db.vin

Privacy Policy

Last updated: October 7, 2025

1. Data Controller

The data controller is Autoiso Sp. z o.o., located at ul. Gnieźnieńska 12, 40-142 Katowice, Poland, Tax ID (NIP): PL6342976575, REGON: 386039655, KRS: 0000840558 (if applicable), e-mail: pomoc@autoiso.pl (“Controller”, “we”).

No Data Protection Officer (DPO) has been appointed. For GDPR-related matters, please contact: pomoc@autoiso.pl.

2. Scope of Processed Data

  1. Technical data and access logs – we process standard information transmitted by your browser:

    • IP address, date and time of request, request identifiers, browser/device information (User-Agent), referrer, and error/performance data.

  2. Cookies / browser storage – we use only essential technical cookies and storage mechanisms required for the website to function; we do not conduct marketing or personalization.

  3. Functional requests (VIN) – when you enter a VIN number in the form or use the API, we process the VIN number itself and request metadata (e.g., IP, timestamp) for handling, caching, and diagnostics. We do not collect personal data within such requests.

  4. No contact forms, accounts, or newsletters – the service does not actively collect user-identifying data (name, e-mail, etc.).

We process data only to the extent necessary for:

  1. ensuring the operation and security of the service (abuse detection, rate-limiting, diagnostics, caching) – Art. 6(1)(f) GDPR (legitimate interest),
  2. statistics and traffic measurement
  3. handling VIN/API requests (functionality delivery, caching of results without user data) – Art. 6(1)(f) GDPR (legitimate interest: service provision).

We do not conduct direct marketing, profiling, or automated decision-making that produces legal effects.

4. Data Protection and Cookies

  1. The service may store cookies and short-term technical data in your browser (e.g., session identifiers, language preferences). These files are essential for proper functionality.
  2. You can manage cookies through your browser settings. Disabling cookies may limit some service functions.

5. API and VIN Requests

  1. The provided VIN number(s) are used solely for processing the request (and short-term server-side caching).
  2. Cloudflare KV is used to cache vehicle results (without user data).
  3. For security and diagnostic purposes, we log request metadata (e.g., IP, timestamp, UA, response status).

6. Data Recipients (Categories of Entities)

  1. Hosting and security provider: Cloudflare, Inc.
  1. These entities act as processors or independent controllers within their service scope; their processing is based on contracts and/or Standard Contractual Clauses (SCC).

7. Data Transfers Outside the EEA

Due to infrastructure dependencies, technical data may be transferred to third countries (including the U.S.). Appropriate safeguards are in place, including Standard Contractual Clauses (SCC) and providers’ organizational and technical security measures.

8. Retention Period

  1. Server logs / security events – retained as necessary for security and diagnostics, up to 90 days, unless a longer period is required for legal claims or compliance purposes.
  2. Cache results in Cloudflare KV – retained until the resource TTL expires or is manually refreshed/invalidated.

9. Data Subject Rights

You have the right to:

  • access your data and obtain a copy,
  • rectify, erase, or restrict processing,
  • object to processing based on Art. 6(1)(f) GDPR,
  • (where processing is based on consent) withdraw consent at any time (without affecting the lawfulness of prior processing),
  • lodge a complaint with the supervisory authority – President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

Requests can be submitted to: pomoc@autoiso.pl.

10. Voluntary Nature of Data Provision

Technical data is collected automatically during the use of the service. Use of VIN/API features is voluntary; not providing a VIN will prevent that feature from functioning.

11. Security

We apply technical and organizational safeguards appropriate to the level of risk, including network protection, access control, event logging, and edge infrastructure (Cloudflare) to prevent abuse.

12. Bots, Search Engines, and AI Systems

Publicly available content on the service may be indexed by search engines and AI systems (e.g., Googlebot, Bingbot, OpenAI Crawler) in accordance with the robots.txt protocol and fair use principles. The Administrator intentionally allows indexing by search engines and AI models to ensure compliance with open Internet standards and improve content visibility.

13. Language Versions

The service operates in multiple languages. This Policy may be available in various language versions; in case of discrepancies, the Polish version shall prevail, unless explicitly stated otherwise.

14. Policy Changes

We may update this Policy, particularly in response to legal changes, service functionality updates, provider changes, or retention settings. Updates are announced by publishing a new version with the revised date.

15. Contact

For matters related to this Policy and data processing: pomoc@autoiso.pl.

Mailing address: ul. Gnieźnieńska 12, 40-142 Katowice, Poland