Last updated: July 2025

Vita Rossa Classico Ltd (“we,” “us,” “our”) is committed to safeguarding the privacy and security of our clients, prospects, and website visitors. This policy explains how we collect, use, share, and protect your personal data—and how you can exercise your rights under the UK GDPR.

1. Scope

This policy applies to all personal data we collect:
– Via our website (www.vitarossaclassico.com)
– In person or by phone, email, post, or social media
– In vehicle sales, sourcing, restoration, storage, event, and consultation activities

2. Categories of Personal Data We Collect

  1. Identity & Contact Data: Name, title, company, job title, email, phone, postal address
  2. Transactional Data: Enquiry and purchase history, finance applications, invoices
  3. Technical & Usage Data: IP address, device/browser type, operating system, cookie identifiers, pages visited, click‑streams
  4. Employment & Recruitment Data: CVs, references, right‑to‑work documents
  5. Marketing Preferences: Opt‑in status, communications history
  6. Vehicle Provenance Data: Documents and history supplied with a vehicle

3. How We Collect Your Data

  • Directly from you when you enquire, purchase, subscribe to marketing, register for events, or apply for positions.
  • Automatically via cookies, web beacons, Google Analytics, and server logs when you visit our website.

4. Purposes & Lawful Bases for Processing

Purpose Lawful Basis
Responding to enquiries & fulfiling contracts
Contractual necessity
Processing vehicle finance applications
Contractual necessity
Recruiting & managing employees
Contractual / Legal obligation
Invoicing & accounting to meet HMRC requirements
Legal obligation
Sending marketing communications
Consent
Fraud prevention & security monitoring
Legitimate interests
Website analytics & improvement
Legitimate interests
Enforcing our terms and policies Legal obligation / Legitimate interests
Legal obligation / Legitimate interests

5. Legitimate Interests

Where we rely on legitimate interests, we ensure your rights and freedoms are fully balanced, for purposes such as:

– Network and information security
– Improving website usability and performance
– Preventing fraud and misuse of our services

You may object to processing based on legitimate interests—see Section 12.

6. Sharing & Disclosure

We never sell your personal data. We may share it with:

– Service Providers & Processors (CRM, payment, marketing, logistics) under GDPR‑compliant contracts
– Professional Advisors (legal, accounting) when required
– Finance, Insurance, Warranty Partners to fulfil your requests
– Regulatory or Law Enforcement Authorities to comply with legal obligations or protect our rights

7. International Transfers

Some service providers are located outside the UK/EU (e.g., in the USA). We use Standard Contractual Clauses or other approved safeguards to protect your data when transferred internationally.

8. Security Measures

We employ technical and organizational controls, including:

– TLS encryption (HTTPS) for data in transit
– Access controls and multi‑factor authentication on our systems
– Regular security audits and staff training
– Incident response procedures aligned with GDPR requirements

9. Cookies & Tracking

We use cookies and similar technologies to:

– Enable essential site functionality
– Remember your preferences
– Analyze site usage and improve user experience

You can manage or disable non‑essential cookies via your browser settings. See our Cookies Policy [link] for full details.

10. Data Retention

  • Transactional & Accounting Data: 7 years (HMRC requirement)
  • Marketing Consents & Preferences: Until you withdraw consent
  • Recruitment Data: 6 months after application process concludes
  • Technical & Analytics Data: 12–24 months
    We review retention periods regularly and securely delete data when no longer required.

11. Children’s Privacy

Our services are intended for adults. We do not knowingly collect personal data from children under 16. If we learn of any such data, we will delete it promptly.

12. Your Rights

You have the right to:

– Access your personal data (Subject Access Request)
– Correct inaccuracies (Rectification)
– Erase your data (“Right to be forgotten”)
– Restrict or object to processing (including marketing)
– Port your data to another provider (Data Portability)
– Withdraw consent at any time (without affecting prior lawful processing)

To exercise your rights, contact us at privacy@vitarossaclassico.com. We will respond within one month.

13. Right to Complain

If you are unhappy with our handling of your data, please contact us first so we can address it. You may also lodge a complaint with the ICO at www.ico.org.uk.

14. Provision of Data

Providing personal data is necessary to enter into contracts (e.g., for vehicle sales or sourcing). If you choose not to provide required data, we may be unable to deliver those services.

15. Changes to This Policy

We review this policy regularly. Updates will be indicated by the “Last updated” date above. Significant changes will be notified via our website or direct communication.

Thank you for trusting Vita Rossa Classico with your personal data.

Contact