Privacy policy
If you are reading this document (“Privacy Policy”), it is because you are visiting Our Website and/or Application.
This Privacy Policy is drafted pursuant Article 13 of the EU Regulation 679/2016 (hereinafter “GDPR”) and provide you some examples of how we process Personal Data, and Definitions referring to more detailed explanations (at the end this Privacy Policy) for the capitalized terms herein. For any clarifications regarding this Privacy Policy or how your data are processed, please send your request to: dataprotectionofficer@stellantis.com.
1. Who we are
The independent Data Controller of your Personal Data is Automobiles Peugeot, located in 45 rue Jean Pierre Timbaud - PY03/05 - 78300 Poissy, France, as unique Data Controller (the “Data Controller” or “we” or “us”).
2. What data we collect and process
We collect data from Our Website (included from your personal area on Our Website) and Application. Data collected and the relative purposes of processing depend on how you use our Services and how you manage the settings of your Browser, Device and the Application you are using.
You may find further details on the reason why we process your Personal Data in “Why we collect and process your Data” section below.
a) Data provided by you
When you use our Services, you may provide us with Personal Data such as your name, phone/mobile number(s), e-mail address, place of residence, or data of third parties as well as your preferences (e.g., about certain vehicle models or services available).
If you provide us with the data of third parties, you will be held responsible for having shared such information. You must be legally authorized to share it (i.e., authorized by the third party to share their information, or for any other legitimate reason). You must fully indemnify us against any complaints, claims or demands for compensation of damages which may arise from the processing of third-party Personal Data in violation of applicable data protection law.
b) Data collected by the Browser, Device and the Application
When you use Our Website and Application, we collect information on the Browser, the Device and the Application you are using. This information includes your IP Address, the date, time and the requested URL, the Unique Identifiers and other information such as the type of your Browser or Device. Information related to your Browser or Device may include your operating system, language, network settings, telephone operator or internet provider, installed third-party applications and plug-in lists.
Some of this information is collected using Cookies and Other Tracking Technologies that are on your Browser or Device. This helps us for instance to avoid malfunctioning during the provision of the Services and allows us to provide you with Content that may be useful to you. More information on cookies can be found in our Cookie Policy.
c) Data inferred by your activity
We collect information based on your interactions with our Services in order to improve them and to understand the Content that may be useful to you.
In other cases, if you contact us by email, mail, telephone or otherwise regarding the Vehicles or request other information, we collect and maintain a record of your contact details, communications and our responses.
d) Information about your location
We collect information about your location in order to allow you to view Our Network near you, as part of our Services, and to provide you with Content that may be useful to you. Your location can be determined through:
- manually entering an address, city or zip code;
- the Sensors of your Device;
- your IP Address collected through the permission of you Browser or Device.
Your location is determined more or less accurately and consistently depending on whether it is collected by the Browser or Device and on the privacy settings you have set on them. We make every possible effort to ensure that Information on your location is not used to infer your Sensitive Data.
You can limit our collection of your position by changing your Browser or Device settings, as set out in the “How to control your Data and manage your choices” section below.
3. Why we collect and process your Data and legal basis
Your Data serves the following purposes:
a) Providing our Services and related support
We use your Data to offer you our Services of Car2Europe, including the Temporary Transit of our Vehicles; to respond to your requests/suggestions/reports.
This processing is based on the execution of a contractual obligation or pre-contractual measures taken at your request.
b) Sending you promotional communications
The Data Controller may use your contact details (e-mail, phone, SMS and/or any other available means) to send promotional communications or for market research and consumer surveys that include marketing contents.
On this point, no communication will be sent to you without your prior consent, which you can provide through specific tick-boxes for this purpose.
c) Detecting anomalies in the Services
If you have participated in our surveys or if you have spontaneously shared with Our Network feedback or any anomalies in our Services, we will use and share that information back to the relevant stakeholders to improve your experience and reduce disservice.
This processing will be based, where applicable, on our legitimate interest also to verify the operations of Our Network. You will not receive any communications to this regard, unless in response to your report of disservice, or if you have consented to receiving promotional communications, in which case we will take the initiative to ask your opinion.
d) Analysing your preferences and behaviours in order to customize our Services and communications, including any Content that may be useful to you
The Data Controller uses your Data, in particular Data inferred by your activities and Aggregated Information thus to improve Services and promotional communications, commercial initiatives, digital platforms, and to show you Content that may be useful to you, also on social media platforms or through Programmatic Advertising platforms, only to the extent that you have authorized us to upload them to these platforms.
