Fiat Professional: Stellantis Data Privacy Update

When considering 'Ciao Fiat Professional Mobile', it's important to understand that while the exact term isn't extensively defined as a specific product or service in the latest updates, it broadly refers to the digital interactions and customer service initiatives associated with the Fiat Professional brand. As of January 2021, Fiat Professional, alongside numerous other prominent automotive marques, became part of the colossal Stellantis Group following the merger of PSA Automobiles SA and Fiat Chrysler Automobiles N.V. This significant corporate restructuring has led to a major overhaul in how customer data is managed across all Stellantis brands, including Fiat Professional. This article will delve into these critical changes, explaining the new data privacy framework, how your personal information is handled, and what it means for you as a Fiat Professional customer.

The Stellantis Group: A New Era for Automotive Brands

The automotive landscape underwent a monumental shift in January 2021 with the merger of two giants: PSA Automobiles SA and Fiat Chrysler Automobiles N.V. This union gave birth to the Stellantis Group, creating one of the world's leading automotive manufacturers. This new conglomerate now encompasses a vast portfolio of well-known brands, ensuring a comprehensive presence across various segments of the market. These brands include: Abarth, Alfa Romeo, Citroën, DS Automobiles, Fiat, Fiat Professional, Jeep, Lancia, Opel, Peugeot, Vauxhall, Spoticar, Mopar, and Stellantis & You.

For customers of brands like Fiat Professional, this merger signifies a unified approach to various aspects of ownership and customer interaction, including, crucially, the management of personal data. Understanding this foundational change is the first step in comprehending the new data privacy landscape.

Centralised Data Management: Stellantis Europe S.p.A. Takes the Helm

A pivotal change came into effect on 30th June 2023. Prior to this date, customer data management might have been handled by various entities within the former groups. However, following an internal reorganisation aimed at centralising the processing of personal data for all brand customers and prospective customers, all Customer Relationship Management (CRM) activities are now managed by a single entity: Stellantis Europe S.p.A. This company, with its registered office in Corso G. Agnelli 200, 10135 - Turin, Italy, has assumed the role of the Data Controller for all personal data processed for CRM purposes across the Stellantis brands.

This means that Stellantis Europe S.p.A. is now primarily responsible for determining the purposes and means of processing your personal data. This change is reflected in the updated General Privacy Policy, which came into effect on the same date, 30th June 2023. This policy is drafted in accordance with Article 13 of the EU Regulation 679/2016 (GDPR), providing a robust legal framework for data protection.

What Personal Data Does Stellantis Collect?

Stellantis collects various types of Personal Data to provide and improve its services, drawing information from its websites, applications, and events. The data collected, and its specific processing purposes, depend on how you interact with their services and your personal browser or device settings. Here’s a breakdown of the categories:

Data Provided by You

When you engage with Stellantis services, you may directly provide information. This includes basic identifiers such as your name, phone/mobile number(s), e-mail address, and place of residence. You might also share your preferences, for example, regarding specific vehicle models or services available at your local retailer. This occurs when you:

• Request a test drive.
• Search for your nearest retailer.
• Participate in official Stellantis events.
• Contact customer support with questions, requests, or feedback (via phone, online forms, or chat).

Additionally, you can choose to provide location information if you wish to search for the Stellantis Network (retailers, dealers, repairers) in a specific area, such as Turin. It is crucial to note that if you provide data belonging to third parties, you are legally responsible for having obtained their authorisation to share such information and must indemnify Stellantis against any claims arising from its unlawful disclosure.

Data Collected by Your Browser, Device, and Application

As you use Stellantis websites and applications, certain technical information is automatically collected from your browser and device. This includes your IP Address, the date, time, and the requested URL. Furthermore, Unique Identifiers and other details like your browser or device type, operating system, language, network settings, telephone operator or internet provider, and lists of installed third-party applications and plug-ins are gathered.

Much of this information is collected through the use of Cookies and other tracking technologies embedded in your browser or device. These technologies are vital for ensuring the proper functioning of services and for delivering content that may be relevant and useful to you. More detailed information on these technologies is typically available in a separate Cookie Policy.

