Data Protection

 

General information

Issued by:

smart Automobile Co., Ltd. (hereinafter referred to as smart” or “we”)

Address: 818 Binhai 2nd Road, Hangzhou Bay New District, Ningbo, Zhejiang
E-
mail: smart.care@smart.com

1. Hosting and Content Delivery Networks (CDN)

This web application is hosted by the external service provider PressPage B.V., Hoogoorddreef 54d-56d,1101 BE Amsterdam, Netherlands (hoster). The personal data, collected on this web applications, is stored on the servers of the hosters. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hosters are used for the purpose of contract fulfillment vis-à-vis our potential and existing customers and in the interest of a more secure, fast and efficient provision of our online offer by a professional provider.
Our hoster will only process your data to the extent necessary to fulfill the respective service obligations and follow our instructions regarding this data.

  1. Conclusion of a contract for data processing to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

2. Privacy Statement

We are pleased about your visit to our web applications and your interest in our offers. The protection of your personal data is an important concern for us. In this privacy statement, we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and what rights and claims are associated with it for you.

The privacy statement for the use of our web applications does not apply to your activities on websites of social networks or other providers that are accessible via links on our web applications. Please check the websites of these providers for their privacy policies.

3. Collection and processing of your personal data

  1. When you visit our web applications, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g., whether you were able to access a web application or received an error message), the use of functions of the web application, the search terms you may have entered, the frequency which you access individual contents, the name of accessed files, the amount of data transferred, the website from which you accessed our web application, and the website you visit from our web applications, whether by clicking on links provided by us or by entering a domain directly in the input field of the same tab (or window) of your browser, in which you have opened our web application. We also store your IP address and the name of your Internet service provider for a period of seven days for security reasons, in particular to prevent and detect attacks on our applications or fraud attempts.
  2. We only store other personal data if you provide us such data, e.g. in the context of a registration, a contact form, a chat, a survey, a price offer or for the execution of a contract, and also in these cases only to the extent that we are permitted to do so on the basis of a consent granted by you or in accordance with the applicable legal provisions.
  3. You are neither legally nor contractually obligated to provide us your personal data. However, it is possible that certain functions of our web applications depend on your providing of personal data. If you do not wish to provide us with personal data in these cases, this may result in functions not being available or only being available to a limited extent.

4. Purposes of use of personal data

  1. We use the collected personal data when you visit our web applications to operate them as conveniently as possible for you and to protect our IT systems from attacks and other illegal activities.
  2. If you provide us further personal data, e.g. in the context of a registration, a chat, a contact form, a survey, a competition or for the execution of a contract, we will use this data for the before mentioned purposes, as well as for customer administration reasons and – if necessary – for the execution and settlement of any business transactions, in each case only to the extent required for this purpose.
  3. For other purposes (e.g. display of personalized content or advertisements based on your usage behavior), we and, if applicable, selected third parties will use your data, provided as part of our Consent Management System, you have agreed (= consented) to this.
  4. In addition, we use personal data insofar as we are legally obligated to do so (e.g. storage for the fulfillment of commercial or tax law retention obligations, release in accordance with official or court orders, e.g. to a law enforcement agency).

5. Transfer of personal data to third parties

  1. Our web applications may also contain third-party offers. If you click on such an offer, we will transfer data to the respective provider to the extent necessary (e.g., information, that you found this offer on our website and, if applicable, further information that you have already provided for this purpose on our websites).
  2. If we use so-called "social plug-ins" of social networks such as Facebook, Twitter and Co. on our web applications, we integrate them as follows:

    When you visit our web applications, all social plug-ins are deactivated by default, i.e. no data is transmitted to the operators of these networks. If you would like to use one of the networks, please click on the respective social plug-in to establish a direct connection with the server of the respective network.

    If you have a user account with the corresponding network and are logged in there at the moment of activating the social plug-in, the network can assign your visit of our web applications to your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot assign your visit to other websites of third parties before you have also activated or used a social plug-in available there.

