Full Privacy

our personal data is processed by Char. Pilakoutas Auto Alliance Limited.

Char. Pilakoutas Auto Alliance is located at 18-20 Aristidou Street, 2370 Engomi, Nicosia – Cyprus. The data protection manager (DPM) can be contacted via dpoffice@pilakoutasgroup.com.cy

Char. Pilakoutas Auto Alliance Limited and Mitsubishi Motors Corporation, its parent company, share some liabilities depending on the purposes for which your personal data are processed.

Personal date means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Whose personal data we collect?

We collect personal data about all our customers, potential customers and users of our websites.

What kind of data do we collect?

Any information we have is most likely provided by you – you may have filled out a form to take a test drive, for example. You can request to see it at any time, and it may include:

  • Any information you enter on our websites or forms and applications (such as name, address, email, phone)
  • Any information you provided to us by correspondence, telephone, fax, email or otherwise, including any telephone number or email you have used to contact our Customer Service team.
  • Information we receive about you from selected third parties such as business partners, suppliers and sub-contractors and/or analytics and search engine providers.
  • Type of request
  • Origin of the request
  • Purchase details (car model, products and services requested as well as any details of the transactions carried out relevant to the requested services/products)
  • Browsing data on Mitsubishi Motors websites

How we use your personal data?

We may collect personal information from you where you fill in any forms on any of our brand websites. We may also collect your information where you make enquiries or correspond with us by phone, email, or otherwise.
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are as follows:

  • It is necessary for the performance of the contractwith you or to take steps to enter into it. This includes information that we collect and process:

o    in order to enable you to make use of any of our brand websites,
o   for the purpose of any other services we provide to you through our brand websites or otherwise.

  • It is necessary for our legitimate interests or those of a third party such as breakdown or insurance providers, where you have said you would like to receive such services. These include:

o   analysis to inform our marketing strategy, and to enhance and personalise your customer experience;
o   creating a profile of you to determine what products and services you may be interested in for direct marketing purposes;
o   operating our loyalty schemes if available;
o   responding to online enquiries (including but not limited to test drive, brochure and part exchange valuation enquiries)
o   customer satisfaction or market research surveys;
o   for product development, statistical analysis market research in order to continually improve the vehicles and/or services that we deliver to you (however you can ask us not to contact you for this purpose at any time);
o   marketing activities (other than where we rely on your consent) e.g. following up on marketing leads, sending you renewal reminders, tailoring marketing communications or sending targeted marketing messages via social media and other third parties;
o   advising you about the products and services that we are providing to you in response to a request from you about this
o   prevention of fraud and other criminal activities;
o   to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
o   to correspond or communicate with you;
o   monitoring communications between us (calls, letters, emails and texts) to prevent and detect crime, to protect the security of our communications, systems and procedures, and for quality control and training purposes
o   network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
o   to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
o   providing you with customer service, including answering questions and responding to feedback and complaints
o   for management and audit of our business operations including accounting and analysis of orders placed via our website

  • It is necessary for compliance with a legal obligation. This includes when you exercise your legal rights under data protection law, to verify your identity, for the establishment and defence of our legal rights, for activities relating to the prevention, detection and investigation of crime, to conduct credit, fraud prevention and anti-money laundering checks and for compliance with our legal and regulatory responsibilities.
  • You have given us your consentto use it for direct marketing communications (For the avoidance of doubt, your data will only be shared with RCI for marketing purposes if you have indicated an interest in finance. Please see ‘Marketing’ below for more information on marketing, including details on how to stop receiving marketing communications.

When we send you marketing information, we make sure to send you information that fit your needs or that are really of interest to you. Indeed, thanks to your personal data you provided to us directly or via or one of our partners, or that we collect automatically (when you visit our websites or use our mobile applications), we create a profile of you which allows us to assess and predict as well as possible your personal preferences and/or interests for our products and services. Better knowing you helps us improving your satisfaction.

More generally speaking, we undertake to collect only the personal data that are necessary for each purpose for which we process your data.

Your information is provided to us voluntarily.

YOUR DATA HELPS US MAKE SURE THAT IF WE SEND YOU SOMETHING, IT’S SOMETHING THAT’S RELEVANT TO YOU.

Any information we have is most likely provided by you – you may have filled out a form to take a test drive, for example. It may include:

  • Personal information (name, address, email, phone)
  • Type of request
  • Origin of the request
  • Purchase details (car model, products and services requested)
  • Browsing data on Renault websites

How long do we retain your personal information?

We undertake to keep your personal information for no longer than is necessary for the purposes for which we process them, in accordance with the regulations.

