This Privacy Policy explains how AutoViz collects, uses, and protects personal data. We comply with the EU General Data Protection Regulation (GDPR), the Law on Personal Data Protection of Bosnia and Herzegovina, and applicable Austrian and German data protection law where relevant to our hosting and customer base.
Data controller
- Registered name
- Uslužna djelatnost "BEDZTECH" Mustafa Turalić s.p. Doboj
- Trading name
- AutoViz
- Owner
- Mustafa Turalić
- Address
- Vojvode Mišića 54/P-10, 74000 Doboj, Bosnia and Herzegovina
- JIB
4512976870005- contact@autoviz.pro
For all privacy-related questions, including requests to access, correct, or delete your data, contact us at contact@autoviz.pro.
What we collect
2.1 Data you provide directly
- Account data: email and password (your password is stored securely — we never see it in plain text).
- Search preferences: the criteria you set up to receive notifications, such as make, model, year range, price range, mileage, fuel type, transmission, body type, drivetrain and colour.
- Notification preferences: language and currency settings.
- Subscription data: the plan you have chosen.
2.2 Data collected automatically
- Technical data: IP address, browser, device, operating system and time zone — used for security and abuse prevention.
- Usage data: the searches you create, the listings you open and your login times.
- Cookies and local storage: a session token to keep you logged in, plus minor preferences (language, currency, last-active selection). We do not use third-party advertising or tracking cookies.
2.3 Data about the listings we display
AutoViz monitors publicly available vehicle listings published by sellers on partner marketplaces and shows you the ones that match your saved searches. The information we display is data the seller has already published publicly. We do not collect data about the buyers or visitors of those marketplaces — only about the listings themselves.
2.4 Payment data
When you subscribe to a paid plan, payment is processed by Paddle (Paddle.com Market Limited, Ireland / Paddle Inc., USA), who acts as the Merchant of Record for your purchase. Paddle — not Bedztech — is the seller-of-record on your invoice; Paddle collects payment, charges any applicable VAT or sales tax based on your location, issues the receipt and handles chargebacks and disputes.
Bedztech does not receive or store your card or bank account details. Paddle provides us only with: subscription status, the email used at checkout, a transaction ID and your billing country. See Paddle's privacy policy at paddle.com/legal/privacy.
Why we process your data
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Creating and operating your account | Performance of contract 6(1)(b) |
| Sending real-time match notifications | Performance of contract 6(1)(b) |
| Processing your subscription payment | Performance of contract 6(1)(b) |
| Preventing abuse, fraud, and protecting the Service | Legitimate interest 6(1)(f) |
| Tax and accounting compliance | Legal obligation 6(1)(c) |
| Product updates and security notices | Legitimate interest 6(1)(f) |
| Marketing emails (optional) | Consent 6(1)(a) · opt-in only |
How long we keep data
| Data | Retention |
|---|---|
| Account email and password | Until you delete your account, plus 30 days for backup recovery |
| Saved searches and matched listings | While your account is active; deleted within 30 days of account deletion |
| Subscription and billing records | 7 years (BiH tax law requirement) |
| Technical logs (IP, login times) | 90 days |
| Vehicle listings we display | Up to 90 days after they expire on the source marketplace |
Who we share data with
We share personal data only when strictly necessary, with the following recipients:
- Paddle (Ireland / USA) — our payment provider and Merchant of Record. Handles checkout, invoicing, VAT and chargebacks. Paddle is the only third party that can identify you as a paying customer.
- Cloud hosting providers — to operate the servers and database where the Service runs. Bound by data processing agreements that comply with GDPR.
- Specialised technical providers — to support the secure and reliable delivery of the Service. They have no access to your account data.
- Tax authorities and auditors — only when required by Bosnian, EU or other applicable law.
We do not sell or rent your personal data to anyone.
5.1 International data transfers
Some of our processors are based outside the European Economic Area. Where this is the case, transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or by adequacy decisions where applicable. You can request the relevant safeguards by emailing contact@autoviz.pro.
Your rights
Under GDPR and Bosnian data protection law, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data, subject to legal retention obligations.
- Restriction — ask us to limit processing in certain cases.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for any processing based on consent.
- Lodge a complaint with the Personal Data Protection Agency of Bosnia and Herzegovina (azlp.ba) or your national EU supervisory authority.
Email contact@autoviz.pro to exercise any of these rights. We respond within 30 days.
How we protect your data
- All traffic between your device and our servers is encrypted in transit.
- Passwords are stored using strong one-way hashing — we cannot read or recover your password, even if our database were compromised.
- Database access is restricted to a private network behind a firewall.
- Regular security updates and dependency patching.
- Minimum-privilege access controls — only authorised personnel can access production systems.
No system is perfectly secure, but we follow industry best practices and will notify affected users within 72 hours of confirming any data breach, as required by GDPR.
Cookies & storage
We use only strictly necessary cookies and local storage:
| Item | Purpose | Duration |
|---|---|---|
auth_token | Keeps you logged in | 30 days |
lang | Stores your language preference | Persistent until cleared |
currency | Stores your preferred display currency | Persistent until cleared |
We do not use Google Analytics, Facebook Pixel, advertising trackers, or any other third-party tracking cookies.
Children
The Service is not directed at persons under 18. We do not knowingly collect personal data from minors.
Changes to this policy
Material changes are notified by email at least 14 days before they take effect.
Get in touch
- contact@autoviz.pro
- Postal
- Bedztech, Vojvode Mišića 54/P-10, 74000 Doboj, BiH