    When you activate a social plug-in, the network transmits the content that becomes available as a result directly to your browser, which integrates it into our web applications. In this situation, data transfers may also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers that take place between the network and your system, and your interactions on this platform are governed exclusively by the privacy statement of the network.

    The social plug-in remains active until you deactivate it yourself or delete your cookies.
  3. If you click on the link to an external offer or activate a social plug-in, personal data may be transferred to providers located outside of China, and an "adequate level of protection" by countries where the recipients are located is not ensured. Please always keep this in mind before you click on a link or activate a social plug-in and thus trigger a transfer of your data!
  4. We also use qualified service providers (e.g. IT service providers, marketing agencies) to operate, optimize and secure our web applications. We only pass on personal data to them insofar as this is necessary for the provision and use of the web applications and their functionalities, for the pursuit of legitimate interests, for the fulfillment of legal obligations or insofar as you have consented to this.

You can find more details about the recipients in our Consent Management System.

6. Cookies

  1. Cookies may be used when visiting our web applications. Technically, these are so-called HTML cookies and similar software tools such as web/DOM storage or local shared objects (so-called "flash cookies"), which we refer to collectively as cookies.

    Cookies are small text files that do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your personal device until you delete them by yourself or until they are automatically deleted by your web browser.
  2. Cookies are stored on your desktop, notebook or mobile device when you visit our web applications. From this, we can recognize, for example, whether there has already been a connection between the device and our application, take into account your preferred language or other settings, offer you certain functionalities (e.g. online store offers, vehicle configurations) or recognize your interests on a usage basis. Cookies may also contain personal data.
  3. The question of which and whether cookies are used when you visit our web applications depends on which areas and functions of our applications you use and to what extent you have consented to the use of cookies that are not technically necessary in our Consent Management System. You can find more information and decision options here.
  4. The use of cookies also depends on the settings of the web browser you are using (e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this settings. You can delete existing cookies at any time. You can delete Web/DOM storage and Local Shared Objects separately. How this works in the browser or device you are using, you can find out in the instructions of the respective manufacturer.
  5. The consent (= approval) to as well as the rejection or deletion of cookies are tied to the device being used and also to the web browser being used in each case. If you use multiple devices or web browsers, you can make the decisions or settings differently for each.
  6. If you decide against the use of cookies or delete them, it is possible that not all functions of our web applications or individual functions will be available to you only to a limited extent.
  7. This web application uses a special cookie consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies in advance in order to document this consent in a data protection compliant manner.

The following data trackers and cookies are used by media.smart.com in our customer newsrooms:

  • PPSESSION: This cookie is set by the media.smart.com platform in order to track visitors anonymously and to generate CSRF tokens for form modules and is therefore absolutely necessary.
  • _atuvc & _atuvs: These third party cookies are associated with the AddThis Social Sharing Widget, which is an optional element to allow visitors to share content with a variety of networking and sharing platforms. It stores an updated page release count. This cookie is only set if the cookies are accepted and the AddThis widget is activated, but can be deactivated altogether via the manager.
  • cookie_control: This cookie stores the visitor's choice in order to allow or reject cookies as absolutely necessary.
  • Visit Tracker: This tracker is used to keep track of the total number of visitors to the newsroom. By default, this tracker is anonymized until the visitor accepts the cookies / trackers.

We have concluded a contract on the commissioned data processing with the provider of the cookie consent technology. This is a contract required by data protection law, which ensures that personal data of our web-based visitors are only processed according to our instructions and in compliance with the GDPR.

7. Server-Log-Files

The providers of the pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

  • used operating system
  • Host name of the accessing computer
  • Time of the server request
  • IP-Adress

This data is not merged with other data sources.

For the purpose of maintaining data integrity and confidentiality through collection of data, achieving technically error-free presentation and optimization of its website, and safeguarding the legitimate interests of the website operator, the server log files must be collected.

