Alumobility Website Privacy/Data Protection Policy
Updated: December 20, 2020
Alumobility, a non-profit organization registered in Switzerland, exists to provide technical innovation and ready-to-implement solutions at scale that drive value for OEMs to fulfill the promise of a lighter, more efficient, more sustainable, and purposeful world of mobility.
Alumobility is committed to conducting its business in accordance with the privacy and protection of individual personal data of individuals, including contractors, customers, suppliers, and other partners.
The purpose of this Data Protection Policy (the “Policy”) is to inform you about the commitments made by Alumobility to ensure that your personal data are respected in compliance with the applicable relevant laws.
This Policy may evolve according to the legal and regulatory context and the doctrine of supervisory authorities.
“Controller”: The Alumobility legal entity which determines the purposes and means of the Processing of Personal Data.
“Data Subject”: Any person, including you, whose Personal Data are processed.
“Personal Data”: All information on an identified or identifiable person. A person is deemed to be identifiable if he or she can be directly or indirectly identified for example by reference to an IP number, identity number or by at least one factor specific to that person’s social, cultural, physical or economic identity.
“Processing”: Any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor”: The natural or legal person which processes Personal Data on behalf of the Alumobility legal entity.
3. Applicable law
In order to provide legal certainty and transparency for economic operators, the European Union adopted the Regulation 2016/679 on the protection of natural persons with regard to the
Processing of Personal Data and on the free movement of such data (General Data Protection Regulation or ‘GDPR’). The GDPR enters into force on 25 May 2018.
The local laws of each Member State remains relevant in the limits allowed by the GDPR.
The Policy is subject to the GDPR and the relevant local laws of the concerned Alumobility legal entity.
4. Principles for processing Personal Data
Alumobility commits to ensure that Personal Data are:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary;
- accurate and, where necessary, kept up to date;
- kept for no longer than is necessary for the purposes;
- processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Alumobility ensures that all its Processing is performed in accordance with the applicable laws.
Management is responsible for defining and structuring all processes where Personal Data can be collected, processed and/or used, that they comply with this Policy.
In particular, the following tasks fall under the responsibility of management:
- Ensuring that technical and organizational security measures are in place;
- Assuring that processes for the Personal Data collection, use and/or processing are compliant with the applicable laws and that the global and local process owners are informed upon necessary changes;
- Monitoring on a regular basis the relevant applicable laws.
Any Alumobility employee has the duty to process the Personal Data he/she has access to in the course of their employment as strictly confidential.
Each employee can collect, use and/or process Personal Data pursuant to the defined process within Alumobility but only in the extent as necessary to fulfil his/her duty.
Data protection officer
Where required by law, each Alumobility legal entity shall appoint a data protection officer who is in charge to ensure compliance with relevant data protection and privacy law and the provisions of this Policy.
6. How do we process Personal Data?
In which context do we obtain Personal Data?
By hiring people;
By being contacted by customers, suppliers and/or other persons via our website, phone, email or any other mean;
By prospecting clients.
How do we respect the transparency principle set forth in the GDPR?
Each Data Subject is informed by the Alumobility legal entity which is collecting the Personal Data that his/her Personal Data are collected, used and/or processed and how his/her Personal Data are being handled by Alumobility.
In particular, each Data Subject is informed (i) of which types of Personal Data will be subject to Processing; (ii) for which specific purpose(s); (iii) to whom such Personal Data might be transmitted; and (iv) how the Data Subject can exercise its rights.
How do we use the Personal Data?
Personal Data are subject to data secrecy. Alumobility applies the following rules in order to prevent any unauthorized collection, processing or use of such data by its employee:
- Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question;
- Employees shall not disclose Personal Data to unauthorized people, either within the company or externally;
- Employees shall not share Personal Data informally;
- Employee will receive an adequate training to help them understand their responsibilities when handling Personal Data.
How do we respect data accuracy?
Alumobility ensures that Personal Data are accurate and, where necessary, kept up to date, by applying the following rules:
- Personal Data will be held in as few places as necessary. Employee shall not create any unnecessary additional data sets;
- Employees shall take every opportunity to ensure Personal Data are updated and the management shall ensure that relevant databases and systems are checked on a regular basis;
- Personal Data shall be updated as inaccuracies are discovered.
How do we store Personal Data?
Alumobility is aware that periods for which the Personal Data are stored must be limited to a strict minimum.
To ensure safely storage, Alumobility applies the following rules:
- When not required, the paper or files should be kept in a locked drawer or file cabinet;
- Employees shall make sure paper and printouts are not left where unauthorized individuals may see them;
- Personal Data printouts shall be shredded and disposed of securely when no longer required;
- Personal Data shall be protected by strong passwords that are changed regularly and never shared between employee;
- Personal Data shall only be stored on designated drives and servers, and shall only be uploaded to an approved cloud computing services;
- Servers containing Personal Data shall be sited in a secure location, away from general office space;
- Personal Data shall be backed up frequently;
- All servers and computers containing Personal Data should be protected by approved security software and a firewall.
7. Rights of Data Subjects
According to the GDPR, each Data Subject has the following rights:
- Right of access (article 15 GDPR): In certain cases, the Data Subject has the right to obtain confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the Personal Data.
- Right to rectification (article 16 GDPR): The Data Subject has the right to obtain the rectification of inaccurate Personal Data concerning him or her.
- Right to erasure (article 17 GDPR): in certain cases, the Data Subject has the right to obtain the erasure of Personal Data concerning him or her.
- Right to restriction of processing (article 18 GDPR): in certain cases, the Data Subject has the right to obtain restriction of Processing.
- Right to data portability (article 20 GDPR): in certain cases, the Data Subject has the right to receive the Personal Data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- Right to object (article 21 GDPR): in certain cases, the Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her.
A Data Subject can exercise his/her rights by sending an email to: firstname.lastname@example.org
8. Transfer of Personal Data
As Alumobility is a multinational organization, Personal Data may be transferred to countries located outside the EEA. In this case, Alumobility ensures that the country has an adequate level of data protection in compliance with articles 44 to 50 of GDPR.
The transfers of Personal Data outside of Alumobility, including among its members, are managed on a case-by-case basis. In this case, Alumobility ensures that such transfers are (i) performed on the basis of an adequacy decision of the European Commission or (ii) are subject to appropriate safeguards.
Alumobility has implemented appropriate technical and organizational security measures to ensure a level of security appropriate to the risk of each Processing.
In case of a data breach, Alumobility has implemented an internal process in order to prevent, detect and stop Personal Data breach as well to notify the relevant supervisory authority and, if applicable, the Data Subjects, in time.