en
en

PRIVACY POLICY – ZYCARO

(Official Version – November 2025)

1. Introduction

This Privacy Policy explains how MAHDI HOLDING s.r.o., operating the website www.zycaro.com under the brand ZYCARO, collects, uses, protects, and processes the personal data of its users and clients.

This Policy is established in accordance with:

  • The GDPR – Regulation (EU) 2016/679,

  • Slovak Act No. 18/2018 on personal data protection,

  • the guidelines of the Slovak Data Protection Authority (ÚOOÚ).

By using the website or services of www.zycaro.com, you agree to the practices described in this Policy.

2. Data Controller

MAHDI HOLDING s.r.o.

  • Company ID (IČO): 55129005

  • VAT ID: SK2121882631

  • Address: Z. Kodalya 788, 924 01 Galanta, Slovakia

  • E-mail : info@zycaro.com

The data controller determines the purposes and means of processing personal data.

3. Personal Data Collected

3.1. Identification Data

  • Name, surname, date of birth, country of residence, address, phone number, e-mail.

3.2. Identity Documents

Collected only when required for:

  • vehicle rental,

  • purchase/sale procedures,

  • Z-Check verification,

  • International transport,

  • Administrative procedures (insurance, taxation, registration).

Possible documents :

  • passport,

  • ID card,

  • driving licence,

  • residence permit,

  • Proof of address,

  • signed authorisations or powers of attorney.

3.3. Vehicle Data

  • VIN number, licence plate, make, model, year, engine type, mileage,

  • photos and videos of the vehicle,

  • Registration certificate, invoices, technical reports, expert assessments.

3.4. Contractual Data

  • order history,

  • selected services (Z-Check, Buy Safe, Smart Choice, All-Inclusive, Transport, Mediation, Rental),

  • Communications and supporting documents.

3.5. Payment Data

  • amounts, dates, references, invoices,

  • Payments are processed by secure third-party providers. Zycaro never accesses full credit card numbers.

3.6. Technical Browsing Data

  • IP address, logs, session identifiers, cookies, browser language.

4. Legal Bases for Processing

Processing is based on:

Article 6(1)(b) GDPR – Performance of a contract

For:

  • Z-Check verification,

  • mediation,

  • Sourcing,

  • Buy Safe / Smart Choice / All-Inclusive services,

  • Transport,

  • Rental,

  • Administrative procedures.

Article 6(1)(a) – Consent

For :

  • User-submitted ads,

  • Non-essential cookies,

  • Voluntary document submission,

  • Analytics and marketing cookies (if enabled).

Article 6(1)(c) – Legal obligation

For:

  • invoicing,

  • tax obligations,

  • fraud prevention,

  • compliance with official requests.

Article 6(1)(f) – Legitimate interest

For :

  • Website security,

  • abuse prevention,

  • internal management,

  • establishing contractual proof.

5. Purposes of Processing

Data are used to:

  • Provide the services of www.zycaro.com,

  • perform verifications and analyses,

  • communicate with the Client,

  • create quotes, invoices, and contractual documents,

  • organise transport or rental,

  • prevent fraud,

  • ensure website security,

  • improve the user experience,

  • comply with legal obligations.

6. Data Sharing

6.1. Authorised Third-Party Providers

Data may be transmitted only to service providers necessary for the execution of the service, such as:

  • Automotive inspectors,

  • technical experts,

  • logistics partners or transporters,

  • administrative partners (registration, taxation, customs),

  • secure payment providers,

  • verification platforms (e.g. VIN report providers).

All these partners are bound by strict contractual confidentiality.

6.2. Prohibited Uses

Service providers are not allowed to:

  • Contact the client directly,

  • use data for commercial purposes,

  • retain data beyond the required timeframe,

  • transmit data to third parties.

6.3. No transfers outside the EU without safeguards

Any transfer outside the EEA is carried out only using:

  • Standard Contractual Clauses (SCCs),

  • or to countries recognised as adequate by the European Commission.

7. Data Retention

  • Contractual data: 5 years

  • Identity documents: deleted after the service (max 30 days)

  • Verification data: 12 months

  • Technical cookies: session duration

  • Analytics/marketing cookies: 13 months (if consent is given).

8. Data Security

www.zycaro.com implements technical and organisational security measures, including:

  • secure servers (Hostinger),

  • restricted access,

  • SSL encryption,

  • monitoring of third-party providers,

  • automatic deletion of sensitive documents.

9. Your Rights (GDPR)

You have the following rights:

  • Right of access,

  • right to rectification,

  • right to erasure,

  • right to restriction,

  • right to object,

  • right to data portability,

  • right to withdraw consent at any time.

To exercise your rights:
info@zycaro.com

10. Supervisory Authority

In case of a complaint, you may contact:
Slovak Data Protection Authority
Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12, 820 07 Bratislava, Slovakia
Website: https://dataprotection.gov.sk/

11. Changes to this Policy

This Policy may be updated at any time.
The version currently in force is available on www.zycaro.com.