Privacy Policy

Continental Cars Limited (“we”, “our”, “us”, “CCL”, or “the Company”) recognises its obligations as a Data Controller in terms of applicable data protection and privacy laws, mainly the General Data Protection Regulation (EU) 2016/679 as supplemented by the Data Protection Act (Chapter 586 Laws of Malta), together with other applicable laws as may be amended from time to time.

Your privacy is important to us and we want every individual who interacts with our business to feel comfortable with how we use and share their personal information. This Privacy Policy should be read together with any other privacy policy we may provide on specific occasions when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are processing your Personal Information.  This Privacy Policy supplements said policies and is not intended to override them.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.
The Services constitute:

  • Car sales services,
  • After sales services,
  • Test drives.

1. Data Protection Officer
The Company has appointed RSM Malta as the Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The DPO can be reached by sending an email at a mail link.
You can also obtain information on your data, and submit any suggestions you may have, by e-mail or letter to the following address:
Continental Cars Ltd.
Princess Margaret Street
Msida, MSD 1330

2. What is Personal Information?
Personal Information is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is an individual who can be identified, directly or indirectly, by information such as name, identification number, location data, online identifier, or other data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. Personal Information excludes any information which has been rendered anonymous in such a manner that the data subject is no longer identifiable, also known as anonymous data.

3. Types of Personal Information we collect
Most of the Personal Information we process is provided to us directly by you, such as when you contact us or when you enter your details on our websites. Our websites include this website, and other sites owned, operated, or controlled by the Company and on which this Privacy Policy is posted. Otherwise, information about you is collected from your use of the Services.
Depending on your relationship with us, we collect, use and store different categories of Personal Information about you as follows:

  • Identity information (name, driver’s licence and/or other government issued identification);
  • Contact information (postal address, email, telephone/mobile number);
  • Customer Feedback (information relating to queries, feedback or complaints);
  • Purchase details (order status, car model, products and service history);
  • Payment data (data necessary for fraud prevention, billing information, credit/debit card details. Please note that the security code is processed for transaction purposes only and is not retained by us);
  • Warranty and other documentation for our products;
  • Insurance forms;
  • Credit information from consumer reporting agencies;
  • Call recordings;
  • CCTV footage;
  • Technical data ( places cookies on your computer when you visit our websites. These are used to store and collect information about your usage of the site such as; your IP address, your browser type and language, the date and time of your request and the web site from which you linked to our website). More detailed information on cookies can be found in our Cookie Policy.

4.  Why and how we collect your Personal Information

4.1. Direct Data Collection
We collect and use Personal Information for business purposes. Personal Information is collected directly from you when;

  • You choose to or are required to submit Personal Information (such as your name, address, e-mail address and telephone number) to us via physical forms upon visiting us, and/or electronic forms on this website,
  • You register for personalised services,
  • You contact us with an enquiry.

Personal Information is also collected when you contact us via the contact details made available on our website; send us correspondence; and/or message us on our social media pages.
We may use your Personal Information to:

  • Execute a contract;
  • Administer requests submitted by you via our website or any applicable means, including test-drive requests;
  • Administer and/or carry out any obligations we may have under any agreement with you;
  • Facilitate, complete or confirm any transaction or purchase of goods or services you choose to enter with us, including warranty coverage;
  • Contact you if there are any urgent safety or product recall notices;

You may register for personalised services. To be able to provide such services, we will ask for your consent to use your registration details to;

  • Conduct promotional and market research, and
  • Provide you with needs-oriented design of electronic services.

Additionally, based on your consent, we will use the information called up by you on your visit to the Volkswagen portals to construct your user profile and send you specially tailored promotional offers.

When we use your Personal Information for promotional and market research, we adopt a strict data minimisation and pseudonymisation approach, and we will not share any of the information from research with any third parties outside of Volkswagen Group and Volkswagen Partners for marketing purposes, or store any of your information outside of the European Union/European Economic Area.