Data Inferred by Your Activity

Stellantis also collects data based on your interactions with their services. This helps them to continually improve offerings and understand what content might be most useful to you. For instance, if you frequently view a particular vehicle model or show interest in specific events or vehicle check-ups in a certain geographical area, Stellantis may focus on providing you with related content. If you contact Stellantis via email, mail, or telephone regarding vehicles or other information, a record of your contact details, communications, and responses is maintained.

Information About Your Location

Location data is collected to facilitate services such as displaying the nearest Stellantis Network locations and providing tailored content. Your location can be determined through various methods:

• Manual entry of an address, city, or postcode.
• Through the Device Sensors (e.g., accelerometers, gyroscopes, Bluetooth, Wi-Fi, and GPS) of your electronic device, if enabled.
• Via your IP Address, with your browser or device permissions.

The accuracy of location data varies depending on the collection method and your device's privacy settings. Stellantis explicitly states its commitment to ensuring that location information is not used to infer Sensitive Data (e.g., racial origin, health data). You retain control over this collection and can limit it by adjusting your browser or device settings.

Where Does Stellantis Obtain Your Data?

Beyond direct collection, Stellantis also acquires personal data from other sources, ensuring legal compliance and data integrity.

Data Collected by Our Partners' Websites and Apps

Stellantis receives information about you from the websites and applications of its partners. This 'Indirect Collection' occurs only after partners have contractually assured Stellantis that they have obtained your explicit consent or possess another legitimate legal basis for sharing your data. Examples include when you request a test drive through a partner, make a purchase, or subscribe to commercial communications via a partner's platform. Stellantis undertakes efforts to verify the conformity of this received data before its use and requests that partners do not provide Sensitive Data.

Data Collected from Public or Publicly Accessible Sources

To enrich your Personal Data, Stellantis may also collect information from public sources, strictly within the limits of applicable law. These sources can include public registers, online newspapers, and public directories. A preliminary check is always conducted to ensure the legality of using such information, adhering to best practices established by relevant supervisory authorities, such as the Italian Supervisory Authority (Autorità Garante per la protezione dei dati personali).

Why Does Stellantis Process Your Data? Understanding the Legal Basis

Stellantis processes your data for a variety of specific purposes, each underpinned by a defined legal basis as required by GDPR. Understanding these purposes helps to clarify why and how your information is used:

1. Ease the Collection and Correction of Your Data

Purpose: To update and maintain accurate information about you as an owner of a Stellantis vehicle or someone interested in their brands. This includes sharing data back with the Stellantis Network and Car Manufacturers to ensure data quality.
Legal Basis: Legitimate interest of Stellantis Europe, its Network, and Car Manufacturers in maintaining high-quality, up-to-date Personal Data about customers and leads.

2. Providing Our Services and Related Support

Purpose: To offer core services such as booking test drives, organising events, and responding to your requests, suggestions, or reports.
Legal Basis: The execution of a contractual obligation or pre-contractual measures taken at your request.

3. Sending Promotional Communications

Purpose: To send you marketing content, participate in market research, or conduct consumer surveys via various contact methods (email, phone, SMS, postal address). These communications can relate to all current and future Stellantis brands and associated entities (e.g., Stellantis Financial Services). Sometimes, these may include promotions from selected partners.
Legal Basis: Your prior explicit consent, typically provided via specific tick-boxes. No promotional communications are sent without this consent. In some cases, Stellantis may act as a Joint Data Controller with partners for these communications.

4. Detecting Anomalies and Improving Our Services

Purpose: To identify and prevent malfunctions or bugs in Stellantis services, such as issues when accessing website sections or links.
Legal Basis: Stellantis's need to guarantee optimal services and its legitimate interest in preventing service disruptions.

5. Excluding You from Irrelevant Promotional Communications

Purpose: To ensure you receive only relevant promotional content, filtering out communications that do not align with your profile (e.g., country-specific promotions).
Legal Basis: Stellantis's legitimate interest in efficiently using its marketing budget and your legitimate interest in not receiving irrelevant communications.