In order to calculate the retention period of your personal data, we use notably the following criteria:

  • Pre-contractual customer relationship management – Retention period: 5 years
  • Sending relevant information about vehicles and services, measuring performance of our advertisements, sales and after sales services – Retention period: 5 years for customers, 3 years otherwise.
  • Sending personalised advertising about vehicles, products and services and providing personalised customer experiences – Retention period: years for customers, 3 years otherwise.
  • Carrying out customer satisfaction surveys – Retention period: The duration of the study.

We may have to keep some of your personal data for a longer duration, in an archive file, in order for us to be able to defend in a legal action, until the end of the statute of limitation provided by applicable law.

Who do we share data with?

Your personal information may only be accessed by our employees under strict confidentiality for the sole purpose of performing their duties.

Who can access your personal data?

We may share your information with:

  • Companies and consultants providing services to us (for example, marketing agencies, mail outsourcing service providers, information technology service providers who provide and maintain our systems and our website host). Those companies and consultants providing services to us will only use your information to provide those services to us;
  • Other members of the Renault group for product development, statistical analysis and audit purposes;
  • Any associated or connected motor manufacturer from whom we purchase or hire goods (and their group companies).
  • Third party insurance providers.
  • The police, fraud prevention and identity authentication entities, other law enforcement agencies, government and tax authorities in Cyprus or abroad in order to detect, investigate and prevent crime (please note that fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime).
  • The courts in Cyprus or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

Any disclosures of personal information will be in accordance with applicable laws and regulations and provided that suitable safeguards or agreements are in place or provided you have provided relevant consent. We will ensure that any third party processors appointed by us to process personal information on our behalf also comply with the GDPR.

As far as possible, we store your information on servers located within the European Economic Area (EEA). However, if some of our services providers are located outside of the EEA, your personal information will therefore be processed in those countries. Some of those countries may have a different regulation on data protection than the European Union. In such cases, we pay special attention to make such transfer compliant with applicable  regulation and put in place equivalent safeguards with respect to the protection of your privacy, fundamental rights and freedoms to the ones offered by the European Union (notably by using Standard Contractual Clauses of the European Commission). Upon written request sent to the address mentioned in the below section “Your rights”, we may provide you with further details on those data transfers (especially the Standard Contractual Clauses of the European commission).

Finally, we may have to share your personal data with third parties as necessary to comply with a legal obligation or administrative or judiciary decision.

Your rights

You have the following rights in respect of the processing of your personal information:

  • To request accessto your information, in other words to receive a copy of them,
  • To have your information corrected, if it is inaccurate or not up to date, which will help us to comply with our obligation to have up-to-date information about you,
  • To have your information erased (also known as the right to be forgotten), although such right might be limited in view of our contractual or legal obligations,
  • To receivea copy of your information in a structured, commonly used and machine-readable format, and transmit it to another data controller (also known as the right to data portability),
  • To objectto processing of your information, on grounds relating to your particular situation, and to restrict processing of your information, in the cases provided by the regulation,
  • To object to marketing information (notably when profiling is used), you can unsubscribe by using the unsubscribe link in the email we send you,
  • To withdrawyour consent at any time, for the purposes for which we collected your consent.

To exercise any of these rights, you may contact us, providing a proof of your identity, by email at dpoffice@pilakoutasgroup.com.cy.

You can unsubscribe from receiving our mailings at any time by sending a request to dpoffice@pilakoutasgroup.com.cy. You can also unsubscribe at any time in the future by using the link that appears in the footer of every email that we send to you.

Finally, you have the right to lodge a complaint with the Information Commissioner’s Office about the processing of your personal data. We encourage you to contact us before making any complaint and we will seek to resolve any issue or concern you may have.

More about how I can get in touch with the Office of the Commissioner for Personal Data Protection …

The Office of the Commissioner for Personal Data Protection (the Commissioner) is the supervisory authority that regulates personal data in the Republic of Cyprus. You can get in touch with the Commissioner in any of the following ways:

  • By going to their website: dataprotection.gov.cy
  • By giving them a call on +357 22818456
  • By sending them an email on commissioner@dataprotection.gov.cy
  • or by writing to them. Their address is: Office of the Commissioner for Personal Data, 1 Iasonos street, 1082 Nicosia, Cyprus.

Link to other information

We may automatically collect technical information about you when you visit any of our websites or use our mobile apps, including your IP address, your browser settings, using trackers (cookies).

Modification of this document

We may modify from time to time this information document. When required or needed, we will inform your and / or request your consent. We therefore invite you to have a look at it at every visit to get the up-to-date version.

Version 01, updated on 17/05/2018