4.2. Indirect Data Collection
We use third party entities such as credit rating agencies, and other publicly accessible sources, when we need to carry out credit ratings or when we are trying to collect or enforce payment for outstanding bills.

5. Applicable legal grounds
We process your Personal Information where the following legal grounds apply:

  • You have provided us with your consent (in such cases, you will be provided with clear information as to what you are consenting to and how you can withdraw your consent. Refer to Section 6 for more information);
  • Processing is necessary to perform a contract or to take steps at your request, before entering a contract (in such cases the consequences of not providing this information may include being unable to proceed with the requested service);
  • Processing is necessary for our legitimate business interests, including the effective running of the website; managing compliance; monitoring trends; developing new products; improving performance; and for the establishment, exercise and defence of legal claims (we will always ensure that such interests do not override yours);
  • Processing is necessary to comply with legal obligations which we are subject to;
  • Processing is necessary for the vital interests of the data subject (e.g. in the event we communicate to you a product recall or product safety notice).

6. Your consent is important to us
Subject to your consent, we may use your Personal Information to:

  • Conduct promotional and market research, when providing you personalised services;
  • Provide you with needs-oriented design of electronic services, when providing you personalised services;
  • Construct your user profile and send you specially tailored promotional offers, using personal information called up by you when you visit one of the Company’s portals.

If you have already consented to any of the above purposes and no longer want us to use the information related to you for any of the above purposes, you have the right to withdraw consent as any time. In such cases select the unsubscribe button in our email communications or contact the Data Protection Officer by email at a mail link.
In any case, we may continue to process your Personal Information if it is required by law and to meet our contractual obligations with you, such as honouring your warranty. This requirement will continue for as long as the agreement subsists and for a specified retention period thereafter, if and as required by law.

7. Volkswagen ID
You can log into numerous services from Volkswagen AG or third parties using the Volkswagen ID. It acts as a central user account that you can use to manage your personal data centrally. The data processing required for this is performed for the purposes of contract fulfilment (Article 6, paragraph 1, clause 1, letter b, GDPR). To certain functions of this website, you must register with Volkswagen ID or log in with an existing Volkswagen user account. The website also offers functions which are designed for registration or log-in with Volkswagen ID but do not require it. If you use the Volkswagen ID, your selected service will be linked to your Volkswagen user account. This link is only made if you have agreed to it (Article 6, paragraph 1, clause 1, letter a, GDPR). More information on data processing in conjunction with Volkswagen ID can be found in the Privacy Policy at an external link.
8. myVolkswagen
The digital services listed below can be found in the myVolkswagen customer area. myVolkswagen brings together relevant information and settings for your vehicle and digital services. In this instance, Article 6, paragraph 1, letter b GDPR is, in principle, the legal basis for the processing of personal data.
Logging into or registering with Volkswagen ID is required to use the abovementioned services.

9. Log files
If you have logged into myVolkswagen with your Volkswagen ID, in the event that an error occurs, we will log the following data:
* your Volkswagen ID in the form of your username
* your vehicle identification number (if the error occurred in a function with vehicle context and you have previously added a vehicle to your Volkswagen user account)
We record this log data on the basis of a legitimate interest (Article 6, paragraph 1, letter f GDPR) in quickly eliminating errors which occur on this site and providing you with the best possible assistance in the event of an error. This log data is stored in encrypted form and deleted again automatically after 30 days. 

10. Virtual garage
The virtual garage allows you to save vehicles you have ordered or already own in your Volkswagen ID so you can view your vehicles and their equipment at a glance and we can offer you convenient access to additional vehicle-related services on the website without having to identify your vehicle again. You need to enter the commission number (for vehicles still in production) or vehicle identification number (VIN; for vehicles already owned) to identify your vehicle. You then have the option to voluntarily enter more data on your vehicle (registration number, nickname) to make it easier for you to identify in the subsequent vehicle overview. If this data is already available in the Volkswagen ID, this is transmitted to the garage. If you decide to enter this data, it is also stored in the Volkswagen ID.
Images of your vehicle in production status are also displayed in this vehicle overview. These images are assigned to you based on the vehicle identification number you entered. If you would like to delete or amend your data, you can do this in Volkswagen ID.

