Information on the processing of personal data ("Privacy Policy")
If you are reading this document ("Privacy Policy"), it is because you are visiting this website ("Website").
This Privacy Policy has been developed in accordance with Article 13 of EU Regulation 679/2016 (hereinafter "GDPR"), and gives you some examples of how we process your Personal Data. For any clarification regarding this privacy policy or the methods of processing your Personal Data, please send your request to: dataprotectionofficer@stellantis.com. The information and data you provide to us or have otherwise obtained will be treated in accordance with the provisions of the DPR and the confidentiality obligations that inform the Data Controller's activity. From this Website, it may be possible to connect through special links to other third-party websites. For such processing activities, we invite you to consult the respective privacy policies. The Data Controller declines any responsibility for the management of Personal Data by these third-party sites.
1. Who we are
Automobiles Peugeot with its registered office at 2-10 boulevard de l'Europe, 78 300 Poissy (hereinafter also "we" or "us") is the Data Controller of your Personal Data (hereinafter "Data").
2. What data we collect and process
We collect Data from our Website. The Data collected and the related processing purposes depend on the management of the browser and the device used.
The purposes for collecting your Personal Data are set out in the section "Why we collect and process your data and your legal basis".
a) Data provided by the user
When you use this website, you may provide us with Personal Data. This is the case, for example, when you send communications to the addresses listed on the website, when you use contact forms, when you participate in one of Our events or when you subscribe to one of our services (e.g. a newsletter) or participate in one of our surveys.
If you provide us with third-party data, you will be held responsible for sharing that information. You must be legally authorized to share it (i.e., authorized by a third party to share their information, or for any other legitimate reason). You will indemnify us against any and all claims, claims or claims for damages that may arise from the processing of personal data of third parties, in violation of applicable data protection law.
b) Data collected by the browser and the device
When you use our website, we collect information about the browser and device you are using. This information includes your IP address, the date, time, and URL requested, unique identifiers, and other information such as your browser or device type. Your browser or device information may include your operating system, language, network settings, telephone carrier or internet provider, installed third-party applications, and plug-in lists.
Some of this information is collected using cookies and other tracking technologies that are located on your browser or device. For more information about cookies, see our Cookie Policy.
3. Why we collect and process your data and your legal basis
Your data is used for the following purposes:
has. Providing our services and related support
to enable the navigation of the Website and the provision of services that you request from the Data Controller from time to time (e.g., newsletters, surveys, contact requests, information, uploading documentation to the Website, "Provision of the Service"). This processing is based on the fulfilment of a contractual obligation or pre-contractual measures taken at your request;
b. Statistical purposes
for statistical purposes, without it being possible to trace your identity ("Statistics"). It should be noted that this processing is not performed on the data and can therefore be freely performed by the data controller. This processing is based on the legitimate interest of the data controller.
c. Compliance with legal obligations
We may use your Data to comply with legal obligations and orders to which we are subject, which are the legal basis for processing your Data.
Certain laws may require us to share your data with public authorities. If this sharing is not required by the law of your country, we may still send your data, as explained in more detail for the following purpose "Protecting our interests and your interests".
d. Protection of our interests and your interests
To the extent permitted by applicable data protection law, we may need to use your Data to detect, respond to, and prevent fraudulent and illegal behavior or activity that could compromise the security of our Services and website and its application. This may occur when you use our Website in a manner other than permitted, or if you engage in inappropriate behaviour at Our events. These purposes also include audits and evaluations of our business operations, security audits, financial controls, records and information management program, and other aspects related to the administration of our general business, accounting, recordkeeping and legal functions.
These purposes are based on our legitimate interest in protecting our interests and our users, including you.
4. How to use your data (processing methods)
The data collected for the purposes indicated above is processed manually and by automated processing, i.e. through programs or algorithms that analyze the data deduced from your activities and the data collected by the browser and device.
