EV Gear Deals, as an affiliate marketing platform specializing in electric vehicle (EV) gear, accessories, and deals, is fully committed to the General Data Protection Regulation (GDPR) for all users in the European Union (EU), European Economic Area (EEA), and United Kingdom. This page details our GDPR compliance, data processing practices, and how we protect your rights as a data subject when you interact with our site, including browsing EV products, clicking affiliate links to partners like Amazon or eBay, or subscribing to updates on sustainable mobility.

Our Data Protection Principles

We process personal data in accordance with GDPR's core principles to ensure trust and transparency in our EV affiliate services:

• Lawfulness, Fairness, and Transparency: We process data legally and inform you clearly about our practices, especially regarding affiliate tracking for EV gear commissions.
• Purpose Limitation: Data is collected only for specific purposes, such as personalizing EV deal recommendations or analyzing site usage for better content on Tesla accessories.
• Data Minimization: We collect only necessary information, e.g., anonymized analytics for traffic patterns on charging product pages.
• Accuracy: We keep your data up-to-date and correct inaccuracies upon request.
• Storage Limitation: Data is retained only as long as needed for business or legal purposes, e.g., 30 days for affiliate referral logs.
• Integrity and Confidentiality: We use secure measures to protect data from unauthorized access, especially during affiliate link redirects.
• Accountability: We maintain records of processing activities and appoint a Data Protection Officer for oversight.

Legal Basis for Data Processing

Under GDPR Article 6, we process data on the following bases, tailored to our EV affiliate operations:

• Consent (Art. 6(1)(a)): For non-essential cookies, newsletters on EV deals, or marketing emails about new mods.
• Legitimate Interests (Art. 6(1)(f)): Site analytics to improve user experience (e.g., popular EV gear searches) and fraud prevention, balanced against your rights.
• Contract (Art. 6(1)(b)): If you engage with affiliate purchases or contact forms.
• Legal Obligation (Art. 6(1)(c)): Compliance with tax laws for affiliate commissions.

We always obtain explicit consent for sensitive processing and provide easy withdrawal options.

Your Rights Under GDPR

As an EU/EEA user, you have the following rights (GDPR Chapter III). We facilitate these for all data subjects:

• Right of Access (Art. 15): Request confirmation of processing and a free copy of your personal data (e.g., contact form submissions or cookie data).
• Right to Rectification (Art. 16): Correct incomplete or inaccurate data, such as email preferences for EV updates.
• Right to Erasure ('Right to be Forgotten') (Art. 17): Delete data if no longer needed, except for legal retention (e.g., affiliate audit logs).
• Right to Restriction of Processing (Art. 18): Temporarily halt processing during disputes or verification.
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format (e.g., JSON for subscribed preferences).
• Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling for personalized EV recommendations.
• Right to Withdraw Consent (Art. 7): Revoke consent at any time without affecting prior processing; e.g., opt-out of affiliate cookies.
• Right to Non-Discrimination: No penalties for exercising rights.

To exercise rights, use our contact form or email. We respond within one month (extendable for complex requests). No fees unless requests are excessive.

International Data Transfers

As a global EV affiliate site, data may be transferred outside the EEA (e.g., to U.S.-based Amazon servers). We ensure adequacy via:

• Standard Contractual Clauses (SCCs) with processors.
• Binding Corporate Rules for intra-group transfers.
• Adequacy decisions for recipient countries.

Affiliate partners like eBay comply with GDPR for EU users; we do not transfer purchase data.

Data Security and Breach Notification

We implement technical and organizational measures (e.g., encryption, access controls, regular audits) to secure data. In case of a breach, we notify affected users and the supervisory authority within 72 hours (Art. 33-34).

Cookies, Tracking, and Affiliates

Our use of cookies and affiliate tracking complies with ePrivacy Directive and GDPR. See our Cookie Policy (linked in footer) for details. Affiliate links to EV products use first-party cookies from partners, with consent obtained via banner.

Automated Decision-Making and Profiling

We do not engage in automated decisions with legal effects (Art. 22). Limited profiling for content recommendations (e.g., suggesting charging gear based on views) is transparent and allows objection.

Complaints and Supervisory Authorities

If dissatisfied with our response, contact your local Data Protection Authority (DPA), e.g., ICO in the UK or CNIL in France. We cooperate fully with DPAs.

Children's Privacy

Our site is not directed at children under 16. We do not knowingly collect data from minors without parental consent.

Changes to This Policy

Updates will be posted here with version history. Significant changes (e.g., new data uses for EV analytics) will be notified via email or site banner.

Effective Date: September 2024 | Data Protection Officer: privacy@evgeardeals.com