Our Privacy Policies

 

OUR PRIVACY POLICIES

A. THE CONTROLLER

Magyar Suzuki Corporation Ltd. (address: 2500 Esztergom Schweidel J. u. 52/A., registered by the County Register Court of Tatabánya under the company registration number: Cg. 11-10-001371; tax ID number: 10552821-2-11; e-mail: privacy@suzuki.hu, "MSC", "we", "our" or "us") is the controller responsible for the processing of your personal data and other information within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") in relation to our privacy policies.

We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to our privacy policies. If you have any questions about these policies, including any requests to exercise your legal rights, please contact our DPO at the contact information set out at Section K).

B. WEBSITE PRIVACY POLICY

This Website Privacy Policy (this "Policy") describes how MSC use the data we collect about you (your "personal data") when you visit our websites, social network services or applications we operate (together, our "Sites") or when you contact us using the details available on it.

Our Sites may enable you to visit other websites, social network services or applications which are owned and operated by affiliates or partner companies to MSC, including our distributors and dealerships. Those other websites, etc. will have their own privacy policies, and you should review those privacy policies when you visit websites, etc. operated by other companies, as those affiliates or partner companies will use your personal data as described in those policies.

In addition to this Policy, some products and services which are offered by MSC have their own privacy policies which describe in more detail how your personal data is used in a particular context.

1. Categories of personal data and processing purposes - What personal data do we process about you and why?

When you use our Sites, we may request that you input certain information. The personal data requested will depend on the precise form, but will commonly include your name, postal address, telephone number and email address, among other information.

We may collect personal data from sources other than directly from you. In particular we collect personal data from social media sites.

We also collect personal data automatically through the use of cookies and similar technologies. You can find out more by reading Section C) entitled 'Cookies Policy' below.

We use the personal data we collect from our Sites to:

  • address your requests, for example to enter you into any promotions we run, or to respond to any queries you may have, or to deliver news about our activities by way of e-mail or any other form of message. To the extent required by applicable law, we will only send marketing material about our activities with your consent, which you can withdraw at any time by contacting us using the details below or by using the 'unsubscribe' function in an email;
  • comply with our legal and regulatory responsibilities, to respond to legal process or requests for information issued by government authorities or other third parties, to prevent and detect crime and fraud, or protect your, our or others’ rights; and
  • operate our Sites and to understand how our Sites are used so that we can improve it.

2. Processing Basis and Consequences - What is the legal justification for processing your personal data and what happens if you choose not to provide it?

We rely on the following legal grounds for the collection, processing, and use of your personal data in connection with the Sites:

  1. Consent: your consent to the processing of your data for one or more specific purposes; (Section 6 (1)(a) GDPR). Where we rely on consent to use your personal data, you have the right to withdraw that consent at any time. Please refer to Section K) for more details.
  2. Contract: the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract; (Section 6 (1)(b) GDPR)
  3. Legal or regulatory obligation: the processing is necessary for compliance with a legal obligation to which we are subject; (Section 6 (1)(c) GDPR)
  4. Legitimate interest: the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests (managing our business properly and effectively and in keeping our records accurate and up to date) are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data. (Section 6 (1)(f) GDPR) For more information about the balancing test that we carry out to process your personal data to meet our legitimate interests, please contact us at the details set out at Section K).

We take steps, including by securing your personal data, to ensure that we do not use your personal data for purposes which are incompatible with those set out above, and will notify you about any material changes to these purposes. You can object to our uses of personal data on the basis of our legitimate business interests at any time by contacting us using the details set out at Section K).

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, not providing your personal data may result in disadvantages for you--for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.

C. COOKIES POLICY

Our Sites use cookies and other similar device identifying technologies, such as clear gifs, pixels or device fingerprinting (together, we call these technologies "Cookies").

A cookie is simply a piece of text, which can be placed on the browser of your personal computer or mobile device and subsequently read as you visit a website. Other Cookies may place a small amount of data on your browser, or may extract information about your device (such as your IP address) so that if you visit the site again using the same device we can identify you. A Cookie may be a 'session' Cookie, that is, a Cookie that remains on your device or browser while you are logged on to a particular web site and then disappears when you close your browser, or it may be a 'persistent' Cookie, a cookie that remains on your browser over a period of time. Information from a Cookie may be collected and used in aggregate form.

