SprezzaCar

Privacy Policy

We keep data minimal: no ads, no trackers, no cookies by default. This page explains what we process, on which legal bases, for how long, and your GDPR rights.

No cookies by default. We don’t set non-essential cookies or use third-party trackers.
System fonts only. No external font CDNs; fewer requests, fewer data flows.
Contact-first. We process personal data mainly when you contact us or become a client.

1) Controller & contact

Controller (Art. 4(7) GDPR): HNCM — Hoch & Nauendorf Curated Motors
[Street & No.], 701xx Stuttgart, Germany
Email: [email@example.com]
Phone: [optional]

If you have questions about this policy or your rights, contact us any time.

2) Hosting & server logs

This website is hosted in the EU/EWR (or an equivalent jurisdiction). When you visit, the web server temporarily processes log data (e.g., IP address, timestamp, requested file, user agent) for the purposes of delivering the site, ensuring security and troubleshooting.

3) Contact & intake forms

If you contact us (email or form), we process the data you provide (e.g., name, email, message and any optional details) to respond and, where applicable, to perform pre-contractual or contractual steps.

4) Cookies & similar technologies

No non-essential cookies are set by default. If we introduce features that require cookies (e.g., session for client portal), we will use only what’s necessary and provide a consent mechanism where required.

5) Analytics & third parties

We currently do not use analytics, advertising networks or third-party embeds that track you. If we add privacy-respecting analytics (e.g., self-hosted, cookieless, no cross-site tracking), we will document the provider, data scope and legal basis here.

6) Legal bases

  • Art. 6(1)(b) GDPR — contract or pre-contract (advisory services).
  • Art. 6(1)(f) GDPR — legitimate interests (secure operation, answering inquiries).
  • Art. 6(1)(c) GDPR — legal obligations (tax/commercial law retention).
  • Art. 6(1)(a) GDPR — consent (only if/when we ask for it).

7) Retention

We retain personal data only for as long as necessary for the purpose collected or as required by law. Inquiry emails are typically reviewed after 6 months; contract and billing records follow statutory retention (usually 6–10 years under German law).

8) Recipients & transfers

We share data only where necessary (e.g., hosting providers, email service, accounting). We ensure appropriate processing agreements. No sale of personal data. International transfers occur only with adequate safeguards (e.g., EU adequacy, SCCs).

9) Your GDPR rights

  • Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18).
  • Portability (Art. 20), objection (Art. 21) to processing based on Art. 6(1)(f).
  • Withdraw consent at any time (Art. 7(3)) — without affecting past processing.
  • Complain to a supervisory authority.

10) Security

We use reasonable technical and organizational measures (HTTPS/TLS, access controls, minimization). No method is 100% secure, but we continuously improve safeguards proportional to risk.

11) Updates

We update this policy when our processing changes. The current version is always available at this URL.