365 china

If you are reading this Privacy Policy, it is because you are visiting this website (“Website”). This Privacy Policy provides you with explanations on how we process your personal data (“Personal Data”, “Data”), your rights and contact details. Definitions (in capital letters/marked blue) providing more detailed explanations can be found at the end of this document.

For any clarification regarding this Privacy Policy or the methods of processing your Personal Data, please send your request to: dataprotectionofficer@stellantis.com.

From this Website it may be possible to connect through dedicated links to other third-party websites. For such processing activities, we invite you to consult the respective privacy policies. The Controller does not accept any responsibility for any management of Personal Data by such third-party websites.

STELLANTIS N.V., with registered office in Amsterdam, Netherlands, and operating office located at Taurusavenue 1, 2132 LS, Hoofddorp, Netherlands (hereinafter also “we” or “us”) is the Controller for the processing of your Personal Data.

We collect Data from our Website. The Data collected and the related processing purposes depend on the management of the settings of the Browser and the Device in use.

The purposes for collecting your Personal Data are indicated in the section “Why we collect and process your Data and legal basis”.��
��

a)��Data provided by the user

When you use this Website, you may provide us with Personal Data. This is the case, for example, when you send communications to the addresses indicated on the Website, when you use any contact forms, when you participate in one of Our Events or when you subscribe to one of our Services (e.g., newsletter) or participate in one of our surveys.
If you provide us with third-party data, you will be held responsible for having shared such information. You must be legally authorized to share it (i.e., authorized by a third party to share their information, or for any other legitimate reason).

b) Data collected by the Browser and the Device

When you use our Website, we collect information on the Browser and Device you are using. This information includes your IP Address, the date, time and the requested URL, and other information such as the type of your Browser or Device. Information related to your Browser or Device may include your operating system, language, network settings, telephone operator or internet provider, installed third-party applications and plug-in lists. More information about this can be found in our Cookie Policy.

Your Data serves the following purposes:
��

a. Providing our Services and related support

Allow navigation of the Website and the provision of Services requested by you from time to time to the Controller (for example newsletters, surveys, contact requests, information, downloads of documents). This processing is based on the execution of a contractual obligation, or pre-contractual measures taken at your request, unless consent is required by a local regulation.

b. Statistical purposes

For statistical purposes. This processing is based on the legitimate interest of the Controller, unless consent is required by a local regulation.

c. Complying with legal obligations

We may use your Data to comply with legal obligations and orders to which we are subject, which are the legal basis for the processing of your Data. Some legislation may require us to disclose your Data to public authorities. If this disclosure is not required by law in your country, we may still send your Data, as explained in more detail in the following purpose “Protection of our interests and your interests”.

d. Protection of our interests and your interests

To the extent permissible under applicable Data Protection Law, we may need to process your Data to detect, react to and prevent fraudulent and illegal behavior or activities which could compromise the security of our Services and our Website. This may occur when you use our Website in ways other than as permitted, or if you engage in inappropriate behavior at Our Events. These purposes also include audits and assessments of our business operations, security audits, financial controls, records and information management program, and otherwise related to the administration of our general business, accounting, record keeping and legal functions.
These purposes are based on our legitimate interest in safeguarding our interests and protecting our users, including you.��

Data collected for the purposes indicated above is processed both manually and via automated processing, namely, through programs or algorithms that analyze the Data inferred by your activities and the Data collected by the Browser and the Device.

We may disclose your Data to the following recipients and/or categories of recipients (“Recipients”):

• Persons authorized by us to perform any of the Data-related activities described in this document: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
• Our Processors: external subjects to whom we delegate some processing activities. For example, security system providers, accounting and other consultants, data hosting providers, etc. We have signed agreements with each of our Processors to ensure that your Data is processed with appropriate safeguards and only according to our instructions;
• System administrators: our employees or those of Processors to whom we have delegated the management of our IT systems and are therefore able to access, modify, suspend or limit the processing of your Data. These subjects have been selected, adequately trained and their activities are tracked by systems that they cannot modify, as required by the provisions of our competent supervisory authority;
• Third parties: we may disclose your Data to companies acting as autonomous Controller to fulfil your requests (e.g., credit institutions);
• Law enforcement or any other authority whose provisions are binding on us: this is the case when we have to comply with a judicial order or the law or defend ourselves in legal proceedings.

We are a global company, and our Services are available in multiple jurisdictions around the world. This means that your Data may be stored, accessed, used, and disclosed (processed) outside your jurisdiction, including within the European Union, the United States of America or any other country where our Processors and sub-processors are located, or where their servers or cloud computing infrastructure may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with applicable Data Protection Laws, including EU legislation to which we are subject. Where required by law, transfers of your Data to Recipients will be subject to appropriate safeguards (such as Standard Contractual Clauses). For more information about the safeguards implemented by us to protect Data, you can write to us at: dataprotectionofficer@stellantis.com.

Data��processed for the purposes of Providing our Services and related support (see Section 3.a) and Protection of our interests and your interests (see Section 3.d) will be kept for the time strictly necessary to achieve those same purposes, except for the purposes of Section 3.b) until your object or withdrawal your consent. However, the Data might be stored for a longer period in case of potential and/or actual claims and resulting liabilities and/or in the case of other mandatory legal retention requirement and/or storage obligations.

Data processed to comply with legal obligations (see Section 3.c) will be retained for the period provided by applicable laws and regulations.

You can ask us for more information on our data retention criteria and policy by writing to us at: dataprotectionofficer@stellantis.com.