6. Analysing Your Preferences and Behaviours to Customise Services and Communications

Purpose: To enhance services (websites, applications, events, promotional communications) and provide 'Content that may be useful to you'. This customisation is based on your behaviour, interests, needs, and profile, potentially using cookies or other tracking technologies. This personalised content may also appear on social media platforms or through Programmatic Advertising platforms if you have authorised its upload.
Legal Basis: Your prior explicit consent. Note that Sensitive Data is not used for creating such content. Stellantis may act as a Joint Data Controller with platform providers for targeting on social media or programmatic advertising.

7. Analysing and Improving Our Services and Creating New Features

Purpose: To measure the performance of existing services or develop new ones, often through analysing interactions with the Stellantis Network, events, or newsletters. Where possible, anonymous or pseudonymous data is used.
Legal Basis: Generally, Stellantis's legitimate interest in creating and maintaining services that genuinely benefit users. However, if personal customisation is involved, your consent may also be a factor.

8. Sharing Data with Partners for Their Own Marketing Purposes

Purpose: To share your contact details with selected third-party partners for their independent marketing activities. These partners will contact you through automated means (e.g., email, SMS).
Legal Basis: Your prior explicit consent. A full list or categories of partners can typically be found on the Stellantis privacy portal.

9. Complying with Legal and Tax Obligations

Purpose: To fulfil legal requirements and binding orders, such as recall notices, or to defend Stellantis in legal proceedings.
Legal Basis: Compliance with legal obligations to which Stellantis is subject.

10. Sending Corporate and Institutional Communications

Purpose: To send non-promotional corporate surveys and institutional communications regarding the Stellantis Group as a whole, often on behalf of or in substitution of Car Manufacturers.
Legal Basis: Stellantis's legitimate interest in providing consistent information to you.

11. Protecting Our Interests and Your Interests

Purpose: To detect, react to, and prevent fraudulent or illegal behaviour and activities that could compromise the security of Stellantis services, websites, and applications. This also includes internal audits and assessments related to business operations, security, financial controls, and record management.
Legal Basis: Stellantis's legitimate interest in safeguarding its own interests and protecting its users.

How Your Data Is Used and Disclosed

Method of Processing

Your data is processed using both manual and automated methods. This includes sophisticated programs and algorithms that analyse data inferred from your activities, location information, and data collected by your browser, device, and application. A key aspect of this processing is the Combination and/or Crossing of data.

This involves combining information from various sources—such as data from Stellantis websites/applications, partner websites/apps, and public sources—to understand patterns, provide personalised services, and offer 'Content that may be useful to you'. For example, this allows Stellantis to determine if a single user is interacting with their services from multiple devices using the same IP Address or Unique Identifiers, or to tailor promotional communications based on your location or activities. You typically have control over enabling or disabling the combination and/or crossing of your information for customisation purposes.

Disclosure to Recipients

Stellantis may disclose your data to specific categories of recipients, ensuring appropriate safeguards are in place:

• Persons Authorised by Stellantis: These are employees and collaborators who have signed confidentiality agreements and adhere to strict rules concerning data processing. Access is granted only to those who need it for specific data-related activities.
• Our Data Processors: External entities to whom Stellantis delegates certain processing activities. This can include providers of security systems, accounting and other consultants, data hosting services, banks, and insurance companies. Stellantis enters into agreements with each Data Processor to ensure data is handled with appropriate safeguards and strictly according to Stellantis's instructions.
• System Administrators: Employees of Stellantis or its Data Processors responsible for managing IT systems. They have controlled access to modify, suspend, or limit data processing, and their activities are tracked.
• Our Network and Car Manufacturers: Your data may be shared with Stellantis's network of retailers, dealers, and repairers if you request a service from them (e.g., a test drive booking) or require their assistance or that of the Car Manufacturer.
• Our Selected Partners: If you have provided consent, your Personal Data may be shared with selected third-party partners for their independent marketing and/or profiling purposes. These partners act as autonomous Data Controllers.
• Law Enforcement or Any Other Authority: Stellantis will disclose data when legally obligated to comply with a judicial order, legal requirements, or to defend itself in legal proceedings.

