share some of Your Data with other entities referred to below. In all cases, GRIP500 will only share such Data to the extent strictly necessary to fulfill the purpose(s) of the Processing of Your Data by GRIP500 or to fulfill the specific and legitimate purpose(s) defined by that recipient.


GRIP500 may share some of Your Data with other entities in the group to which GRIP500 belongs, in particular to get to know You better. These other entities are subject to commitments similar to those of GRIP500 for the protection of Your Data.


GRIP500 may share some of Your Data with third party contractors and/or service providers used in connection with the provision of GRIP500's products and services via the Site. The sharing of Your Data with these entities is required to fulfill Your order. GRIP500 only shares the Data that is strictly necessary for the performance of the mission entrusted to these entities after having contractually ensured that the commitments of these entities are as high as those set out in this Policy regarding the protection of Your Data.

These are mainly the following entities:

  • GROUPE CONSEIL ET GESTION (technology outsourcing)
  • OVH (website hosting)
  • HOTJAR (analytical cookie)
  • GOOGLE (advertising cookie)
  • MICROSOFT (advertising cookie)
  • CHECKOUT.COM (payment service provider)
  • HIPAY (payment service provider)
  • BRAINTREE (payment service provider)
  • GOCARDLESS (payment service provider)
  • PAYPAL (payment service provider)
  • DPD (delivery service provider)
  • GLS (delivery service provider)
  • UPS (delivery service provider)
  • DHL (delivery service provider)
  • SEUR (delivery service provider)
  • CHRONOPOST (delivery service provider)
  • BOOMERANG (delivery service provider)
  • TNT (delivery service provider)

These are also the partner garages, a list of which can be found here.


GRIP500 may share Your Data on an exceptional basis in the following circumstances: (i) in connection with a merger, acquisition of all or part of GRIP500, asset sale or similar transaction, (ii) where such sharing is required by law, regulation, judicial or administrative authority having jurisdiction; or (iii) to protect the rights and/or safety of any individual, to prevent or take action regarding illegal or suspected illegal activities or to defend the rights, property and safety of GRIP500's Site; (iv) to perform and secure the commitments made by GRIP500 to You under this Policy.


Your Data is processed and stored primarily on the territory of Malta, which territory is located in the European Union.

However, the company GRIP500, established in the Principality of Andorra outside the European Union, may have access to this Data.

By decision dated 19 October 2010, the European Commission declared that Andorra is considered to provide an adequate level of protection for personal data transferred from the European Union.

In addition, GRIP500 cannot exclude the possibility that Your Data may be transferred to other territories outside the European Union (EU) and the European Economic Area (EEA) and in particular to territories where the level of protection of personal data is lower than in the European Union.

In the latter case, GRIP500 undertakes to verify the existence of measures or to take adequate measures to ensure a satisfactory level of protection for Your Data, such as

  • an adequacy decision by the European Commission of the country concerned;
  • the European Commission's standard contractual clauses or standard contractual clauses adopted by a supervisory authority, to which the recipient is subject and of which you can ask us for a copy if they have been formally signed;
  • internal company rules;
  • an approved code of conduct or an approved certification scheme (including a binding and enforceable commitment by the non-EU recipient to apply appropriate safeguards);
  • an administrative arrangement or legally binding and enforceable text made to enable cooperation between public authorities.

With regard to these main partners of GRIP500, the following are the countries of destination of data and the appropriate safeguards adopted.

Recipients CountryGuarantees
GCG FranceEuropean Union
OVH GermanyEuropean Union
HOTJAR MaltaEuropean Union
GOOGLE United StatesStandard contractual clause and Privacy Shield certification
MICROSOFT United StatesStandard contractual clause and Privacy Shield certification
CHECKOUT.COM United KingdomSuitability decision of 28 June 2021
HIPAY FranceEuropean Union
BRAINTREE United StatesStandard contractual clause and Privacy Shield certification
GOCARDLESS United KingdomSuitability decision of 28 June 2021
PAYPAL United StatesStandard contractual clause and Privacy Shield certification
DPD FranceEuropean Union
GLS NetherlandsEuropean Union
UPS United StatesStandard contractual clause and Privacy Shield certification
DHL GermanyEuropean Union
SEUR SpainEuropean Union
CHRONOPOST FranceEuropean Union
BOOMERANG FranceEuropean Union
TNT NetherlandsEuropean Union


GRIP500 has put in place appropriate physical, technical, administrative and organisational security measures to protect Your Data from unauthorised or unlawful access, use, loss, accidental destruction, damage, theft or disclosure.

Despite its continuous efforts, GRIP500 cannot guarantee a result in terms of the security of Your Data and invites You to report any of the above-mentioned difficulties of which You may be aware.

To do so, you can contact customer service, at Your convenience, either by sending an e-mail to or by using the contact form accessible here.

This site is protected by reCAPTCHA, and Google's privacy policy and terms of use apply to this service.


In accordance with the legislation in force, You have the rights listed below with regard to Your Data:

  • the right to access Your Data:

    This includes the possibility for You to obtain confirmation from GRIP500 that Data concerning You is or is not being processed, as well as access to such Data and to the following information: purposes, categories of Data, recipients or categories of recipients, retention period or the criteria for determining such period, Your rights concerning such Data, the right to lodge a complaint with a supervisory authority and, where applicable, the source of the collection of the Data and the existence of automated decision-making on the basis of such Data.

    You also have the right, where Your Data is transferred to a third country or to an international organisation, to be informed of the appropriate safeguards with respect to that transfer.

