Oz Hicret S.R.L. may collect the following information for the purposes of membership registration, spare parts order processes, campaigns and promotions, customer support services and fulfilling legal obligations:

• Identity Data: Name, surname

• Contact Data: Address, email, phone number

• Payment Data: Credit card or bank account information (through PCI DSS compliant secure payment infrastructure, card information is not stored by our company)

• Order Data: Spare parts order and delivery history, vehicle information

• Technical Data: IP address, browser information, cookie data, site usage statistics

Legal Basis: GDPR Article 6(1)(b) - Performance of contract, (c) - Legal obligation, (f) - Legitimate interest

Purposes of Using Personal Data

The collected data is processed for the following purposes:

• Order Processing: Receiving, preparing, shipping and delivering spare parts orders

• Membership Management: Managing membership registration and account security

• Customer Services: Customer support, technical assistance, warranty and return procedures

• Marketing: Campaigns, promotions and commercial electronic communications (only with explicit consent - GDPR Article 6(1)(a))

• Legal Compliance: Fulfilling tax, accounting and legal obligations

• Improvement: Increasing service quality and improving user experience

Personal Data Retention Period

Personal data is retained for the following periods in accordance with GDPR and Romanian Law No. 190/2018:

• Order and invoice data:5 years according to tax legislation
• Membership and account data: As long as the account is active + 3 years after the last interaction
• Marketing consent data: Until consent is withdrawn
• Cookie data: Periods specified in the cookie policy (usually 6-12 months)
• Legal claim data: For the statute of limitations period (generally 3 years)

After these periods expire, your data is deleted, destroyed or anonymized in accordance with GDPR Article 17.

Data Security Measures

Oz Hicret S.R.L. takes the following technical and organizational measures in accordance with GDPR Article 32 against the risks of unauthorized access, disclosure, alteration or destruction of personal data:

• Encryption: Encrypted communication with SSL/TLS certificate (HTTPS)

• Payment Security: PCI DSS compliant secure payment infrastructure (card information is not stored)

• Server Security: Firewall, antivirus, DDoS protection

• Access Control: Multi-factor authentication and authorization systems

• Backup: Regular data backup and disaster recovery plan

• Staff Training: Regular staff training on data protection

Use of Cookies

The SITE uses cookies to improve user experience, analyze site traffic and improve its services. Cookie types:

• Essential Cookies: Necessary for site functionality
• Analytical Cookies: Site usage statistics (Google Analytics etc.)
• Marketing Cookies: Personalized ads (only with consent)

Cookie settings can be managed through the browser. For detailed information, see the Cookie Policy.

Sharing of Personal Data

Oz Hicret S.R.L.does not sell or rent personal data to third parties under any circumstances. However, it may share data with service providers as data processors in accordance with GDPR Article 28 in the following situations:

• Logistics Companies: Address and contact information for spare parts delivery

• Payment Institutions: Data required for secure payment processing (card information is not stored)

• Cloud Service Providers: Data hosting and backup services (within the EU)

• Legal Authorities: In case of a court order or legal obligation

GDPR-compliant data processing agreements are signed with all third-party service providers.

User Rights (GDPR)

Under GDPR, users have the following rights:

• Right to Information (Article 15): To find out whether your personal data is being processed and request a copy

• Right to Rectification (Article 16): To request correction of inaccurate data

• Right to Erasure (Article 17): "Right to be forgotten" - To request deletion of data

• Right to Restriction (Article 18): To request cessation of data processing

• Right to Data Portability (Article 20): To receive your data in a structured format

• Right to Object (Article 21): To object to marketing activities

• Right to Complain (Article 77): To file a complaint with the Romanian Data Protection Authority (ANSPDCP)

These requests can be sent to info@ozhicret.com. Requests are answered within 30 days (GDPR Article 12).

International Data Transfer

Your personal data is primarily stored and processed within the European Union. In case of data transfer outside the EU, appropriate security measures are taken in accordance with GDPR Articles 44-49 (Standard Contractual Clauses, Adequacy Decisions etc.).

Data Breach Notification

In accordance with GDPR Articles 33-34, in the event of a personal data breach, Oz Hicret S.R.L. notifies the Romanian Data Protection Authority (ANSPDCP) within 72 hours of learning of the incident and informs affected users.

Children's Privacy

The SITE is not intended for children under 16 years of age (GDPR Article 8). Personal data of users under 16 is processed only with parental or guardian consent.

Policy Changes

Oz Hicret S.R.L. reserves the right to update this policy at any time. Important changes are notified to users by email. The updated text becomes effective from the date of publication on the SITE. Last update: February 17, 2026.

Contact and Data Controller Information

For any questions, requests and complaints related to privacy, data protection or GDPR rights:

Data Controller: Oz Hicret S.R.L.
Address: Bulevardul Iuliu Maniu 408, Sector 6, Postal Code: 061127, Bucharest, ROMANIA
Email: info@ozhicret.com
Phone: +40 721 216 626

Romanian Data Protection Authority (ANSPDCP):
Web: www.dataprotection.ro