Customized Services and/or communications and/or Content that may be useful to you are based on your behaviour, interests, needs, preferences as well as your profile; such purposes may also be achieved on the basis of Personal Data collected through the use of cookies or other tracking technologies to analyse and predict customer’s preferences providing customer with tailored offers.
This processing is based on your prior consent. When we target you on social media platforms or through Programmatic Advertising platforms, we can act as Joint Data Controller with the relevant platform provider. Specific information and agreements will be in place with the platform provider before sending of any communication to you.
If you do not want personalized Services and/or communications or Content that may be useful to you, you can change your preferences, as explained in the “How to control your Data and manage your choices” section below.
e) Sharing Data with Partners for their own marketing purposes
The Data Controller shares your contact details to third selected Partners for their own autonomous marketing purposes. Partners will contact you only by automated means (e.g., e-mail, SMS, recorder phone call) and will be obliged to provide their information notice. This processing in based on your prior consent. You may see the full list or categories of Partners with whom we shared your Data directly at: dataprotectionadmin@car2europe.com.
f) Complying with legal and tax obligations
We may use your Data to comply with legal and tax obligations that we are subject to, which are the legal basis for such processing of your Data. Some legislations may require us to share your Data with public authorities. If this sharing is not required by law in your country, we will send them regardless, as explained in more detail in the "Protecting our interests and your interests" section below.
g) Sending corporate and institutional communications
To the extent permissible under applicable data protection law, we share your contact details to send corporate surveys and institutional communications regarding Car2Europe. These are non-promotional communications, based on our legitimate interest to provide consistent information to you.
h) Protecting our interests and your interests
To the extent permissible under applicable data protection law, we may need to use your Data to detect, react to, and prevent fraudulent and illegal behaviour or activities which could compromise your or our security. This purpose includes audits and assessments of our business operations, security controls, financial controls, records and information management program, and otherwise relating to the administration of our general business, accounting, record keeping and legal functions. We will also use your Data to send you communications about the safety of your Vehicle (e.g., recall campaigns, software updates, etc.), even if there is no established legal requirement to this effect in the country you are in. These are not promotional, but service communications to ensure your safety when using your Vehicle.
This purpose is based on the legitimate interest in safeguarding our interests and protecting our customers, including you.
4. How we use your Data (method of processing)
Data collected for the purposes indicated above are processed both manually and via automated processing, namely, through programs or algorithms that analyse Data inferred by your activities, Information about your location, and Data collected by the Browser, Device and the Application.
Your Data may also be subject to Combination and/or Crossing, to the extent permissible under applicable data protection law. This allows us to understand, for example, if a single user is utilizing our Services with the same IP Address or Unique Identifiers from the Browser and the Device; or if promotional communications or Content that may be useful to you strictly related to Information about your location or Data provided through your activities or Data collected by your Browser, Device, and the Application. The Combination and/or Crossing of your information for the purposes we process it for (e.g., customizing the Services) can be enabled or disabled as explained in the “How to control your Data and manage your choices” section below.
5. How we may disclose your Data
We may disclose your Data to the following recipients and/or categories of recipients (“Recipients”):
- Persons authorized by us to perform any of the data-related activities described in this document: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
- Our Data Processors: external subjects to whom we delegate some processing activities. For example, security systems providers, accounting and other consultants, data hosting providers, bank, insurance, etc. We have signed agreements with each of our Data Processors to ensure that your Data is processed with appropriate safeguards and only under our instructions;
- System administrators: our employees or those of Data Processors to whom we have delegated the management of our IT systems and are therefore able to access, modify, suspend or limit the processing of your Data. These subjects have been selected, adequately trained and their activities tracked by systems they cannot modify, as provided for by the provisions of our competent Supervisory Authority;
- Our Network : in case you requested a service carried out by them (e.g. a request for a test drive close to you);
- Our selected Partners: when you consented to the communication to them of your Personal Data for their own marketing and/or profiling purposes and who act as autonomous Data Controllers;
- Law enforcement or any other authority whose provisions are binding for us: this is the case when we have to comply with a judicial order or law or defend ourselves in legal proceedings.
