Privacy Policy – MILA Racing

1. Who we are

MILA Racing operates the website milaracing.com and is responsible for the personal data we process about you. We are the data controller under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP / nLPD).

Legal entity: MILA Solutions [exact legal form to confirm]
Registered office: Lugano, Switzerland [full address to confirm]
Data controller contact: info@milaracing.com
Data Protection Officer: To be appointed if required by Art. 37 GDPR

2. What data we collect

Account data — name, email, phone, billing and shipping addresses
Order data — products purchased, prices, payment method (we do not store card details — processed by DataTrans AG)
Technical data — IP address, browser type, device info, cookies
Usage data — pages visited, time on site, click paths
Communication data — support emails, contact form submissions
Marketing data — newsletter subscription status (only with consent)

3. How we use your data

Order fulfilment and delivery
Customer support and warranty handling
Account management
Marketing communications (only with explicit consent)
Legal compliance — tax, consumer protection, accounting
Fraud prevention
Site analytics and product improvement

4. Legal basis for processing (Art. 6 GDPR)

Contract performance: To fulfil your orders — Art. 6(1)(b)
Legitimate interest: Analytics, fraud prevention, IT security — Art. 6(1)(f)
Consent: Marketing and non-essential cookies — Art. 6(1)(a)
Legal obligation: Tax records (10 years), warranty law — Art. 6(1)(c)

5. Data sharing & third parties

We share your data only with the processors required to operate our business. Each has a Data Processing Agreement (DPA) with us.

Processor	Role	Jurisdiction
DataTrans AG	Payment processing (Twint, cards, Apple Pay, Google Pay)	Switzerland
Swiss Post / PostLogistics	Domestic and international shipping	Switzerland
Hostinger [to confirm]	Website hosting	EU
Email service [Mailchimp / Brevo TBC]	Transactional + marketing email	EU / USA
Analytics [Plausible / GA4 TBC]	Anonymised site analytics	EU / USA

We do not sell personal data to third parties.

6. International data transfers

Switzerland is recognised by the European Commission as offering adequate protection (adequacy decision of 26 July 2000). Where data is transferred outside Switzerland and the EEA, we rely on EU Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

7. Data retention

Order data: 10 years (Swiss accounting law — OR Art. 958f)
Account data: Until account deletion + 90 days for backups
Marketing data: Until you unsubscribe
Analytics data: 14 months
Support tickets: 3 years after resolution

8. Your rights

Under GDPR and nLPD, you have the following rights:

Right to access (Art. 15) — request a copy of your data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure (Art. 17) — "right to be forgotten"
Right to restriction (Art. 18) — pause our processing
Right to data portability (Art. 20)
Right to object (Art. 21) — to legitimate-interest or direct marketing
Right to withdraw consent — at any time
Right to lodge a complaint with your supervisory authority

Want to exercise any of these rights?
Email info@milaracing.com — we respond within 30 days as required by law.

9. Cookies

We use cookies for essential functionality, analytics, and (with consent) marketing. See our Cookie Policy for the full list.

10. Children’s privacy

Our products and services are not intended for users under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always shown on this page with the effective date at the top. Material changes are notified to registered account holders by email.

12. Contact & complaints

For privacy questions: info@milaracing.com

Swiss supervisory authority: Federal Data Protection and Information Commissioner (FDPIC)

For EU residents: your national data protection supervisory authority.