Privacy Policy

This Privacy Policy explains how CenterCaps.com collects, uses, stores, and protects personal data when customers visit our website, create an account, place an order, contact us, subscribe to marketing communications, or otherwise interact with us.

CenterCaps.com is operated by:

Protosfera d.o.o.

Majstorska 1C

10 000 Zagreb

Croatia

E-mail: orders@wheelscaps.com

Company information:

Protosfera društvo s ograničenom odgovornošću za proizvodnju i usluge

Društvo je upisano pri Trgovačkom sudu u Zagrebu, OIB: 03545014649

MBS: 081394380

Osoba ovlaštena za zastupanje: Marko Horvatek, direktor

Transakcijski račun otvoren u Raiffeisenbank Austria d.d., Magazinska ul. 69, 10 000 Zagreb

Temeljni kapital u iznosu od 5.043 EUR uplaćen je u cijelosti.

IBAN: HR3724840081135226670

SWIFT: RZBHHR2X

For the purposes of data protection law, Protosfera d.o.o. is the data controller.

1. Personal Data We Collect

We may collect the following categories of personal data:


  • name and surname;

  • company name, if applicable;

  • billing address;

  • delivery address;

  • e-mail address;

  • telephone number;

  • VAT number, tax number, or company identification details, where applicable;

  • order details, including purchased products, quantities, prices, order history, invoices, payment status, and shipping information;

  • communication history, including e-mails, messages, complaints, return requests, warranty requests, product questions, and support requests;

  • photos, measurements, wheel information, vehicle information, or other details provided by the customer for compatibility checks, custom orders, or support;

  • account login details, if the website allows account creation;

  • technical data such as IP address, browser type, device information, operating system, website usage data, cookie identifiers, and approximate location based on IP address;

  • marketing preferences, if the customer subscribes to newsletters or promotional communication.

We do not intentionally collect special categories of personal data, such as health information, political opinions, religious beliefs, biometric data, or similar sensitive information.

2. How We Collect Personal Data

We collect personal data when:


  • the customer places an order;

  • the customer creates an account;

  • the customer contacts us by e-mail, contact form, social media, marketplace message, or other communication channel;

  • the customer requests product support, compatibility advice, a return, refund, warranty claim, or complaint handling;

  • the customer subscribes to marketing communication;

  • the customer browses the website;

  • cookies, analytics tools, security tools, or similar technologies collect technical information.

We may also receive personal data from payment service providers, delivery companies, marketplace platforms, fraud prevention tools, website hosting providers, or other service providers involved in processing the order.

3. Purposes and Legal Bases for Processing

We process personal data only where we have a valid legal basis.

3.1 Order Processing and Delivery

We process personal data to receive, confirm, produce, pack, ship, deliver, and manage orders.

Legal basis: performance of a contract or steps before entering into a contract.

3.2 Payment and Accounting

We process payment status, invoice details, billing data, and accounting records to receive payment, issue invoices, keep business records, and comply with tax and accounting obligations.

Legal basis: performance of a contract and compliance with legal obligations.

We do not intentionally store full card details on our own systems. Card payments are normally processed by external payment service providers.

3.3 Customer Support, Returns, Complaints, and Warranty Requests

We process communication data, order details, photos, measurements, and product information to answer questions, provide support, check compatibility, handle returns, investigate complaints, and resolve warranty or defect claims.

Legal basis: performance of a contract, compliance with legal obligations, and our legitimate interest in resolving disputes and protecting our business.

3.4 Fraud Prevention and Legal Protection

We may process personal data to prevent fraud, misuse, chargebacks, abusive claims, unpaid orders, identity misuse, security incidents, or legal disputes.

Legal basis: legitimate interest and, where applicable, compliance with legal obligations.

Our legitimate interests include protecting our webshop, customers, payment systems, business records, legal position, and property.

3.5 Website Operation and Security

We process technical data to keep the website functional, secure, and stable, including server logs, security logs, anti-spam protection, fraud detection, and protection against malicious activity.

Legal basis: legitimate interest.

3.6 Analytics and Website Improvement

We may process website usage data to understand how customers use the website, improve products, improve website performance, and improve the shopping experience.

Where analytics cookies or similar technologies are not strictly necessary, we use them only where legally permitted and, where required, after consent.

