Data protection

MOTOR DISTRIBUTORS LIMITED
Privacy Statement – GDPR Compliant, with Google opt-in

MOTOR DISTRIBUTORS LIMITED

Registered 1, Stokes Place

Office: St. Stephen´s Green, Dublin 2

Business Address: Naas Road, Dublin 12

Tel. No.: 00353 1 4094444

E-mail: MercedesBenz.info@mdl.ie

INTRODUCTION

This GDPR privacy policy describes how Motor Distributors Limited meets its obligations under the General Data Protection Regulation in relation to the processing of personal data.
This policy statement provides full details on the following;

• How we handle personal data. 
• What personal data we collect. 
• How and why we collect personal data. 
• How we use personal data.
• How we secure personal data. 
• What third parties have access to personal data.
• Customers legal rights concerning personal data. 

We will also refer you to Daimler's Data Protection Policy:

https://www.daimler.com/data-protection-policy

1. PERSONAL DATA COLLECTION1.1 We may collect and process personal data in the following ways:

• When contacted directly via our websites or via our 
customer services department to request information 
about our products and services.
• By purchasing a product or a service directly from us.
• By replying to a direct marketing campaign.
• When permitted contact details are transferred from one 
of our authorised dealers or other third parties.
• If vehicle data (incl. vehicle identification number) is 
transferred to Mercedes-Benz AG while the vehicle is serviced or 
repaired, e.g. warranty repairs
• When permitted companies or business partners transfer 
personal data to us.
• When permitted personal data is secured via other 
sources.

Note: 
(a) Never provide personal data on behalf of someone else unless they have reviewed this Privacy Policy.
(b) Persons under 16 years of age should not provide any personal data without consent from a parent or guardian.

Personal data: This is data supplied to us when a data subject provides personal data via our website/s or our social media pages or by corresponding with us by phone, email or otherwise, and is provided entirely voluntarily. The data may include a person’s name, contact details (such as phone number, email address and postal address), enquiry details and an opinion of our products.

We may automatically collect personal data from our web servers as part of standard details relating to browser and operating systems, additional personal data may be automatically collected from our website, to include pages visited and the date of visit. Personal data may also be automatically collected for security reasons, e.g. to identify attacks on our website, this may include data relating to the Internet protocol (IP) address assigned by an internet service. 
We may collect some of this information using cookies – see Cookies in Section 7 for further information. We may also collect personal data that is shared as part of a person’s public profile on a third party social network.

We may also receive certain personal data from other Daimler group companies or from our Mercedes-Benz Dealer network within the Irish Jurisdiction. 

This information may include: 
Personal data collected from a contract to purchase a motor vehicle and/or the purchase of a motor vehicle by way of a trade-in. It is a contract requirement to provide all personal data requested on this form, failure to provide such personal data may preclude us from completing the contract. In addition, during a vehicle repair or service, our dealer network is responsible for handling of personal data. The personal data collected may include a person’s name, postal address, contact information, telephone number, email address, or any other personal information collected during the servicing or repairing of the vehicle.

Please see Section 2 for further details outlining how we use personal data and for details of the purposes for which we use the personal data we obtain from these sources and the legal basis on which we rely to process such information. The remaining provisions of this policy also apply to any personal data we obtain from these sources.


2. HOW PERSONAL DATA MAY BE USED
Use of personal data under EU data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of these grounds is listed below:

2.1 Where valid consent is provided
We may use and process personal data where consent is agreed for the following purposes. Please note that consent will be agreed via a consent form in relation to any such use and may be withdrawn at any time. Please see withdrawing consent in Section 6 for further details.
• to contact via email, text message, post or telephone 
with marketing information on Mercedes-Benz vehicles 
and other products and services. 
• to share personal data with our authorised dealers to 
arrange test drives or where further information has 
been requested.
• to supply brochures and other materials specifically 
requested from us.
• to share personal data with our authorised dealers or 
our recommended third-party partners to provide 
marketing information about their products and services. 

2.2 Where we are required to perform a contract
We may use and process personal data where it is necessary for the performance of a contract for the following purposes:
a) entering a contract for the sale of motor vehicle.
b) entering a contract for the maintenance of a motor 
vehicle.
c) to exchange information for warranty/aftersales.
d) to allow for the provision of third party breakdown 
services by our service provider.

2.3 Where matters of Health and Safety are at issue
We may use personal data if there are any urgent safety or product recall notices to communicate with our customers or where we otherwise reasonably believe that the processing of personal data will prevent or reduce any potential harm to a customer. It is in the very best interests of our customers for us to use personal data in this way.

