- General Principles
- What is the definition of terms using capital letters?
- What is the purpose of a Charter?
- What Data is collected?
- Why is Your Data used?
- How long is Your Data retained?
- Who is Your Data shared with?
- Is Your Data transferred outside the European Union?
- How is Your Data protected?
- What are Your rights?
- How does GRIP500 collect Data concerning minors?
- What about cookies and other similar tracking technologies?
- How will You be notified of changes to the Charter?
- How to contact us?
1. GENERAL PRINCIPLES
The company GRIP500 SLU, an Andorran law company in the form of a societat limitada unipersonal with a capital of 3,000 euros, registered in the Andorra Trade and Companies Register under number 17485, with its registered office at Carrer Prat de la Creu 59, AD500, ANDORRA LA VELLA (Principality of Andorra), email: cm@grip500.com, (hereinafter "GRIP500") engages in e-commerce activities, offering for sale tires and related products through the website https://www.grip500.ie (hereinafter the "Site").
In the context of this activity, GRIP500 is required to collect online or by telephone Data that can directly or indirectly identify clients, users of the Site, or third parties (hereinafter collectively referred to as the "Concerned Persons" or "You") and to carry out one or more Processing(s) of this Data. The collection of Data from Concerned Persons by GRIP500 is never done indirectly, that is, from a third-party source.
GRIP500, whose contact details are mentioned above, is responsible for the processing of Data in that it determines the purposes and means of these Processings.
Regarding certain Banking Data, GRIP500 shares the responsibility for their Processing jointly with the company GoCardless SAS, a simplified joint-stock company registered in the Paris Trade and Companies Register under number 834422180, with its registered office at 7 rue de Madrid in Paris (75008). Additional information on how GoCardless manages Your Banking Data and Your rights related to data protection is available here.
Regarding certain Navigation Data collected by cookies, GRIP500 shares the responsibility for their Processing jointly with third-party companies, the list and additional details of which can be found on the cookie page.
GRIP500 has appointed a data protection officer in accordance with Article 37 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter "GDPR") whose contact details are cm@grip500.com.
The Data collected by GRIP500 is more specifically processed by the branch of the company AD TYRES established in Malta, namely AD TYRES INTERNATIONAL EU, registered under number OC 1277, with its registered office at Level 3, (Suite No. 2407), Tower Business Centre, Tower Street, Swatar, BIRKIRKARA BKR 4013 (Malta).
Therefore, these Data Processings are considered as being carried out on the territory of the European Union in accordance with Recital 22 and Article 3.1 GDPR and are subject to this legislation.
Furthermore, the Maltese Data Protection Act of 2018 (Cap 586) is also applicable to the Processing of Data under Article 4(2)(a) of this law.
You are invited to carefully read this Privacy Charter (hereinafter the "Charter") and to become familiar with its content.
2. WHAT IS THE DEFINITION OF TERMS USING CAPITAL LETTERS?
The words or expressions starting with a capital letter have the definition specified below.
- GRIP500
- refers to the company identified in the first paragraph of Article 1.
- Charter
- has the definition referred to in Article 1.
- Customer Account
- refers to the account that any customer can create from the page //www.grip500.fr/connexion.
- Data
- means any personal data, that is to say, any information relating to an identified or identifiable natural person, it being understood that an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Banking Data
- has the definition referred to in Article 4.
- Order Data
- has the definition referred to in Article 4.
- Navigation Data
- has the definition referred to in Article 4.
- Technical Data
- has the definition referred to in Article 4.
- Data Subject(s)
- has the definition referred to in Article 1.
- Product(s)
- refers to the tire products or related products (rims, chains, etc.) offered for sale by GRIP500 on the Site.
- GDPR
- has the definition referred to in Article 1.
- Site
- has the definition referred to in Article 1.
- Processing
- means any operation or set of operations which is performed on Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- You
- has the definition referred to in Article 1.
3. A CHARTER FOR WHAT PURPOSE?
This Charter is made available to You when collecting Your Data to ensure full transparency of the Processing of Your Data carried out by GRIP500 by providing concise, easily accessible information that is easy to understand and formulated in clear and simple terms.
If any of the information is not clear enough, we invite You to contact us at Your convenience either by sending an email to cm@grip500.com or through the contact form accessible here.
The Charter applies to Your Data collected and processed by GRIP500 in the context of the following activities for which GRIP500 is the Data Controller:
- Your use of the Site, including simple navigation on it;
- the creation and use of Your Customer Account via the Site;
- the purchase of Products offered by GRIP500 via the Site; or
- any contact with customer service.
