JAGUAR LAND ROVER WEBSITE PRIVACY POLICY

1. WHAT YOU CAN EXPECT TO SEE FROM READING THIS PRIVACY POLICY


Jaguar Land Rover is one of the world’s leading producers of premium cars. Innovation and design give our customers experiences they love for life – anticipating and exceeding their needs and expectations. Quality and excellence are our hallmarks. Taking care of our customers is paramount.

We respect the privacy of every individual who visits our websites. This Privacy Policy explains how we use personal data received from our websites, and informs you of your data protection rights.

We realise there is a lot to read. To make it easier for you to navigate, we have adopted a layered approach. Please click on any of the below [blue] headings to open up that section. Whilst in a section, you will be able to see further information by clicking on the “Tell me more” box.

We will also help you to know when there is new information available in this Policy. We will tell you when this Privacy Policy was last updated, so you can take time to read it if it has changed since your last visit. Privacy Policy Last Updated: 17th May 2018.

2. DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING OUR WEBSITES



1. WHO WE ARE AND WHICH WEBSITES ARE COVERED BY THIS PRIVACY POLICY

Who We Are: When we refer to ‘Jaguar Land Rover’, ‘JLR’ ‘we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: Cyprus Premium Automobiles LTD, Member of Pilakoutas Group, whose registered office is at: 7, Larnacos Avenue, P.O.Box 21168, 1503 Nicosia - CYPRUS and whose registered number is: HE70689.

What this Privacy Policy covers: This Privacy Policy covers the identified Cyprus websites, that are set out in the Annex at the end. To be transparent, when you visit a JLR website not covered by this Privacy Policy, these may be controlled by other JLR group entities, or by a third party acting on our group’s behalf. We encourage you to check the Privacy Policy link at the bottom of the website you are visiting to see its privacy policy terms.

Customer Relationship Centre contact details: If you’d like to get in touch on a website related query, Jaguar Land Rover Customer Relationship Centre contact details are accessible from these web pages:


- Queries in relation to Jaguar: https://www.jaguar.com.cy/dealer-locator

- Queries in relation to Land Rover: https://www.landrover.com.cy/dealer-locator


More about the JLR Group ...


Jaguar Land Rover is part of a group of companies whose parent company is Jaguar Land Rover Automotive plc. You can find out more corporate information about Jaguar Land Rover on our website at: https://www.jaguarlandrover.com/.

Jaguar Land Rover is part of the Tata group. More information about the Tata group and the Tata companies can be found here: http://www.tata.com/aboutus/sub_index/Leadership-with-trust and http://www.tata.com/company/index/Tata-companies


2. WHAT INFORMATION WE COLLECT FROM OUR WEBSITES AND WHAT INFORMATION WE RECEIVE FROM OTHER SOURCES.


Our websites serve primarily as information portals to help you better understand our cars, products and services. We also, however, offer a number of website functions that collect information you provide to us when you ask to be kept informed, to be added to lists, events or experiences, or when you buy goods or book or request services.


The main ways we collect information from our websites:


- When you visit, or use and interact with our websites, for example to take steps to request or use online-available services, where you find out more about an event or experience or where you request any other information;

- When you enter into personalised web areas and use our websites as a way to engage with us, as a place where you can ask for personalised reminders, receive information about your vehicle, and/or request vehicle service or other information to be notified to you;

- When you contact us (via contact details made available on our websites), or send us correspondence.


Information may also be received from other sources. For example:

  • Third party support services: For the performance of our website services and to allow us to maintain appropriate records and to support ongoing queries, we may receive data about you or your website activities from our group companies or third party providers (e.g. to confirm website payments, to track website order deliveries, to support website maintenance). More information on our categories of suppliers is provided at Section 4 (Who we share personal data with) below.
  • Device data: Our websites automatically take certain device information in order to optimise your website experience (for example, allowing our website to automatically adapt screen size as appropriate for the device you are using to browse the website). This data also supports our website analytics. More information on automated data collection and cookies can be found in our Cookies policy, available via this link.
  • Marketing data: Your contact details, marketing preferences or other information may be shared with us by retailers or other third parties partners, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.
  • Public sources of data: We may use public sources of data, for example, to support website functionality (e.g. to support authenticate or fraud checks), and/or to maintain the accuracy of the data we hold. For example, we may make checks from time to time with the Department of Road Transport to check our vehicle owner information remains up to date.

