1. LEGAL INFORMATION
1.2 Pirelli UK Tyres Limited with registered offices at Derby Road, Burton on Trent, Staffordshire, DE13 0BH and company registration number 02622111 (hereinafter referred to as “Pirelli”, “we”, “us” or “our”, as appropriate) will act as the “Data Controller” of your Personal Data for the purposes detailed in Section 3.
2. COLLECTION OF INFORMATION
2.1 We collect personal data, which under applicable data protection legislation, in particular Regulation EU 679/2016 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (also referred to as the "GDPR"), includes information that can be used to identify you, including some or all of the following: your first and last name, address, phone number, date of birth, email address, vehicle information (including registration number, VIN, the vehicle’s make and model, service reminders, the use of the vehicle and mileage), the date and time you purchased any of our products or services and from who, device information, GPS information, your IP address, the pages you visited on our website, your social media profile/ accounts, voice recordings of calls you make to our contact centre, any information within correspondence you send to us and, where you contact us in the course of a business or trade, we may collect your job title, company contact details and other company details (hereinafter as "Personal Data").
2.2 We collect your Personal Data when you use our website, applications, attend any of our events, purchase our goods or services or when you contact or interact with us, which includes sales and marketing activities.
2.3 We also obtain Personal Data from Pirelli & C. S.p.A. and/or any of its subsidiaries incorporated in Europe (“Group Companies”) and other third parties including, for example, companies that handle services on our behalf, authorised dealers or sellers of our products or services, government departments or public directories. We may also request additional information from you in certain circumstances. When we receive this information we add it to the information we already hold about you in order to help us make sure that your details are as up to date and as accurate as possible.
3. USE OF PERSONAL DATA
There are various ways in which we may process your Personal Data however we will only process this information for the purpose for which it has been collected unless we inform you otherwise prior to any further processing. We have set out below the ways we may use your Personal Data along with the legal grounds for processing this information
We may use your Personal Data where it is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us (or any companies that act on our behalf). If we did not process your Personal Data then we would not be able to provide you with the products or services requested.
Sometimes we will ask you to provide us with your consent to allow us and the Group Companies to process your Personal Data so that both Pirelli and the Group Companies can contact you from time to time about promotions, contests, events, products, services or information which we think may be of interest to you by email.
You can always limit the marketing communications that Pirelli sends to you. To refuse future marketing correspondence, simply click the link labelled “unsubscribe” at the bottom of any email Pirelli sends you or contact us at email@example.com.
We may process your Personal Data where we are under a legal obligation to do so.
Sometimes we may need to process your Personal Data if there is something urgent we need to discuss with you, for example, to advise you of any safety or product concerns.
We may use or process your Personal Data where it is necessary for us to carry out activities which are in our legitimate interest as a business to do so. In order to rely on this legal ground we have to consider the impact the processing has on your interests and ensure that we implement appropriate safeguards so that your privacy is protected. We have set out the legitimate interests that apply to our business below:
Processing necessary for us to assist you with sales and any other enquiries:
To respond to correspondence received from you (which includes requests for product information, enquiries regarding products or services you are providing to us in a business context along with dealing with any complaints and/or other queries);
To enable us to provide products or services along with any other support necessary.
Processing necessary for us to understand customers’ and drivers’ needs:
To analyse evaluate and improve our products and services;
To undertake market analysis and research so that we can better understand customers’ requirements including driver behavioural data.
Processing necessary for us to promote our business, brands and products and to measure the effectiveness of our marketing campaigns:
To send you marketing information from time to time after you have purchased a product or service, made an enquiry, attended any of our marketing events or requested information from us;
To contact you from time to time with marketing information if you are acting on behalf of a business or where we have obtained your Personal Data from any of our Group Companies, our service providers or any public directory. (You can, of course, always unsubscribe to any of these communications);
To administer competitions, activities, initiatives and promotions that you enter and to distribute the prizes.
Processing necessary for us to operate the administrative and technical aspects of our business:
To enable us to accept your application to register as a user on our website or applications;
For network and information security purposes;
To comply with a request from you in connection with the exercise of your rights;
To inform you of updates in any of our key documentation (including our terms and conditions)
4. SHARING OF PERSONAL DATA
We may share your Personal Data when authorised by law or as follows (but please note that we will not sell your Personal Data to third parties):
Group companies. Your Personal Data may be shared with Pirelli & C. S.p.A. and/or any of its subsidiaries incorporated in Europe.
Third party or affiliated service providers. Your Personal Data may also be processed by service providers, including authorised dealers that we use to facilitate or outsource one or more aspects of the operation of our business. These service providers are subject to confidentiality agreements with us and other legal restrictions that prohibit their use of the information we provide them for any purpose other than to facilitate the specific outsourced related operation, unless you have explicitly agreed or given your prior permission to them for additional uses.
Payments by debit or credit card. In order to allow you to pay for the products and/or services purchased by debit or credit card, if applicable, your Personal Data will be processed by the selected operator of the banking circuit, which shall act as autonomous personal data controller.
As permitted or required by law. In certain cases, we may be required to provide Personal Data in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful or in violation of applicable laws. We may release certain Personal Data when we believe that such release is reasonably necessary to protect the rights, property, and safety of others and ourselves, or to detect, prevent, or otherwise address fraud, security, or technical issues.
5. YOUR PRIVACY RIGHTS
You have several privacy rights in accordance with the GDPR. You have the right to access to your Personal Data processed by us, correct it, delete it, limit/restrict the processing of your data that can be performed by us, you have the right to transfer your Personal Data and the right to be notified about any possible data breaches. In order to exercise your rights you can contact us at firstname.lastname@example.org You can also lodge a complaint with the Information Commissioner’s Officer. Their contact details can be found on their website at www.ico.org.uk. We may not be able to accommodate every request related to certain information if we believe this would violate any law or other legal requirement, or other data subjects' rights.
6. RETENTION OF PERSONAL DATA
We will retain your Personal Data for: (i) as long as any of your accounts remain active (if applicable); (ii) as needed to provide you with services and products, if any; (iii) for the period mandatorily requested by the GDPR with respect to Personal Data collected for purposes of specific activities, initiatives or contests; (iv) for marketing purposes, for a period of 2(two) years from the end of last communication from us, unless otherwise requested by you. We will also retain your Personal Data as necessary to comply with our legal obligations (eg. keep a record of your transactions for administrative purposes), resolve disputes, and enforce our rights (i.e. to defend any claims). We will delete your Personal Data upon your request, if permitted, in accordance with the GDPR.
7. WHERE WE STORE YOUR PERSONAL DATA
We will store your Personal Data on our IT systems which are based in the European Union.
8. PRIVACY POLICIES OF THIRD PARTIES
9. LIMITATIONS TO MINORS’ PERSONAL DATA
If you are a minor, please do not provide us any Personal Data about yourself without the provision of adequate consent by the holder of parental responsibility over you. If we learn that we have collected Personal Data from a minor, without the holder of parental responsibility's consent, we will promptly delete that information. If you believe we have collected Personal Data from a minor, please contact us at email@example.com
10. SECURITY OF PERSONAL DATA
10.1 We have security protocols in place to protect your Personal Data from unauthorised access, improper use or disclosure, unauthorised modification, and unlawful destruction and accidental loss. We only allow access to our databases when necessary, and then under strict guidelines as to what use may be made of such data.
10.2 It is your responsibility to protect the security of your login information, and we recommend that you use a unique password for our website that is different from the password you may use on any other site.
12. HOW TO CONTACT US