Privacy Policy

Last updated: 01/03/2026

This privacy policy is provided pursuant to EU Regulation 2016/679 ("GDPR") and describes the methods for processing the personal data of users who consult and purchase through the e-commerce site (hereinafter "Site").

1. Data Controller

The Data Controller is:

EP CARWASH
Via Kennedy 197
64016 Sant'Egidio alla Vibrata (TE) – Italy
VAT Number: 02354610442
Email: [insert contact email]

Hereinafter "Controller".

2. Type of Data Collected

During browsing or purchasing, the following personal data may be collected:

  • First and last name

  • Shipping and billing address

  • Email address

  • Phone number

  • Data related to orders placed

  • Payment data (managed via Shopify Payments)

  • IP address and browsing data

Payment data is not stored directly by the Controller but is processed through the secure Shopify Payments system.

3. Purpose of Processing

Personal data is processed for the following purposes:

  1. Management of orders and shipments

  2. Payment management

  3. Customer support

  4. Tax and accounting compliance

  5. Fraud prevention

  6. Fulfillment of legal obligations

Subject to consent, data may also be used for marketing purposes (newsletter, promotional communications).

4. Legal Basis for Processing

Data processing is based on:

  • Performance of a contract (product purchase)

  • Fulfillment of legal obligations

  • Consent of the data subject (for marketing purposes)

  • Legitimate interest of the Controller (site security and fraud prevention)

5. Methods of Processing

Data processing is carried out using IT and telecommunication tools, in compliance with the principles of lawfulness, fairness, and transparency.

Adequate security measures are adopted to prevent unauthorized access, loss, or illicit use of data.

6. Data Retention

Personal data will be stored:

  • For contractual and tax purposes: for the period prescribed by current legislation (generally 10 years)

  • For marketing purposes: until consent is withdrawn

  • For technical and security purposes: for the time strictly necessary

7. Disclosure of Data to Third Parties

Data may be communicated to:

  • Payment service providers (Shopify Payments)

  • Couriers and shipping companies

  • Tax and accounting consultants

  • IT service providers

  • Competent authorities in case of legal obligations

All third parties process data as Data Processors or independent Controllers.

8. Transfer of Data Outside the EU

Some services (e.g., Shopify) may involve the transfer of data to countries outside the EU.

Such transfers comply with the guarantees provided by the GDPR (standard contractual clauses or adequacy decisions).

9. Data Subject Rights

Users can exercise the following rights at any time:

  • Access to their data

  • Rectification or update

  • Erasure (right to be forgotten)

  • Restriction of processing

  • Right to object to processing

  • Data portability

  • Withdrawal of consent

Requests can be sent to the Controller's email address.

The data subject also has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority).

10. Cookies

The Site uses technical cookies and, with prior consent, profiling and marketing cookies.

For more details, please refer to the Cookie Policy.

11. Changes to the Privacy Policy

The Controller reserves the right to modify this policy at any time. Changes will be published on this page with an updated date.