Policy last revised on: September 19, 2019
First Stop Europe NV, a company incorporated under Belgian law, having its registered offices at Kleine Kloosterstraat 10, 1932 Zaventem, Belgium and with company number 0420.639.510, and its affiliated companies First Stop West S.A.S., First Stop Southwest S.A.U., Métifiot S.A.S, Levet Ltd., having its registered offices in the European Union, and First Stop Reifen & Autoservice AG, having its registered office in Switzerland (“we”, “us” or “our”), process personal data that we collect from or about “you”.
Since we are based in the European Union, we process your personal data in compliance with applicable European data protection laws and other statutory provisions.
Personal data is information that directly or indirectly identifies you (the user of the Service) as an individual, indirectly meaning when combined with other information, for example, your name, username, postal address, email address and phone number, a unique device identifier such as the IMEI or the MAC-address or the IP address.
Through your use of the Services, we may collect your personal data. In any case, you will be either asked to explicitly consent to collection and further processing of your personal data or at least be informed that such processing is based on another lawful premise. We will use your personal data for the purposes as described below or described when we are seeking your consent. We do not collect and process more or other types of personal data than necessary to fulfill the respective purposes. We will only use personal data as set forth in this Policy, unless you have specifically provided your consent to another use of your personal data. If we intend to use your personal data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, use your personal data for a different purpose only with your permission.
In case we rely on your consent to process your personal data, you will have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Each registration form will indicate what kind of personal data we collect - various purposes may require collection of various personal data, for instance:
We are constantly seeking to improve your experience when you visit our websites or when you are interacting with us through other means.
Through your interaction with us and your use of the Services, we may collect personal data. Personal data we collect may include, but is not limited to:
Depending on your use of the Services, we may, for instance, collect and use your personal data for the following purposes (“the Purposes”):
Measuring the effect of customers visiting our website for online research of the products and services they are interested in, prior to making their purchases onsite in one of our retail shops.
We shall not collect personal data that are not relevant for the purposes as set out above or otherwise notified to you when we seek your consent for the processing of your personal data, and shall not retain the data longer than necessary for those purposes or, as the case may be, for the period as determined in an agreement or by law.
This means that we use your personal data:
In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to requirements by law.
All personal data we are collecting from you is stored within a secured infrastructure under our management, with support of external suppliers as described in section 5 of this Policy.
We take data security very seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the information we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or our affiliates with a business need-to-know or who require it in order to perform their duties.
Among other things, we optimize the security of your personal data by:
In the event of a data breach containing personal data, we will follow all applicable data breach notification laws.
We will disclose your personal data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
We part of a global organization (the “Bridgestone Group”), consisting of several companies in Europe and abroad. Your personal data may be transferred to one or more Bridgestone Group affiliated companies located in or outside Europe as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other Purposes as described in this Policy.
The above will be strictly connected with :
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for data processing services or to send you information that you requested. We will only share or make accessible such information with external service providers to the extent required to process your requests. This information may not be used by them for any other purposes, in particular not for their own or third party purposes. Our external service providers are contractually bound to respect the confidentiality of your personal data.
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer information, including personal information, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give affected users notice before personal data become subject to a different privacy statement.
We will only disclose your personal data to public bodies where this is required by law. We will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
Further, we may disclose your personal data in order to protect our legitimate interests or if it is required or permitted by law or if you give your explicit consent for such transfer of your personal data.
Under specific circumstances, it will also be necessary for us to transfer your personal data to countries outside the European Union/European Economic Area (EEA) (“Third Countries"). Transfers to Third Countries may refer to all processing activities described in this Policy. This Policy shall apply also if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence.
Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission, and providing for the appropriate safeguards in accordance with the applicable law. If you wish to verify the appropriate safeguards? you can request a copy via https://privacy.firststop.eu.
6. Direct Marketing
While using our Services, you may be asked to indicate whether you wish to receive certain marketing information by phone, text message, email and/or mail. If you do so, you thereby agree that we may use your personal data to provide you with information about its products, promotional activities and special offers as well as with any other information about our products or services.
At any given time, you may change your preferences regarding Direct Marketing by using the opt-out option contained in every direct marketing mailing, contacting us in accordance with section 12 below or, if applicable, by adapting your account information.
As a data subject you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated in this Policy. We will respect your individual rights and will deal with your concerns adequately.
The following list contains information on your legal rights which arise from applicable data protection laws:
We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
In some cases, we may not be able to clearly identify you on the basis of your personal data due to the identifiers which you provide in your request. In such cases, where we cannot identify You as a data subject, we are not able to comply with Your request to execute your legal rights as described in this section, unless You provide additional information enabling Your identification.
In order to exercise your legal rights, please log your request at: https://privacy.firststop.eu.
If you believe that the processing of your personal data infringes your statutory rights, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Our Services may, from time to time, contain hyperlinks to websites which are not controlled by us. Although we will do our utmost to make sure that the hyperlinks on the Website lead exclusively to websites which share our safety and confidentiality standards, we are not responsible for the protection or confidentiality of any data you may submit on such other websites. Before submitting information on such sites, we recommend that you read their privacy and other statements in that regard.
Individuals under the age of 16 should not provide us with their personal data without the consent and supervision of their parent or guardian. Without such permission, we do not wish to save personal data from such individuals, nor process or forward such data to any third parties. If we become aware that personal data from under aged persons were inadvertently collected, we will delete such data without undue delay.
We will not process special categories of personal data concerning you ("sensitive data"). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health or a natural person's sex life or sexual orientation.
We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Policy at any time. For this reason, we encourage you to refer to this Policy on an ongoing basis. This Policy is current as of the "last revised” date which appears at the top of this page. We will treat your personal data in a manner consistent with the Policy under which they were collected, unless we have your consent to treat them differently.
We will also keep prior versions of this Policy in an archive for your review.