Legal basis: consent or legitimate interest, depending on the tool and applicable law.

3.7 Marketing

We may send marketing e-mails only where permitted by law, such as when the customer has subscribed or where another lawful basis applies.

Customers can unsubscribe from marketing communication at any time.

Legal basis: consent or legitimate interest, depending on the type of communication and applicable law.

Transactional e-mails about orders, payment, delivery, returns, or support are not marketing e-mails and may be sent as necessary for order fulfilment.

4. Customer Responsibility for Provided Data

The customer is responsible for ensuring that all personal data provided to us is accurate, complete, and up to date.

If the customer provides incorrect delivery details, incorrect billing details, wrong e-mail address, wrong phone number, or incorrect product information, we are not responsible for delays, failed delivery, additional costs, incorrect order processing, or inability to provide support caused by such incorrect information.

If the customer provides personal data of another person, for example a different delivery recipient, company contact, or gift recipient, the customer confirms that they are authorised to provide that data.

5. Cookies and Similar Technologies

CenterCaps.com may use cookies and similar technologies.

Cookies may be used for:


  • website functionality;

  • shopping cart operation;

  • login sessions;

  • checkout process;

  • security;

  • remembering preferences;

  • analytics;

  • marketing and advertising, if enabled.

Strictly necessary cookies are required for the website to work and may be used without separate consent.

Non-essential cookies, such as certain analytics, advertising, or tracking cookies, are used only where legally permitted and, where required, after the user gives consent.

Users may manage cookies through the website cookie banner, cookie settings, or browser settings. Blocking some cookies may affect website functionality, shopping cart operation, checkout, login, or user experience.

A separate Cookie Policy or cookie banner should list the exact cookies and tools used on the website.

6. Service Providers and Recipients of Personal Data

We may share personal data only where necessary with trusted recipients, including:


  • website hosting providers;

  • webshop platform providers;

  • IT maintenance and security providers;

  • payment service providers;

  • banks;

  • accounting and bookkeeping services;

  • delivery companies, postal services, and couriers;

  • customs authorities, where required for international shipments;

  • tax authorities and other public authorities, where legally required;

  • legal advisors, auditors, debt collection services, or courts, where necessary;

  • e-mail service providers;

  • analytics providers, if used;

  • marketing providers, if used and legally permitted.

We share only the data necessary for the relevant purpose.

Service providers may process personal data only according to our instructions, contractual obligations, and applicable data protection rules, unless they act as independent controllers under applicable law.

7. International Transfers

Some service providers may be located outside the European Economic Area or may process data on servers outside the European Economic Area.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual protections, or other lawful transfer mechanisms.

Customers should be aware that some external platforms, payment providers, analytics tools, or communication tools may process data internationally according to their own privacy policies.

8. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

In general:


  • order records, invoices, payment records, and accounting documents are kept as required by tax, accounting, and company law;

  • customer communication is kept as long as necessary to handle the request, order, complaint, return, warranty issue, or legal claim;

  • account data is kept while the customer account is active, unless deletion is requested and no legal reason requires further retention;

  • technical logs are kept for a limited period necessary for website security and troubleshooting;

  • marketing data is kept until the user unsubscribes or withdraws consent, unless a longer period is required to keep suppression records;

  • data relevant to disputes, fraud prevention, chargebacks, unpaid invoices, warranty claims, or legal proceedings may be kept as long as necessary to protect our legal rights.

Deletion requests do not apply where we must keep certain data to comply with legal obligations, prove transactions, resolve disputes, prevent fraud, or establish, exercise, or defend legal claims.

9. Data Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, password protection, secure hosting, SSL/TLS encryption, backups, security monitoring, limited staff access, and use of trusted service providers.

However, no website, server, e-mail system, or online transmission is completely secure. Customers use the website and electronic communication with this understanding.

Customers are responsible for keeping their account login details confidential and for notifying us if they suspect unauthorised access to their account.

10. Customer Rights

Subject to applicable law, customers may have the right to:


  • request access to their personal data;

  • request correction of inaccurate or incomplete data;

  • request deletion of personal data;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • object to direct marketing;

  • request data portability;

  • withdraw consent where processing is based on consent;

  • lodge a complaint with a supervisory authority.