Some Cookies are served directly by MSC, and others are served by third parties, such as by advertising and data analytics providers.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please visit our Cookies Policy.

D. SPECIAL POLICY: HOW WE USE INFORMATION ABOUT OUR CUSTOMERS

This Customer Privacy Policy (this "Policy") describes how MSC collects and processes personal data about individuals located in the European Union or any other countries or regions where regulation by the European Union with regard to personal data protection applies, including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and how we use and protect this data, and your rights in relation to this data ("you", to the extent you are located in such area).

This Policy applies to all personal data we collect or process about you when you purchase, lease or rent one of our vehicles, or otherwise become a customer of MSC, one of our affiliated companies (a list of which is available here) or one of our dealers (a list of which is available here). Personal data is information which relates to you, and which, alone or in combination with other information, could reasonably allow you to be identified.

1. PERSONAL DATA WE USE

We will collect personal data from you directly (e.g. when you purchase a vehicle, request a test drive) and also from other sources described in section 1.2 below.

We may be required by law to collect certain personal data about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and of the consequences of the failure to provide such data.

1.1 Information we collect directly from you

  1. Personal details (e.g. name, sex, age, date of birth, nationality, address, family structure);
  2. Contact details (e.g. phone number, email address, postal address or mobile number);
  3. Vehicle information (e.g. information about any vehicle you own, including a vehicle identification number, registration number, model, age, mileage) In certain cases, when you take your vehicle to be serviced or repaired we will directly collect diagnostic information and operation/environment data about your vehicle, and keep a record of the work carried out and parts supplied. You can find out more information about the personal data collected and when your vehicle is serviced or repaired Subsection 5 below;
  4. Your marketing and contact preferences (e.g. what sorts of products you are interested in and whether you want to receive marketing from us);
  5. Information we collect automatically from you, including data collected using cookies and other similar device identifying technologies (“Cookies”). Further information about our use of Cookies is available in our Website Privacy and Cookies Policy; and
  6. Model name, grade, product identification number (e.g. Vehicle Identification Number) and photograph or video of our product(s) you purchase and/or use; and
  7. Product(s) you purchase from third parties.

1.2 Information we collect from other sources:

We collect information about you from our dealers and distributors, and public sources such as the public registers.

The categories of information that we collect about you from these other sources are:

  1. Personal details (e.g. name, sex, age, date of birth, address, family structure)
  2. Contact details (e.g. phone number, email address, postal address or mobile number)
  3. Vehicle information (e.g. information about any vehicle you own, including a vehicle identification number, registration number, model, age, mileage). In particular, when you take your vehicle to be serviced or repaired, we will collect diagnostic information and operation/environment data about your vehicle, and keep a record of the work carried out and parts supplied. You can find out more information about the personal data collected and when your vehicle is serviced or repaired at Subsection 5 below;
  4. Your marketing and contact preferences (e.g. what sorts of products you are interested in and whether you want to receive marketing from us);
  5. Model name, grade, product identification number (e.g. Vehicle Identification Number) and photograph or video of our product(s) you purchase and/or use; and

1.3 Special categories of personal data

Some of the information we use is sensitive information. In particular, we receive reports about accidents involving our vehicles which may include details of injuries suffered and whether a hospital visit was required. We obtain these reports from our distributors, and use this information with your explicit consent and, in certain circumstances, where necessary to comply with legal obligations under social protection laws (in the event we are required by law to collect such information), in order to make or defend legal claims. If you give your consent, you can withdraw this consent at any time by contacting us using the details set out at Section K) below.

