Privacy

Information on the processing of personal data (“Privacy Policy”)

If you are reading this document (“Privacy Policy”), it is because you are visiting this website (“Website”).
This Privacy Policy has been prepared pursuant to art. 13 of EU Regulation 679/2016 (hereinafter “GDPR”) and provides you with some examples of how we process your Personal Data. For any clarification regarding this Privacy Policy or the methods of processing your Personal Data, please send your request to: dataprotectionofficer@stellantis.com. The information and Data provided by you or otherwise acquired will be processed in compliance with the provisions of the GDPR and the confidentiality obligations that inspire the activity of the Data Controller. From this Website it may be possible to connect through special links to other third-party websites. For such processing activities, we invite you to consult the respective privacy policies. The Data Controller declines any responsibility for any management of Personal Data by such third-party websites.

1. Who we are

STELLANTIS N.V., with registered office in Hoofddorp (Netherlands), Taurusavenue 1, 2132 LS (hereinafter also “we” or “us”) is the Data Controller of your Personal Data (hereinafter “Data”).

2. What Data we collect and process

We collect Data from our Website. The Data collected and the related processing purposes depend on the management of the settings of the Browser and the Device in use.
The purposes for collecting your Personal Data are indicated in the section “Why we collect and process your Data and legal basis”.

a) Data provided by the user

When you use this Website, you may provide us with Personal Data. This is the case, for example, when you send communications to the addresses indicated on the Website, when you use any contact forms, when you participate in one of Our Events or when you subscribe to one of our services (e.g., newsletter) or participate in one of our surveys.
If you provide us with third-party data, you will be held responsible for having shared such information. You must be legally authorized to share it (i.e., authorized by a third party to share their information, or for any other legitimate reason). You shall indemnify us against any liability in the event of any complaints, claims or demands for damages which may arise from the processing of third-party Personal Data in violation of applicable data protection law.

b) Data collected by the Browser and the Device

When you use our Website, we collect information on the Browser and Device you are using.  This information includes your IP Address, the date, time and the requested URL, the Unique Identifiers and other information such as the type of your Browser or Device. Information related to your Browser or Device may include your operating system, language, network settings, telephone operator or internet provider, installed third-party applications and plug-in lists.   
Some of this information is collected using Other Tracking Technologies that are on your Browser or Device. 

3. Why we collect and process your Data and legal basis

Your Data serves the following purposes:

a. Provide our Services and related support

Allow navigation of the Website and the provision of services requested by you from time to time to the Data Controller (for example participation in Our Events, newsletters, surveys, contact requests, information, “Provision of the service”). This processing is based on the execution of a contractual obligation or pre-contractual measures taken at your request, unless consent is requested by a local regulation.

b. Statistical purposes

For statistical purposes, without it being possible to trace your identity (“Statistics”). It should be noted that this processing is not performed on your Data and therefore it can be freely carried out by the Data Controller. This processing is based on the legitimate interest of the Data Controller. 

c. Complying with legal obligations

We may use your Data to comply with legal obligations and orders to which we are subject, which are the legal basis for the processing of your Data.
Some legislation may require us to share your Data with public authorities. If this sharing is not required by law in your country, we may still send your Data, as explained in more detail in the following purpose “Protection of our interests and your interests”.

d. Protection of our interests and your interests

To the extent permissible under applicable data protection law, we may need to use your Data to detect, react to and prevent fraudulent and illegal behavior or activities which could compromise the security of our Services and our Website and Application. This may occur when you use our Website in ways other than as permitted, or if you engage in inappropriate behavior at Our Events. These purposes also include audits and assessments of our business operations, security audits, financial controls, records and information management program, and otherwise related to the administration of our general business, accounting, record keeping and legal functions.
These purposes are based on our legitimate interest in safeguarding our interests and protecting our users, including you. 

4. How we use your Data (processing methods)

Data collected for the purposes indicated above is processed both manually and via automated processing, namely, through programs or algorithms that analyze the Data inferred by your activities and the Data collected by the Browser and the Device.