    More about the personal data JLR may receive direct...
    We receive information you provide to us in your use of our websites, for example, when you add information to online forms or to data fields on our websites. We may also receive information from you by other online means, for example, if you comment on our social media pages. This will be the information that is visible to you, and may include your name, occupation, contact information (e.g. email, postal address and phone/mobile number), credit card/payment details, driving licence details, vehicle data and general information you decide to share such as your experience with JLR products and services.

    3. HOW WE USE YOUR PERSONAL DATA.
    We use personal data to manage and meet service and information requests, to understand service, vehicle and website use, and to make our products and services (including our web services) as effective as possible. For more information on our processing, and the legal grounds that are relevant, please see the “Tell me more” box below.

More about the main uses of your personal data and the legal grounds we rely on for these are…





































Applicable Legal grounds:
Maintaining and supporting website use
Where you use an online service governed by our provided online Terms and Conditions, we and our permitted third parties will process data in a number of ways that support our website services. For example, this may include the following activities: identity confirmation, any fraud and authentication checks, service delivery, administration of prize draws, competitions, membership offers, surveys and other promotional activities, any applicable payment processes and collections activities, customer support and any ongoing service communications. We may also seek to improve our services, using user experiences to strengthen our internal processes. For example, we let you know when you call us (our customer care numbers are available from our websites) that our calls may be recorded to support training, audit and quality purposes).
Necessary for contract
Legitimate Interests in running effective website services

Where personal data is required for entering into a contract, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service.
Managing your requests

We will process data in managing your requests made on or via our websites (e.g. where you request a brochure, sign up to ‘keep me informed’ or add your details into any other website data form or data field). We will also process data in providing and maintaining personalised website experiences.
Legitimate Interests in running effective website services.
Enhancing website experience

Where we pre-fill website data fields to enhance and streamline your online experience.
Legitimate Interests in enhancing, simplifying and streamlining website experiences.
Internal research and development

For internal research, development, analytics, analysis and reporting purposes, e.g. to monitor current vehicle performance, predict trends or performance, develop new functions, products and services, or to evidence compliance with regulatory requirements.
Legitimate Interests in assessing and improving performance, managing compliance, monitoring trends and developing new products.
Marketing activities

We will obtain your consent to market communications to you using electronic means (e.g. email, text etc.), and may share your details for electronic marketing communications with our network of independent third parties, where you give consent for this to happen. We will also comply with cookie obligations where we use cookies on our website.

Other marketing activities will happen assessed on the Legitimate Interests ground. e.g. where we tailor marketing communications or send targeted marketing messages via post or social media and other third party platforms; and in providing existing customers with information about similar products and services. In order to improve the services we offer via our websites, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.

We will use profiling and carry out research and analytics activities to inform our marketing strategies, to create a better understanding of our customers and visitors; to support our website advertising, and to better improve the website information, functionality and the services we provide.
Consent
Note: Where we collect your personal data with consent, you may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 7 below for further details. (This right doesn’t effect the lawfulness of processing that was based on that consent before its withdrawal.)

Legitimate Interests for direct marketing purposes
Records maintenance and general administration

To maintain our records, administer and maintain our websites, support your queries and any other internal operations and administrative purposes (for example, this will include troubleshooting, testing, supporting our audit requirements and in responding to any enquiries you may make, including any data protection rights you raise).
Legitimate Interests in maintaining appropriate websites, records and service administration
Network and information security

To maintain our network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access. And to maintain appropriate server locations (for example, we may work with third parties to support appropriate use of cloud services).
Legitimate Interests as appropriate for ensuring network and information security
Corporate acquisitions and disposals

Any data processed as is necessary in the context of corporate acquisitions or disposals
Management of legal and regulatory requirements

To manage legal and regulatory requests and requirements, meet or defend legal rights or for the prevention/detection of crime, (including where required to assist the Tax Department, law enforcement agencies such as the Police, the Department of Road Transport or any other public authority or criminal investigation body, or for the safeguarding of national security).
Legitimate business Interests
Legal Obligation
Legitimate Interests in complying with law and regulation, including responding to regulators
Legal Obligation
Service communications

In the event we communicate to you an urgent safety or product recall notices.
Vital interests
Legal Obligation

4. WHO WE SHARE PERSONAL DATA WITH.

We may share your personal data with:

  • Those third parties who need to handle it so we can provide to you the products, services you have signed up to or requested, for example, to provide or offer finance or credit, insurance, to provide marketing and advertising support services and for optimised website services.
  • With our network of retailers, authorised repairers and where relevant our importers network (together our “retail network”), so as to be able to fulfil requests for goods, services, etc., and for assessment and training, to be able to enhance the quality of the services you obtain when interacting with our Retail Network.
  • Jaguar Land Rover group companies in line with the data uses set out in this Privacy Policy.
  • Third parties in the event we sell or buy any business or assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.