This Charter does not apply to any other Data Processing carried out in a different context than the one described above and for which GRIP500 is not the Data Controller.
4. WHAT DATA IS COLLECTED?
DATA COLLECTED UPON EXPRESS REQUEST FROM GRIP500
GRIP500 makes an express request to collect Your Data at various times, including when:
- using the Site;
- placing an order on the Site;
- creating a Customer Account on the Site; or
- communicating with customer service.
The collected Data (hereinafter referred to as "Order Data") includes in particular:
- Your first name;
- Your last name;
- Your date of birth;
- Your postal address;
- Your email address;
- Your phone number;
- Your country;
- Your intra-community VAT number.
In terms of payment, the Data collected upon our express request (hereinafter referred to as "Banking Data") consists of Your credit card number, expiration date, and CVC (or visual cryptogram located on the back of the card), which are transmitted to payment service providers: Checkout.com, Hipay or Braintree.
Regarding payment through the Paypal provider, the banking data is directly collected by this company from You when creating your account. The Paypal company is then solely responsible for the processing of this data.
We use GoCardless to manage direct debits via Your IBAN. Additional information on how GoCardless manages your Banking Data and your rights related to data protection is available: here.
Some Order Data (first name, last name, address, phone number, country, email address) and Banking Data are essential for the conclusion of the contract with GRIP500. Consequently, any refusal on Your part to provide us with this Data will prevent You from finalizing Your order.
DATA AUTOMATICALLY COLLECTED BY GRIP500
GRIP500 is led to collect, especially during Your navigation on the Site, certain of Your Data automatically through Your device (computer, tablet, mobile phone, etc.). This Data can be collected even in the absence of an order. This collection is generally carried out using cookies.
This Data (hereinafter referred to as "Technical Data") includes in particular:
- Your IP address (the identification number assigned to Your device when it connects to the Internet);
- Your MAC address (physical identification number stored on Your network card or network interface);
- Your IMEI number (identification number of Your mobile phone);
- the operating system of Your device (Microsoft Windows, Mac OS X, Android, iOS, etc.);
- Your mobile phone operator;
- Your Internet service provider;
- the browser You are using (Internet Explorer, Google Chrome, Firefox, etc.); or even
- the time zone used by Your device.
The Data automatically collected through Your device also includes Navigation Data (hereinafter referred to as "Navigation Data") such as:
- the pages You have visited;
- the date of Your visit;
- the time spent on each visited page;
- the links You have activated;
- the offers You have viewed;
- the Products You have searched for;
- the orders You have placed; or even
- Your consumption habits of the Products.
5. WHY IS YOUR DATA USED?
Personal data processing can only be carried out if it is based on:
- a legal justification referred to in Article 6.1 GDPR (consent, performance of the contract, compliance with a legal obligation, protection of vital interests, public interest task or legitimate interest of the data controller); and
- one or more explicit, legitimate, and determined purpose(s) by the data controller.
The table below lists the Processing carried out by GRIP500 with the purposes, legal justification, and Data concerned for each.
| Name of Processing | Purposes | Legal Justification | Data Concerned |
|---|---|---|---|
| Order |
|
Contract | Order Data |
| Single credit card transaction |
|
Contract | Bank Data (Credit Card) |
| Facilitation of subsequent purchases |
|
Consent | Bank Data (Credit Card) |
| SEPA Direct Debit |
|
Contract | Bank Data (IBAN) |
| Claims on payments |
|
Contract | Bank Data |
| After-sales service |
|
Contract |
|
| Customer account |
|
Consent | Order Data |
| Newsletter (including GRIP500 commercial offers) |
|
Consent | Order Data (email address) |
| GRIP500 commercial offers |
|
Legitimate interest (4) |
|
| Targeted advertising |
|
Consent (cookies) |
|
| User experience |
|
Consent (cookies) |
|
| Statistics |
|
Legitimate interest (1) and consent (cookie) |
|
| Quality |
|
Legitimate interest (2) |
|
| Fraud |
|
Legitimate interest (3) |
|
(1) The legitimate interest of GRIP500 is to be able to self-evaluate and improve through the statistical tool.
(2) The legitimate interest of GRIP500 is to ensure the quality of its service.
(3) The legitimate interest of GRIP500 is to prevent fraud.
(4) The legitimate interest referred to in Recital (47) of the GDPR states: "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest". This legitimate interest consists in particular of maintaining a regular commercial relationship with You.
6. HOW LONG IS YOUR DATA RETAINED?
GRIP500 is committed to retaining Your Data in a form that allows Your identification for no longer than is necessary for the purposes for which it is processed.
