top of page

Privacy Policy 

At Kedze Motor Group, we value your privacy. This policy outlines how we collect, use, and protect your information when you browse our inventory or purchase a vehicle through our online platform.

1. Legal Basis for Processing

​

Under the GDPR, we only process your data if we have a valid reason. For Kedze Motor Group, these are:

  • Contractual Necessity: To process your car purchase, billing, and delivery.

  • Legal Obligation: To comply with tax laws, anti-money laundering (AML) regulations, and vehicle registration requirements.

  • Legitimate Interests: To improve our website and prevent fraud.

  • Consent: For marketing emails (which you can withdraw at any time).

​

2. Data We Collect & Why

​​

Identity (Name, DOB): To verify the buyer and title the vehicle.10 years (Legal requirement).

Contact (Email, Phone): Delivery updates and customer support.Duration of ownership + 2 years.

Financial (Billing Address): Payment processing and VAT invoicing.7-10 years (Tax laws).

Technical (Cookies, IP): Site security and analytics.12 months.

​

3. International Transfers

​

We prefer to keep your data within the European Economic Area (EEA). If we use a third-party service provider (like a US-based CRM or Payment Gateway), we ensure they utilize Standard Contractual Clauses (SCCs) to maintain your GDPR protections.

​

4. Your Rights Under the GDPR

​

As a resident of the EU, you have the following "Data Subject Rights":

  1. Right to Access: You can ask for a copy of all data we hold on you.

  2. Right to Rectification: You can ask us to fix incorrect information.

  3. Right to Erasure ("Right to be Forgotten"): You can ask us to delete your data (provided it isn't required for legal/tax reasons).

  4. Right to Data Portability: You can ask for your data in a machine-readable format to move to another company.

  5. Right to Object: You can stop us from using your data for direct marketing.

​

5. Data Security & Payment Processing

​

We do not store full credit card numbers on our servers. All payments are handled via PCI-DSS compliant providers (e.g., Stripe, PayPal, or Adyen) using end-to-end encryption.

​

6. Supervisory Authority

​

If you feel we haven't addressed your privacy concerns properly, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

​

​

bottom of page