General Data Protection Regulation (GDPR) Policy

Carrma is committed to protecting the privacy and personal data of our customers, and we take our obligations under the General Data Protection Regulation (GDPR) seriously. This policy outlines how we ensure compliance with GDPR in the collection, processing, storage, and retention of personal data.

Scope and Application

This policy applies to all personal data processed by Carrma in the course of our business activities, whether collected from individuals or obtained from other sources.

Principles of GDPR

We adhere to the following GDPR principles in the collection and processing of personal data:

• Lawfulness, fairness, and transparency: We only collect personal data for specified, explicit, and legitimate purposes, and we inform individuals of the purpose of data collection.
• Purpose limitation: We only collect personal data that is necessary for the purposes for which it is processed.
• Data minimization: We only process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
• Storage limitation: We do not store personal data longer than is necessary for the purposes for which it is processed.
• Integrity and confidentiality: We take appropriate technical and organizational measures to ensure the security of personal data.
• Accountability: We take responsibility for complying with GDPR and ensuring that our employees are aware of their obligations under GDPR.

Collection and Processing of Personal Data

Carrma collects and processes personal data for the following purposes:

• To provide our services to customers, including evaluating potential offers for cars.
• To communicate with customers and provide customer support.
• To comply with legal and regulatory requirements.
• Carrma only collects personal data that is necessary for these purposes, and we ensure that personal data is accurate and up to date.

Security of Personal Data

Carrma takes appropriate technical and organizational measures to ensure the security of personal data. We use secure servers, encrypted communication, and access controls to protect personal data from unauthorized access, alteration, or disclosure.

Disclosure of Personal Data

Carrma may disclose personal data to third parties in the following circumstances:

• To prospective buyers of cars.
• To our service providers, such as payment processors and data storage providers.
• To government authorities or law enforcement officials, as required by law.
• We ensure that any third parties with whom we share personal data are also GDPR compliant.

Rights of Data Subjects

Individuals have the following rights with respect to their personal data processed by Carrma:

• The right to access their personal data.
• The right to rectify inaccuracies in their personal data.
• The right to erase their personal data.
• The right to restrict processing of their personal data.
• The right to data portability.
• The right to object to processing of their personal data.

Carrma will respond promptly and appropriately to any request from an individual to exercise these rights.

Retention of Personal Data

Carrma retains personal data for as long as necessary to fulfill the purposes for which it was collected and as required by law.

Changes to this Policy

We reserve the right to amend this policy at any time. We encourage individuals to review this policy periodically to stay informed about how we are protecting their personal data.

Contact Information

If you have any questions or concerns about this policy or our privacy practices, please contact us at sales@carrma.com.