Where Is Your Data Stored? International Data Transfers

As a global company, Stellantis operates across multiple jurisdictions worldwide. This means that your data may be stored, accessed, used, processed, and disclosed in various countries beyond your own, including within the European Union, the United States of America, or any other location where Stellantis's Data Processors or their cloud computing infrastructures are hosted. Stellantis is committed to ensuring that all processing of your data by its Recipients complies with applicable data protection laws, including EU law.

Where EU data protection law requires it, transfers of your data to Recipients outside of the EU are subject to adequate safeguards, such as the relevant EU standard contractual clauses for data transfers between EU and non-EU countries, or other legal bases as per EU legislation. For specific information about the safeguards implemented for data transferred to third countries outside the EU, you can contact Stellantis directly via their Data Protection Officer.

How Long Is Your Data Retained?

Stellantis retains your data for periods deemed strictly necessary to fulfil the purposes for which it was collected. However, data may be stored for longer durations in specific circumstances, such as for potential or actual claims, resulting liabilities, or to comply with mandatory legal retention requirements and storage obligations. Here are some general retention criteria:

• Customer Data for Marketing and Profiling: This data is retained from the moment you give consent until you withdraw it. Once consent is withdrawn, the data will no longer be processed for these specific purposes, but it might still be kept to manage potential claims or lawsuits. Retention in these cases is compliant with local laws and Data Protection Authority decisions.
• Customer Data for Legal Obligations: Data processed to comply with legal requirements will be retained for the period mandated by relevant laws and regulations.
• Customer Data for Product and Service Improvement: This data may be retained for the period strictly necessary to fulfil these purposes, generally not exceeding three years.

Once the relevant retention period or criterion expires, your data is securely erased in accordance with Stellantis's retention policy. You can request more information on these criteria by contacting them.

Your Rights: Controlling Your Personal Data

Under data protection law, you have significant rights regarding your personal data. Stellantis is committed to enabling you to exercise these rights at any time:

• Right of Access: You can request to know what data Stellantis holds about you, including your name, age, IP Address, Unique Identifiers, emails, preferences, and the source of the data.
• Right to Data Portability: You can request to receive your personal data in an interoperable format, allowing you to transfer it to another service provider.
• Right to Rectification: You have the right to ask Stellantis to correct any inaccurate or incomplete personal data they hold about you, such as an incorrect email address or phone number.
• Right to Restriction of Processing: You can request to limit the processing of your data under certain circumstances, for example, if you believe the processing is unlawful or if you object to processing based on legitimate interest.
• Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data, for instance, if you no longer wish to use Stellantis services and prefer your data not to be retained.
• Right to Object: You can object to certain processing activities, particularly those based on legitimate interests or for direct marketing purposes.
• Right to Withdrawal: You have the right to withdraw your consent at any time where processing is based on consent. This does not affect the lawfulness of processing based on consent before its withdrawal.

You can exercise any of these rights or raise concerns or complaints regarding Stellantis's use of your data by visiting privacyportal.stellantis.com. Additionally, you can contact Stellantis's Data Protection Officer (DPO) directly via email at [email protected]. You also have the right to contact the competent Supervisory Authority in your country; a list of these authorities can typically be found on the European Data Protection Board (EDPB) website.

