Home Pricing Reviews FAQ
About Support
My account Check VIN
Legal information

Privacy Notice (EU/UK)

Last updated: May 7, 2026. Additional rights for users from the EU, EEA, and the UK.

This document supplements the main Privacy Policy

If you are in the EU, the European Economic Area (EEA), or the UK, you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR. This document describes them.

1 Who this applies to

This Notice applies to individuals whose personal data is processed by the VinStatus Service and who are located in:

  • European Union member states;
  • European Economic Area countries (Norway, Iceland, Liechtenstein);
  • the United Kingdom of Great Britain and Northern Ireland;
  • Switzerland (similar provisions under the FADP apply).

If you are in another jurisdiction, our main Privacy Policy applies.

2 Data controller

For GDPR purposes, the controller of your personal data is the VinStatus service, the operator of vinstatus.store. Contact details are provided in section 8.

The Service has not appointed a separate EU/UK representative, as this is not a mandatory requirement given the scale of processing. All requests can be sent directly to the contacts below.

3 Legal bases

We process your personal data on the following bases set out in Art. 6(1) GDPR:

  • (b) Performance of a contract — to provide the paid service (report generation, account access, payment processing);
  • (c) Legal obligations — to comply with tax, accounting, and other applicable legal requirements;
  • (f) Legitimate interests — to ensure site security, prevent fraud, provide technical support, and improve the Service. We balance our interests against your rights and freedoms;
  • (a) Consent — for optional cookies, mailings, and similar purposes. Consent can be withdrawn at any time.

4 Your rights under the GDPR

Under the GDPR (Articles 15–22), you have the right to:

  • Access to data (Art. 15) — to obtain confirmation that we process your data and a copy of that data;
  • Rectification (Art. 16) — to require correction of inaccurate data or completion of incomplete data;
  • Erasure / "right to be forgotten" (Art. 17) — to require deletion of your data where grounds exist (consent withdrawn, data no longer needed, unlawful processing, etc.);
  • Restriction of processing (Art. 18) — to require suspension of processing, for example while your objection is being considered;
  • Data portability (Art. 20) — to receive your data in a structured, machine-readable format and transfer it to another controller;
  • Objection to processing (Art. 21) — to object to processing based on legitimate interests or for marketing purposes;
  • Not to be subject to automated decision-making (Art. 22) — including profiling that has legal or similarly significant effects.

To exercise any of these rights, send a request to info@vinstatus.store with the subject "GDPR Request". We'll reply within 30 days. The request is handled free of charge, except for manifestly unfounded or repetitive requests.

To verify your identity, we may request additional information — this is necessary to prevent data from being disclosed to an unauthorized person.

5 International transfers

Some of our processors (e.g. Stripe, hosting and analytics providers) may process data outside the EU/EEA, including in the US. In such cases we ensure an adequate level of protection in one of the following ways:

  • Through Standard Contractual Clauses approved by the European Commission;
  • Through the processor's certification under the EU-US Data Privacy Framework, where applicable;
  • Through additional technical measures (encryption, pseudonymization);
  • Only with the user's explicit consent (where other grounds do not apply).

6 Automated decisions

We do not make decisions based solely on automated processing (including profiling) that would have legal or similarly significant effects on you — with the following exceptions:

  • Anti-fraud checks during payment via Stripe — may result in a transaction being declined. In that case you can contact us and we will review the request manually;
  • Repeat trial control — the system may automatically refuse to activate a second trial for the same user.

In both cases you have the right to request a manual review and present your position.

7 Complaints to a supervisory authority

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with a data-protection supervisory authority:

  • in your country of habitual residence;
  • in your country of work;
  • in the country of the alleged infringement.

List of EU member-state supervisory authorities: edpb.europa.eu/about-edpb/about-edpb/members_en.

For UK users, the supervisory authority is the ICO (Information Commissioner's Office): ico.org.uk.

However, we recommend contacting us directly first — this usually resolves the matter faster.

8 Contacts

For all questions regarding this Notice and the exercise of your GDPR rights:

Contact details
Email: info@vinstatus.store
Email subject: GDPR Request
Service: VinStatus
Response time: up to 30 days
Related documents. This Notice supplements but does not replace the main Privacy Policy and the Cookie Policy. For a full understanding of how your data is processed, we recommend reading all three documents.