Via TraceParts Analytics, TraceParts may share certain elements of Users’ personal data with Suppliers that have components that Users wish to consult. All product-related actions on the TraceParts website are stored in a database and are used to produce usage analyses in the form of statistical reports. This enables Suppliers to monitor trends in real time on their respective Supplier pages, or to view the complete report, which offers different overviews and in particular gives them access to user data for commercial follow-up purposes. In order to download component specifications provided by Suppliers, Users are required to register with TraceParts and in doing so, are required to provide certain Personal Data. In connection with that process, Users are required to affirmatively consent to the collection, transmission, and processing of such data by TraceParts and the applicable Supplier in accordance with their respective data privacy policies.
The GDPR stipulates, among other things, that recipients of personal data that are engaged in any Processing of such data are responsible for, among other things, implementing technical and organizational measures to safeguard the security of Personal Data and to enable Users to exercise their rights under the GDPR.
For the purposes of these Terms and Conditions:
(a) “Suppliers” shall mean manufacturers or vendors of components made available to Users through TraceParts or directly from such manufacturer or vendor, or any natural or legal person acting on such manufacturer or vendor’s behalf.
(b) “Recipient” shall mean the natural or legal person to whom Personal Data are communicated.
(c) “Controller” shall mean the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
(d) “User” shall mean citizens from European Union whose Personal Data are collected and Processed.
(e) “Personal Data” shall mean any information relating to an identified natural person or one that can be identified, directly or indirectly, by one or more identifying factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
(f) “Processing” shall mean any operation or set of operations performed upon Personal Data, by whatever means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
(g) “Regulation” or “General Data Protection Regulation” or “GDPR” shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
(h) “Supervisory Authority” shall mean the lead public authority appointed by the relevant Member State and responsible for monitoring the application of the Regulation, in order to protect the fundamental rights and freedoms of natural persons in relation to Processing and to facilitate the free flow of Personal Data within the European Union.
III. Obligations incumbent upon the Recipient
The Recipient agrees and warrants, among other things:
(a) to comply with Article 14 of the GDPR, supplying each User for whom the Recipient has obtained Personal Data with the listed information within a reasonable timeframe.
(b) to process Personal Data fairly, lawfully and transparently in accordance with the provisions of Article 5 of the GDPR.
(c) to process the User’s Personal Data in accordance with the provisions of Article 32 of the GDPR in such a way as to safeguard the security of such data and, in particular, protect it from being deformed, damaged, or accessed by unauthorized third parties.
(d) to respond in accordance with the GDPR to User requests concerning:
- The right to object: any natural person is entitled, on legitimate grounds, to object to the processing of any data relating to them (Art. 21 of the GDPR);
- The right of access: people are entitled to know what information has been collected about them (Art. 15 of the GDPR);
- The right of rectification or deletion: people are entitled to have their personal information rectified or deleted (Art. 16/17 of the GDPR).
(e) to implement a strict anti-spam policy, and send marketing email messages only to Users who have consented to the receipt of such materials in accordance with the GDPR by affirmatively opting in to the receipt of such materials.
(f) to ensure that the Recipient’s employees are fully informed of their responsibilities concerning the protection of Personal Data, particularly as regards data privacy (Art. 24 of the GDPR).
(g) that, at present, the Recipient knows of no legal, administrative or judicial prohibition that might disbar the Recipient from performing Processing Personal Data.
to respond to any request from TraceParts relating to Processing in accordance with the requirements of GDPR.
(i) to cooperate with the Supervisory Authority in accordance with the requirements of GDPR if asked for information by that authority relating to Processing or otherwise to verify the Recipient’s compliance with GDPR.
(j) to comply with any requirement imposed upon the Recipient by the Supervisory Authority within its authority under the GDPR, with regard to the Processing of Personal Data of any particular User or otherwise relating to the Recipient’s compliance with GDPR.
Any User who suffers damage solely as the result of the failure of the Recipient, in the latter’s capacity as Controller, to comply with the GDPR shall be entitled to seek reparation from the Controller only, and not from TraceParts.
Last updated: May 25, 2018