Who is the controller of your data?
|Identity of the data controller:
|SEAT, S.A. with taxpayer identification number (NIF) A-28 049 161
|Autovía A-2, Km. 585, Martorell (Barcelona)
|SEAT: email@example.com CUPRA: firstname.lastname@example.org
What does the SEAT ID & CUPRA ID service consist of?
The SEAT ID & CUPRA ID and the internet portal https://seatid.vwgroup.io/ & https://cupraid.vwgroup.io/ enable you to use the services and applications of SEAT and CUPRA and/or of third parties relating to your vehicle. In this Policy we inform you about the collection, treatment and use of your personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), and of Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights ("LOPDGDD"), and such other local regulations as might complement them. However, each of these platforms or functionalities may have their own privacy policies providing information on the specific data processing that is carried out thereon. We also recommend that you read the privacy policies corresponding to each application.
Why are we processing your personal data and what is the legitimate basis for processing it?
At SEAT, S.A. ("SEAT") we process the personal data that is provided to us, as well as all those that are collected through the use of SEAT ID & CUPRA ID for the following main purposes:
- To create a SEAT ID & CUPRA ID account that allows you to access various SEAT applications, connected with SEAT ID & CUPRA ID, without having to provide your personal data again to register.
- To access various services with a unique user ID, as long as those services include SEAT ID & CUPRA ID as a login option.
- To store data in your SEAT ID & CUPRA ID. The storage of this data allows other services, platforms or functionalities to access them, without having to register them again. The personal data linked to your SEAT ID & CUPRA ID user account will only be associated with the applications of which you are a user.
- To allow you to manage the processing of your personal data in the various SEAT applications, which you can access through your user account, permitting you to consult and, where appropriate, modify the permissions that you have granted for the processing of your personal data.
- To guarantee the correct functioning of the Service and of the functionalities offered through SEAT ID & CUPRA ID.
The processing of your personal data for these purposes is necessary for the provision of the Service. Therefore, the legal basis for the processing of your personal data is the performance of a contract, which is understood to be the Terms and Conditions that you must accept when registering with SEAT ID & CUPRA ID (Article 6.1. b) of the GDPR.).
Also, since SEAT ID & CUPRA ID stores personal data that is used in various applications and/or functionalities, the data stored in SEAT ID & CUPRA ID may be processed in order to check whether your data matches data in official specific sanctions lists in order to prevent the transfer of products, services and technology to persons allegedly linked to unlawful activities.
SEAT is subject to various statutory and official requirements that it must comply with. These may derive, for example, from foreign trade and export control provisions, laws and regulations, in particular with regard to the import, export, re-export or use of digital services and products, computer programs and related technologies. In this context, for direct sales and the provision of digital services, we process your personal data in order to prevent the transfer of products, services and technology to persons allegedly linked to unlawful activities, such as crimes that endanger property or terrorism. If your data are flagged up on any of the verified sanctions lists, your purchase request for our products cannot be properly concluded.
The legal basis for the processing of your data for this purpose is the need to comply with a legal obligation (Article 6.1 b) of the GDPR) to which SEAT is subject as a result of the foreign trade and national and international export control provisions, laws and regulations. On this basis, SEAT analyses your data against the sanctions lists of the European Union and the United Nations, as well as against certain foreign sanctions lists, such as the sanctions lists of the United States of America or the United Kingdom, which is necessary when the product supplied (digital services/software) includes content or developments from the United States of America or the United Kingdom. It is for this latter case in which non-EU sanctions lists are checked, an option that is enabled after it is concluded that there is a legitimate interest of SEAT and of third parties such as companies in the Volkswagen Group and/or commercial partners (Article 6.1 f) of the GDPR) since, by virtue of the relationships with the latter or in compliance and/or observance of requirements imposed by other competent public and governmental authorities -inside or outside their country of residence- by which SEAT is contractually bound; this check of non-EU lists must be carried out because, otherwise, SEAT and its representatives could be subject to criminal and civil penalties and could be sued for breaching the agreements reached with its commercial partners.
What data do we process?
Within the framework of the functionalities offered by SEAT ID & CUPRA ID, and subject to the purposes indicated above, at SEAT we will process the personal data that you provide that may identify you, such as your full name, telephone number, email address, postal address, profile picture, etc. The only data that are essential for the use of SEAT ID & CUPRA ID are your contact information, and in particular your email address. Moreover, the SEAT ID & CUPRA ID application might store some of the personal data collected from the applications connected to it.
From whom can we obtain your data?
Should you decide to register through a social media "login" in which you will use your Gmail, Facebook or any other social media account that permits registration of this nature, the specific company through which you register will send us your identification data, such as your full name, email address and your picture so that SEAT ID & CUPRA ID can process them when you register. From that time onwards, SEAT will be considered to be your data controller.
How long will we keep your data?
SEAT will keep your personal data only for the time in which SEAT ID & CUPRA ID services will be provided, or as long as you do not request their deletion, as well as for the time necessary to comply with the legal obligations applicable in each case. Therefore, the specified conservation and documentation period is a maximum of ten years, depending on local legislation. If you have not logged in with your SEAT ID & CUPRA ID by the time this period has elapsed, SEAT is entitled to delete your personal data unless it is obliged to store the data for a longer period of time for other reasons.
To whom shall the data be disclosed?
SEAT will communicate your data to third parties in compliance with the legal obligations applicable in each case. At SEAT, in order to offer you our services in an optimum manner, we require the support of service providers. Therefore, those third parties may have access to your personal data without prejudice to the fact that they will always act in the name and on behalf of SEAT and following our instructions. In no case will such action be considered to be a communication of data since the third parties will not process them for their own purposes.
How will we protect your personal data?
SEAT implements technical and organisational security measures to protect your personal data in order to safeguard them against manipulation, loss, destruction or unauthorised access by third parties. Our security measures are updated, and are continually reviewed, to improve them on the basis of new technological advances.
What are your rights as the data owner?
As the personal data owner, you can exercise the following rights vis-à-vis SEAT:
Access: you can obtain confirmation if SEAT processes your personal data, as well as consult your personal data included in SEAT's filing system.
Rectification: you can modify your personal data when they are inaccurate, as well as complete those that might be incomplete.
Deletion: you may request that your personal data be deleted when, for among other reasons, the data is no longer necessary for the purposes for which it was collected.
Opposition: you may request that your personal data not be processed If this is the case, SEAT will cease to process the data, unless there are imperative legitimate reasons not to do so, or possible claims to be exercised or defended.
Restriction of processing: you may request that the processing of your data be restricted in the following cases:
If and while any challenge to the accuracy of your data is being verified;
If the processing is unlawful and you oppose the erasure of your data and request the restriction of their use;
If SEAT does not need to process your data, but you need them to exercise or defend claims;
If you have objected to the processing of your data for reasons of public interest or on the grounds of a legitimate interest, while it is being investigated whether the legitimate reasons for the processing prevail over yours.
Portability: you may receive, in electronic format, the personal data that you have provided to us and those that have been obtained in the course of your contractual relationship with SEAT, and may transmit them to another entity.
You may exercise these rights by means of a written request addressed to SEAT, S.A., Autovía A-2, Km.585, Martorell (Barcelona) or by sending an email to email@example.com or firstname.lastname@example.org, depending on the brand of car you own, indicating the right that you wish to exercise. There is no charge for exercising those rights.
If you consider that SEAT has not processed your personal data in accordance with the applicable regulations, you may file a claim with the competent control authority, through the website www.aepd.es.
How to contact the SEAT data protection officer
If you have any questions regarding data protection or wish to contact our data protection officer ("DPO"), you can send an email to email@example.com.