Information on the processing of personal data ("Privacy Policy")
If you are reading this document ("Privacy Policy"), it is because you are visiting this
website
("Website").
This Privacy Policy has been prepared pursuant to art. 13 of EU Regulation 679/2016 (hereinafter
"GDPR") and provides
you with some examples of how we process your Personal Data. For any
clarification regarding this Privacy Policy or
the methods of processing your Personal Data, please send your request to:
dataprotectionofficer@stellantis.com. The
information and Data provided by you or otherwise acquired will be processed in compliance with the provisions
of
the
GDPR and the confidentiality obligations that inspire the activity of the Data Controller. From this Website it may
be
possible to connect through special links to other third-party websites. For such processing activities, we
invite
you
to consult the respective privacy policies. The Data Controller declines any responsibility for any management
of
Personal Data by such third-party websites.
1. Who we are
Mobilisights S.p.A., with registered office in Via Plava 86, Torino (hereinafter also "we" or "us") is the Data Controller of your Personal Data (hereinafter "Data").
2. What Data we collect and process
We collect Data from our Website. The Data collected and the related processing purposes depend on the management of the settings of the Browser and the Device in use. The purposes for collecting your Personal Data are indicated in the section "Why we collect and process your Data and legal basis".
a) Data provided by the user
When you use this Website, you may provide us with Personal Data. This is the
case, for example,
when you send communications to the addresses indicated on the Website,
when
you use any contact forms, when you
participate in one of Our Events or when you subscribe to one of our
services (e.g. newsletter) or participate in
one
of our surveys. If you provide us with third party data, you will be held responsible for having shared such
information. You must be legally authorized to share it (i.e. authorized by a third party to share their
information,
or for any other legitimate reason). You shall indemnify us against any liability in the event of any
complaints,
claims or demands for damages that which may arise from the processing of third-party Personal Data in violation
of
applicable data protection law.
b) Data collected by the Browser and the Device
When you use our Website we
collect
information on the Browser and Device you are
using. This information includes
your IP Address, the date, time
and
the
requested URL, the Unique Identifiers and other information such as the type
of
your Browser or Device.
Information
related to your Browser or Device may include
your operating system, language,
network settings, telephone
operator
or
internet provider, installed third-party applications and plug-in lists.
Some of this information is collected
using
Cookies and Other Tracking Technologies that
are
on your Browser or Device.
More information about Cookies can
be
found in our Cookie Policy.
3. Why we collect and process your Data and legal basis
Your Data is used for the following purposes:
a. Provide our Services and related support
allow navigation of the Website and the provision of services requested by you from time to time to the Data Controller (for example newsletters, surveys, contact requests, information, downloads of documentation on the Website, "Provision of the service"). This processing is based on the execution of a contractual obligation or pre-contractual measures taken at your request;
b. Statistical purposes
for statistical purposes, without it being possible to trace your identity ("Statistics"). It should be noted that this processing is not performed on Data and that therefore it can be freely carried out by the Data Controller. This processing is based on the legitimate interest of the Data Controller.
c. Complying with legal obligations
We may use your Data to comply with legal obligations and orders to which we are subject to, which are the legal basis for the processing of your Data. Some legislations may require us to share your Data with public authorities. If this sharing is not required by law of your country, we may still send your Data, as explained in more detail in the following purpose "Protecting of our interests and your interests".
d. Protection of our interests and interests
To the extent permissible under by applicable data protection law, we may need to use your Data to detect, react to and prevent fraudulent and illegal behavior or activities which could compromise the security of our Services and our Website and Application. This may occur when you use our Website in ways other than as permitted, or if you engage in inappropriate behavior at Our Events. These purposes also include audits and assessments of our business operations, security audits, financial controls, records and information management program, and otherwise related to the administration of our general business, accounting, record keeping and legal functions. These purposes are based on our legitimate interest in safeguarding our interests and protecting our users, including you.
4. How we use your Data (processing methods)
Data collected for the purposes indicated above are processed both manually and via automated processing, namely, through programs or algorithms that analyze the Data inferred by your activities and the Data collected by the Browser and the Device.