6. Where your Data is located
We are a global company and our service are available in multiple jurisdictions worldwide. This means that your Data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, the United States of America or any other country where our Data Processors and sub-processors are located, or where their servers or cloud computing infrastructures may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with the applicable data protection laws, including EU law to which we are subject. Where required by EU data protection law, transfers of your Data to Recipients outside of the EU will be subject to adequate safeguards (such as the relevant EU standard contractual clauses for data transfers between EU and non-EU countries), and/or other legal basis according to the EU legislation. For more information about the safeguards implemented by us to protect Data transferred to third countries outside the EU, please write to us at: dataprotectionofficer@stellantis.com.
7. How long we retain your Data
Data processed for the purposes indicated above will be retained for the period deemed strictly necessary to fulfil such purposes.
However, the Data might be stored for a longer period in case of potential and/or actual claims and resulting liabilities and/or in case of other mandatory legal retention requirement and/or storage obligations.
- Customer Data processed for Marketing and Profiling purposes, will be retained by the controllers from the moment the customer gives consent until the moment the customer withdraws the consent. Once consent is withdrawn, Data will no longer be processed for Marketing and Profiling purposes, although it might still be kept by the controllers to manage potential claims and/or lawsuits. Data retention in case of Marketing and Profiling is compliant with the local law and with any decisions of the Data Protection Authority.
- Customer Data processing to comply with legal obligations will be retained for the period foreseen by the laws and regulations.
- Customer Data processing to improve the product and the services could be retained for the period deemed strictly necessary to fulfil such purposes and not beyond three years.
Once the relevant retention period/criterion has expired, your Data is erased pursuant to our retention policy. You can ask us for more information on our data retention criteria and policy by writing us here: dataprotectionofficer@stellantis.com.
8. How to control your Data and manage your choices
At any time, you can ask to:
- Access your Data (right of access): depending on your interactions with us, we will provide the Data we have related to you, such as your name, age, e-mail address and preferences.
- Exercise your right to portability of your Personal Data (right to data portability): where applicable, we will provide you with an interoperable file containing the Data we have about you.
- Correct your Data (right to rectification): for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
- Limit the processing of your Data (right to restriction of processing): for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
- Delete your Data (right to erasure): for example, if you do not want us to keep your data and there is no other reason for keeping it;
- Object the processing activities (right to object);
- Withdraw your consents (right to withdrawal).
You can exercise any of the above rights or express any concern or make a complaint regarding our use of your Data directly at: dataprotectionadmin@car2europe.com;
At any time, you may also:
- contact our Data Protection Officer (DPO), here dataprotectionofficer@stellantis.com;
- contact the Supervisory Authority, here you can find the list of all the Supervisory Authorities by country https://edpb.europa.eu/about-edpb/board/members_en
9. How we protect your Data
We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of Data under our control. For example:
- We ensure that your Data is only accessed and used by, transferred or disclosed to Recipients that need to have access to such Data.
- We also limit the amount of Data accessible, transferred or disclosed to Recipients to only what is necessary to fulfil the purposes or specific tasks performed by the Recipient.
- The computers and servers where your Data is stored are kept in a secure environment, are password-controlled with limited access, and have industry standard firewalls and anti-virus software installed.
- Paper copies of any documents containing your Data (if any) are kept in a secure environment as well.
- We destroy paper copies of documents containing your Data that is no longer needed.
- When destroying Data recorded and stored in the form of electronic files that is no longer needed, we make sure that a technical method (for example, low level format) ensures that the records cannot be reproduced.
- Laptops, USB keys, mobile phones and other electronic wireless devices used by our employees who have access to your Data are protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to do so to perform a specific task as outlined in this Privacy Policy.
- We train our employees to comply with this Privacy Policy and conduct monitoring activities to ensure ongoing compliance and to determine the effectiveness of our privacy management practices.
- Any Data Processor that we use is contractually required to maintain and protect your Data using measures that are substantially similar to those set out in this Privacy Policy or required under applicable data protection law.
In case required by the applicable legislation, if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Data transmitted, stored or otherwise processed, will be notified to you and to the competent data protection authority as required (for example, unless Data is unintelligible to any person or the breach is unlikely to result in a risk to your rights and freedoms and those of others).
10. What this Privacy Policy does not cover
This Privacy Policy explains and covers processing that we carry out as Data Controller.
This Privacy Policy does not cover processing carried out by subjects other than us, including and in particular:
- processing carried out by Our Network;
- processing carried out by social media a programmatic advertising platforms as Joint Data Controllers with us;
- processing carried out by regulatory authorities, law enforcement or other judicial or government entities.
