First Stop Europe NV/SA, a company incorporated under Belgian law, having its registered offices at, Kleine Kloosterstraat 10, 1932, Zaventem, Belgium, company n° RPR (Brussels) 0420639510) and its affiliates (“First Stop”, “we” or “us”) in connection with your use of First Stop websites (”Website”), process personal data that we collect from or about “you”.
Since we are based in the European Union, we process your personal data in compliance with applicable European data protection laws and other statutory provisions.
1. WHAT IS PERSONAL DATA?
Personal data is information that directly or indirectly identifies you (the user of the Service) as an individual, indirectly meaning when combined with other information, for example, your name, username, postal address, email address and phone number, a unique device identifier such as the IMEI or the MAC-address or the IP address.
2. HOW AND WHY DO WE COLLECT PERSONAL DATA?
1. Information that you give us
Through your use of the Services, we may collect your personal data. In any case, you will be either asked to explicitly consent to collection and further processing of your personal data or at least be informed that such processing is based on another lawful premise. We will use your personal data for the purposes as described below or when seeking your consent. We do not collect and process more or other types of personal data than necessary to fulfill the respective purposes. We will only use personal data as set forth in this Policy, unless you have specifically provided your consent to another use of your personal data. If we intend to use your personal data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, use your personal data for a different purpose only with your permission.
In case we rely on your consent to process your personal data, you will have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Each registration form will indicate what kind of personal data we collect - various purposes may require collection of various personal data, for instance:
- to receive promotional information you may need to submit your full name, home address, the e-mail address and/or telephone number;
- to register in one of our contests and other promotional actions, you may need to submit your full name, home address, e-mail address and/or telephone number;
- to contact us via contact form you may need to submit your full name, the e-mail address and/or phone number;
- to create a user account to use our on-line commercial tools or applications, such as for example on-line shops, on-line appointment calendars, fleet management apps, price quote requests, etc… you may be requested to submit your full name, address, telephone number, email address, financial details, username and password and vehicle details including license plate number, car brand and model, date of matriculation;
- to create a user account in social media tools such as blogs, forums, discussion pages you may need to submit user’s name, e-mail address, username and password;
- to further use abovementioned tools for their purpose (e.g. to place an order), the user may need to provide additional details such as for example home address and ordering information.
- To provide you with the tyre and vehicle management services you subscribed to with us, we may request data subject consent for the collection of driver-behavioral data and driver-geographical location data as a functionality of the Services.
2. Information we get from your use of our Services
We are constantly seeking to improve your experience when you visit our websites or when you are interacting with us through other means.
Through your interaction with us and your use of the Services, we may collect personal data. Personal data we collect may include, but is not limited to:
- device information (e. g. hardware model, operating system version, device identifiers or phone number);
- log information (e. g. IP addresses, system activity, hardware settings, browser type and language, the date and time of your request);
- cookies (that are small text files that the browser installs on your computer or other device through our website);
- web beacons (these are tiny images or objects embedded in a web page or email and are usually invisible to you, but allow BSEU to verify whether you have viewed the page or email in question. Web beacons generally function in combination with cookies and we use the two in the same manner);
- customer behavior on the website like clicks, scrolling, mouse movements, session tracking;
- to receive the Services you subscribed to, we may be collecting Information about your devices such as information contained in HTTP Headers (defined below) or other internet transfer protocol signals, browser or device type and version, operating system, user-agent strings and information about or from the presence or use of "apps" on your mobile devices, screen resolution, and your preferred language. We may be further collecting the derived geographical location and behavioral data in relation to the use of your devices.
Please also refer to our Cookies Policy for full details regarding cookies and web beacons used at our website, including their management, specific purposes, categories of data they help to store and periods they are active for.
3. WHAT DO WE DO WITH YOUR PERSONAL DATA?
All personal data we are collecting from you, is stored within a secured infrastructure under our management, with support of external suppliers as described in section 5 of this Policy.