11. Cookies
We may store some information (commonly known as "cookies") on your computer when you look at our site. Cookies are used to enable and improve the use and functionality of the website, such as navigation and access to secure areas of the Website.
The information collected from certain cookies facilitates your use of our web site and ensures that you do not need to re-enter your details every time you visit it.  
We also use cookies to distinguish between visitors and their location, to aggregate statistics about the number of visitors, and to obtain data about how the website is being used.
For more detailed information, you may refer to our Cookie Policy.

12. Sharing of your Personal Information
We may disclose information to third parties in connection with the abovementioned purposes, in the following circumstances:

  • Any third parties who we engage to provide services to us, such as outsourced IT service providers;
  • Debt collection agencies for the purpose of recovery of any debt you owe us pursuant to the agreement we have entered into;
  • Any advisors/auditors auditing any of our business processes or who need to access such information for the purpose of advising us;
  • Any law enforcement body which may have any reasonable requirement to access your Personal Information for the purposes of the prevention, investigation or detection of crime; and
  • Any successor (or receiving) entity in the event of merger, reorganisation or similar event.

However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
We will make sure that any third-party recipients have undertaken to use any Personal Information legitimately and in accordance to our written instructions or agreements. This means that they cannot use or share your Personal Information unless we have instructed them to do so. They will also be bound to retain the Personal Information in a secure manner and for the period we instruct.
Except as described in this Privacy Policy, we will not intentionally disclose your Personal Information to third parties without your prior explicit consent.

13. Applicable Safeguards

13.1. Protecting Your Personal Information
We have implemented measures and policies to safeguard your Personal Information from unauthorised access or improper use and will continue to update these measures as new technology becomes available.

13.2. Security in Transmission
No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot warrant the security of any information you transmit to use, and you do so at your own risk.  If you wish to send an e-mail from your private e-mail account to the Company, you must take your own security precautions in order to maintain the confidentiality and integrity of your e-mail’s content, by using standard commercially available encryption software, for example.

13.3. Personal Information Breach
We cannot guarantee that your Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
We have put in place procedures to deal with any suspected personal data security breach and will notify the supervisory authority of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your Personal Information has been compromised, please contact the Data Protection Officer on
While we strive to ensure the accuracy of information about you, it shall be your responsibility to ensure that the information you provide is correct and to notify us should such information change. In line with GDPR, if you would like to review or change the details you have supplied us with, please contact the DPO on a mail link.

14. Privacy by Design and by Default
Where we introduce new technologies, policies or processes, we will ensure that your privacy is considered from the outset i.e. at the ‘design stage’, and where applicable we will carry out a Data Protection Impact Assessment (DPIA).
We will always carry out a DPIA where we use new technologies or consider there is a high risk to your rights and freedoms. Where an assessment identifies risks that cannot be satisfactorily reduced or avoided, we will seek advice from the supervisory authority (Office of the Information and Data Protection Commissioner).

15. Retention of your Personal Information
We will retain the Personal Information only for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
In some cases, it is not possible for us to specify in advance the periods for which your Personal Information will be retained. In such cases, we will determine the period of retention based on the following criteria:

  • What the purpose(s) was for which your information was collected in the first place;
  • Whether there are any statutory obligations, obliging us to continue to process your information;
  • Whether we have a legal basis in place to continue to process your information, including but not limited to consent;
  • What the value attached to your information is;
  • Whether there are any industry practices stipulating how long information should be retained;
  • The risk, cost and liability attached to such retention; and
  • Any other relevant circumstances.