2.4 Where required to comply with Legal Obligations
We may use personal data to comply with our legal obligations in, (a) assisting an Garda Síochána, or any other public authority or statutory authority for the purposes of criminal or other related investigations, (b) so as to enable legitimate identification in complying with our legal obligations, and (c) to verify the accuracy of the data that we hold. 

2.5 Where there is a Legitimate Interest
We may use and process personal data where it is necessary for us to pursue our legitimate interests as a business, and where our reasons for using it outweigh any prejudice to data protection rights, as follows: 
• for market research in order to ensure continued 
improvements in the products and services that we and 
our authorised dealers provide.
• to administer our websites and for internal operations, 
including troubleshooting, testing, statistical purposes.
• for analysis, and profiling to inform our marketing 
strategy, and to enhance and personalise a customer or 
visitor experience.
• for marketing activities (other than where we rely on 
consent) e.g. to tailor marketing communications or 
send targeted marketing messages via social media and 
other third-party platforms.
• for the prevention of fraud and other criminal activities.
• for the purposes of credit checks for finance in the 
purchase of our products.
• to correspond and communicate in legitimate matters.
• for network and information security in order for us to 
take steps to protect data against loss or damage, theft 
or unauthorised access.
• to comply with a request in connection with the exercise 
of a person’s rights, e.g. where we are asked not to 
contact a person for marketing purposes.
• for reviews, accuracy or other improvements of our 
databases and IT systems, e.g. by combining systems or 
consolidating records we or our group companies hold.
• to enforce or protect our contractual or other legal rights 
or to bring or defend legal proceedings.
• for general administration including managing queries, 
complaints, or claims and to send service messages to 
our customers.


3. THIRD PARTYS WHO MAY PROCESS PERSONAL DATA

3.1 Mercedes-Benz (Mercedes-Benz AG) Group Companies 
We may share data with other companies within the Mercedes-Benz (Mercedes-Benz AG) organisation. These Companies, which may include authorised dealers within our network, may use personal data in similar ways to that outlined in Section 2 of this policy document.

Our websites may also contain offers from third parties. By engagement in such an offer, we may transfer data to the respective provider, e.g. information indicating engagement with this offer on our website and if applicable, additional information already provided on our websites for this purpose. 
When we use social plug-ins on our websites from social networks such as Facebook, Twitter and Google+, we integrate them as follows:

Social plug-ins are deactivated on our websites (i.e. no data is transmitted to the operators of these networks). To use one of these networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.

A user account holder on the network, who has activated the social plug-in, can be associated to the network visit to our websites. To avoid this, log out of the network before activating the social plug-in. A social network cannot associate a visit to other Daimler websites until an existing social plug-in is activated.

When a social plug-in is activated, the network transfers the content that becomes available directly to the user’s browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Connection to a social network, the data transfers taking place between the network and a user system, and user interactions on that platform are governed solely by the privacy policies of that network. 

The social plug-in remains active until deactivated or deleted in cookies.

3.2 Contracted suppliers and service providers
We may disclose personal data to our third-party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to a customer on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.

When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their service and we commit to ensuring valid Data Protection Agreements are in place with all third parties so as to ensure all personal data is secure and only used in accordance with our specific contract terms and conditions.

3.3 Third parties who provide products and services
Personal data which we collect may be transferred to third parties with customer consent.

Such data is shared in a secure manner, using a consistent security protocol. When we share data with other parties we ensure that they only use the data for the purpose it was collected.

The types of third parties apart from Mercedes-Benz (Mercedes-Benz AG) companies already stated are:
• Marketing agencies who run and manage marketing 
campaigns on our behalf.
• Event companies who run and manage sponsored 
events on our behalf.

4. STORAGE OF PERSONAL DATA OUTSIDE THE EEA
Data provided to us may be transferred to countries outside the EEA. By way of example, this may happen where any of our group companies are incorporated in a country outside of the EEA or if any of our servers or those of our third-party service providers are from time to time located in a country outside of the EEA. These countries may not have similar GDPR data protection laws.

If we transfer data outside of the EEA in this way, we will ensure that appropriate security measures are taken with the aim of ensuring that data privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of personal data or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection of personal data. 

The use of our services whilst outside the EEA, may involve the onward transfer of data outside the EEA in order to provide those services.


5. HOW LONG DO WE KEEP PERSONAL DATA
When we collect personal data, the length of time we retain it is determined by a number of factors including the purpose for which we use that data and our obligations under GDPR and related laws. We do not retain personal data for longer than is necessary.

We may need personal data in the bringing or in defence of a legal claim, in which case we will retain personal data for a period of seven years after the last occasion on which we have used the personal data as specified in Section 2 of this policy document. 

