PROTECTING YOUR PERSONAL DATA IS CENTRAL TO RENAULT GROUP’S VALUES

Compliance with regulations relating to personal data protection constitutes an opportunity to build trust between the group and its stakeholders (shareholders, customers, suppliers, employee). Since trust is a value which the Renault Group particularly values, personal data protection is one of our ethical references in the conduct of our actions.

As such, the group has launched a regulatory compliance program based on governance, procedures and tools dedicated to protecting everyone’s personal data.

As part of this program, Renault Group has:

  • Appointed a group Data Protection Officer, who is responsible for enforcing the protection of your personal data throughout the group;
  • established internal policies for the protection of personal data and built a training program for its employees;
  • implemented procedures in particular allowing you to exercise your rights over your personal data.

USING YOUR PERSONAL DATA WITH TRANSPARENCY

In the course of its activities, Renault Group collects, uses and stores some of your personal data, i.e. information that makes it possible to identify you. The group intends to ensure the greatest transparency in the processing it performs on the personal data you provide to it or on the personal data it collects through the various contacts you may have with it.

The group’s privacy policies aim to inform you of the conditions of use of your personal data by Renault Group, as well as the rights and options you have to control your data and protect your privacy.

The Group uses your personal data in particular to manage its relationship with you, improve its products and services, manage its research and development activities and organize its events.

More detailed information regarding the processing of your personal data (in particular the procedure to follow to exercise your rights) is provided to you at the time that your personal data is collected, on each of the Group’s websites (Information on the protection of your personal data), mobile application or contractual documentation supplied to you.

For information relating to personal data that we automatically collect, such as IP address and cookies, a cookie policy is also available on each of Renault’s websites or mobile applications.

THE USE OF YOUR PERSONAL DATA WITH RESPECT TO OBLIGATIONS

Renault strives to comply with all applicable obligations relating to the protection of personal data.

As such, the Group Renault ensures that each processing of personal data complies with the principles arising from the applicable regulations:

  • The Group Renault undertakes to collect and process your personal data for explicit, legitimate and determined purposes in connection with its various activities (determined purpose)
  • Only the data strictly necessary to carry out the activity are collected (minimization)
  • Data is accurate, complete, and, when necessary, updated (data relevance)
  • A data retention policy is defined, and at the end of the retention periods, the data is deleted or anonymized (limited retention)
  • An activity creating a high risk for the rights and freedoms of individuals is subject of a prior impact study (data protection impact assessment)
  • Data protection is integrated “by design” (privacy by design) and “by default” with a high level of protection (privacy by default)
  • Data is secure and kept confidential (security)
  • Each processing is based on a legitimate basis provided by law (lawfulness)
  • Relations with our partners and service providers are under control and data transfers are supervised

SAFE USE OF YOUR DATA

Renault Group works to ensure that all your personal data is secure for the duration of its storage, in particular against any unauthorised use or disclosure. To this end, The Group Renault implements physical and logical security measures tailored to the sensitivity of the personal data and the processing carried out and which comply with professional best practices and the standards imposed on it.

If despite all the measures that we have put in place, you notice that your personal data has been exposed to a security incident, you can inform us at any time at this address: list.databreach@renault.com. We will then take the necessary measures to put an end to said incident.

Renault is also legally obliged to verify that your data is accurate, complete and updated as necessary.

RENAULT GROUP ALLOWS YOU TO EXERCISE YOUR RIGHTS

The Group makes every effort to guarantee you control your personal data.

The rights which you benefit from under the GDPR are as follows:

  • A right to object to the processing of your personal data, provided you have grounds connected with your particular situation, and the right to request the limitation of your personal data processing, in some cases as provided for in regulations.
  • A right to object to any commercial solicitation: you can ask at any time not to receive our communications related to our offers, news and events. This right may, in particular, be exercised via the unsubscribe link in each marketing email. You can also object to profiling.
  • A right to withdraw your consent at any time, for the purposes for which we obtained your consent.
  • A right to information: you have the right to obtain clear, transparent and understandable information about how we use your personal data and about your rights. This policy is an example of this.
  • A right of access to your personal data: you have the right to obtain information concerning the processing of your personal data (including the data that is used, for what purposes, etc.) and a copy thereof.
  • A right of rectification: you have the right to correct your data if it is inaccurate or incomplete, despite our efforts to keep it up to date, enabling us to comply with our obligation to have up-to-date data about you.
  • A right to the portability of your data, i.e., under certain conditions, the right to receive the personal data you have provided to us, in a structured, commonly used computerised format, and for it to be transmitted to a third party if technically possible.
  • A right to erasure (or right to be forgotten): you have the right to have your data erased or deleted. This right may be limited in light of our contractual or legal obligations (contract in progress) (prevention of legal action in particular).

You also have the right to lodge a complaint with the competent supervisory authority in your country in order to file a complaint against the data protection and privacy practices of the Group. We encourage you to contact us prior to any claim, so that we may attempt to resolve your problem together.

If you wish to exercise these rights or if you have questions or complaints regarding the processing of your personal data, we invite you to contact us via the contact details mentioned in the information notices applicable in your country.

This policy may be updated. You are therefore invited to review it regularly.