16. Your Rights
In terms of applicable data protection and privacy laws we protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of Personal Information.
As a data subject you have the following rights:

  • Right of access: You have the right to obtain for us confirmation whether Personal Information concerning you is being processed, and where that is the case, access to the Personal Information and the additional information as outlined in the regulations.

  • Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate Personal Information concerning you.

  • Right to erasure: You have the right to obtain from us the erasure of your Personal Information in terms of law.  This right is limited by, and subject to all our compliance, regulatory and legal obligations.  

  • Right to restriction of processing: You have the right to obtain from us restriction of processing where, one of the following applies:
    (1) the accuracy of Personal Information is contested by yourself for a period enabling us to verify the accuracy of your personal data;
    (2) the processing is unlawful, and you oppose to the erasure of your Personal Information and request the restriction of its use instead;
    (3) we no longer need the Personal Information, but it is required by yourself for the establishment, exercise or defence of legal claims;
    (4) you object to processing pursuant to your right to object pending the verification whether our legitimate grounds override yours.

  • Right to data portability: You shall have the right to receive your Personal Information which you have provided to us, in a structured, commonly used and machine-readable format.

  • Right to object: You have the right to object, on grounds relating to your particular situation to processing of your Personal Information.  We shall no longer process your Personal Information unless we have a compelling legitimate ground for the processing.  You have the right to object at any time to the processing of Personal Information concerning you for direct marketing purposes.
  • Right to lodge a complaint: Should you require any clarification or need to discuss matters relating to the processing of your Personal Information, you may contact the Data Protection Officer by e-mail at a mail link.

    In the case you are not satisfied with the outcome, as a data subject, you also have a right to lodge a complaint with the Information and Data Protection Commissioner, either online, via the submission of a report by conventional mail, or by email at a mail link. Also, you may seek to enforce your rights through judicial remedy.

Please note that your rights in relation to your Personal Information are not absolute. If you intend to exercise one or more of your rights, please send your request by email at a mail link.
Generally, no fees are applicable when exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We will provide you with a response without undue delay, and in any event, within one month, which starts running as soon as your identity is verified. Occasionally, if your request is particularly complex or you have made a number of requests, we may extend our response time up to three months. In any case, we will inform you accordingly.
The Company may need to request specific information from you to help verify your identity. This is a security measure to ensure that Personal Information is not disclosed to unauthorised third parties.
We may also contact you to ask you for further information or clarification in relation to your request to speed up our response.

17. Links to Third-Party Websites
Kindly note that it is your responsibility to check the privacy policy of each website you visit. The Company’s website include links to websites operated by third-parties. We lay no claim to ownership of websites of third-parties accessible by way of links, and we are not responsible for their content.
We are not responsible for the privacy policies and practices of websites which you access using links from our website, or websites which directed you to our website. Any concerns or questions arising from such websites should be handled directly with the respective owners or operators.

18. Contacting Us
If at any time you would like to contact us, you can do so by any of the following means:

Continental Cars Ltd.
Princess Margaret Street
Msida, MSD 1330
Tel: +356 2347 6000
Opening Hours: Monday to Friday: 07:15 – 16:00
E-mail: a mail link

19. Changes to this Privacy Policy
This Privacy Policy may change from time to time. If we change this Privacy Policy in ways that affect how we use your Personal Information, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Privacy Policy has changed.
This Privacy Policy was last updated on 26.11.2019

Disclaimer by Continental Cars Ltd.

The information, pictures, colours, and specifications contained within this website are presented as a general guide to the products and accessories offered by Continental Cars Ltd. Although every effort has been made to ensure that such information is correct and up to date, no warranty is provided that all such information is reliable, complete, accurate or without error. In some cases pictures of overseas models may be shown as a guide. Therefore, neither Volkswagen AG nor Continental Cars Ltd accept liability for damages of any kind resulting from the access or use of this site and its contents.