2. HOW WE USE YOUR PERSONAL DATA

We use your personal data to:

  1. meet our contractual obligations to you under any agreement we have with you or to take any necessary steps before entering into such agreement;
  2. fulfil your requests (for example, to enable you to book test drives or request vehicle brochures);
  3. help understand, develop and improve our products, processes, services and marketing strategies, including carrying out defect and fault analyses on parts;
  4. contact you with marketing and offers relating to products and services offered by us and/or other members of our group companies (unless you have opted out of marketing, or we are otherwise prevented by law from doing so);
  5. personalize our communications, products and services to you;
  6. keep your personal data up to date;
  7. conduct research into new products and services;
  8. comply with the legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;
  9. understand our customers better;
  10. manage and improve our relationship with you;
  11. protect the vital interests of you or of another person; and
  12. exercise our legal rights where it is necessary to do so.

3. WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA?

There are different lawful grounds that we rely on to use your personal data and we will collect and use your personal data in the following situations:

  1. Consent: where we have your consent. (Section 6 (1)(a) GDPR). Where we rely on consent to use your personal data, you have the right to withdraw that consent at any time. Please refer to Section K) for more details.
  2. Contract: where our use of your personal data is necessary to perform a contract or contracts that you are a party to, or to take steps that you request before entering into a contract. These contracts could include the conditions on which you enter an incentive scheme or agreements in relation to MSC’s Systems; (Section 6 (1)(b) GDPR)
  3. Legal or regulatory obligation: where it is necessary to use your personal data to comply with a legal or regulatory obligation;(Section 6 (1)(c) GDPR)
  4. Vital interests: in limited circumstances where it is necessary to protect someone's safety or vital interests; (Section 6 (1)(d) GDPR)
  5. Public Interest: in certain circumstances, we may need to use your personal data for purposes which are in the public interest; (Section 6 (1)(e) GDPR) and
  6. Legitimate interests: where our use of your personal data is within our legitimate interests or the legitimate interests of the organization with which we have shared your personal data and we have made sure that your personal data, and your rights in relation to that information, are protected. MSC relies on this legal ground if we use your personal data to: to ensure that our products and services are delivered and used in accordance with the law and the terms and conditions that apply to them; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. The legitimate interest we pursue are described below:
Processing activity Legitimate interest balancing assessment
Repair, diagnosis, and servicing of Suzuki vehicles
As the manufacturer of Suzuki vehicles, MSC has a legitimate interest to process personal data related to the repair, diagnosis and service information of customer's Suzuki vehicle to improve the services MSC provide to the customer and to enhance MSC's measures to increase the security and safety of Suzuki vehicles. MSC has a legitimate interest in processing and transferring vehicle information and service information to achieve this because this is fundamental to the repair, diagnosis, and servicing of Suzuki vehicles by various Suzuki dealers.
Manage recall campaigns and owner notification programs that may affect your vehicle
As the manufacturer of Suzuki vehicles, MSC has a legitimate interest to ensure customer's safety, security, product quality and to meet regulatory requirements. MSC vehicle owners expect MSC to take compliance with the law and security and safety of Suzuki vehicles seriously, and there is a public interest in ensuring that this is the case; harm could arise if MSC were not able to process data in this way and all users and the wider community benefit from this.
Dealing with customer enquiries and complaints MSC has a legitimate interest in processing data to respond to customer's questions, inquiries, and complaints because it is critical to engage with customers if they have queries to maintain their confidence in MSC. If a customer has directly contacted MSC with a question or complaint, it is reasonable for them to expect that their data will be processed to facilitate a response.
Prevent and detect crime and fraud or protect MSC's or others’ rights and to respond to legal process or requests for information issued by government authorities or other third parties MSC have a legitimate interest to prevent and detect fraud of any kind that pose a threat to MSC, its employees, business partners and their employees, importers, dealers and end customers and to respond to legal process or requests for information issued by government authorities or other third parties. Data subjects expect MSC to take compliance with the law and information security seriously and there is a public interest in ensuring that this is the case; harm could arise if MSC were not able to process data in this way and the wider community also benefit from this. For this reason, MSC may disclose unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches to authorities and courts and to respond to legal claims and requests from third persons.

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. For more information about the balancing test that we carry out to process your personal data to meet our legitimate interests, please contact us at the details set out at Section K). Where we rely on our legitimate interests in processing personal data, you can object to that processing at any time using the contact details set out set out at Section K.