5. How We May Disclose Your Data
We may disclose your Data to the following recipients and/or categories of recipients ("Recipients"):
-
- Persons authorized by us to perform any of data-related activities described in this
document:
our
employees and collaborators who have undertaken an obligation of confidentiality and abide by specific
rules
concerning the processing of your Data;
-
- Our Data Processors:
external subjects to whom we delegate some
processing activities. For example, security system providers, accounting and other consultants, data
hosting providers,
banks, insurance, etc. We have signed agreements with each of our Data
Processors
to ensure that your Data is processed
with appropriate safeguards and only according to our instructions;
-
- System administrators: our employees or those of Data
Processors to whom we have delegated the management of our IT systems and are therefore able to
access,
modify,
suspend or limit the processing of your Data. These subjects have been
selected, adequately trained and their
activities are tracked by systems that they cannot modify, as required by the provisions of our competent
Control
Authority;
- - Law enforcement or any other authority whose provisions are binding on us: this is the case when we have to comply with a judicial order or the law or defend ourselves in legal proceedings.
6. Where your Data is located
We are a global company and our services are available in multiple jurisdictions around the world. This means that your Data may be stored, accessed, used, processed and disclosed outside your jurisdiction, including within the European Union, the United States of America or any other country where our DataProcessors and sub-processors are located, or where their servers or cloud computing infrastructure may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with applicable data protection laws, including EU legislation to which we are subject. Where required by EU data protection law, transfers of your Data to Recipients outside the EU will be subject to appropriate safeguards (such as EU Standard Contractual Clauses for data transfers between EU countries and non-EU countries), and/or other legal basis according to the EU legislation. For more information about the safeguards implemented by us to protect Data transferred to third countries outside the EU, you can write to us at: dataprotectionofficer@stellantis.com.
7. How long we keep your Data
The Data processed for the purposes of Provide our Services and related support (see Section 3.a) and Protection of our interests and your interests (see Section 3.d) will be kept for the time strictly necessary to achieve those same purposes, except for the purposes of Section 3.a) until your possible opposition. However, the Data might be stored for a longer period in case of potential and/or actual claims and resulting liabilities and/or in case of other mandatory legal retention requirement and/or storage obligations. Data processing to comply with legal obligations (see section 3.c) will be retained for the period foreseen by the laws and regulations You can ask us for more information on our data retention criteria and policy by writing us here: dataprotectionofficer@stellantis.com.
8. How to control your Data and manage your choices
At any time, you can ask to:
- - Access your Data (right of access): depending on your use of our Services, we will provide the Data we have about you;
- - Exercise your right to portability of your Personal Data (right to data portability): according to your use of our Services, we will provide you with an interoperable file containing the Data we have about you;
- - Correct your Data (right to rectification): for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
- - Limit the processing of your Data (right to restriction of processing): for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
- - Delete your Data (right to erasure): for example, when you do not want to use our Services and may not want us to retain your Data any longer; - Object to processing activities (right to object);
- - Withdraw your consent (right to withdrawal).
You can exercise the above rights or express any concern or make a complaint regarding
our use of your Data directly at: dataprotectionofficer@stellantis.com.
At any time, you can also:
- - contact our Data Protection Officer (DPO), here: dataprotectionofficer@stellantis.com;
- - contact the competent Supervisory Authority, here you can find the list of all Supervisory Authorities by country: https://edpb.europa.eu/about-edpb/board/members_en.
9. How we protect your Data
We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of Data under our control. For example:
- - We ensure that your Data is only accessed and used by, transferred or disclosed to Recipients that need to have access to such Data.
- - We also limit the amount of Data accessible, transferred or disclosed to Recipients to only what is necessary to fulfill the purposes or specific tasks performed by the Recipient.
- - The computers and servers where your Data is stored are kept in a secure environment, are password controlled with limited access, and have industry-standard firewalls and antivirus software installed.
- - Paper copies of any documents containing your Data (if any) are also kept in a secure environment as well.
- - We destroy paper copies of documents containing your Data that are no longer needed.
- - When destroying Data recorded and stored in the form of electronic files that is no longer needed, we make sure that a technical method (for example, a low level format) ensures that the records cannot be reproduced.
- - Laptops, USB keys, mobile phones and other electronic wireless devices used by our employees who have access to your Data are protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to perform a specific task as outlined in this Privacy Policy.