The table below indicates the retention periods for each type of Data depending on the Processing for which they are used.
| Data | Processing | Retention period in active database (1) | Retention period in intermediate archiving (2) |
|---|---|---|---|
| Order Data | Order | 3 years from the last order | n/a* |
| After-sales service | 3 years from the last order | n/a | |
| Customer account | 3 years from the last login to the Customer account or until withdrawal of consent if it occurs earlier | n/a | |
| Newsletter | Until Your unsubscription or 3 years from the last login to the Customer account if this deadline occurs earlier | n/a | |
| GRIP500 commercial offers | 2 years from the last order | n/a | |
| Statistics | 3 years from the last order | n/a | |
| Fraud | n/a | 5 years from the collection of the concerned Data | |
| Banking Data (3) | Transaction (Credit Card) | Until the complete payment of the order | n/a |
| Claims on payments | n/a | 13 months from the debit date or 15 months in case of deferred debit payment | |
| After-sales service | Until the expiration of the period for which GRIP500 commits to refunding an order (including withdrawal period or order cancellation period) | n/a | |
| SEPA Direct Debit (IBAN) | For the duration of the transmission of the IBAN to GoCardless | n/a | |
| Facilitation of subsequent purchases (Credit Card) | Until withdrawal of consent or until the expiration of the validity of the credit card if it occurs earlier | n/a | |
| Technical Data | Targeted Advertisements | See Cookies | n/a |
| User Experience | |||
| GRIP500 Commercial Offer | |||
| Quality | |||
| Statistics | |||
| Fraud | |||
| Browsing Data | Targeted Advertisements | See Cookies | n/a |
| GRIP500 Commercial Offer | |||
| User Experience | |||
| Quality | |||
| Statistics | |||
| Fraud |
*n/a means not applicable.
(1) Retention in active database consists of keeping the concerned Data in the database used for the purpose of the concerned Processing.
(2) Intermediate archiving consists of keeping the Data in conditions of restricted access (i) either in a specific archive database separate from the active database, with restricted access to only those persons who need to know because of their function, (ii) or in the active database, provided that the archived Data is isolated by means of a logical separation (management of access rights and authorizations) to make them inaccessible to persons who no longer have an interest in processing them.
(3) Banking Data is never retained by GRIP500 but by its payment partners (Checkout.com, Hipay, Braintree, Gocardless depending on the case).
7. WHO IS YOUR DATA SHARED WITH?
GRIP500 may share some of Your Data with other entities listed below. In all cases, GRIP500 only shares this Data to the extent strictly necessary to ensure the purpose(s) of Processing Your Data by GRIP500 or to ensure the specific and legitimate purposes defined by the recipient.
ENTITIES OF THE GROUP TO WHICH GRIP500 BELONGS
GRIP500 may share some of Your Data with other entities of the group to which GRIP500 belongs in order to better know You. These other entities are subject to similar commitments to those of GRIP500 for the protection of Your Data.
SUBCONTRACTORS AND THIRD-PARTY SERVICE PROVIDERS
GRIP500 may share some of Your Data with subcontractors and/or third-party service providers used in the context of providing GRIP500's products and services via the Site. Sharing Your Data with these entities is required for the execution of Your order. GRIP500 only shares the Data strictly necessary for the performance of the task entrusted to these entities after having contractually ensured commitments from them as high as those made in this Charter regarding the protection of Your Data.
These mainly include the following entities:
- GROUP CONSEIL ET GESTION (technological subcontracting)
- OVH (site hosting)
- HOTJAR (analytical cookie)
- GOOGLE (advertising cookie)
- MICROSOFT (advertising cookie)
- CHECKOUT.COM (payment service provider)
- HIPAY (payment service provider)
- BRAINTREE (payment service provider)
- GOCARDLESS (payment service provider)
- PAYPAL (payment service provider)
- DPD (delivery service provider)
- GLS (delivery service provider)
- UPS (delivery service provider)
- DHL (delivery service provider)
- SEUR (delivery service provider)
- CHRONOPOST (delivery service provider)
- BOOMERANG (delivery service provider)
- TNT (delivery service provider)
This also includes partner garages whose list is accessible here.
EXCEPTIONAL CASES
GRIP500 may share Your Data exceptionally in the following cases: (i) as part of a merger, acquisition of all or part of GRIP500, an asset transfer, or any other similar transaction, (ii) when such sharing is imposed by law, regulation, a competent judicial or administrative authority; or (iii) to protect the rights and/or safety of an individual, to prevent or take action regarding illegal or suspected illegal activities or to defend the rights, property, and security of GRIP500's Site; (iv) to execute and guarantee the commitments made by GRIP500 in Your interest under this Charter.