The only exceptions to this are; (a) where the law requires us to hold personal data for a longer period or (b) when requested to have the data deleted if we do not need to hold it in connection with any of the reasons permitted in Section 6 of this policy document.


6. DATA SUBJECTS RIGHTS

6.1 Rights as a ‘Data Subject’

A data subject, has the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR). A person’s rights as a Data Subject include the following:

1. Information on the type of personal data we hold and 
what we do with that information.
2. To request how long we hold personal data.
3. Rectify any inaccurate personal data we hold.
4. To erase personal data we hold.
5. Prevent us from using personal data in certain cases, 
including if you believe that the personal data we hold is 
inaccurate, or our use of personal data is unlawful. 
6. To receive personal data in a structured, commonly used 
and machine-readable format and to have that data 
transmitted to another data controller. 

The right of consent to the processing of personal data by us may be revoked at any time. The legality of processing personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g. for the fulfilment of our legal obligations.

A data subject has the right to object at any time to the processing of personal data (Art 21 GDPR). In such circumstances we will only process personal data if we can prove compelling legitimate reasons that outweigh a person’s interests, rights and freedoms, or for the establishment, exercise or defense of a legal claim.

Right to object  
 For reasons relating to your particular situation, you have the right to file an objection at any time to the processing of personal data pertaining to you that is collected under Section 6 Clause (1e) GDPR (data processing in the public interest) or Section 6 Clause 1 f) GDPR (data processing on the basis of a balance of interests). If you file an objection, we will continue to process your personal data only if we can document mandatory, legitimate reasons that outweigh your interests, rights and freedoms, or if processing is for the assertion, exercise or defense of legal claims.

If a person believes that the processing of personal data violates legal requirements, that person has the right to lodge a complaint with the Offices of the Data Protection Commissioner (Art. 77 GDPR).


7. SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
All companies within the Daimler Organisation use technical and organisational security measures to protect the personal data supplied and managed by us against manipulation, loss, destruction and access by third parties. Our security measures are continually improved in line with technological developments.

Unfortunately, the transmission of data via the internet is not completely secure. We will do our utmost to protect personal data, however we cannot guarantee the security of all data whilst in transit to our website, transmission is at the user’s own risk.

Where we have given (or where chosen) a password which enables access to an account, the user is responsible for keeping this password confidential. Do not share this password with any other person.

7.1 Use of 'cookies'
By clicking on to a link of an offer or by activating a social plug-in, personal data may reach providers in countries outside the European Economic Area (EEA) that, from the point of view of the European Union ("EU"), may not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please be aware of this alert before clicking on a link or activating a social plug-in and thereby triggering a transfer of data. 

7.2 Statement on the use of cookies, the analysis of usage data and the use of analysis tools
We use cookies and similar software tools such as HTML5 Storage or Local Shared Objects (together "cookies") to identify a person’s interests and particularly popular areas of our websites and use this data to improve the design of our websites and make them even more user-friendly. For the same purposes we use the analysis tools Adobe Analytics and Google Analytics, cookies may also be used here.

7.3 Functions and use of cookies
Cookies are small files that are placed on a desktop, notebook or mobile device by a website visited. From this we can, for example, recognise whether there has already been a connection between a device and our websites, or which language or other settings the user prefers. Cookies may also contain personal data.

By using our websites, the user agrees to the use of cookies.
A user may visit our website without consenting to the use of cookies. The user can refuse such use and delete cookies at any time by making the appropriate settings on the user’s device.Please click here to install the opt-out cookie

7.4 Links to other websites
Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to such websites and Apps so we encourage reading of their privacy statements. We are not responsible for the privacy policies and practices of other websites and Apps (even to those using links that we provide) and we provide links to those websites solely for user information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Disclosure of personal data to third party websites is at the user’s own risk.

In addition, if linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that all users check the policy of all third-party websites.

7.5 Social plugins
We use so-called social plugins (buttons) of social networks such as Facebook, Google+ and Twitter.
When visiting our website, these ‘buttons’ are deactivated by default, i.e. without intervention they will not send any data to the respective social networks. These ‘buttons’ are activated by clicking on them. They remain active until deactivated or deleted. 

After their activation, a direct link to the server of the respective social network is established. The contents of the ‘button’ are then transmitted from the social network directly to the user’s browser and incorporated in the website.

After activation of a ‘button’, the social network can retrieve data, independently of whether interaction with the ‘button’ took place. When logged on to a social network, the network can assign a visit to the website of the user account. A social network cannot assign a visit to websites operated by our other group companies unless and until activation. 


