This website (https://lthgroupautoparts.com) and the LTH Group Auto Parts brand are owned and operated by Tedi Hasanaj, a business registered in the Republic of Albania under unique identification number (NUIS) L81515023L.
This Privacy Policy describes how Tedi Hasanaj, trading as LTH Group Auto Parts("Company," "we," "us," or "our"), collects, uses, stores, shares, and protects information obtained through our website and our Customer Relationship Management ("CRM") system, which integrates with Meta Business Messages (formerly Facebook Messenger for Business) to facilitate business-to-customer communications.
1. Introduction and Scope
This Policy applies to all data processed through our website and CRM system, including messages exchanged via Meta Business Messages, customer information collected during those interactions, and employee activity within the platform.
1.1 Parties Covered
- Customers and end users who communicate with LTH Group Auto Parts through our website or Meta Business Messages.
- Authorized employees and agents of LTH Group Auto Parts who access the CRM system.
- Third-party service providers who support the operation of our systems.
1.2 Regulatory Framework
This Policy is designed to comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the Albanian Law No. 9887 "On Personal Data Protection," the UK GDPR, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and Meta Platform Policies.
2. Information We Collect
2.1 Customer Communication Data
- Message Content: text messages, images, files, and other media exchanged through Meta Business Messages or our contact form.
- Message Metadata: timestamps, delivery/read receipts, message identifiers, and conversation thread information.
- Communication Frequency: records of how often and when customers interact with LTH Group Auto Parts.
2.2 Customer Profile Data
- Basic Identity Information: name, Meta profile identifier, and profile picture as provided by the Meta platform.
- Contact Information: phone number, email address, or other details voluntarily provided.
- Vehicle Information: car make, model, and year provided when requesting quotes for parts or services.
2.3 Employee and Internal Data
- Employee Identifiers: names, employee IDs, roles, and department assignments.
- Access Logs: IP addresses, device identifiers, login timestamps, session durations, and actions performed within the CRM system.
- Usage Analytics: aggregated data on CRM feature usage and response times.
2.4 Meta Integration Data
- API Data: page-scoped user IDs and conversation metadata received through the Meta Business Messages API.
- Webhook Events: real-time notifications from Meta regarding message delivery, read status, and user actions.
- Platform Tokens: authentication tokens used to connect our CRM with Meta's platform — stored securely, never shared.
3. How We Use Your Information
We process collected information for the following purposes:
- Respond to customer inquiries, quote requests, and service bookings.
- Maintain conversation history and identify returning customers for continuity of service.
- Route conversations to appropriate team members and measure response quality.
- Monitor CRM usage for security, compliance, and audit purposes.
- Analyze aggregated, anonymized communication trends to improve our services.
- Comply with applicable laws, regulations, and lawful requests from public authorities.
3.1 Lawful Basis (GDPR)
- Contractual Necessity (Art. 6(1)(b)): to fulfill customer communication and service requests.
- Legitimate Interests (Art. 6(1)(f)): for system security, fraud prevention, analytics, and service improvement.
- Legal Obligation (Art. 6(1)(c)): processing required by law.
- Consent (Art. 6(1)(a)): where required, such as for marketing communications.
4. Data Security
- In Transit: all data is encrypted using TLS 1.2 or higher. API calls to Meta use HTTPS exclusively.
- At Rest: stored data is encrypted using AES-256 or equivalent.
- Access Controls: role-based access control (RBAC) and multi-factor authentication (MFA) for all employees with CRM access.
- Monitoring: all access is logged; anomalous activity triggers automated alerts.
- Breach Notification: we will notify affected data subjects and supervisory authorities within 72 hours of becoming aware of a breach, as required by GDPR, and notify Meta of any breach involving data received through Meta Business Messages.
5. Data Retention
- Customer Messages: retained for 24 months from the date of last interaction, then securely deleted or anonymized.
- Customer Profile Data: retained while the customer maintains an active relationship, plus 24 months.
- Employee Access Logs: retained for a minimum of 12 months for security and compliance.
- Analytics Data: aggregated, anonymized data may be retained indefinitely.