8. IS YOUR DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?
Your Data is processed and stored mainly on the territory of Malta, which is located within the European Union.
However, the company GRIP500 established in the territory of the Principality of Andorra located outside the European Union may have access to this Data.
By decision dated October 19, 2010, the European Commission has declared that Andorra is considered to provide an adequate level of protection for personal data transferred from the European Union. This decision was confirmed by the Commission's Report dated January 15, 2024.
Furthermore, GRIP500 cannot exclude that Your Data may be transferred to other territories located outside the European Union (EU) and the European Economic Area (EEA), particularly to territories where the level of personal data protection is less than that of the European Union.
In the latter case, GRIP500 commits to verifying the existence of measures or taking appropriate measures to ensure a satisfactory level of protection of Your Data, such as:
- a decision of adequacy by the European Commission of the concerned country;
- standard contractual clauses of the European Commission or standard contractual clauses adopted by a supervisory authority, to which the recipient is subject and of which you can request a copy if they have been formally signed;
- binding corporate rules;
- an approved code of conduct or an approved certification mechanism (including the binding and enforceable commitment taken by the recipient outside the EU to apply appropriate safeguards);
- an administrative arrangement or a legally binding and enforceable instrument taken to allow cooperation between public authorities.
Regarding these main partners of GRIP500, here are the data destination countries and the appropriate safeguards adopted.
| Recipients | Countries | Guarantees |
|---|---|---|
| GCG | France | European Union |
| OVH | Germany | European Union |
| HOTJAR | Malta | European Union |
| United States | Adequacy decision of July 10, 2023 | |
| MICROSOFT | United States | Adequacy decision of July 10, 2023 |
| CHECKOUT.COM | United Kingdom | Adequacy decision of June 28, 2021 |
| HIPAY | France | European Union |
| BRAINTREE | United States | Adequacy decision of July 10, 2023 |
| GOCARDLESS | United Kingdom | Adequacy decision of June 28, 2021 |
| PAYPAL | United States | Adequacy decision of July 10, 2023 |
| DPD | France | European Union |
| GLS | Netherlands | European Union |
| UPS | United States | Adequacy decision of July 10, 2023 |
| DHL | Germany | European Union |
| SEUR | Spain | European Union |
| CHRONOPOST | France | European Union |
| BOOMERANG | France | European Union |
| TNT | Netherlands | European Union |
9. HOW IS YOUR DATA PROTECTED?
GRIP500 has implemented appropriate physical, technical, administrative, and organizational security measures to protect Your Data against any unauthorized or unlawful access, use, loss, accidental destruction, damage, theft, or disclosure of that Data.
Despite its continuous efforts, GRIP500 cannot commit to guaranteeing a result in terms of the security of Your Data and invites You to report any difficulties of the aforementioned kind that You may become aware of.
To do this, you can contact customer service at Your convenience, either by sending an email to cm@grip500.com or through the contact form accessible here.
This site is protected by reCAPTCHA, and the privacy policy and terms of service of Google apply to this service.
10. WHAT ARE YOUR RIGHTS?
In accordance with current legislation, You have the following rights regarding Your Data:
-
the right of access to Your Data:
This is the possibility for You to obtain confirmation from GRIP500 that Data concerning You is or is not being processed, as well as access to said Data and the following information: purposes, categories of Data, recipients or categories of recipients, duration of storage or the criteria used to determine this duration, Your rights concerning these Data, the right to lodge a complaint with a supervisory authority, and, where applicable, the source of the Data collection and the existence of automated decision-making based on these Data.
You also have the right, when Your Data is transferred to a third country or an international organization, to be informed of the appropriate safeguards regarding this transfer.
In application of the right of access, GRIP500 provides You with a copy of the Data and may require the payment of reasonable fees based on administrative costs for any additional copy that You request. If You submit the request electronically, the information will be provided in a commonly used electronic form, unless You request otherwise.
-
the right to rectification of Your Data:
This is the possibility for You to obtain from GRIP500 the rectification, as soon as possible, of Your Data that is inaccurate or, considering the purposes of the Processing, incomplete (You may provide a supplementary statement for this purpose);
-
the right to erasure of Your Data:
This is the possibility for You to obtain from GRIP500 the erasure, as soon as possible, of Your Data for one of the following reasons:
- the Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw Your consent on which the Processing of these Data is based, provided that there is no other legal ground for the Processing;
- You object to the Processing of these Data under the conditions specified below regarding Your right to object;
- the Data has been unlawfully processed;
- the Data must be erased to comply with a legal obligation to which GRIP500 is subject; or
- the Data has been collected in relation to the offer of information society services to children.