These rights are not absolute. We may refuse or limit a request where permitted by law, for example if we need to retain data for legal obligations, order records, accounting, fraud prevention, dispute resolution, or legal claims.

To exercise rights, customers may contact us at:

orders@wheelscaps.com

We may request additional information to confirm the identity of the person making the request, especially where the request concerns order records, account data, payment-related information, or delivery details.

11. Right to Object to Direct Marketing

Customers may object to direct marketing at any time.

If the customer unsubscribes from marketing e-mails, we may keep a limited record of the e-mail address to ensure that marketing is not sent again to that address.

Unsubscribing from marketing does not stop transactional communication related to orders, payment, shipping, customer support, returns, complaints, or legal matters.

12. Complaints to the Supervisory Authority

Customers have the right to lodge a complaint with a data protection supervisory authority.

For Croatia, the competent supervisory authority is:

Agencija za zaštitu osobnih podataka – AZOP

Croatian Personal Data Protection Agency

Selska cesta 136

10 000 Zagreb

Croatia

Website: azop.hr

Before submitting a complaint, customers are encouraged to contact us first so we can try to resolve the issue.

13. Children

CenterCaps.com is not intended for children. We do not knowingly sell products to children or knowingly collect personal data from children.

If we become aware that personal data of a child has been provided without appropriate authorisation, we may delete the data unless retention is required by law or necessary to protect legal rights.

14. Product Photos, Reviews, and Customer-Provided Content

If customers send us photos, product installation photos, wheel photos, measurements, feedback, reviews, or similar content, we may process this content to provide support, verify compatibility, improve products, resolve disputes, or handle warranty and return requests.

Where such content is used for marketing, website display, social media, or promotional purposes, we will do so only where we have a lawful basis.

Customers should not send photos or content containing personal data of other people unless they are authorised to do so.

We may keep support photos and compatibility evidence where necessary to protect our legal rights, resolve disputes, document product condition, or improve product fitment information.

15. Payment Data

Payments may be processed by external payment providers, banks, card processors, or marketplace payment systems.

We may receive payment confirmation, payment status, transaction reference, payment method, billing details, and fraud-prevention information.

We do not intentionally store full payment card numbers, card security codes, or complete card credentials on our own systems.

Payment providers process payment data according to their own terms and privacy policies.

16. Delivery and Customs Data

For delivery, we may provide the delivery company or postal service with the customer’s name, delivery address, phone number, e-mail address, shipment details, and customs information where required.

For shipments outside the European Union, customs authorities, import agents, brokers, or delivery companies may require personal data for customs clearance, import taxes, duties, or delivery processing.

We are not responsible for how customs authorities or delivery providers process data as independent controllers.

17. Fraud, Abuse, and Dispute Protection

We may keep and process personal data where necessary to protect against:


  • fraudulent orders;

  • chargebacks;

  • unpaid invoices;

  • false claims;

  • abusive returns;

  • misuse of the website;

  • security incidents;

  • intellectual property misuse;

  • legal disputes;

  • repeated policy abuse.

This may include keeping order records, messages, photos, delivery proof, payment status, IP address, account data, and related evidence.

Legal basis: legitimate interest and, where applicable, establishment, exercise, or defence of legal claims.

18. Third-Party Links

The website may contain links to third-party websites, platforms, payment pages, courier tracking pages, social media pages, or external services.

We are not responsible for the privacy practices, security, content, or data processing of third-party websites.

Customers should read the privacy policies of third-party services before using them.

19. Automated Decision-Making

We do not intentionally use personal data for automated decision-making that produces legal or similarly significant effects on customers.

Some payment providers, fraud prevention tools, security systems, or webshop tools may use automated checks to detect fraud, suspicious transactions, spam, or security risks.

Where such tools are used, they are used to protect the website, customers, payment systems, and our business.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, business operations, website functionality, payment methods, shipping methods, cookies, analytics tools, or service providers.

The updated version will be published on CenterCaps.com with a new “Last updated” date.

Continued use of the website after publication of the updated Privacy Policy means that the user has read the updated version.

21. Contact

For privacy questions, data protection requests, complaints, or requests regarding personal data, customers may contact:

CenterCaps.com / Protosfera d.o.o.

Majstorska 1C

10 000 Zagreb

Croatia

E-mail: orders@wheelscaps.com