1. WHAT YOU CAN EXPECT TO SEE FROM READING THIS PERSONAL DATA PROTECTIONPOLICY

Jaguar Land Rover is one of the world’s leading producers of premium cars. Innovation and design give our customers experiences they love for life – anticipating and exceeding their needs and expectations. Quality and excellence are our hallmarks. Taking care of our customers is paramount.

We respect the privacy of every individual who visits our websites. This Privacy Policy explains how we use personal data received from our websites, and informs you of your data protection rights.

We realise there is a lot to read. To make it easier for you to navigate, we have adopted a layered approach. Please click on any of the below [blue] headings to open up that section. Whilst in a section, you will be able to see further information by clicking on the “Tell me more” box.

We will also help you to know when there is new information available in this Policy. We will tell you when this Privacy Policy was last updated, so you can take time to read it if it has changed since your last visit. Privacy Policy Last Updated: 17th May 2018.

2. DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING OUR WEBSITES
3. WHO WE ARE AND WHICH WEBSITES ARE COVERED BY THIS PRIVACY POLICY

Who We Are: When we refer to ‘Jaguar Land Rover’, ‘JLR’ ‘we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: ΣΠΑΝΟΣ ΕΜΠΟΡΙΑ ΑΥΤΟΚΙΝΗΤΩΝ ΑΕ whose registered office is at: ΛΕΩΦ.ΣΥΓΓΡΟΥ 367, 17564, ΠΑΛΑΙΟ ΦΑΛΗΡΟ

What this Privacy Policy covers: This Privacy Policy covers the identified Greece websites, that are set out in the Annex at the end. To be transparent, when you visit a JLR website not covered by this Privacy Policy, these may be controlled by other JLR group entities, or by a third party acting on our group’s behalf. We encourage you to check the Privacy Policy link at the bottom of the website you are visiting to see its privacy policy terms.

Customer Relationship Centre contact details: If you’d like to get in touch on a website related query, Jaguar Land Rover Customer Relationship Centre contact details are accessible from these web pages:

• Queries in relation to Jaguar: https://www.jaguar.gr/dealer-locator
• Queries in relation to Land Rover: https://www.landrover.gr/dealer-locator

More about the JLR Group ...

Jaguar Land Rover is part of a group of companies whose parent company is Jaguar Land Rover Automotive plc. You can find out more corporate information about Jaguar Land Rover on our website at: https://www.jaguarlandrover.com/.

Jaguar Land Rover is part of the Tata group. More information about the Tata group and the Tata companies can be found here: http://www.tata.com/aboutus/sub_index/Leadership-with-trust and http://www.tata.com/company/index/Tata-companies

2. WHAT INFORMATION WE COLLECT FROM OUR WEBSITES AND WHAT INFORMATION WE RECEIVE FROM OTHER SOURCES.

Our websites serve primarily as information portals to help you better understand our cars, products and services. We also, however, offer a number of website functions that collect information you provide to us when you ask to be kept informed, to be added to lists, events or experiences, or when you buy goods or book or request services.

The main ways we collect information from our websites:

• When you visit, or use and interact with our websites, for example to take steps to request or use online-available services, where you find out more about an event or experience or where you request any other information;
• When you enter into personalised web areas and use our websites as a way to engage with us, as a place where you can ask for personalised reminders, receive information about your vehicle, and/or request vehicle service or other information to be notified to you;
• When you contact us (via contact details made available on our websites), or send us correspondence.

Information may also be received from other sources. For example:

• Third party support services: For the performance of our website services and to allow us to maintain appropriate records and to support ongoing queries, we may receive data about you or your website activities from our group companies or third party providers (e.g. to confirm website payments, to track website order deliveries, to support website maintenance). More information on our categories of suppliers is provided at Section 4 (Who we share personal data with) below.
• Device data: Our websites automatically take certain device information in order to optimise your website experience (for example, allowing our website to automatically adapt screen size as appropriate for the device you are using to browse the website). This data also supports our website analytics. More information on automated data collection and cookies can be found in our Cookies policy, available via this link.
• Marketing data: Your contact details, marketing preferences or other information may be shared with us by retailers or other third parties partners, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.
• Public sources of data: We may use public sources of data, for example, to support website functionality (e.g. to support authenticate or fraud checks), and/or to maintain the accuracy of the data we hold. For example, we may make checks from time to time with the Department of Road Transport to check our vehicle owner information remains up to date.

More about the personal data JLR may receive direct...

We receive information you provide to us in your use of our websites, for example, when you add information to online forms or to data fields on our websites. We may also receive information from you by other online means, for example, if you comment on our social media pages. This will be the information that is visible to you, and may include your name, occupation, contact information (e.g. email, postal address and phone/mobile number), credit card/payment details, driving licence details, vehicle data and general information you decide to share such as your experience with JLR products and services.