Our data processing is not directed to the processing of special data or criminal personal data unless you voluntarily disclose such data to us and you grant your explicit consent to data processing (under Article 9(2)(a) GDPR) or if the processing of data is required for the establishment, exercise or defense of potential legal claims under Article 9(2)(f) GDPR.

4. INFORMATION COLLECTED WHEN YOUR VEHICLE IS SERVICED OR REPAIRED

When the vehicle you drive was manufactured it was assigned a unique number (the Vehicle Identification Number, or "VIN"). From the VIN we can tell certain information about your vehicle, including its model, age, and technical specifications such as the software it runs on.

When you bring your vehicle in for a service with one of our dealers or repairers, their engineers working on it will need to collect the VIN together with the diagnostic information and operation/environment data about the current state of your vehicle and when the malfunction took place.

This information will be transferred to MSC's systems, operated by MSC or its service providers and located in Hungary or elsewhere, so that MSC can provide the engineers that are servicing your vehicle vehicle-specific repair, maintenance and diagnostic information (including diagrams to help them fix problems, and software updates which may be required for your vehicle's on-board system). MSC will also provide them information about any past work carried out on your vehicle to assist them to diagnose, repair and/or service it and to enable them to maintain their records.

The information about the work done to your vehicle when it is serviced or repaired is always linked to the VIN of your vehicle, to make sure that every time you bring the vehicle in for a service, engineers of our dealers and repairers can provide you the best service possible. After the services are complete, this information will be transferred to the MSC’s systems, so that MSC (or any third parties it authorized to use the system in this way) can access information about past services and other maintenance work available to any dealer, repairer or their engineer anywhere in the world when they service your vehicle. MSC takes steps to ensure that only those dealers, repairers and engineers that are servicing your vehicle have access to that information, to protect your privacy.

MSC also uses the information held on the system to help diagnose common problems with MSC vehicles, to assist with repairs, to manage and administer warranties, similar products and services. It is also used for product safety purposes including, but not limited to, decision and implementation for field actions such as recall whether mandatory or not, and research and development purposes. If required, MSC will use that information to comply with its legal obligations.

MSC may also pass this information to members of its group companies/partner companies and service providers as described below for the purposes set out above.

E. SPECIAL POLICY: HOW WE USE INFORMATION ABOUT OUR BUSINESS PARTNERS

This Business Partner Privacy Policy (this "Policy") describes how MSC collects and processes personal data about individuals located in the European Union or any other any other countries or regions where regulation by the European Union with regard to personal data protection applies, including, but not limited to, the General Data Protection Regulation ("GDPR") and how we use and protect this information, and your rights in relation to this information ("you", to the extent you are located in such area).

This Policy applies to all personal data we collect or process about you in the context of your or your entities’ business relationship with MSC or one of our affiliated companies (a list of which is available here); such entities include, but not limited to, distributors, dealers, suppliers, service providers, governmental authorities, international organizations, press, and non-profit organizations. Personal data is information which relates to you, and which, alone or in combination with other information, could reasonably allow you to be identified.

1. PERSONAL DATA WE USE

We will collect personal data from you directly and also from other public sources.

We may be required by law to collect certain personal data about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and of the consequences of the failure to provide such data.

1.1 Information we collect about you

  1. Contact details (e.g. name, company name, division/department/section/group, rank/position/designation/title, phone number, email address, postal address or mobile number);
  2. Information necessary for preparation and arrangement for any event, conference or meeting hosted by us or any third parties in which you participate (for example, business meeting) (e.g. contact details, passport information or preference for meal).
  3. Information related to system account made available by MSC or our affiliated companies to their business partners.

1.2 Special categories of personal data

Some of the categories of information that we collect are special categories of personal data, such as information about your health, including food allergies (also known as sensitive personal data).

2. HOW WE USE YOUR PERSONAL DATA AND THE BASIS ON WHICH WE USE IT

We use your personal data to:

  1. meet our contractual obligations to you or your entities under any agreement we have with you or your entities or to take any necessary steps before entering into such agreement;
  2. communicating with you or your entities (for example, project management) and managing your or your entities’ contact information by physical, digital or any other manner (for example, making a digital list of contact information);
  3. make preparation and arrangement for any event, conference or meeting hosted by us or any third parties in which you participate (for example, business meeting);
  4. set up, grant access to, administer, and provide the services related to, systems, servers, networks, applications and on-line services made available by MSC to its business partners;
  5. comply with the legal obligations to which we are subject and cooperate with regulators and law enforcement bodies; and
  6. protect the vital interests of you or of another person; and
  7. exercise our legal rights where it is necessary to do so.

3. WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA?

There are different lawful grounds that we rely on to use your personal data and we will collect and use your personal data in the following situations:

  1. Consent: where we have your consent. (Section 6 (1)(a) GDPR). Where we rely on consent to use your personal data, you have the right to withdraw that consent at any time. Please refer to Section K) for more details.
  2. Contract: where our use of your personal data is necessary to perform a contract or contracts that you are a party to, or to take steps that you request before entering into a contract. These contracts could include the conditions on which you enter an incentive scheme or agreements in relation to Suzuki Systems; (Section 6 (1)(b) GDPR)
  3. Legal or regulatory obligation: where it is necessary to use your personal data to comply with a legal or regulatory obligation;(Section 6 (1)(c) GDPR)
  4. Vital interests: in limited circumstances where it is necessary to protect someone's safety or vital interests; (Section 6 (1)(d) GDPR)
  5. Public Interest: in certain circumstances, we may need to use your personal data for purposes which are in the public interest; (Section 6 (1)(e) GDPR) and
  6. Legitimate interests: where our use of your personal data is within our legitimate interests or the legitimate interests of the organization with which we have shared your personal data and we have made sure that your personal data, and your rights in relation to that information, are protected. MSC relies on this legal ground if we use your personal data to: understand and improve our products, services and/or business strategies; manage and improve our relationship with you, our dealership(s) and for administrative purposes; assess the quality of the services we, or our dealership(s) provide, and the services our suppliers provide to us or on our behalf; to ensure that the Suzuki Systems and our products and services are delivered and used in accordance with the law and the terms and conditions that apply to them; where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues; and to ensure that our dealership(s) are meeting the standards set out in the agreement we have in place with them; (Section 6 (1)(f) of GDPR). The legitimate interest we pursue are described below:
Processing activity Legitimate interest balancing assessment
To provide you with access to our information technology systems to ensure that those systems and our products and services are delivered and used in accordance with the law and the terms and conditions that apply to them Because of the business relationship with you, MSC has a legitimate interest to provide you with access to certain Suzuki Systems. Suzuki Systems apply role-based access control which restricts system access to authorized users and this requires MSC to know who a user is. The user's logged activities may be reviewed on a periodic basis for security events and breaches of user terms and conditions. A Suzuki System user would expect MSC to process their data in this way.
Research and conducting analytics on who is using MSC’s information technology systems and what they are doing. It is within MSC's legitimate interests to ensure that MSC’s systems offered give users the full functionality they expect. The system user benefits from system improvements and the processing are not particularly invasive.
To provide trainings, incentives to dealership employee and to record and keep track its results MSC’s trainings, incentives and keeping its results are necessary to ensure that business partners and their employees are able to fulfil employment related duties in line with MSC's high standards set out in the Agreement, including the tracking of trainings and incentives. This benefits customers and employees, because trainings and incentives provide increased efficiencies in processes and an enhanced Suzuki brand image.
Respond to business partner questions, inquiries, and requests MSC has a legitimate interest in processing data to respond to business partners’ or their employee's questions or inquiries because it is critical to engage with business partners’ or their employee's if they have queries to maintain their confidence in MSC. If a business partner or their employee has directly contacted MSC with a question or comment, it is reasonable for them to expect that their data will be processed to facilitate a response.
Prevent and detect crime and fraud or protect MSC's or other persons’ rights and to respond to legal process or requests for information issued by government authorities or other third parties. MSC has a legitimate interest to prevent and detect fraud of any kind that pose a threat to MSC or Suzuki Motor Corporation, MSC’s employees and business partners and their employees, dealers and end customers and to respond to legal process or requests for information issued by government authorities or other third parties. Data subjects expect MSC to take compliance with the law and information security seriously and there is a public interest in ensuring that this is the case; harm could arise if MSC were not able to process data in this way and the wider community also benefit from this. For this reason, MSC may disclose unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches to authorities and courts and to respond to legal claims and requests from third persons.
Communicate with business partner (their employees) regarding Suzuki Systems and matters related to MSC and its operations. It is within MSC's legitimate interests to provide Suzuki System users with updates about activity that affects the user's account on Suzuki Systems and information on important matters related to Suzuki, and employees would expect from MSC to do this.
Ensure that the business partners are meeting the standards set out in their agreement with MSC and conducting inspections and audits As a global vehicle manufacturer company, MSC and Suzuki Motor Corporation may conduct its internal and external operations aligned with common standards, brand and reputation expectation by customers, shareholders and MSC's management. For this reason MSC has a compelling legitimate interest to ensure its business partners align with MSC's high standards both in operations, look and the conduct of its employees as set out in its dealership agreements, which may include mystery shopping activities and other similar on the spot audits at the dealerships. These inspections and audits identify business risks, strengths, and opportunities for improvement in the business relationship with the distributor and benefit customers, because this reduces the likelihood of potential damage and distress to Suzuki customers. It could impair Suzuki's brand and its high standards if Suzuki were not able to process data in this way.