How Stellantis Protects Your Data

Stellantis employs robust physical, technological, and organisational precautions to prevent the loss, misuse, or unauthorised modification of data under its control. Key security measures include:

• Ensuring that data is only accessed, used, transferred, or disclosed to recipients who genuinely need access to it.
• Limiting the amount of data accessible or disclosed to recipients to only what is strictly necessary for their specific tasks.
• Storing computers and servers containing your data in secure, password-controlled environments with limited access, protected by industry-standard firewalls and anti-virus software.
• Keeping any paper copies of documents containing your data in a secure environment.
• Securely destroying paper copies of no longer needed data.
• Utilising technical methods (e.g., low-level format) to ensure electronic files that are no longer needed cannot be reproduced after destruction.
• Protecting laptops, USB keys, mobile phones, and other wireless electronic devices used by employees with access to your data. Employees are discouraged from storing data on such devices unless absolutely necessary for specific tasks.
• Providing comprehensive training to employees to ensure compliance with the Privacy Policy and conducting monitoring activities to assess ongoing compliance and the effectiveness of privacy management practices.
• Contractually requiring any Data Processor used by Stellantis to maintain and protect your data using measures substantially similar to those outlined in the Privacy Policy or mandated by applicable data protection law.

In the unfortunate event of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data, Stellantis will notify you and the competent data protection authority as required by applicable legislation, unless the data is unintelligible or the breach is unlikely to result in a risk to your rights and freedoms.

What This Privacy Policy Does Not Cover

It is important to understand the scope of this Privacy Policy. It explicitly explains and covers the data processing activities carried out by Stellantis Europe S.p.A. as the Data Controller within its official websites and applications. This policy does not extend to or cover data processing activities conducted by other entities or third parties outside of Stellantis's direct control. Therefore, Stellantis is not responsible for any processing of your data that falls outside the purview of this specific Privacy Policy.

Frequently Asked Questions (FAQs)

Q: What is the Stellantis Group?

A: Stellantis Group is a leading global automotive manufacturer formed in January 2021 from the merger of PSA Automobiles SA and Fiat Chrysler Automobiles N.V. It incorporates numerous well-known car brands, including Fiat Professional, Alfa Romeo, Peugeot, Citroën, Jeep, Vauxhall, and many others.

Q: Who is now responsible for managing my personal data as a Fiat Professional customer?

A: As of 30th June 2023, Stellantis Europe S.p.A., based in Turin, Italy, is the Data Controller for all Customer Relationship Management (CRM) activities across Stellantis brands, including Fiat Professional. This means they are primarily responsible for how your personal data is collected, used, and protected for CRM purposes.

Q: Can I stop receiving marketing communications from Stellantis or its partners?

A: Yes, absolutely. If you previously gave consent for promotional communications, you have the right to withdraw that consent at any time. This will stop Stellantis from sending you marketing content. You can typically manage your preferences or withdraw consent via the Stellantis privacy portal or by contacting their Data Protection Officer.

Q: How can I access, correct, or delete my personal data held by Stellantis?

A: You have several rights regarding your data, including the right to access, rectify (correct), or erase your data. You can exercise these rights by visiting the Stellantis privacy portal at privacyportal.stellantis.com or by sending an email to their Data Protection Officer at [email protected].

Q: Is my location data collected, and how is it used?

A: Yes, your location data may be collected to help you find nearby Stellantis Network locations and to provide you with useful, relevant content. This can be determined via manual input, your device's sensors (GPS, Wi-Fi, etc.), or your IP Address. Stellantis makes efforts not to infer sensitive data from your location. You can limit this collection by adjusting your browser or device privacy settings.

Q: What happens if there is a data breach involving my information?

A: In the event of a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your data, Stellantis is obligated to notify you and the competent data protection authority as required by applicable legislation, unless the data is unintelligible or the breach poses a low risk to your rights and freedoms.

Conclusion

The reorganisation of customer data management under Stellantis Europe S.p.A. marks a significant step in centralising data privacy practices for all brands within the Stellantis Group, including Fiat Professional. While the term 'Ciao Fiat Professional Mobile' is understood in the context of customer interaction and service, the core emphasis now lies on the robust and transparent handling of your personal information under the new unified privacy policy. Understanding these changes, knowing what data is collected, why it's processed, and crucially, how you can control it, empowers you as a customer. Stellantis's commitment to protecting your data through stringent security measures and adherence to regulations like the GDPR ensures a more secure and accountable environment for your personal information within the automotive sector.

If you want to read more articles similar to Fiat Professional: Stellantis Data Privacy Update, you can visit the Automotive category.