Privacy policy

1. USER DATA COLLECTION AND PROCESSING

This Privacy Policy intends to give to the Users of the website hosted at https://cars2click.com/ , hereinafter referred as “site/website”, detailed information on how Cars2click AB, with registered head office at Barnhusgatan 8, 111 23, Stockholm, Sweden, duly registered at Swedish Companies Registration Office under the number 559192-9053, with a share capital of 50.000 SEK, (hereinafter referred to as “Data Controller”) may request and process the website Users’ personal data.

Personal Data should be understood as any information relating to an identified or identifiable natural person (“Data Subject” or “User”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As a rule, Personal Data is requested when the User registers or browses on the Site, provides or requests information or establishes a contractual relationship with Cars2click.

The Personal Data collected and processed is generally the following: name, email, postal code, phone number and country, although other Personal Data may be collected if necessary or appropriate for the provision of services or for billing purposes by Cars2click. 

Cars2click also collects and processes information about the characteristics of the user’s hardware device, your IP and browser/software features, as well as information about the pages visited by the User within the Site.

This information may include browser type, domain name, access times and links by which the User has accessed the Site (“Usability Information”).

We use this information to improve the quality of the user’s visit to our Site and, when you give your consent, analyze your user profile and browsing habits on the Site, measure the conversion of advertising on the Site and send commercial and marketing information tailored to your profile.

Usability Information and Personal Data are designated in this Privacy Policy as “User Data”.

2. THE RECIPIENTS OF THE PERSONAL DATA:

The User Data collected by Cars2click is not shared with third parties without the User’s consent, except in the situations mentioned in the following paragraphs.

Cars2Click may transmit or communicate the User Data to other entities (i) for the execution of the agreement established between the User and Cars2click or for pre-contractual procedures at the request of the User, (ii) if necessary for the fulfilment of a legal obligation to which Cars2click is subject or, (iii) if it is necessary, to proceed with legitimate interests of Cars2click or of a third party.

In the event of the transmission of User Data to third parties, Cars2click will only use processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the applicable data protection laws and ensure the protection of the rights of the data subject

I) Data Processors:

As part of the processing of User Data, Cars2click uses or may use processors who, on its behalf, and in accordance with its instructions, process the User’s Data while complying with the law and this Privacy Policy. These processors provide support services necessary for the relationship between the User and Cars2click.

These processors may not transmit the User Data to other entities without Cars2click’s prior written authorization.

Cars2click undertakes to only subcontract processors that have implemented the appropriate technical and organizational measures, to guarantee the defense of the User’s rights. All entities subcontracted by Cars2click will be bound by a written agreement which covers: the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties and other obligations provided by article 28 of GDPR.

II) Third Parties:

Cars2click can further communicate to other third parties not qualified as processors pursuant to the article 4 (8) of the GDPR. These entities have ensured that they process personal data in accordance with the provisions of the GDPR.

This third parties may be authorities or judicial entities.

3. DATA COLLECTION CHANNELS

Cars2click will collect data directly from the User by e-mail and through account registration performed by the User on the website.

4. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA

In terms of general principles regarding the processing of personal data, Cars2click undertakes to ensure that the User Data processed by it, is:

  • Subject to processing in accordance with the law, as well as being fair and transparent in relation to the User;
  • Collected for specific purposes that are objective and legitimate, not being processed subsequently in any way that runs contrary to these purposes;
  • Appropriate, justified and limited to what is necessary in relation to the purposes for which these data are processed;
  • Accurate and updated whenever necessary with all necessary measures being taken to ensure that inaccurate data, considering the purposes for which they are processed, are erased, or corrected without delay;
  • Kept in a manner that allows the identification of the User only for the period necessary for the purposes for which the data are to be processed;
  • Handled in a manner that ensures data security, including protection against their unauthorized or illegal treatment and against their loss, destruction, or unforeseen damage, with appropriate technical or organizational measures being taken.