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. Where we rely on our legitimate interests in processing personal data, you can object to that processing at any time using the contact details set out at Section K).

Our data processing is not directed to the processing of special data or criminal personal data unless you voluntarily disclose such data to us and you grant your explicit consent to data processing (under Article 9(2)(a) GDPR) or if the processing of data is required for the establishment, exercise or defense of potential legal claims under Article 9(2)(f) GDPR.

We may obtain your consent to collect and use certain types of personal data when we are required to do so by law. If we ask for your consent to process your personal data, you may withdraw your consent at any time by contacting us using the details set out at Section K).

F. WHO WE SHARE YOUR PERSONAL DATA WITH

Your personal data may be disclosed to:

  • Service providers. We engage companies to provide services on our behalf and which process personal data, which may include companies managing particular promotions available through our Sites, data hosting companies, vendors that send emails on our behalf, analytics providers, and information technology providers;
  • Members of our group companies and partner companies. Some members of our group companies and partner companies provide services on our behalf or may be involved in processing personal data for the purpose set out above. A list of these companies is available here;
  • With your consent. We may share information with companies or other organizations where you have asked us to or agreed that we may share your personal data with them;
  • Suzuki dealers, distributors and other partners. (a list of which is available here). We share information with these third parties where necessary to provide you with a product or service;
  • Professional advisors. This includes lawyers and auditors who assist us in running our business and defending or bringing any legal claims;
  • Law enforcement agencies, courts, regulators, or government authorities. We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party; or
  • Asset purchasers. We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with our Privacy Policies

G. TRANSFERRING YOUR PERSONAL DATA INTERNATIONALLY

Your personal data will be treated in accordance with European Union laws concerning data protection and may be transferred within the European Economic Area ("EEA"), as well as to countries outside the EEA (including Japan). Suzuki Motor Corporation is located in Japan which country is regarded by the European Commission as ensuring an adequate level of protection for personal data. However, other countries to which we transfer your personal data may not be regarded by the European Commission as ensuring an adequate level of protection for personal data. As a result, when we transfer your personal data outside the EEA we will put in place appropriate safeguards in accordance with our legal obligations to ensure that your personal data is adequately protected, irrespective of the country to which it is transferred. These safeguards may include obtaining contractual assurances from any third party given access to your personal data that your personal data will be protected by standards which are equivalent to those that protect your personal data when it is in the EEA. If you would like to know more about how MSC protects your personal data when it is transferred outside the EEA, or to obtain a copy of the safeguards we put in place to protect your personal data when it is transferred, please contact us as stated in Section K) below.