8. Evaluation of use data ("tracking") and use-based information ("(re-)targeting")

8.1             General

We want the content of our websites to match your preferences as closely as possible, thereby improving what we offer you. To recognize use preferences and particularly popular areas of the websites, we use the following tracking technologies: Adobe Analytics, Google Analytics.

We use so-called targeting and retargeting technologies in order to tailor our online marketing (e.g. banner ads) more specifically to your needs and interests. Adobe Target, Flashtalking by Simplicity Marketing Limited, Google Search Ad, Google Display & Video 360. These are monitored and used when you visit other websites that work together with the providers of these (re-)targeting technologies, so as to inform you while meeting your interests as closely as possible.

When the above technologies are used, cookies on our websites and (in the case of retargeting) on the websites of others register your interest in our products and services. In the process, random identifiers (so-called cookie IDs) are used which are not brought into connection with your name, your address or similar information, even if this information is known to us (e.g. from an existing contractual relationship), unless you have consented to this.

Further information about the above technologies from the respective providers, and the associated processing of personal data, can be found at the following links[A3] :

Adobe: https://www.adobe.com/ie/privacy.html

Google: https://policies.google.com/technologies/partner-sites

Simplicity Marketing Limited: https://www.flashtalking.com/privacypolicy

For legal reasons, the use of tracking and (re-)targeting technologies is sometimes only possible with your express consent (so-called opt-In – see section 5.2); in the other cases you can object to the use of such technologies if you wish (so-called opt-out – see section 5.3.).

8.2             Use of Google marketing products – Opt-in

We only use Google marketing products (e.g. Search Ad, Display & Video 360) with your express consent, which you can grant by clicking on the "Agree" button in the so-called Cookie Information Layer ("Opt-in"). We store this consent in a cookie on your device so that you are not asked for consent again each time you visit our websites, and for legal reasons, also on our servers with the IP address and a time stamp; we delete this information or restrict its processing if you withdraw your consent or 6 months at the latest after your last visit to our websites.

Should you change your mind at any time, you can withdraw your consent by clicking on the following link:

data-cookie-optout Withdraw consent to Google marketing products

To delete cookies inserted with your consent when visiting our websites after your consent to Google marketing products is withdrawn, please visit the Google websites; at the time when these data protection notes were compiled, the following link can be used for this:

https://support.google.com/ads/answer/2662856?hl=en-GB

8.3             Use of technologies by other providers – Opt-out

If you do not wish us to use the above tracking and (re-)targeting tools to collect and analyze information about your visit to our websites, you can permanently object to the practice ("opt out") at any time.

We will comply with your objection by placing an opt-out cookie in your browser. This cookie will only indicate that you have opted out. Please note that for technical reasons, an opt-out cookie affects only the browser in which it has been installed. If you delete the cookie or use a different browser or device, you will need to opt out again.

The following are the respective opt-out options for the individual technologies[A8] :

Adobe Analytics:

https://www.adobe.com/ie/privacy/opt-out.html

Google Analytics:

https://tools.google.com/dlpage/gaoptout?hl=en

Flashtalking: https://www.flashtalking.com/optout/

You can manage and deactivate the use of cookies and interest-related information by third parties at the following website:

http://www.youronlinechoices.com/ie/

8.4             Data transfer to other countries

When tracking and (re-)targeting technologies are used, data may be transferred to countries outside the EU, Iceland, Liechtenstein and Norway (European Economic Area, EEA) and processed there. Please note the following: In such third-party countries,the EU may take the view that they do not provide an "appropriate level of protection" for the processing of personal information. Such a level of protection can however be created by taking certain measures.

These concern the following technologies used by Daimler, if you have given your consent to their use (opt-in) or have not objected to it (opt-out):

Adobe Analytics: Transfer of data to the USA on the basis of the EU-US Privacy Shield

Google Analytics and Google marketing products: Transfer of data to the USA on the basis of the EU-US Privacy Shield

Flashtalking: Transfer of data to the USA on the basis of the EU-US Privacy Shield

When optimizing our websites and our online marketing, we also use qualified service providers, for which purpose data are transferred to India on the basis of EU standard contract terms.

Details of certification according to the so-calledEU-US Privacy Shield can be found on this US government website: https://www.privacyshield.gov

Details of the other measures are available from us on request; please get in touch with the contact named below in section 10

9. Newsletter

Data provided in subscribing to a newsletter offered on our website will only be used in order to provide the newsletter, unless agreed for further use. Subscription to the newsletter can be withdrawn at any time using the unsubscribe option provided.

10. Contact Us

Customers may contact our offices with any questions or suggestions regarding the processing of personal data or if they wish to amend/update their personal data, please contact the offices of;

Motor Distributors Limited
Naas Road
Dublin 12
Ireland
D12 VF67

Mercedes-Benz 2020