5. How we may disclose your data
We may disclose your Data to the following recipients and/or categories of recipients ("Beneficiaries"):
- Persons authorised by us to carry out any data-related activities described herein: our employees and collaborators who have undertaken an obligation of confidentiality and comply with specific rules regarding the processing of your Data;
- Our Data Processors: external subjects to whom we delegate certain processing activities. For example, security system providers, accounting and other consultants, data hosting providers, banks, insurance companies, etc. We have signed agreements with each of our Data Processors to ensure that your data is processed with appropriate safeguards and only according to our instructions;
- System administrators: our employees or those of the Data Processors to whom we have delegated the management of our IT systems and who can thus access, modify, suspend or limit the processing of your Data. These subjects have been selected, have received adequate training and their activities are monitored by systems that they cannot change, as required by the provisions of our competent supervisory authority;
- Enforcement or other authority bound by the provisions of the law: This is the case when we need to comply with a court order or the law or defend ourselves in a legal proceeding.
6. Location of your data
We are a global company and our Services are available in multiple jurisdictions around the world. This means that your Data may be stored, accessed, used, processed, and disclosed outside of your jurisdiction, including within the European Union, the United States of America, or any other country where our Processors and Subprocessors are located, or in locations where their servers or cloud computing infrastructure may be hosted. We ensure that the processing of your Data by our Recipients complies with applicable data protection laws, including European law to which we are subject. Where required by European data protection law, transfers of your Data to Recipients located outside the EU will be subject to adequate safeguards (such as the relevant EU Standard Contractual Clauses for data transfers between EU countries and third countries), and/or other legal bases in accordance with European law. If you would like more information about the safeguards we implement to protect data transferred to third countries outside the EU, please write to us at: dataprotectionofficer@stellantis.com
7. Data retention period
Data processed for the purpose of providing our services and related support (see section 3.a) and protecting our interests and your interests (see section 3.d) will be kept for the time strictly necessary to achieve those same purposes, except for the purposes of section 3.a) until you can object. However, the Data may be retained for a longer period in the event of potential and/or actual claims and resulting liabilities and/or other mandatory legal retention and/or storage obligations.
The processing of data for the purpose of complying with legal obligations (see section 3.c) will be retained for the period provided for by laws and regulations
You can ask us for more information about our criteria and data retention policy by writing to us here: dataprotectionofficer@stellantis.com.
8. How to control your data and manage your choices
At any time, you can ask to:
- Access your data (right of access): based on your use of our Services, we will provide the Data we have about you;
- Exercise your right to portability of your personal data (right to data portability): depending on your use of our Services, we will provide you with an interoperable file containing the data we have about you;
- Correct your data (right to rectification): for example, you can ask us to change your email address or phone number if it is incorrect;
- Restrict the processing of your data (right to restriction of processing): for example, when you believe that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
- Delete your data (right to erasure): for example, when you do not want to use our Services and do not want us to keep your Data for longer;
- Object processing activities (right to object);
- Withdraw your consent (right of withdrawal).
You may exercise the above rights or express any concerns or complaints about our use of your Data directly at the following address: https://privacyportal.stellantis.com.
At any time, you can also:
- contact our Data Protection Officer (DPO), here: dataprotectionofficer@stellantis.com;
- Contact the competent supervisory authority, here you will find the list of all supervisory authorities by country: https://edpb.europa.eu/about-edpb/board/members_en.
9. How to protect your data
We take reasonable physical, technological, and organizational precautions to prevent the loss, misuse, or alteration of Data under our control. Like what:
- We ensure that your Data is only accessed and used by, transferred or disclosed to recipients who need to have access to that data.
- We also limit the amount of Data accessed, transferred, or disclosed to recipients to that which is necessary to fulfill the recipient's specific purposes or tasks.
- The computers and servers where your Data is stored are kept in a secure environment, are password controlled with limited access, and have standard firewalls and antivirus software.
- Hard copies of any documents containing your Data (if any) are also kept in a secure environment.
- We destroy paper copies of documents containing your Data that are no longer needed.
- When we destroy Data recorded and stored as electronic files that are no longer needed, we ensure that a technical method (e.g., a low-level format) ensures that the documents cannot be reproduced.
