Privacy Policy (GDPR)

Last updated: 02/20/2026

This privacy policy aims to inform users of the website bimmer-evo.com about how SARL ILLUCOM (trade name: 3W AUTO / 3Wauto) collects, uses, and protects their personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.

1. Data Controller

SARL ILLUCOM (3W AUTO / 3Wauto)
10 rue des Frères Louis et Émile Bertrand, 69200 Vénissieux, France
SIREN: 815 281 027 – RCS Lyon
Phone: +33 (0)6 61 51 26 28
Website: https://www.bimmer-evo.com

2. Personal Data Collected

Depending on your use of the website, we may collect the following categories of data:

  • Identity and contact data: name (if provided), email address, phone number (if provided).
  • Order data: purchased product/service, order status, billing information.
  • Technical data: IP address, browser type, technical logs, browsing data (cookies/trackers based on your preferences).
  • Vehicle data: Vehicle Identification Number (VIN) only when necessary to process your request.

3. Purposes and Legal Basis

We process your personal data for the following purposes:

  • Order processing and fulfillment (sending codes/reports, support, tracking) – legal basis: contract performance.
  • Order-related communication (transactional emails) – legal basis: contract performance.
  • Handling inquiries via forms/email – legal basis: legitimate interest or pre-contractual measures.
  • Website improvement and security (fraud prevention, access protection) – legal basis: legitimate interest.
  • Non-essential cookies/trackers (analytics, audience measurement) – legal basis: consent.

4. Use of VIN (Vehicle Identification Number)

When you order a service requiring vehicle identification, we use only your VIN to process your request and access vehicle data available on BMW servers.

No other personal data (name, email, phone, etc.) is transmitted to BMW, and we do not share your personal contact details with BMW.

5. Data Recipients

Your data is intended exclusively for SARL ILLUCOM and authorized personnel.

No data is sold or rented.
No personal data is shared externally, except when required by law or strictly necessary for technical processing (payment providers, hosting, email services), limited to what is essential.

6. Online Payments

Payments are processed via secure third-party providers. We never have access to your banking details.

Payment data is handled directly by the payment provider under their own policies.

7. Security (SSL / Encryption)

The website uses an SSL certificate (HTTPS) to secure communications, including:

  • forms (contact, order, support),
  • data exchanges during the order process,
  • payment transactions via Stripe or PayPal.

We implement appropriate technical and organizational measures to protect your data against loss, alteration, unauthorized access, or disclosure.

8. Data Retention

We retain your data only for as long as necessary:

  • Order data: processing duration + legal retention (accounting obligations).
  • Support data: duration of request handling + limited archiving.
  • VIN: retained only as long as necessary for service processing and proof of delivery.
  • Technical logs: short retention period for security purposes.

9. Cookies and Trackers

Cookies may be used for website functionality and analytics (depending on your consent).

You can manage or refuse non-essential cookies via the cookie management tool or your browser settings.

10. Your Rights

Under GDPR, you have the following rights:

  • Right of access,
  • Right to rectification,
  • Right to erasure (within legal limits),
  • Right to object and restrict processing,
  • Right to data portability where applicable,
  • Right to withdraw consent at any time.

To exercise your rights, contact us via the website or by mail. Proof of identity may be required.

11. Complaint to Supervisory Authority

If you believe your rights are not respected, you may file a complaint with the CNIL (French Data Protection Authority).

12. Data Transfers Outside the EU

As a general rule, we do not transfer data outside the EU.

If required (hosting, email, payment), transfers are secured with GDPR-compliant safeguards (standard contractual clauses, adequacy decisions, etc.).

13. Processors

We may use third-party processors only for essential technical services (hosting, email, payment), under strict confidentiality and security obligations.

14. Policy Updates

This policy may be updated to reflect legal or technical changes. The current version is the one published on this page.

15. Contact

For any privacy-related questions, contact:
SARL ILLUCOM – 10 rue des Frères Louis et Émile Bertrand, 69200 Vénissieux, France.