Depending on your use of the Services, we may collect and use your personal data for the following purposes (“the Purposes”):
- registering you as a user of the Services and providing you with the contracted Services;
- ensuring that the Services’ content is presented to you in the most effective manner for you and your device;
- processing your online orders;
- processing and handling complaints or requests;
- researching and analyzing the market as well as customers’ use of our products and services (e.g. sensor-based analytics of tyre and vehicle data; asking your opinion on our products and services or by asking you to complete a survey or questionnaire);
- helping us in evaluating, correcting and improving our products and services;
- internal filing;
- marketing, including providing you with information that You requested from us (see section below on direct marketing);
- organizing contests, competitions and/or other promotional activities;
- recruitment (if you have provided us information in this regard); and
- notifying you about certain changes to our Services.
We shall not collect personal data that are not relevant for the purposes as set out above or otherwise notified to you when we seek your consent for the processing of your personal data, and shall not retain the data longer than necessary for those purposes or, as the case may be, for the period as determined in an agreement or by law.
This means that we store personal data:
- until you, as data subject, objects to such processing and the option to object will be provided in each communication - in case we process your personal data based on our legitimate interest in cases the objection is justified (e.g. direct marketing activities if applicable)
- until the expiration of legitimate interest - in case we process your personal data in order to secure our legitimate interest in cases the objection is not justified, e.g. to secure execution of possible your obligations and to prevent a fraud;
- as long as the legal obligation is in place - in case we process your personal data based on the legal obligation;
- as long as the service and/or action requested by you is completed or you withdraw from the service/action - in case we process data in connection with services we render to you and no other purpose for keeping the data is present;
- until the consent for processing is withdrawn – in case we rely only on your consent for processing user’s personal data and there is no legal interest for keeping personal data (and the option to withdraw the consent will be provided in each communication)
In any case you will be informed that your personal data will be stored for the given purpose, even if no consent is required under applicable law, as well as whether the processing of personal data on the basis of a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data.
In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to requirements by law.
4. THE CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA
We take data security very seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the information we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or our affiliates with a business need-to-know or who require it in order to perform their duties.
Among other things, we optimize the security of your personal data by:
- using encryption where appropriate;
- using password protection;
- requesting contractual guaranties from third parties;
- limiting the access to your personal data according to the need-to-know principle (e.g., only employees who need your personal data for the Purposes as described above shall receive permission to access them); and
- by taking all reasonable precautionary measures to ensure that our employees and associates who have access to your personal data will be trained in data protection requirements and will process your personal data exclusively in accordance with this statement and our obligations under applicable privacy laws.
In the event of a data breach containing personal data, we will follow all applicable data breach notification laws.
5. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We will disclose your personal data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
1. Within Bridgestone Group in Europe
We part of a global organization (the “Bridgestone Group”), consisting of several companies in Europe and abroad. Your personal data may be transferred to one or more Bridgestone Group affiliated companies located in or outside Europe as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other Purposes as described in this Policy.
The above will be strictly connected with:
- any kind of service that is rendered by one Bridgestone company to another (under relevant processing agreement) or
- the fact that more than one Bridgestone entity decides on how your personal data is used (under relevant joint controllership agreement) or
- the fact that another Bridgestone entity becomes a separate controller of your data for a given Purpose (e.g. based on your specific consent).
2. External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for data processing services or to send you information that you requested. We will only share or make accessible such information with external service providers to the extent required to process your requests. This information may not be used by them for any other purposes, in particular not for their own or third party purposes. Our external service providers are contractually bound to respect the confidentiality of your personal data.
3. Business transfers
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer information, including personal information, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give affected users notice before personal data become subject to a different privacy statement.
4. Public bodies
We will only disclose your personal data to public bodies where this is required by law. We will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
5. On other legal grounds
Further, we may disclose your personal data in order to protect our legitimate interests or if it is required or permitted by law or if you give your explicit consent for such transfer of your personal data.