To the extent provided by applicable Data Protection Laws, you have the right to:

• Access your Data (right of access): depending on your use of our Services, we will provide the Data we have about you;
• Exercise your right to portability of your Personal Data (right to data portability): according to your use of our Services, we will provide you with an interoperable file containing the Data we have about you;
• Correct your Data (right to rectification): for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
• Limit the processing of your Data (right to restriction of processing): for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
• Delete your Data (right to erasure): for example, when you do not want to use our Services and may not want us to retain your Data any longer;
• Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
• Object to processing activities (right to object);
• Withdraw your consent (right to withdrawal);
• Lodge a complaint to your competent supervisory authority.

The data protection supervisory authority competent for us is Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ The Hague, Netherlands, .

Please find a list of data protection supervisory authorities to allow you to choose your competent authority by selecting your country: . If your supervisory authority is not listed, you can contact us for more information.

Depending on your residence, Data Protection Laws might apply that provide you with additional rights. Please find a non-exhaustive overview here:

• Australia: Right to anonymity and pseudonymity. While this means that you may withhold giving us your name, or use a fictitious name, it also means that we may not be able to provide a Service to you, or to fulfill a request, such as when you ask for access to your Data.
  
  
• California (U.S.): You have the right to opt-out of the sale or sharing of your Data by the Controller (where applicable) and the right to receive non-discriminatory treatment for the exercise of these rights.
  
  
• New Zealand: You have the right to a response in relation to your request for access to, or correction of your Data within 20 working days of us receiving the request.

You can exercise the above-mentioned rights or express any concern or make a complaint regarding our use of your Data directly at: .

At any time, you can contact our Data Protection Officer here: dataprotectionofficer@stellantis.com.��

We take reasonable precautions from a physical, technological and organizational point of view to prevent the loss, misuse, or modification of Data under our control. For example:

• We ensure that your Data is only accessed and used by, transferred or disclosed to Recipients that need to have access to such Data.
• We also limit the amount of Data accessible, transferred or disclosed to Recipients to only what is necessary to fulfill the purposes or specific tasks performed by the Recipient.
• The computers and servers where your Data is stored are kept in a secure environment, are password controlled with limited access, and have industry-standard firewalls and antivirus software installed.
• Paper copies of any documents containing your Data (if any) are also kept in a secure environment.
• We destroy paper copies of documents containing your Data that are no longer needed.
• When destroying Data recorded and stored in the form of electronic files that is no longer needed, we make sure that a technical method (for example, a low-level format) ensures that the records cannot be reproduced.
• Laptops, USB keys, mobile phones and other electronic wireless devices used by our employees who have access to your Data are protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to perform a specific task as outlined in this Privacy Policy.
• We train our employees to comply with this Privacy Policy and conduct monitoring activities to ensure ongoing compliance and to determine the effectiveness of our privacy management practices.
• Any Processor that we use is contractually required to maintain and protect your Data using measures that are substantially similar to those set out in this Privacy Policy or required under applicable Data Protection Laws.

Where required by applicable legislation, if there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Data transmitted, stored or otherwise processed, you will be notified along with the competent data protection authority, as required (unless, for example, Data is unintelligible to any person or the breach is unlikely to result in a risk to your rights and freedoms and those of others).

This Privacy Policy explains and covers the processing we carry out as Controller within our Website.
This Privacy Policy does not cover processing carried out by subjects other than us. Regarding these cases, we are not responsible for any processing of your Data that is not covered by this Privacy Policy.��

If we should need to process your Data differently or for purposes other than those indicated herein, you will receive specific notice before such processing begins.

We��reserve the right to adapt and/or modify this Privacy Policy at any time. We will inform you of any relevant adaptations/changes.

Browser: refers to programs used to access the internet (e.g., Safari, Chrome, Firefox, etc.).

Controller: refers to the legal person, public authority, service or other entity which, individually or jointly, determines the purposes and means for the processing of your Personal Data.

Data Protection Laws: laws and regulations in various jurisdictions worldwide that apply to the processing of personal data.

Device: refers to the electronic Device (e.g., iPhone) through which you visit our Website and/or the websites and applications of our Partners.

IP address: is a unique number used by the Browser and your Device in order to connect to the internet. The internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this Data, you cannot connect to the internet and use our Services.

Our Events: these are events/showrooms organized by us or in collaboration with other brands with which we have signed partnership agreements.

Partners: means third-party entities who may communicate your Personal Data to us only after they have contractually assured us that they have obtained your consent or that they have another legal basis that legitimizes their communication/sharing of such Data with us. This definition also includes selected Partners with whom we may share your Data. Partners may belong to the following product sectors: manufacturing, wholesale and retail trade, financial, bank, transportation and warehousing, information and communication services, professional, scientific and technical activities, travel agencies, business support services, artistic, sports, entertainment and amusement activities, activities of membership organizations, services of physical wellness centers, suppliers of electricity and gas, rental, e-mobility and insurance companies.

Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For example, an email address (if it refers to one or more aspects of an individual), IP Addresses are considered Personal Data. For your convenience, we will collectively refer to all Personal Data mentioned also as “Data”.

Processor: refers to an entity engaged by us to process your Personal Data solely on behalf of the Controller and according to its instructions.

Recipient: refers to a natural or legal person, public authority, agency, or other body, to which the Personal Data are disclosed, whether a third party or not.

Services: collectively, means all Services available on our Website.

Website: includes this Website and our social network pages where this Privacy Policy is present.