Privacy Notice - European Union and United Kingdom
What data do we collect about you
Data relating to persons or personal information is any information about a person from which that person can be identified. This does not include data where the identity has been removed (anonymous data). There are different types of personal data we may collect, use, store and share about you, which we have summarised as follows:
- Identity Data – such as first name, last name, vehicle identification number (VIN) or similar identifier, marital status, title, date of birth and gender;
- Contact Data – billing address, shipping address, email address, and phone numbers;
- Financial Data – bank account and payment card details;
- Transactional Data – details about payments to and from you and other details about products and services you have purchased from us;
- Technical Data – your IP address, login details, browser type and version, browser usage, time zone setting and location, the duration of your visit, the pages you viewed on our website, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this website;
- Profile Data – your username and password, purchases, or orders you have made, your interests, including the make and model of your motor vehicle, and details of specific parts orders, as well as other preferences, feedback and survey responses;
- Usage Data – data about how you use our website, products and services; and
- Marketing and Communications Data – data on your preferences about receiving marketing from us and our third-party vendors and your communications preferences.
However, we do not collect special categories of personal data about you, including information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, information about your health, and genetic and biometric data. We also do not collect information about criminal convictions and offences.
How do we collect your data
To collect data from and about you, we use a variety of methods, including but not limited to:
Direct Interactions – You may provide us with your identity, contact and financial information by filling out forms, electronically or otherwise, or by corresponding with us in person or by mail, telephone, email or otherwise. This includes personally identifiable data you provide when, for example, you
- create an account on our website;
- fill out a “contact us” or “request more information” form on our website;
- order our products or services;
- subscribe to our services or publications;
- request to receive marketing materials;
- enter a competition, promotion or survey; or
- provide us with feedback.
Automated technologies or interactions – When you interact with our website, we may automatically collect technical data about your devices, browsing activities and patterns. We collect this personal information using cookies, server logs, and other similar technologies.
Third parties or publicly available sources – We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
(a) analytics providers, such as Google, which may be based outside the EU and the UK;
(b) marketing tools, such as Hubspot, which may be based outside the EU and the UK; and
(c) search information providers such as Wistia, which may be based outside the EU and the UK.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or aggregators; or
- Identity and Contact Data from publicly availably sources.
How we will use your data
We may process your personal data for the following legitimate business purposes and for the purposes of performing any contracts we may have with you:
- To register you as a new customer;
- To process and deliver your order;
- To verify your eligibility and deliver prizes in connection with promotions, contests and sweepstakes;
- To enforce our terms and conditions;
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences;
- To make suggestions and recommendations to you about goods or services that may be of interest to you;
- To comply with applicable law; and
- To perform other functions as described to you at the time of collection; and
- To manage our relationship with you and provide you with effective customer support which will include:
- Training and consulting; and
- New feature announcements.
We will only process your personal data for the purposes we collected it for or for compatible purposes. If we need to process your personal data for an incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We will only process your personal data without your knowledge or consent where required by applicable law or regulation.
We may have to share your personal data with the parties set out below for the purposes set out above:
Internal/External Third Parties such as:
- Vendors and service providers acting as processors who provide IT and system administration services;
- Professional advisers and other agents and representatives acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- Regulators and other authorities acting as processors or joint controllers based in the EU and the UK who require reporting of processing activities in certain circumstances;
- With other customers, including but not limited to, automotive dealerships, automotive manufacturers, repair facilities, parts suppliers, and insurance companies to facilitate transactions; or third parties that conduct customer satisfaction surveys on behalf of OEC. third parties are used to ensure anonymity of survey respondents.
We may also disclose your personal data for the following additional purposes, where permitted or required by applicable law:
- As part of our regular reporting activities to other members of our group of companies;
- To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your personal data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum personal data necessary for the specific purpose and circumstances;
- To protect the rights and property of OEC;
- During emergency situations;
- Where the personal data is publicly available;
- If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymise the data where possible; and
- For additional purposes with your consent where such consent is required by law.
Whenever we transfer your personal data out of the EU and the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the by applicable law or regulation;
- We may use specific contracts approved by the applicable law or regulation which give personal data the same protection it has in Europe;
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US; or
- Where we transfer your personal data between OEC entities, we have implemented adequate safeguards in the form of an Intra Group International Transfer Agreement, including the Standard Contractual Clauses for processors approved by European Commission Decision C (2010)593, among all the OEC Group of companies to secure the transfer of your personal data to the US and other jurisdictions.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and the UK.