We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.

More about Suppliers...

We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example payment processors, information technology such as hosting service providers, marketing and digital advertising support services, customer services and relationship handling, service and system specialists, website analytics support, online store shipping, delivery and support for events and experiences.

More about JLR Group companies, and how they may provide service support ...

As a member of the Tata Group of companies, we can benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us may be accessed by members of our group of companies only as necessary for service and system maintenance and support, aggregate analytics, business continuity, IT and administrative purposes. For example where necessary to support particular website enquiries, or to provide technical support that maintains website functionality.

More about Public bodies, law enforcement and regulators ...

From time to time, the police, other law enforcement agencies and regulators can request personal data, for example for the purposes of preventing or detecting crime, or apprehending or prosecuting offenders.


5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS.

The Jaguar Land Rover Cyprus websites use servers which are hosted in the EU. However we may share website personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.

More about the adequacy checks JLR puts in place for international data transfers …

Where JLR chooses to share personal data with a third party located outside the EU, the following factors are assessed to support adequate transfer of this data:


- Internal checks to identify the existence or absence of any adequacy decision by the European Commission.
We have group companies, and use suppliers located in countries that have been approved by the European Commission as having essentially equivalent data protection laws. A full list of these countries as at the date of this Privacy Policy is: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay and the Isle of Man. (The European Commission has also approved as adequate the EU-US Privacy Shield programme – this is described below). This list and information about the protections the European Commission has considered is available via this link.

- Use of measures like European Commission approved measures to support adequate transfers of personal data. We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission. We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers). We may work with suppliers who are able to demonstrate to us they are Privacy Shield certified.

To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location.

To see a full list of approved Binding Corporate Rules, please click this link.

A full list of Privacy Shield participants, and their Privacy Shield certification information is available from this website link.



6. HOW LONG WE HOLD PERSONAL DATA FOR.


We’ll keep your personal data for as long as we need it to provide the products and services you’ve signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests and to enforce our rights.

The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.



7. YOUR DATA PROTECTION RIGHTS.

You have rights in connection with your personal data, including: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.

We try to ensure that we deliver the best levels of customer service. if you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using either of the email addresses below, and add into the subject header that it relates to your data protection rights. These Customer Relationship email addresses are the appropriate contact details for our Data Protection Officer where queries are data protection related:

- g.hagiannis@pilakoutasgroup.com.cy


If you are not happy and have a data protection related complaint, please contact us direct at this email address: DPOffice@pilakoutasgroup.com.cy. If you are not satisfied, you also have the right to complain to the Office of the Commissioner for Personal Data Protection.



More about my data subject rights ...

If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.

You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.

In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.

More about how I can get in touch with the Office of the Commissioner for Personal Data Protection …

The Office of the Commissioner for Personal Data Protection (the Commissioner) is the supervisory authority that regulates personal data in the Republic of Cyprus. You can get in touch with the Commissioner in any of the following ways:

By going to their website: www.dataprotection.gov.cy

By giving them a call on +357 22818456

By sending them an email on commissioner@dataprotection.gov.cy

or by writing to them. Their address is: Office of the Commissioner for Personal Data, 1 Iasonos street, 1082 Nicosia, Cyprus.

8. LINKS TO OTHER WEBSITES


Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites ‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.

9. KEEPING YOUR INFORMATION SECURE

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We require all of our services providers to have appropriate measures in place to maintain the security of your information.

Where we have given you (or where you have chosen) a password that enables you to access any personalised area in a JLR website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.

Which JLR websites are covered under this Privacy Policy


This Privacy Policy covers those websites identified below. These are JLR websites for which Jaguar Land Rover Limited is a data controller.

Jaguar Land Rover is responsible for the processing any personal data you provide to us through these websites:

https://www.jaguar.com.cy/

https://www.landrover.com.cy/

https://www.pilakoutasgroup.com.cy



In this Privacy Policy we refer to these as ‘the Cyprus JLR website pages’ or ‘our websites’.

For transparency this Privacy Policy does not cover all JLR branded websites, and we would always encourage you to click the Privacy Policy link of the website you are visiting to see the privacy information that applies.

Please note, these fall outside the scope of this Privacy Policy, and will be covered by their own Privacy Policy terms.