    Under the right of access, GRIP500 will provide You with a copy of the Data and may charge a reasonable fee based on administrative costs for any additional copies You request. If You make the request electronically, the information will be provided in a commonly used electronic format, unless You request otherwise.

  • the right to rectify Your Data:

    This is the possibility for You to obtain from GRIP500 the rectification, as soon as possible, of Your Data which would be inaccurate or, taking into account the purposes of the Processing, incomplete (You will be able to provide an additional declaration for this purpose);

  • the right to erasure of Your Data:

    This is the possibility for You to obtain from GRIP500 the deletion, as soon as possible, of Your Data for one of the following reasons

    • such Data are no longer necessary for the purposes for which they were collected or are processed in another way;
    • You withdraw Your consent on which the Processing of such Data is based provided that there is no other legal basis for such Processing;
    • You object to the Processing of this Data under the conditions specified below regarding Your right to object;
    • the Data has been unlawfully Processed ;
    • the Data must be deleted to comply with a legal obligation to which GRIP500 is subject; or
    • the Data was collected in the context of the provision of information society services to children.

    If the Data requested to be deleted has been made publicly available by GRIP500, reasonable steps shall be taken, taking into account the available technology and the costs of implementation, to inform the data controllers processing such Data that You have requested that they delete any links to or copies or reproductions of such Data.

    This right to erasure does not apply to the extent that the Processing is necessary:

    • the exercise of the right to freedom of expression and information;
    • to comply with a legal obligation requiring the processing laid down by Union law or by the law of the Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • for reasons of public interest in the field of public health;
    • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, insofar as the right to erasure is likely to render impossible or seriously compromise the achievement of the purposes of such Processing; or
    • the establishment, exercise or defence of legal claims.
  • the right to object to the Processing of Your Data:

    This concerns the possibility of objecting to the Processing of Your Data carried out on the basis of a legitimate interest by GRIP500 (including profiling based on this justification) if this Processing is not in fact justified by GRIP500 on legitimate and compelling grounds which would override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

    This also includes the possibility for You to object to Processing for the purpose of prospecting (including profiling if it is linked to such prospecting).

    Finally, with regard to Processing for statistical purposes, this concerns the possibility of objecting to such Processing for reasons relating to Your particular situation, unless the Processing is necessary for a task in the public interest.

  • the right to limit the Processing of Your Data :

    This is the possibility for You to obtain from GRIP500 the limitation of the Processing in one of the following cases:

    1. for the period necessary for GRIP500 to verify the accuracy of the Data where You dispute the accuracy of the Data;
    2. You object to the deletion of Data from an unlawful Processing and demand instead the restriction of their use;
    3. the Data are no longer useful to GRIP500 for the purposes of the Processing but remain necessary for You in order to establish, exercise or defend legal claims;
    4. for as long as is necessary to determine whether GRIP500's legitimate reasons override Yours where You have objected to the Processing on this basis.

    In case of restriction of Processing, the Data may, with the exception of storage, only be processed with Your consent or for the establishment, exercise or defence of legal claims, or for the protection of another natural or legal person, or on important grounds of public interest of the Union or of a Member State.

    You will be informed by GRIP500 of the lifting of the limitation before it takes effect.

  • the right to portability of Your Data :

    This refers to the possibility for You to obtain from GRIP500 the communication of Your Data provided to GRIP500 in a structured, commonly used and machine-readable format and to transfer this Data to another entity (this transfer is carried out by You or, if technically possible, by GRIP500) and this, where the Processing is carried out using automated processes and is based on consent or on a contract ;

  • the right to withdraw Your consent:

    This is the possibility for You to withdraw Your consent to any Processing of Your Data that was carried out on the basis of Your previous consent. Withdrawal of consent does not affect the lawfulness of the Processing based on the consent given prior to such withdrawal.

To exercise the above rights, You are invited to contact us at Your convenience:

In order to process Your request as efficiently as possible, GRIP500 invites You to formulate Your request in a clear and detailed manner. If there is any doubt about Your identity, GRIP500 may request additional information necessary to confirm Your Identity.

You also have the :

  • right to lodge a complaint with a supervisory authority :

    the possibility for You to lodge a complaint with a competent supervisory authority, in particular in the Member State in which You are habitually resident, where You work or where the breach is alleged to have occurred, if You consider that the Processing of Your Data constitutes a breach of the law.

To make it easier for you to exercise this right, we invite you to consult the list of supervisory authorities here.


The Products sold by GRIP500 on its Site are not intended for minors. Consequently, GRIP500 does not process any Data relating to minors or assume that the Data of visitors to the Site or its customers directly or indirectly concerns minors.


GRIP500 uses cookies and other similar technologies, which may collect some of Your Data. These cookies are used to improve Your experience of the Site, to provide us with information about the operation and quality of our Site and to assist in the provision of targeted advertising.

GRIP500 collects Your prior consent by means of a banner on the home page of the Site when You first connect to these computer tools. Your consent is again sought by GRIP500 under the same conditions at the end of a thirteen-month period following the previous collection of Your consent.

GRIP500 urges You to consult the "Cookies" page of its Site for further information.


GRIP500 may periodically modify this Privacy Policy in order to take into account legislative changes concerning the protection of Your Data.

GRIP500 will notify You of any changes or updates by means of a notice sent to Your email address and/or a notice displayed on the Site.


GRIP500 is at Your entire disposal to answer any questions You may have about this Policy.

To contact us, You are invited to join us at Your convenience: