Continental Cars Limited (“we”, “our”, “us”, “CCL”, or “the Company”) recognises its obligations as a Data Controller in terms of applicable data protection and privacy laws, mainly the General Data Protection Regulation (EU) 2016/679 as supplemented by the Data Protection Act (Chapter 586 Laws of Malta), together with other applicable laws as may be amended from time to time.
The Services constitute:
1. Data Protection Officer
The Company has appointed RSM Malta as the Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The DPO can be reached by sending an email at email@example.com .
You can also obtain information on your data, and submit any suggestions you may have, by e-mail or letter to the following address:
Continental Cars Ltd.
Princess Margaret Street
Msida, MSD 1330
2. What is Personal Information?
Personal Information is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is an individual who can be identified, directly or indirectly, by information such as name, identification number, location data, online identifier, or other data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. Personal Information excludes any information which has been rendered anonymous in such a manner that the data subject is no longer identifiable, also known as anonymous data.
3. Types of Personal Information we collect
Depending on your relationship with us, we collect, use and store different categories of Personal Information about you as follows:
4. Why and how we collect your Personal Information
4.1. Direct Data Collection
We collect and use Personal Information for business purposes. Personal Information is collected directly from you when;
Personal Information is also collected when you contact us via the contact details made available on our website; send us correspondence; and/or message us on our social media pages.
We may use your Personal Information to:
You may register for personalised services. To be able to provide such services, we will ask for your consent to use your registration details to;
Additionally, based on your consent, we will use the information called up by you on your visit to the Volkswagen portals to construct your user profile and send you specially tailored promotional offers.
When we use your Personal Information for promotional and market research, we adopt a strict data minimisation and pseudonymisation approach, and we will not share any of the information from research with any third parties outside of Volkswagen Group and Volkswagen Partners for marketing purposes, or store any of your information outside of the European Union/European Economic Area.
4.2. Indirect Data Collection
We use third party entities such as credit rating agencies, and other publicly accessible sources, when we need to carry out credit ratings or when we are trying to collect or enforce payment for outstanding bills.
5. Applicable legal grounds
We process your Personal Information where the following legal grounds apply:
6. Your consent is important to us
Subject to your consent, we may use your Personal Information to:
If you have already consented to any of the above purposes and no longer want us to use the information related to you for any of the above purposes, you have the right to withdraw consent as any time. In such cases select the unsubscribe button in our email communications or contact the Data Protection Officer by email at firstname.lastname@example.org .
In any case, we may continue to process your Personal Information if it is required by law and to meet our contractual obligations with you, such as honouring your warranty. This requirement will continue for as long as the agreement subsists and for a specified retention period thereafter, if and as required by law.
7. Volkswagen ID
The digital services listed below can be found in the myVolkswagen customer area. myVolkswagen brings together relevant information and settings for your vehicle and digital services. In this instance, Article 6, paragraph 1, letter b GDPR is, in principle, the legal basis for the processing of personal data.
Logging into or registering with Volkswagen ID is required to use the abovementioned services.
9. Log files
If you have logged into myVolkswagen with your Volkswagen ID, in the event that an error occurs, we will log the following data:
* your Volkswagen ID in the form of your username
* your vehicle identification number (if the error occurred in a function with vehicle context and you have previously added a vehicle to your Volkswagen user account)
We record this log data on the basis of a legitimate interest (Article 6, paragraph 1, letter f GDPR) in quickly eliminating errors which occur on this site and providing you with the best possible assistance in the event of an error. This log data is stored in encrypted form and deleted again automatically after 30 days.
10. Virtual garage
The virtual garage allows you to save vehicles you have ordered or already own in your Volkswagen ID so you can view your vehicles and their equipment at a glance and we can offer you convenient access to additional vehicle-related services on the website without having to identify your vehicle again. You need to enter the commission number (for vehicles still in production) or vehicle identification number (VIN; for vehicles already owned) to identify your vehicle. You then have the option to voluntarily enter more data on your vehicle (registration number, nickname) to make it easier for you to identify in the subsequent vehicle overview. If this data is already available in the Volkswagen ID, this is transmitted to the garage. If you decide to enter this data, it is also stored in the Volkswagen ID.