8. Technical and organizational security measures

We use technical and organizational security measures to protect the data we manage against manipulation, loss, destruction and against access by unauthorized persons. We continuously improve our security measures in line with technological developments and possibilities.

We do not however, pledge 100% security of any information or data that you provide online. If a security incident occurs, we will take mitigation measures in line with our incident response plan while filing a report to the competent regulator of China as per applicable laws. If a security incident that is involved with your personal data occurs, we will notify you by email, SMS, phone call or other means in accordance with the laws.

9. SSL resp. TLS encryption

Our web applications use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests, etc. that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Legal basis of data processing

  1. Your consent;
  2. Essential for initiating or fulfilling a contract with you;
  3. Essential for fulfilling the statutory duties or obligations of smart;
  4. Essential for safeguarding public health emergencies or to protect the safety of life, health and property of natural persons in case of public health emergencies or under critical situations;
  5. We process personal data for the purposes of news reports, public opinion supervision and other acts for the public interest within a reasonable scope;
  6. Other circumstances stipulated by laws, regulations or legal provisions.

Maintaining the functionality of our IT systems, the (direct) marketing of our own and third-party products and services (unless this is done with your consent) and the legally required documentation of business contacts are such legitimate interests. We take into account in particular the type of personal data, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal data as part of the respective necessary balancing of interests.

11. Rights of the data subject

As a data subject, you have the following rights:

  1. Right to information, decision-making, restriction of processing, refusal of processing, unless otherwise required in accordance with the laws, regulations or legal provisions;
  2. Right to claim access to and copy of your personal data from smart; unless there are circumstances where the laws, regulations or legal provisions require that it should be kept confidential or there is no need to notify you hence no notification is issued;
  3. If your personal data is found inaccurate or incomplete, you have the right to claim corrections and supplements by smart.

We ask you to send your claims or explanations to the following contact address, if possible: smart.care@smart.com.

  1. We delete your IP address and the name of your Internet service provider, which we store for security reasons, after seven days. Otherwise, we delete your personal data on our own initiative or upon your request under any of the following circumstances:

(1) The agreed storage period has expired or the processing purpose has been achieved;

(2) smart ceases to provide products or services;

(3) You withdraw your consent;

(4) smart processes your personal data in violation of laws, administrative regulations or agreements;

(5) Other circumstances stipulated by laws, regulations or legal provisions.

In so far as deletion is not possible in individual cases, the relevant personal data will be marked with the aim of restricting its future processing.

  1. You may contact us at smart.care@smart.com for the purpose of withdrawing your consent and requesting to cancel your account registered on our website,
  2. If you want to exercise your rights of the data subject, including the aforementioned right to cancel your account, we will finish the verification and processing within fifteen (15) working days from the date of receiving your request and after confirming your identity.

12. Miscellaneous

In case we sell or transfer our business or assets to a third party as a whole or in part, such as merger, acquisition, liquidation or similar events, we may transfer your personal data. We will require continued adherence of this privacy policy, including this section, by such third parties, or require such third parties to renew consent with you.

The personal data collected and generated during our operations in China will be provided to recipients located in other countries or regions outside of China upon obtaining your consent. Be noted that such countries or regions may follow different data protection laws. In such cases, we will ensure that your personal data is protected as sufficiently and equally as in mainland China. For example, we may request your consent to the cross-border transfer of personal data, or to security measures such as data encryption before cross-border data transfer, and signing data transmission/sharing agreements with the data recipient as appropriate.

13. Newsletter

If you subscribe to a newsletter, offered on our website, the data provided during the newsletter registration will only be used for shipping of the newsletter, as far as you do not agree to a further use. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.

  1. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe proactive from the mailinglist. Your data will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
  2. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings.

The data from the blacklist will only be used for this purpose and will not be merged with other data.

Status: August 2021