- Laptops, USB sticks, mobile phones, and other wireless electronic devices used by our employees who have access to your Data are protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to perform a specific task as described in this Privacy Policy.
- We train our employees to comply with this Privacy Policy and to conduct monitoring activities to ensure ongoing compliance and determine the effectiveness of our privacy management practices.
- Any Data Processor we use is contractually required to manage and protect your data using measures substantially similar to those set out in this Privacy Policy or required under applicable data protection law.
If required by applicable law, if a breach of security resulting in the destruction, loss, alteration, unauthorized disclosure of, or access to, Data transmitted, stored, or otherwise processed, will be notified to you, as well as to the relevant Data protection authority as necessary (e.g., unless the Data is unintelligible to anyone or the breach is unlikely to result in) ...
10. What this Privacy Policy does not cover
This Privacy Policy explains and covers the processing we carry out as a Data Controller on Our Website.
This Privacy Policy does not cover processing carried out by any entity other than us.
In these cases, we are not responsible for the processing of your Data that is not covered by this Privacy Policy.
11. Use of data for other purposes
If we need to process your Data differently or for purposes other than those set out below, you will receive a specific notice before processing begins.
12. Changes to the Privacy Policy
We reserve the right to adapt and/or modify this Privacy Policy at any time. We will inform you of any relevant adaptations/modifications.
13. License
The icons illustrated in this Policy are "Data Protection Icons" from the European Centre for Privacy and Cybersecurity (ECPC) at Maastricht University CC BY 4.0.
14. Definitions
IP address: is a unique number used by the browser and your device to connect to the internet. The Internet service provider provides this number to identify the provider and/or the approximate area where you are located. Without this Data, you cannot connect to the Internet and use our Services.
Other tracking technologies: pixel tags (trackers used with cookies and embedded in web pages to track certain activities) or unique identifiers embedded in links to marketing communications that send us information when clicked.
Cookies: refers to a small text sent to your browser from our sites or from our partners or resellers. It allows the site to store information such as the fact that you have visited the site, your language, and other information. Cookies are used for different purposes, such as to save your preferences regarding the use of cookies (technical cookies), analyze and improve our services, create new services and features, or personalize our services.
Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, as well as any information related or reasonably linked to a particular person or household. For example, an email address (if it refers to one or more aspects of an individual), IP addresses, and unique identifiers are considered personal data. For your convenience, we will refer collectively to any personal data also referred to as "Data".
Unique identifiers: means information that can uniquely identify you through your browser and/or device. In the browser, your IP address and cookies are considered unique identifiers. On the Device, advertising identifiers provided by manufacturers, such as Apple's IDFA and Android's AAIG, that we use to analyze and improve our Services and create new services and features are considered unique identifiers. Please note that for these purposes and in accordance with the notices of the European Supervisory Authorities, we do not use other unique identifiers such as MAC addresses and IMEIs, as they are not reinstallable by the user.
Browser: Refers to programs used to access the Internet (e.g., Safari, Chrome, Firefox, etc.).
Our events: these are events/performance halls organized by us or in collaboration with other brands with which we have signed partnership agreements.
Partners: means third party entities that may disclose your Personal Data to us only after giving us contractual assurances that they have obtained your consent or that they have another legal basis that legitimizes their communication/sharing of such Data with us. This definition also includes certain partners with whom we may share your data. Partners may belong to the following product sectors: manufacturing, wholesale and retail trade, finance, banking, transport and warehousing, information and communication services, professional, scientific and technical activities, travel agencies, business support services, artistic, sports, entertainment and amusement activities, activities of affiliated organizations, services of physical wellness centres, electricity and gas suppliers, rental, e-mobility and insurance companies.
Device: refers to the electronic device (e.g. iPhone) through which you visit our website and/or our partners' websites and applications.
Data Controller: means the legal person, public authority, agency or other entity which, individually or jointly, determines the purposes and means of the processing of your personal data.
Services: collectively, means all Services available on our website.
Website: includes this website and our social media pages where this Privacy Policy is present.
Subcontractor: refers to an entity engaged by us to process your personal data solely on behalf of the data controller and in accordance with its written instructions.