- - We train our employees to comply with this Privacy Policy and conduct monitoring activities to ensure ongoing compliance and to determine the effectiveness of our privacy management practices.
- - Any Data Processor that we use is contractually required to maintain and protect your Data using measures that are substantially similar to those set out in this Privacy Policy or required under applicable data protection law. In case required by the applicable legislation, if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Data transmitted, stored or otherwise processed, will be notified to you and to the competent data protection authority as required (for example, unless Data is unintelligible to any person or the breach is unlikely to result in a risk to your rights and freedoms and those of others).
10. What this Privacy Policy does not cover
This Privacy Policy explains and covers the processing we carry out as Data Controller within our Website. This Privacy Policy does not cover processing carried out by subjects other than us. Regarding these cases, we are not responsible for any processing of your Data that is not covered by this Privacy Policy.
11. Usage of Data for Other Purposes
If we should need to process your Data differently or for purposes other than those indicated herein, you will receive specific notice before such processing begins.
12. Changes to the Privacy Policy
We reserve the right to adapt and/or modify this Privacy Policy at any time. We will inform you of any relevant adaptations/changes.
13. License
The icons illustrated in this Policy are “Data Protection Icons” by Maastricht University European Centre on Privacy and Cybersecurity (ECPC) CC BY 4.0.
14. Definitions
Browser: refers to programs used to access the Internet (e.g. Safari, Chrome,
Firefox, etc.).
Cookies: refers to a small text sent to your Browser from our sites or our
Partners or resellers. It allows the site to
store information such as the fact that you have visited the site, your language and other information.
Cookies
are
used for different purposes, for example, to record your preferences regarding the use of Cookies (technical
cookies),
analysing and improving our Services, and creating new services and features, or to personalize our
Services.
Data Controller:
refers to the legal person, public authority, service or other entity which, individually or
jointly, determines the purposes and means for the processing of your Personal Data.
Device: refers to the Electronic Device
(e.g. iPhone) through which you visit our Website and/or the websites and
applications of our Partners.
IP address: is a unique number used by the Browser and your Device in order
to
connect to the Internet. The Internet service
provider provides this number allowing identification of the provider and/or the approximate area where you
are
located. Without this Data, you cannot connect to the Internet and use our Services.
Other Tracking Technologies: pixel tags (trackers used with Cookies and
embedded
in web pages to track certain activities) or unique identifiers
embedded in links to commercial communications that send us information when clicked on.
Our Events: these are events / showrooms organized by us or in collaboration
with
other brands with which we have signed partnership agreements.
Partners: means third-party entities who may communicate your Personal Data
to
us
only after they have contractually assured us
that they have obtained your consent or that they have another legal basis that legitimizes their
communication/sharing of such Data with us. This definition also includes
selected Partners with whom we may share
your Data. Partners may belong to the following product sectors:
manufacturing, wholesale and retail trade,
financial,
bank, transportation and warehousing, information and communication services, professional, scientific and
technical
activities, travel agencies, business support services, artistic, sports, entertainment and amusement
activities,
activities of membership organizations, services of physical wellness centers, suppliers of electricity and
gas,
rental, e-mobility and insurance companies.
Personal Data: means any
information relating to an identified or identifiable natural person whether directly or indirectly, as well
as
any information that is linked or
reasonably linkable to a particular individual or household. For example, an email address (if it refers to
one
or more aspects of an individual), IP Addresses and Unique Identifiers are considered Personal
Data. For your convenience, we will
collectively refer to all Personal Data mentioned also as
"Data".
Processor: refers to an entity engaged by us to process your Personal Data
solely
on behalf of the Data Controllerand according to its written instructions.
Services: collectively, means all Services available on our Website.
Unique Identifiers: means information that can
uniquely identify you through your Browser and/or Device. On the Browser, your IP
Address and Cookies are
considered Unique Identifiers. On the Device, advertising identifiers provided by manufacturers, such as
Apple's IDFA and
Android's AAIG, which we use to analyze and improve our Services and creating new services and features are
considered Unique Identifiers. Please note that for these purposes and in line with the opinions of the
European
Supervisory Authorities, we do not use other unique identifiers such as MAC addresses and IMEIs as they are
not resettable
by the user.
Website: includes this Website and our social networks pages where this
Privacy
Policy is present.