H. HOW LONG DO WE RETAIN YOUR PERSONAL DATA

We keep your personal data in identifiable form for as long as is reasonably necessary to fulfil the purposes for which it is collected and as required to comply with applicable legal and regulatory obligations. This generally means holding your personal data for as long as one of the following apply:

  • your personal data is reasonably required in order to provide the services you have requested;
  • your personal data is reasonably required in order to protect and defend our rights or property or to bring any existing or potential legal claims (this will generally be the length of the relevant legal limitation period);
  • your personal data is reasonably required to deal with any complaints regarding our Sites/any services provided in our Sites;
  • your personal data is reasonably required to Maintain business records for analysis and/or audit purposes;
  • your personal data is reasonably required to deal with any complaints regarding our Sites/any services provided in our Sites; or
  • applicable laws or other regulations with record retention requirements require the retention of your personal data.

Personal data processed for the purposes of our Privacy Policies will be stored only to the extent necessary during the term of your contractual relationship with MSC, during a transition period (e.g., for the term of compliance of MSC’s obligations regarding data retention as established in the applicable laws). If a judicial or other legal action is initiated, we may store personal data until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.

In principle we will retain your personal data as long as required or permitted by applicable law, in particular as long as the data may be needed to fulfill or defend against claims that are not yet time-barred. We will retain your personal data, until the expiry of civil law statute of limitation pursuant to Section 6:22 (1) of the Civil Code (i.e. 5 years under) or in relation to tax related documents, until the statute of limitation expires on the tax assessment right, that is as a principle rule, 5 years counted from the last day of the calendar year in which the relevant tax reporting obligation was due (Sections 78(3) and 202 (1) of the Taxation Procedure Act). In case of accounting documents, the retention period is 8 years counted from the closing of the relevant financial year, in accordance with Section 169 of the Accounting Act. Afterwards, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

I. YOUR RIGHTS - WHAT RIGHTS DO YOU HAVE AND HOW CAN YOU ASSERT YOUR RIGHTS?

Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You can withdraw your consent by following the unsubscribe instructions or by contacting us via e-mail at privacy@suzuki.hu

Additional data privacy rights: Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data (including objection to profiling). Below please find further information on your rights to the extent that the GDPR applies. Please note that these rights might be limited under the applicable local data protection law.

  • Right to request access to your personal data: As provided by applicable data protection law, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
  • Right to request rectification: As provided by applicable data protection law, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to request erasure (right to be forgotten): As provided by applicable data protection law, you have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
  • Right to request restriction of processing: As provided by applicable data protection law, you have the right to obtain from us that we restrict the processing of your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
  • Right to request data portability: As provided by applicable data protection law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
  • Right to object:
    Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we are required to no longer process your personal data. Such right to object especially applies if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for certain types of direct marketing.

    If you have a right to object and if you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section K) below.

    Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

    If you have given your consent to receive direct marketing via certain communication channels, you need to withdraw your consent as explained above.

To exercise your rights, to update or correct your information if it changes or if the personal data, we hold about you is inaccurate, please contact us as stated under Section K below. We will contact you if we need additional information from you in order to honor your requests.

You also have the right to lodge a complaint with the competent data protection supervisory authority in the relevant Member State (e.g., the place where you reside, work, or of an alleged infringement of the GDPR). You also have the right to lodge a complaint with the competent supervisory authority in the particular Member State of your habitual residence for alleged infringement of the GDPR. If you reside in Hungary you may contact the Hungarian Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., Telephone: +36-1-391-1400, Telefax: +36-1-391-1410, e-mail: ügyfelszolgalat@naih.hu)

J. UPDATES TO OUR PRIVACY POLICIES AND YOUR DUTY TO INFORM US OF CHANGES

We may modify or update our Privacy Policies from time to time. If we change our Privacy Policies, we will notify you of the changes at the top of this page. Where changes will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your personal data (for example, to object to the processing).

K. HOW TO CONTACT US

We are Magyar Suzuki Corporation Ltd., with registered address at 2500 Esztergom Schweidel J. u. 52/A., Hungary, e-mail: privacy@suzuki.hu.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to our Privacy Policies. If you have any questions about these policies, including any requests to exercise your legal rights, please contact our DPO via e-mail at dpo@suzuki.hu

NOTE

This e-mail address is only used for receiving messages from you regarding personal data. For other inquiries and requests, please kindly contact our distributors in the country in which you are located, using their contact details which are available here.

© 2020 - Magyar Suzuki Corporation Ltd.