If you are reading this Privacy Policy, it is because you are using this application called LumApps (“Application”). This Privacy Policy has been prepared to inform you of how we process your personal data (hereafter “Personal Data” or “Data”, please see section Definitions below). For any clarification regarding this Privacy Policy or the methods of processing your Personal Data, please send your request to your local Data Protection Officer or to dataprotectionofficer@stellantis.com.
From this Application it may be possible to connect through special links to other third-party applications or websites. For such processing activities, we invite you to consult the respective privacy policies. The controller declines any responsibility for any management of Data by such third-party applications or websites.
Your employer (hereinafter also "we" or "us"), the respective legal entity of STELLANTIS, is the Controller. This Application is operated by Stellantis Europe S.p.A., C.so G. Agnelli 200, 10135 Turin, Italy.
We collect Data from this Website. The Data collected and the related processing purposes depend on the management of the settings of the Browser and the Device in use.
The purposes for collecting your Data are indicated in the section “Why we process your Data and the legal basis for this”.
When you use this Application, you may provide us with Personal Data. This is the case, for example, when you send communications to the addresses indicated on the Website, when you use any contact forms or when you subscribe to one of our Services (e.g., newsletter) or participate in one of our surveys.
When you use our Application, we collect information on the Browser and Device you are using. This information includes your IP Address, the date, time and the requested URL, and other information such as the type of your Browser or Device. Information related to your Browser or Device may include your operating system, language, network settings, telephone operator or internet provider, installed third-party applications and plug-in lists. More information can be found in the Cookie Policy.
Your Data is processed for the following purposes based on the respective indicated legal basis:
We process your Data to allow navigation of the Application and the provision of Services (e.g., news, surveys, podcasts, information, downloads of documents). This processing is based on the execution of a contractual obligation or pre-contractual measures taken at your request or on our legitimate interest to inform our employees and to offer certain Services.
The processing of data for statistical purposes is based on the legitimate interest of the Controller, unless consent is required by a local regulation.
We may use your Data to comply with legal obligations and orders to which we are subject to. Some legislations may require us to share your Data with public authorities. If this sharing is not required by law of your country, we may still process your Data, as explained in more detail in the following purpose "Protection of our interests and your interests".
To the extent permissible under by applicable data protection law, we may need to use your Data to detect, react to and prevent fraudulent and illegal behavior or activities which could compromise the security of our Services and the Application. This may occur when you use our Application in ways other than as permitted. These purposes also include audits and assessments of our business operations, security audits, financial controls, records, and information management program, and otherwise related to the administration of our general business, accounting, record keeping and legal functions. These purposes are based on our legitimate interest in safeguarding our interests and protecting our Users.
Data collected for the above purposes are processed through manual and electronic processes.
We may disclose your Data to the following recipients and/or categories of recipients ("Recipients"):
We are part of STELLANTIS and operate in multiple jurisdictions worldwide. This means that your Data may be stored, accessed, and disclosed (processed) outside your jurisdiction, including within the European Union, the United States of America or any other country where our Processors and sub-processors are located, or where their servers or cloud computing infrastructure may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with applicable data protection laws, including EU legislation to which we are subject. Where required by EU data protection law, transfers of your Data to Recipients outside the EU will be subject to appropriate safeguards (such as EU Standard Contractual Clauses for data transfers between EU countries and non-EU countries), and/or other legal basis according to the EU legislation. For more information about the safeguards implemented by us to protect data transferred to third countries outside the EU, you can write to your local Data Protection Officer (DPO) or to dataprotectionofficer@stellantis.com.
The Data processed for the purposes of Providing our Services and related support and Protection of our interests, and your interests (see Section 3) will be kept for the time strictly necessary to achieve those same purposes. However, the Data might be stored for a longer period in case of potential and/or actual claims and resulting liabilities and/or in case of other mandatory legal retention requirement and/or storage obligations.
Data processing to comply with legal obligations (see section 3) will be retained for the period foreseen by the laws and regulations.
You can ask us for more information on our data retention criteria and policy by writing us here: dataprotectionofficer@stellantis.com.
At any time, you can ask to:
Please find a list of data protection supervisory authorities to allow you to choose your competent authority by selecting your country (please be aware that in e.g., Germany there are federal supervisory authorities): https://www.cnil.fr/en/data-protection-around-the-world. If your supervisory authority is not listed, you can contact us for more information.
Depending on your residence Data Protection Laws might apply that provide you with additional rights. Please find a non-exhaustive overview here:
mailto:dataprotectionofficer@stellantis.com mailto:dataprotectionofficer@stellantis.com https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9727446 https://creativecommons.org/licenses/by/4.0/
• Australia: Right to anonymity and pseudonymity. While this means that you may withhold giving us your name, or use a fictitious name, it also means that we may not be able to provide a Service to you, or to fulfill a request, such as when you ask for access to your Data.
• California (US): You have the right to opt-out of the sale or sharing of your Data by the business (where applicable) and the right to receive non-discriminatory treatment for the exercise of these rights.
• New Zealand: You have the right to a response in relation to your request for access to, or correction of your Data within 20 working days of us receiving the request.
Please note that your above-mentioned rights might be restricted by law and must be fulfilled by us possibly only under certain conditions.
You can exercise the above rights or express any concern or make a complaint regarding our use of your Data directly at: https://privacyportal.stellantis.com or by reaching out for your HR Business Partner.
At any time, you can contact your local Data Protection Officer (DPO) via the respective contact channel or the Stellantis DPO via dataprotectionofficer@stellantis.com.
We take reasonable precautions from a physical, technological, and organizational point of view to prevent the loss, misuse, or modification of Data under our control.
We reserve the right to adapt and/or modify this Privacy Policy at any time. We will inform you of any relevant adaptations/changes.
The icons illustrated in this Policy are “Data Protection Icons” by Maastricht University European Centre on Privacy and Cybersecurity (ECPC), CC BY 4.0.
Application: is the Application where this Privacy Policy is present.
Browser: refers to programs used to access the internet (e.g., Safari, Chrome, Firefox).
Controller: refers to the legal person, public authority, service or other entity which, individually or jointly, determines the purposes and means for the processing of your Personal Data.
Device: refers to the electronic device (e.g., smartphone) through which you visit our Application.
IP address: is a unique number used by the Browser and your Device to connect to the internet. The internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this data, you cannot connect to the internet and use our Services.
Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For example, an email address (if it refers to one or more aspects of an individual), IP Addresses and Unique Identifiers are considered Personal Data. For your convenience, we will collectively refer to all Personal Data mentioned also as "Data".
Processor: refers to an entity engaged by us to process your Personal Data solely on behalf of the Controller and according to its written instructions.
Recipient: refers to any natural or legal person, public authority, agency or another body, to which Personal Data are disclosed, whether a third party or not.
Services: collectively, means all Services available on our Application.