How do we store your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We further require all our third-party service providers to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us. We take all reasonable measures to ensure that our third-party service providers do not use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements or as necessary to resolve disputes.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at firstname.lastname@example.org.
In some circumstances you can ask us to delete your data. Moreover, in some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We do not generally rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at email@example.com. You will not be subject to decisions based on automated data processing without your prior consent.
We will get your express opt-in consent before we share your personal data with any company outside of OEC for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at firstname.lastname@example.org.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
What are your data protection rights
We would like to ensure that you are fully aware of all your data protection rights. You are entitled to:
The right to access – commonly known as a “data subject access request”. This allows you to obtain a copy of the personal data we hold about you and check that we are processing it lawfully.
The right to rectification – This allows you to have incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of new data you provide to us.
The right to erasure – This allows you to request that we erase your personal data if there is no good reason to continue processing it. However, please note that we may not always be able to comply with your request for erasure for certain legal reasons, which may be communicated to you at the time of your request.
The right to restrict processing – This allows you to ask us to suspend the processing of your personal data in the following circumstances: (a) if you want us to verify the accuracy of the data; (b) if our use of the data is unlawful but you do not want us to erase it; (c) if we need to keep the data even if we no longer need it because you need it to establish, exercise or defend legal claims; or (d) if you have objected to the use of your data but we need to verify that we have compelling legitimate reasons to use it.
The right to object to processing – You have the right to object to the processing of your personal data if we rely on a legitimate interest (or that of a third party) and there is something in your particular situation that leads you to object to the processing on that ground because you consider that it adversely affects your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds for processing your data that override your rights and freedoms.
The right to data portability – The right to data portability – This allows you to request that your personal data be transferred to you or to a third party. We will provide you or a third party of your choosing with your personal data in a structured, commonly used, and machine-readable format. Note that this right only applies to automated data that you have originally consented to the use of, or where we have used the data to perform a contract with you.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. Reasonable access to your personal information will normally be provided at no cost.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If for some reason access is denied, we will provide an explanation as to why access has been denied.
What are cookies
Cookies are small text files placed on your computer to collect standard Internet log data and visitor behavior information which are automatically created by your browser and stored on your terminal device (notebook, tablet, smartphone or the like) when you visit our website. We may automatically collect information from you via cookies or similar technologies when you visit our website. Cookies do not cause any damage on your end device and do not contain viruses, Trojans or other malware. The type of information stored by the cookie depends on the end device. However, this does not mean that we can directly access your identity in this way.
Our websites collect certain information about your visit, such as your browser type, your IP address, and the referring website. We also partner with third parties who also may place cookies on your browser when you visit our websites, they may send their own cookies to your cookie file, and they may use those cookies to track and collect information about you and your online activities, over time and across different websites, devices, and applications and to provide targeted advertising based on your interests and previous browsing history.
How to manage cookies
Opt-out options – other company cookies
You may choose to block OEC cookies and other sites from setting cookies by changing the browser settings, however blocking, or disabling certain cookies may interfere with certain functions otherwise available.
Opting out of receiving interest-based advertising does not result in blocking all advertisements. You may continue receiving advertisements which will be generic or maybe based on the content of a webpage that you are visiting, instead of being targeted to your specific interests.
Due to the way that browsers work, other companies may place cookies on your device when you access our website.
To obtain information on how to set cookies opt outs on a particular browser, visit the privacy / cookie page of the relevant browser in use.
Privacy policies of other websites
How to contact us
In case you wish to raise a complaint or feel that we have not addressed your concern satisfactorily, please do not hesitate to contact us.
Email us at: firstname.lastname@example.org
Or write to us at:
OEC International Limited
OEC, Construction House, Winchester Road
OEC, Construction House, Winchester Road
OEC Europe Holdings Limited
OEC, Construction House, Winchester Road
OEC Sp. z o.o
Wadowicka 3A, 30-347 Krakow
52 Boulevard de Sebestopol
OEC’s Data Protection Representative:
OEC Sp. zo.o
Wadowicka 3A, 30-347
How to contact the appropriate authority
You have the right to file a complaint with the data protection authority in your jurisdiction should you wish to make a complaint or feel that we have not addressed your concerns satisfactorily, including for the UK, the Information Commissioner’s Office, and for the EU, the European Data Protection Board, EU member state data protection authorities and ultimately the European Commission.
Effective Date: February 2023