5. How We May Disclose Your Data

We may disclose your Data to the following recipients and/or categories of recipients (“Recipients”):

  • Persons authorized by us to perform any of the data-related activities described in this document: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
  • Our Data Processors: external subjects to whom we delegate some processing activities. For example, security system providers, accounting and other consultants, data hosting providers, banks, insurance, etc. We have signed agreements with each of our Data Processors to ensure that your Data is processed with appropriate safeguards and only according to our instructions;
  • System administrators: our employees or those of Data Processors to whom we have delegated the management of our IT systems and are therefore able to access, modify, suspend or limit the processing of your Data. These subjects have been selected, adequately trained and their activities are tracked by systems that they cannot modify, as required by the provisions of our competent Supervisory Authority;
  • Law enforcement or any other authority whose provisions are binding on us: this is the case when we have to comply with a judicial order or the law or defend ourselves in legal proceedings.

6. Where your Data is located

We are a global company and our services are available in multiple jurisdictions around the world. This means that your Data may be stored, accessed, used, processed and disclosed outside your jurisdiction, including within the European Union, the United States of America or any other country where our Data Processors and sub-processors are located, or where their servers or cloud computing infrastructure may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with applicable data protection laws, including EU legislation to which we are subject. Where required by EU data protection law, transfers of your Data to Recipients outside the EU will be subject to appropriate safeguards (such as EU Standard Contractual Clauses for data transfers between EU countries and non-EU countries), and/or other legal basis according to the EU legislation. For more information about the safeguards implemented by us to protect Data transferred to third countries outside the EU, you can write to us at: dataprotectionofficer@stellantis.com.

7. How long we keep your Data

Data processed for the purposes of Providing our Services and related support (see Section 3.a) and Protection of our interests and your interests (see Section 3.d) will be kept for the time strictly necessary to achieve those same purposes, except for the purposes of Section 3.a) until your possible opposition. However, the Data might be stored for a longer period in case of potential and/or actual claims and resulting liabilities and/or in case of other mandatory legal retention requirement and/or storage obligations.
Data processed to comply with legal obligations (see Section 3.c) will be retained for the period foreseen by the laws and regulations.
You can ask us for more information on our data retention criteria and policy by writing to us at: dataprotectionofficer@stellantis.com.

8. How to control your Data and manage your choices

At any time, you can ask to:

  • Access your Data (right of access): depending on your use of our Services, we will provide the Data we have about you;
  • Exercise your right to portability of your Personal Data (right to data portability): according to your use of our Services, we will provide you with an interoperable file containing the Data we have about you;
  • Correct your Data (right to rectification): for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
  • Limit the processing of your Data (right to restriction of processing): for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
  • Delete your Data (right to erasure): for example, when you do not want to use our Services and may not want us to retain your Data any longer;
  • Object to processing activities (right to object);
  • Withdraw your consent (right to withdrawal).

You can exercise the above rights or express any concern or make a complaint regarding our use of your Data directly at: privacyrights_fom@freedomofmobilityforum.org.

At any time, you can also:

9. How we protect your Data

We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of Data under our control. For example:

  • We ensure that your Data is only accessed and used by, transferred or disclosed to Recipients that need to have access to such Data.
  • We also limit the amount of Data accessible, transferred or disclosed to Recipients to only what is necessary to fulfill the purposes or specific tasks performed by the Recipient.
  • The computers and servers where your Data is stored are kept in a secure environment, are password controlled with limited access, and have industry-standard firewalls and antivirus software installed.
  • Paper copies of any documents containing your Data (if any) are also kept in a secure environment.
  • We destroy paper copies of documents containing your Data that are no longer needed.
  • When destroying Data recorded and stored in the form of electronic files that is no longer needed, we make sure that a technical method (for example, a low-level format) ensures that the records cannot be reproduced.
  • Laptops, USB keys, mobile phones and other electronic wireless devices used by our employees who have access to your Data are protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to perform a specific task as outlined in this Privacy Policy.
  • We train our employees to comply with this Privacy Policy and conduct monitoring activities to ensure ongoing compliance and to determine the effectiveness of our privacy management practices.
  • Any Data Processor that we use is contractually required to maintain and protect your Data using measures that are substantially similar to those set out in this Privacy Policy or required under applicable data protection law.