Regarding these cases, we are not responsible for any processing of your Data that is not covered by this Privacy Policy.
11. Usage of data for other purposes
If we should need to process your Data differently or for purposes other than those indicated herein, you will receive specific notice before such processing begins.
12. Changes to the Privacy Policy
We reserve the right to adapt and/or change this Privacy Policy at any time. We will inform you of any substantial adaptations/changes. QR codes and permanent links are printed in the booklet of your Vehicle to allow you reading at any time the latest versions of this Privacy Policy.
13. Definitions
Aggregated Information: refers to statistical information that does not contain your Personal Data. We use this information for analyzing and improving our services and creating new services and features and to create statistical reports.
Application: means the mobile application of the Data Controller, if applicable.
Browser: refers to programs used to access the internet (e.g. Safari, Chrome, Firefox, etc.).
Combination and/or Crossing: this is the set of fully automated and non-automated operations which we combine with the Data inferred by your activity, the Data provided by you used to provide the Services, analysing and improving our Services and creating new services and features, as well as to offer Content that may be useful to you. We may also combine and/or cross information from different sources, such as information collected from Our Partners' Websites and Apps and/or Data collected from public or publicly accessible sources.
Content that may be useful to you: for example, if you search a certain type of Vehicle, we may display other content related to this model on Our Websites and Application or through Programmatic Advertising. Customization of the content may occur through the Combination and/or Crossing of Data.
Cookie: refers to a small text sent to your Browser from Our Webiste. It allows the site to store information such as the fact that you visited the site, your language and other information. Cookies are used for different purposes, for example, to record your preferences regarding the use of Cookies (technical cookies), analysing and improving our Services and creating new services and features or Customizing our Services, including Content that may be useful to you. Information transmitted by Cookies is subject to Combination and/or Crossing with one of the Other Tracking Technologies where applicable.
Data Controller: refers to the legal person, public authority, service or other entity which, individually determines the purposes and means for processing your Personal Data.
Data Processor: refers to an entity that we engage to process your Personal Data solely on behalf of and pursuant to the written instructions of the Data Controller.
Device: refers to the electronic device (e.g. iPhone) through which you visit Our Website and Application.
Indirect Collection: when the Partner which assures us to have received your consent or to have another legal basis that legitimizes the communication/sharing of your Personal Data with us. On this point, we precise that, before being used, we check how Partners collect and transfer data to us in order to respect your preferences.
IP Address: is a unique number used by your Browser, your Device and the Application in order to connect to the internet. The internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this data, you cannot connect to the internet and use our Services or use Content that may be useful to you.
Joint Data Controller: refers to one or more legal persons, public authorities, service or other entities which, jointly determine the purposes and means for processing your Personal Data.
Our Network: these agents with whom the Data Controller, or its subsidiaries has/have signed commercial agreements for providing of the Services;
Our Websites: includes our Website of “Car2Europe”, our social network pages, and some sections of Our Network’s websites where this Privacy Policy is available.
Partners: means third-party entities who may communicate your Personal Data to us only after they have contractually assured us that they have obtained your consent or that they have another legal basis that legitimizes their communication/sharing of such data with us (for example, if you ask one of our Partners to book a test drive, when you purchase, and when you request to receive commercial communications). This definition also includes the selected Partners with whom we may share your Data. Partners may belong to the following product sectors: manufacturing, wholesale and retail trade, financial, bank, transportation and warehousing, information and communication services, professional, scientific and technical activities, travel agencies, business support services, artistic, sports, entertainment and amusement activities, activities of membership organizations, services of physical wellness centers, suppliers of electricity and gas, rental, e-mobility and insurance companies.
Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For your convenience, we will collectively indicate all Personal Data mentioned also as “Data”.
Programmatic Advertising: these are platforms that can share the information they collect about you, such as your IP Address, with people who have an interest in showing you other Content that may be useful to you. In our case, if you visualize one particular model on Our Websites and Application, we will ask participants in Programmatic Advertising to grant us an advertising space on one of the websites you visit to display Content that may be useful to you.
Sensitive Data: means Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data aimed at uniquely identifing a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Services: collectively, this means all the services available on Our Websites and Application.
Unique Identifiers: means information that uniquely identifies you or through which you may be identified. On a Vehicle, the Unique Identifiers are the license plate number and Vehicle Identification Number (VIN).
Vehicle: refers to a vehicle show Our Website and/or Application.