Deletion requests are processed within 30 days; backups are purged within 90 days of primary deletion.
6. Data Sharing and Third Parties
We do not sell, rent, or trade personal data to any third party. Customer message data collected through Meta Business Messages is accessible only to authorized employees of LTH Group Auto Parts with a legitimate business need.
6.1 Meta as Data Processor
Meta Platforms, Inc. acts as a data processor in the context of Meta Business Messages and processes message data in accordance with its own Data Policy. For details, see Meta's Privacy Policy at https://www.facebook.com/privacy/policy/.
6.2 Service Providers
We may engage trusted service providers (e.g., cloud hosting, shipping carriers, payment processors) who process data only on our instructions, are bound by data processing agreements, and implement appropriate security measures.
6.3 Legal Obligations
We may disclose personal data when required by law, regulation, or legal process, including in response to lawful requests by public authorities.
7. Employee Access and Authorization
Access to customer data is limited to authorized employees who require it for their job duties. Authorized roles include Customer Support Representatives, Customer Support Managers, and CRM System Administrators. All such employees sign confidentiality agreements, complete privacy and security training upon onboarding (refreshed annually), and have their actions logged in the CRM audit trail.
8. Your Data Subject Rights
Depending on your jurisdiction, you may have the following rights:
- Right of Access — request confirmation of and a copy of personal data we hold about you.
- Right to Rectification — request correction of inaccurate or incomplete data.
- Right to Erasure — request deletion of your personal data, subject to legal exceptions.
- Right to Restrict Processing — request that we limit how we use your data.
- Right to Data Portability — receive your data in a structured, machine-readable format.
- Right to Object — object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent — where processing is based on consent.
To exercise any of these rights, contact us at info@lthgroupautoparts.com. We will acknowledge your request within 5 business days and respond substantively within 30 days.
9. International Data Transfers
As a company operating from Albania, we may transfer personal data to countries with different data protection laws. When doing so, we rely on GDPR adequacy decisions where available, EU Standard Contractual Clauses (SCCs) for transfers to non-adequate countries, and supplementary technical and organizational measures as required. Our integration with Meta Business Messages is governed by a Data Processing Agreement (DPA) with Meta.
10. Children's Privacy
Our website and CRM system are not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact info@lthgroupautoparts.com and we will promptly delete such data.
11. California Privacy Rights (CCPA/CPRA)
California residents have the right to know what personal information we collect, request deletion, request correction, opt out of any sale or sharing of personal information, and exercise these rights without discrimination. We do not sell personal information as defined by CCPA/CPRA, nor do we share personal data for cross-context behavioral advertising.
12. Meta-Specific Disclosures
Meta Business Messages enables customers to communicate with LTH Group Auto Partsthrough messaging surfaces on Meta's platforms (Facebook Messenger, Instagram Direct). Messages are transmitted through Meta's infrastructure to our CRM via the Meta Business Messages API. Our use of Meta Business Messages complies with Meta's Platform Terms, Developer Policies, and applicable usage guidelines: we use Meta-sourced data only for the purposes described in this Policy, we do not transfer or sell Meta user data to third parties, and we promptly respond to Meta's requests regarding data handling. Customers seeking deletion of data held by Meta should contact Meta directly or use Meta's privacy controls.
13. Cookies and Tracking Technologies
Our website may use essential cookies for site operation and authentication, analytics cookies to understand usage patterns, and performance cookies to monitor technical issues. You may manage cookie preferences via your browser settings; disabling certain cookies may affect site functionality.
14. Policy Updates
We may update this Policy from time to time. Material changes will be communicated by updating the "Last Updated" date above and, where appropriate, by direct notification. Continued use of our website or services after the effective date of changes constitutes acceptance of the updated Policy.
15. Contact Information
Tedi Hasanaj — trading as LTH Group Auto Parts
NUIS (Business Registration No.): L81515023L
Attn: Privacy Officer
Rr. Enriko Telini, Kombinat, Tiranë, Shqipëri 1001
Email: info@lthgroupautoparts.com
Phone: +355 69 277 4547
If you are located in the EEA or UK and believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we may attempt to resolve your concern.