Images of your vehicle in production status are also displayed in this vehicle overview. These images are assigned to you based on the vehicle identification number you entered. If you would like to delete or amend your data, you can do this in Volkswagen ID.
We may store some information (commonly known as "cookies") on your computer when you look at our site. Cookies are used to enable and improve the use and functionality of the website, such as navigation and access to secure areas of the Website.
The information collected from certain cookies facilitates your use of our web site and ensures that you do not need to re-enter your details every time you visit it.
12. Sharing of your Personal Information
We may disclose information to third parties in connection with the abovementioned purposes, in the following circumstances:
However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
We will make sure that any third-party recipients have undertaken to use any Personal Information legitimately and in accordance to our written instructions or agreements. This means that they cannot use or share your Personal Information unless we have instructed them to do so. They will also be bound to retain the Personal Information in a secure manner and for the period we instruct.
13. Applicable Safeguards
13.1. Protecting Your Personal Information
We have implemented measures and policies to safeguard your Personal Information from unauthorised access or improper use and will continue to update these measures as new technology becomes available.
13.2. Security in Transmission
No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot warrant the security of any information you transmit to use, and you do so at your own risk. If you wish to send an e-mail from your private e-mail account to the Company, you must take your own security precautions in order to maintain the confidentiality and integrity of your e-mail’s content, by using standard commercially available encryption software, for example.
13.3. Personal Information Breach
We cannot guarantee that your Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
We have put in place procedures to deal with any suspected personal data security breach and will notify the supervisory authority of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your Personal Information has been compromised, please contact the Data Protection Officer on email@example.com.
While we strive to ensure the accuracy of information about you, it shall be your responsibility to ensure that the information you provide is correct and to notify us should such information change. In line with GDPR, if you would like to review or change the details you have supplied us with, please contact the DPO on firstname.lastname@example.org .
14. Privacy by Design and by Default
Where we introduce new technologies, policies or processes, we will ensure that your privacy is considered from the outset i.e. at the ‘design stage’, and where applicable we will carry out a Data Protection Impact Assessment (DPIA).
We will always carry out a DPIA where we use new technologies or consider there is a high risk to your rights and freedoms. Where an assessment identifies risks that cannot be satisfactorily reduced or avoided, we will seek advice from the supervisory authority (Office of the Information and Data Protection Commissioner).
15. Retention of your Personal Information
In some cases, it is not possible for us to specify in advance the periods for which your Personal Information will be retained. In such cases, we will determine the period of retention based on the following criteria:
16. Your Rights
In terms of applicable data protection and privacy laws we protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of Personal Information.
As a data subject you have the following rights:
Please note that your rights in relation to your Personal Information are not absolute. If you intend to exercise one or more of your rights, please send your request by email at email@example.com .
Generally, no fees are applicable when exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We will provide you with a response without undue delay, and in any event, within one month, which starts running as soon as your identity is verified. Occasionally, if your request is particularly complex or you have made a number of requests, we may extend our response time up to three months. In any case, we will inform you accordingly.
The Company may need to request specific information from you to help verify your identity. This is a security measure to ensure that Personal Information is not disclosed to unauthorised third parties.
We may also contact you to ask you for further information or clarification in relation to your request to speed up our response.
17. Links to Third-Party Websites
We are not responsible for the privacy policies and practices of websites which you access using links from our website, or websites which directed you to our website. Any concerns or questions arising from such websites should be handled directly with the respective owners or operators.
18. Contacting Us
If at any time you would like to contact us, you can do so by any of the following means:
Continental Cars Ltd.
Princess Margaret Street
Msida, MSD 1330
Tel: +356 2347 6000
Opening Hours: Monday to Friday: 07:15 – 16:00