6. International transfers of Personal data
Under specific circumstances, it will also be necessary for us to transfer your personal data to countries outside the European Union/European Economic Area (EEA) (“Third Countries"). Transfers to Third Countries may refer to all processing activities described in this Policy. This Policy shall apply also if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence.
Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on https://ec.europa.eu/info/law/law-topic/data-protection_en, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law.
6. DIRECT MARKETING
While using our Services, you may be asked to indicate whether you wish to receive certain marketing information by phone, text message, email and/or mail. If you do so, you thereby agree that we may use your personal data to provide you with information about its products, promotional activities and special offers as well as with any other information about our products or services.
At any given time, you may change your preferences regarding Direct Marketing by using the opt-out option contained in every direct marketing mailing, contacting us in accordance with section 12 below or, if applicable, by adapting your account information.
7. USER RIGHTS WITH REGARD TO PERSONAL DATA
As a data subject you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated in this Policy. We will respect your individual rights and will deal with your concerns adequately.
The following list contains information on your legal rights which arise from applicable data protection laws:
- Right to rectification: you may obtain from us rectification of personal data concerning You. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. In appropriate cases, we provide self-service internet portals where users have the possibility to review and rectify their personal data.
- Right to restriction: you may obtain from us restriction of processing of your Personal data, if
- You contest the accuracy of your personal data for the period we need to verify the accuracy,
- the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
- we do no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or if
- you object to the processing while we verify whether our legitimate grounds override yours.
- Right to access: you may ask us from us information regarding Personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable. You may obtain from us one copy, free of charge, of Personal data we hold about you. We reserve the right to charge a reasonable fee for each further copy you may request.
- Right to portability: At your request, we will transfer your personal data to another controller, where technically feasible, provided that the processing is based on your consent or necessary for the performance of a contract. Rather than receiving a copy of your personal data you may request that we transfer the data to another controller, specified by you, directly.
- Right to erasure: you may obtain from us erasure of your personal data, where
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You have a right to object further processing of your personal data (see below) and execute this right object to the processing;
- the personal data have been unlawfully processed; unless the processing is necessary
- for compliance with a legal obligation which requires processing from us;
- in particular for statutory data retention requirements;
- for the establishment, exercise or defense of legal claims.
- Right to object: you may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether You wish the erasure of your personal data or the restriction of its processing by us.
- Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, You may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred.
We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
In some cases, we may not be able to clearly identify you on the basis of your personal data due to the identifiers which you provide in your request. In such cases, where we cannot identify You as a data subject, we are not able to comply with Your request to execute your legal rights as described in this section, unless You provide additional information enabling Your identification.
In order to exercise your legal rights, please log your request at: https://privacy.firststop.eu?language=EN
You may also turn directly to our contact person for data protection: https://privacy.firststop.eu/index.php?tmpl=tmpl_contact_form&language=EN
If you believe that the processing of your personal data infringes your statutory rights, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Our Services may, from time to time, contain hyperlinks to websites which are not controlled by us. Although we will do our utmost to make sure that the hyperlinks on the Website lead exclusively to websites which share our safety and confidentiality standards, we are not responsible for the protection or confidentiality of any data you may submit on such other websites. Before submitting information on such sites, we recommend that you read their privacy and other statements in that regard.
Individuals under the age of 16 should not provide us with their personal data without the consent and supervision of their parent or guardian. Without such permission, we do not wish to save personal data from such individuals, nor process or forward such data to any third parties. If we become aware that personal data from under aged persons were inadvertently collected, we will delete such data without undue delay.
10. SENSITIVE DATA
We will not process special categories of personal data concerning you ("sensitive data"). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health or a natural person's sex life or sexual orientation.
11. CHANGES TO THIS POLICY
We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Policy at any time. For this reason, we encourage you to refer to this Policy on an ongoing basis. This Policy is current as of the "last revised” date which appears at the top of this page. We will treat your personal data in a manner consistent with the Policy under which they were collected, unless we have your consent to treat them differently.
We will also keep prior versions of this Policy in an archive for your review.