If the Data for which erasure is requested has been made public by GRIP500, reasonable measures, taking into account available technology and the cost of implementation, including technical measures, must be taken to inform the controllers who are processing these Data that You have requested the erasure by them of any links to these Data or of any copy or reproduction thereof.
This right to erasure does not apply to the extent that Processing is necessary:
- for exercising the right of freedom of expression and information;
- to comply with a legal obligation which requires Processing under the law of the Union or of the Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that Processing; or
- for the establishment, exercise or defense of legal claims.
-
the right to object to the Processing of Your Data:
This is the possibility for You to object to a Processing of Your Data carried out on the basis of a legitimate interest by GRIP500 (including profiling based on such justification) if this Processing is not actually justified by compelling legitimate grounds of GRIP500 that override Your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
It is also the possibility for You to object to Processing for direct marketing purposes (including profiling if it is related to such direct marketing).
Finally, in terms of Processing for statistical purposes, it is the possibility for You to object to such Processing for reasons related to Your particular situation, unless the Processing is necessary for a task carried out for reasons of public interest.
-
the right to restriction of Processing of Your Data:
This is the possibility for You to obtain from GRIP500 the restriction of Processing in one of the following cases:
- for the period necessary for GRIP500 to verify the accuracy of the Data when You contest the accuracy of these Data;
- You oppose the erasure of the Data for unlawful Processing and request the restriction of their use instead;
- the Data is no longer needed by GRIP500 for the purposes of the Processing but is still required by You for the establishment, exercise or defense of legal claims;
- for the duration necessary to determine whether the legitimate grounds pursued by GRIP500 override Yours when You have objected to Processing on this basis.
In case of restriction of Processing, the Data may, with the exception of storage, only be processed with Your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State.
You will be informed by GRIP500 before the restriction of Processing is lifted.
-
the right to data portability:
This is the possibility for You to obtain from GRIP500 the communication of Your Data provided to GRIP500 in a structured, commonly used and machine-readable format and to transfer these Data to another entity (this transfer is carried out by You or, if technically feasible, by GRIP500) when the Processing is carried out using automated processes and is based on consent or on a contract;
-
the right to withdraw Your consent:
This is the possibility for You to withdraw Your consent to any Processing of Your Data that has been carried out based on Your prior consent. The withdrawal of consent does not affect the lawfulness of Processing based on consent before its withdrawal.
To exercise the aforementioned rights, You are invited to contact us at Your convenience:
- either by sending an email to the address: cm@grip500.com
- or by completing the contact form accessible here.
In order to process Your request as efficiently as possible, GRIP500 invites You to formulate it clearly and in detail. If there is any doubt about Your identity, GRIP500 may possibly request that additional information necessary to confirm Your Identity be provided.
You also have the:
-
right to lodge a complaint with a supervisory authority:
this is the possibility for You to lodge a complaint with a competent supervisory authority, particularly in the Member State where Your habitual residence, place of work or the place where the alleged infringement occurred, if You consider that the Processing of Data concerning You constitutes a breach of legislation.
To facilitate the exercise of this right, we invite You to consult the list of supervisory authorities here.
11. HOW DOES GRIP500 COLLECT DATA RELATED TO MINORS?
The Products sold by GRIP500 on its Website are not intended for minors. Consequently, GRIP500 does not process Data related to minors nor assumes that the Data of the Website visitors or its customers directly or indirectly concern minors.
12. WHAT ABOUT COOKIES AND OTHER SIMILAR TRACKING TECHNOLOGIES?
GRIP500 uses cookies and other similar technologies, which may collect some of Your Data. These cookies help to enhance Your browsing experience on the Site, provide us with information about the operation and quality of our Site, and contribute to the delivery of targeted advertisements.
GRIP500 collects Your prior consent through a banner on the homepage of the Site when You first connect to these computer tools. Your consent is again requested by GRIP500 under the same conditions after a period of thirteen months following the previous collection of Your consent.
GRIP500 strongly encourages You to visit the "Cookies" page of its Site for more information.
13. HOW WILL YOU BE NOTIFIED OF CHANGES TO THE CHARTER?
GRIP500 may periodically modify this Charter, particularly to take into account legislative developments regarding the protection of Your Data.
GRIP500 will inform you of any changes or updates through a notification sent to Your email address and/or a prominent notification on the Site.
14. HOW TO CONTACT US?
GRIP500 is at Your entire disposal to answer all Your questions about this Charter.
To contact us, You are invited to reach out at Your convenience:
- either by sending an email to the address: cm@grip500.com
- or by filling out the contact form accessible here.