Where required by applicable legislation, if there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Data transmitted, stored or otherwise processed, you will be notified along with the competent data protection authority, as required (unless, for example, Data is unintelligible to any person or the breach is unlikely to result in a risk to your rights and freedoms and those of others).

10. What this Privacy Policy does not cover

This Privacy Policy explains and covers the processing we carry out as Data Controller within our Website.
This Privacy Policy does not cover processing carried out by subjects other than us.
Regarding these cases, we are not responsible for any processing of your Data that is not covered by this Privacy Policy. 

11. Usage of Data for Other Purposes

If we should need to process your Data differently or for purposes other than those indicated herein, you will receive specific notice before such processing begins. 

12. Changes to the Privacy Policy

We reserve the right to adapt and/or modify this Privacy Policy at any time. We will inform you of any relevant adaptations/changes.

13. Definitions

Browser: refers to programs used to access the Internet (e.g., Safari, Chrome, Firefox, etc.).

Cookies: refers to a small text sent to your Browser from our sites or our Partners or resellers. It allows the site to store information such as the fact that you have visited the site, your language and other information. Cookies are used for different purposes, such as, to record your preferences regarding the use of Cookies (technical cookies), analyzing and improving our Services, and creating new services and features, or to personalize our Services.

Data Controller: refers to the legal person, public authority, service or other entity which, individually or jointly, determines the purposes and means for the processing of your Personal Data.

Device: refers to the Electronic Device (e.g., iPhone) through which you visit our Website and/or the websites and applications of our Partners.

IP address: is a unique number used by the Browser and your Device in order to connect to the Internet. The Internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this Data, you cannot connect to the Internet and use our Services.

Other Tracking Technologies: pixel tags (trackers used with Cookies and embedded in web pages to track certain activities) or unique identifiers embedded in links to commercial communications that send us information when clicked on.

Our Events: these are events / showrooms organized by us or in collaboration with other brands with which we have signed partnership agreements.

Partners: means third-party entities who may communicate your Personal Data to us only after they have contractually assured us that they have obtained your consent or that they have another legal basis that legitimizes their communication/sharing of such Data with us. This definition also includes selected Partners with whom we may share your Data. Partners may belong to the following product sectors: manufacturing, wholesale and retail trade, financial, bank, transportation and warehousing, information and communication services, professional, scientific and technical activities, travel agencies, business support services, artistic, sports, entertainment and amusement activities, activities of membership organizations, services of physical wellness centers, suppliers of electricity and gas, rental, e-mobility and insurance companies.

Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For example, an email address (if it refers to one or more aspects of an individual), IP Addresses and Unique Identifiers are considered Personal Data. For your convenience, we will collectively refer to all Personal Data mentioned also as “Data”.

Processor: refers to an entity engaged by us to process your Personal Data solely on behalf of the Data Controller and according to its written instructions.

Services: collectively, means all Services available on our Website.

Unique Identifiers: means information that can uniquely identify you through your Browser and/or Device. On the Browser, your IP Address and Cookies are considered Unique Identifiers. On the Device, advertising identifiers provided by manufacturers, such as Apple’s IDFA and Android’s AAIG, which we use to analyze and improve our Services and create new services and features are considered Unique Identifiers. Please note that for these purposes and in line with the opinions of the European Supervisory Authorities, we do not use other unique identifiers such as MAC addresses and IMEIs as they are not resettable by the user.

Website: includes this Website and our social network pages where this Privacy Policy is present, if any.