At Carsoundcraft, we take your privacy seriously. This policy explains how we collect, use, store, and protect your personal data when you visit our website https://carsoundcraft.com, place an order, contact us, or interact with us in any way.

We are fully compliant with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). As the data controller, we are committed to handling your information responsibly and transparently.

1. Who is the Data Controller?

Controller: Danev Rado Georgiev (Director of Carsoundcraft)
NIE: Z3430395L
Address: Calle Rojas 2, Floor 2, Apartment 4, 29014 Málaga, Spain
Phone: +34 627 898 763
Email: danevrado@gmail.com

If you have any questions about how we handle your data, just email us at the address above.

2. What personal data do we collect and why?

Depending on how you interact with us, we may process the following information:

  • Name and surname
  • Email address
  • Phone number
  • Delivery and billing address
  • Order details (products, quantities, total amount)
  • Payment information (handled securely by our payment providers – we do not store full card details)
  • IP address and basic browsing data (via cookies – see our Cookie Policy for details)
  • Any information you provide when contacting us (e.g., messages, photos for warranty claims)

Main purposes:

  1. To process and fulfill your orders, including shipping and invoicing (contract performance).
  2. To handle customer support, returns, warranties, and complaints.
  3. To comply with legal obligations (e.g., tax, accounting, consumer protection laws).
  4. To send you marketing emails or newsletters about our products and offers only if you explicitly agree (you can unsubscribe anytime).
  5. To improve our website and services through anonymous analytics (e.g., Google Analytics with anonymized IP).

3. What is the legal basis for processing your data?

  • For orders, shipping, and invoicing: necessary for the performance of the contract (Art. 6.1(b) GDPR).
  • For legal obligations (e.g., keeping invoices for 6 years): legal obligation (Art. 6.1(c) GDPR).
  • For marketing communications: your explicit consent (Art. 6.1(a) GDPR).
  • For essential cookies and analytics (anonymized): legitimate interest or consent (depending on the cookie – see Cookie Policy).

If you do not provide the required data for an order (name, address, email, etc.), we unfortunately cannot complete the purchase and shipment.

4. How long do we keep your data?

  • Order and customer data: 6 years from your last purchase (to comply with Spanish tax laws and the 3-year legal warranty period + possible claims).
  • Marketing data: until you withdraw consent or request removal.
  • Browsing/analytics data: as specified in our Cookie Policy (usually up to 2 years max).

After these periods, we securely delete or anonymize your data.

5. Do we share your data with third parties?

We only share data when strictly necessary and always with proper safeguards:

  • Shipping companies (e.g., SEUR, MRW, Correos, DHL, etc.) → only name, phone, and address for delivery.
  • Payment providers (e.g., Stripe, PayPal, Redsys) → they process payments securely; we do not store card details.
  • Accounting/tax advisors → only for legal compliance.
  • Public authorities → if required by law (e.g., tax authorities, courts).

We do not sell your data or share it with third parties for their own marketing purposes. No international transfers outside the EEA unless protected by standard contractual clauses or adequacy decisions.

6. What are your rights?

You have the following rights under GDPR:

  • Access → request a copy of your data.
  • Rectification → correct inaccurate data.
  • Erasure ("right to be forgotten") → in certain cases.
  • Restriction of processing.
  • Objection to processing (especially for marketing).
  • Portability → receive your data in a structured format.
  • Withdraw consent at any time (without affecting previous processing).

To exercise any right, email us at danevrado@gmail.com with a copy of your ID (DNI/NIE). We will respond within 1 month (extendable to 2 months if complex).

You can also lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

7. How do we protect your data?

We use technical and organizational measures to keep your data secure: HTTPS encryption, access controls, regular security reviews, and secure servers within the EU.

8. Changes to this policy

We may update this policy if laws change or our practices evolve. The latest version will always be posted here with the last updated date. We recommend checking back occasionally.

Last updated: January 30, 2026

Thank you for trusting us with your data.
Danev Rado Georgiev
Carsoundcraft – Car Audio Specialists
Málaga, Spain