3. HOW WE USE YOUR PERSONAL DATA.

We use personal data to manage and meet service and information requests, to understand service, vehicle and website use, and to make our products and services (including our web services) as effective as possible. For more information on our processing, and the legal grounds that are relevant, please see the “Tell me more” box below.

More about the main uses of your personal data and the legal grounds we rely on for these are…

4. WHO WE SHARE PERSONAL DATA WITH (DATA RECEPIENTS).

We may share your personal data with:

• Those third parties who need to handle it so we can provide to you the products, services you have signed up to or requested, for example, to provide or offer finance or credit, insurance, to provide marketing and advertising support services and for optimised website services.
• With our network of retailers, authorised repairers and where relevant our importers network (together our “retail network”), so as to be able to fulfil requests for goods, services, etc., and for assessment and training, to be able to enhance the quality of the services you obtain when interacting with our Retail Network.
• Jaguar Land Rover group companies in line with the data uses set out in this Privacy Policy.
• Third parties in the event we sell or buy any business or assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.

We have safeguards in place with our service providers, in terms of a contract or other legal act under Union or Member State law, to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.

More about Suppliers...

We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example payment processors, information technology such as hosting service providers, marketing and digital advertising support services, customer services and relationship handling, service and system specialists, website analytics support, online store shipping, delivery and support for events and experiences.

More about JLR Group companies, and how they may provide service support ...

As a member of the Tata Group of companies, we can benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us may be accessed by members of our group of companies only as necessary for service and system maintenance and support, aggregate analytics, business continuity, IT and administrative purposes. For example where necessary to support particular website enquiries, or to provide technical support that maintains website functionality.

More about Public bodies, law enforcement and regulators ...

From time to time, the police, other law enforcement agencies and regulators can request personal data, for example for the purposes of preventing or detecting crime, or apprehending or prosecuting offenders.

5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS.

The Jaguar Land Rover Greece websites use servers which are hosted in the EU. However we may share website personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.

More about the adequacy checks JLR puts in place for international data transfers …

Where JLR chooses to share personal data with a third party located outside the EU, the following factors are assessed to support adequate transfer of this data:

• Internal checks to identify the existence or absence of any adequacy decision by the European Commission.We have group companies, and use suppliers located in countries that have been approved by the European Commission as having essentially equivalent data protection laws. A full list of these countries as at the date of this Privacy Policy is: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay and the Isle of Man. (The European Commission has also approved as adequate the EU-US Privacy Shield programme – this is described below). This list and information about the protections the European Commission has considered is available via this link.
• Use of measures like European Commission approved measures to support adequate transfers of personal data.We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission. We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers). We may work with suppliers who are able to demonstrate to us they are Privacy Shield certified.
  • To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location.
  • To see a full list of approved Binding Corporate Rules, please click this link.
  • A full list of Privacy Shield participants, and their Privacy Shield certification information is available from this website link.

6. HOW LONG WE HOLD PERSONAL DATA FOR.

We’ll keep your personal data for as long as we need it to provide the products and services you’ve signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests and to enforce our rights.

The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.

7. YOUR DATA PROTECTION RIGHTS.

You have rights in connection with your personal data, including: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.

We try to ensure that we deliver the best levels of customer service. if you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using either of the email addresses below, and add into the subject header that it relates to your data protection rights. These Customer Relationship email addresses are the appropriate contact details for our Data Protection Officer where queries are data protection,(Οικονομάκη Ηρώ, 210.94.24 505)

This email address is being protected from spambots. You need JavaScript enabled to view it.

If you are not happy and have a data protection related complaint, please contact us direct at this email address: This email address is being protected from spambots. You need JavaScript enabled to view it. you are not satisfied, you also have the right to complain to the Office of the Commissioner for Personal Data Protection.

More about my data subject rights ...

• If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.
• You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.
• In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.

More about how I can get in touch with the Office of the Commissioner for Personal Data Protection …

The Office of the Commissioner for Personal Data Protection (the Commissioner) is the supervisory authority that regulates personal data in the Republic of Greece. You can get in touch or exercise your right to lodge a complaintto the Commissioner in any of the following ways:

• By going to their website: http://www.dpa.gr/portal/page?_pageid=33,40911&_dad=portal&_schema=PORTAL
• By giving them a call on +30-210 6475600
• By sending them an email on cThis email address is being protected from spambots. You need JavaScript enabled to view it.
• or by writing to them. Their address is: Kifissias 1-3, 115 23 Athens, Greece

8. LINKS TO OTHER WEBSITES

Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites ‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.

9. KEEPING YOUR INFORMATION SECURE

We will take all measures reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We require all of our services providers to have appropriate measures in place to maintain the security of your information.

Where we have given you (or where you have chosen) a password that enables you to access any personalised area in a JLR website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.