Who We Are
Why We Collect Personal Data And Our Legal Bases For Processing
The purposes for which we Process your Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
|Processing activity||Legal basis for Processing|
We will not Process your Personal Data other than for the purposes described above.
When we wish to change or make additions to the purposes described above, we will take all necessary measures to comply with the relevant laws and regulations.
Personal Data that We Collect
We Process Personal Data that is reasonably necessary for the purposes described above including:
- Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent);
- Data relating to our Site: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to our Site; username; password; security login details; usage data; aggregate statistical information.
- Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
We do not seek to collect or otherwise Process Sensitive Personal Data. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.
Third Parties that May Receive Your Personal Data
|Recipients||Roles (Purpose of access)|
|Regional Kia Subsidiaries, Kia Uvo Connect GmbH, Kia Dealers, and Kia distributors||to contact you and notify you of product information|
We may disclose your Personal Data to third parties listed in the table above so that they can perform their roles as described above. Third parties shall be subject to contractual obligations to implement appropriate technical and organizational measures to safeguard and process your Personal Data as instructed.
In addition, we may disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- our accountants, auditors, consultants, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
- third party Processors (such as payment services providers; etc.), located anywhere in the world;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
Whether Your Personal Data is Transferred Cross-Border
Your Personal Data may be transferred to countries other than your country of residence, which may have different data protection standards compared to those of your country of residence.
Please note that your Personal Data processed in a foreign country may be subject to foreign laws and accessible by foreign governments, courts, law enforcements, and regulatory agencies. However, we will take reasonable measures to maintain an adequate level of data protection when transferring your Personal Data to foreign countries.
We may transfer your Personal Data to recipients located outside of the EEA, Kia Corporation, Adobe, or Google located in Republic of Korea, Singapore or United States. If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate for such transfers. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the details provided in the Contact Us section below.
Your Personal Data Storage Period
Please note that we have the right to store your Personal Data to the extent necessary for defending against legal claims.
The criteria for determining the duration for which we will retain your Personal Data are as follows:
we will retain Personal Data in a form that permits identification only for as long as:
- we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
in addition to (1), above, we will retain your Personal Data for the duration of:
- any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
- an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),
- in addition to (1) and (2), above, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, such Personal Data, except to the extent that such Personal Data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant Personal Data; or
- anonymize the relevant Personal Data.
Cookies And Similar Technologies
We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding our Site, products, or services that may be of interest to you. We also Process Personal Data for the purposes of displaying content tailored to your use of our Site or services. If we provide the Site, products, or services to you, we may send or display information to you regarding our Site, products, or services, upcoming promotions and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
unsubscribe link included in every promotional electronic communication we send or by unsubscribing online at email@example.com. Please note that it may take up to 2 weeks to process your unsubscribe request during which time you may continue to receive communications from us. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Site, products, or associated services you have requested.
We Safeguard Your Personal Data
We have in place reasonable state-of-the-art security measures to protect against the loss, misuse, and alteration of Personal Data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary, and only authorized personnel have access to Personal Data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of Personal Data will never occur, we will use all reasonable efforts to prevent such loss, misuse, or alteration.
Under applicable laws and regulations, you may exercise the following rights regarding the Processing of your Relevant Personal Data:
- the right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Site or services, if you do not provide us with your Personal Data – e.g., we might not be able to process your reservation request without the necessary details;
- to request (i) information regarding whether your Personal Data is being Processed by us; and (ii) access your Personal Data, including details of the purposes of the Processing, the categories of Personal Data concerned, the data recipients and the potential retention period;
- to request rectification, removal or restriction of your Personal Data, e.g., because (i) it is incomplete or inaccurate; (ii) it is no longer needed for the purposes for which it was collected; or (iii) the consent on which the Processing was based has been withdrawn;
- to refuse to provide and – without impacting the data Processing activities that have taken place before such withdrawal – withdraw your consent to the Processing of your Personal Data at any time;
- to take legal actions in relation to any potential breach of your rights regarding the Processing of your Personal Data, as well as lodge complaints before the competent Data Protection Regulators; and/or
- to request the Personal Data concerning you which you have provided to us in a structured, commonly-used and machine-readable format be transmitted to another controller without hindrance from our side (where technically feasible).
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf, where such processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR; and
- the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
(If you wish to contact our EU representative’s data protection officer, please send an e-mail to firstname.lastname@example.org)
- “Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
- “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Notice, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
- “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
- “Data Protection Regulator” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
- “EEA” means the European Economic Area.
- “GDPR” means the General Data Protection Regulation (EU) 2016/679.
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
- “Relevant Personal Data” means Personal Data in respect of which we are the Controller.
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
- “Site” means any website operated, or maintained, by us or on our behalf.