General Data Protection Regulation (GDPR) | ||
This page defines the personal data to be found in this system and outlines how this
data is handled and stored in accordance with GDPR. Queries should be forwarded to itukprojectoffice@mpsa.com in the first instance. Last update: 19th January 2018 by ITUK & Franchising Departments |
||
Principle | What that means | Compliance in this system |
Transparency | Data should be processed fairly and lawfully | Data is processed under the control of the Franchising Department. This data is visible only to the Investor / Enquirer. |
Purpose | Data should be used for the stated purpose | The data will only be used to progress the application process. |
Relevancy | Data should be adequate, relevant, and not excessive = data minimisation | Only sufficient data is held to enable the process of an enquiry or application to become a Stellantis retailer. Investors are identified by a combination of 1) name and 2) Email address and 3) Contact telephone numbers and 4) Job title. There are no other personal data fields in the system. |
Data retention | Data should be kept only as long as necessary | The data will be held for the duration of the application process and for the duration of the Agreement held with Stellantis. |
Data subject rights | Data should be processed in accordance with the rights of the data subject | Investors are identifiable by a combination of 1) name and 2) Email address and 3) Contact telephone numbers and 4) Job title. Providing these data fields in combination will allow the application process to proceed. |
Adequate security measures | Data should be kept secure | The transmission of data submissions and on-screen reports is always encrypted (HTTPS). Data is held in a secure datacentre which is accessible only by members of the ITUK Integration team. Data is uploaded manually by the Investor, the Regional Network Development Manager, Franchising, Finance and Corporate Identity Departments and Stellantis Finance Ltd. |