Data processing carried out by Cars2click is permitted and legitimate when at least one of the following situations occurs:

  • The User has given his/her free, positive, explicit and unequivocal consent to the processing of his/her for one or more specific purpose;
  • The processing is necessary for the implementation of a contract in which the User is a party, or for pre-contractual procedures at the request of the User;
  • The processing is necessary for the fulfilment of a legal obligation to which Cars2click is subject;
  • Processing is necessary for the defense of the vital interests of the User or another individual;
  • The processing is necessary for legitimate interests pursued by Cars2Click or by third parties (unless the interests or fundamental rights and freedoms of the User requiring the protection of personal data prevail). Cars2Click undertakes to ensure that the processing of User Data is only done under the conditions cited above and respecting the principles mentioned above.

When the processing of the User Data is performed based on the User’s consent, the User has the right to withdraw this consent at any time. Such withdrawal of the consent, does not imply the legality of the processing carried out by Cars2click, based on the consent previously given by the User.

Cars2click will only process personal data for the period necessary to fulfill the purpose for which it has been collected, except when a legal obligation establishes a retention period.

5. USE AND PURPOSES OF THE DATA PROCESSING

In general, Cars2Click uses the User Data for the following purposes:

  • Entering into an agreement with the User;
  • Contractual relationship management - Cars’ purchase and sale, namely, drafting of proposals, as well as, process orders or applications of proposals;
  • Invoicing and billing;
  • Registration on the Site and allowing access to restricted areas of the Site;
  • Providing information to the User, upon request;
  • Commercial and Marketing Activity;
  • Implementation of improvements and development on the Site.

6. LEGAL BASIS FOR DATA PROCESSING

The processing of your personal data has the following purposes:

Processing Activity Processing Purposes Legal basis
Contractual Relationship Management

Cars’ purchase and sale;

 Pre-contractual diligence or contract performance.
Contractual Relationship Management

 Process orders or applications;

Drafting of proposals, when requested.

 Legitimate interest if the subject is not part of the contract.
Commercial and Marketing Activity Social Media marketing Campaigns and contests Consent
Commercial and Marketing Activity Commercial communications Consent
Commercial and Marketing Activity Commercial communications Legitimate interest
Commercial and Marketing Activity Providing information upon request Legitimate interest
Billing and Invoicing

Biling

Invoincing

 Legal obligation
Analysis of profile and site navigation Implementation of improvements and development on the Site Legitimate interest
Implementation of improvements and development on the Site Implementation of improvements and development on the Site Legitimate interest
Creation of the User account and management of User requests within such account Provision of the requested Services Legitimate interest

7. TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES

In order to guarantee the security of the User Data and maximum confidentiality, Cars2click processes the information you provided to us in an absolutely confidential manner, in accordance with its internal security, and confidentiality policies and procedures, which are updated periodically as required, as well as the terms and conditions legally set out.

Considering the nature, scope, context, and purpose of data processing, as well as the risks to the data subjects, Cars2click undertakes to apply, both when defining the method and timing of handling the data, the technical and organizational measures necessary and appropriate for the protection of User Data and compliance with legal requirements.

Cars2click also undertakes to ensure that, by default, only necessary data for each specific purpose is processed and that such data is not made available without human intervention to an indeterminate number of people.

Communication between the user’s device and the Cars2click Site is done through secure channels and communications using the HTTPS protocol and the SSL security standard. Nevertheless, in terms of general measures, Cars2click adopts the following:

  • Regular audits to identify the effectiveness of the technical and organizational measures implemented;
  • Sensitization and training of personnel involved in data processing operations;
  • Pseudonymization and coding of personal data;
  • Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
  • Mechanisms to ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident. 

8. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

The data processing operations associated with the interaction of the Data Subject with the Site shall not entail the transfer of data, or the processing thereof, outside the European Economic Area.

However, if it becomes necessary to transfer your data outside the European Economic Area, for example, in the context of using certain providers of computer systems support services, the Data Controller will implement the necessary measures to ensure that these transfers comply with the law, in particular with Chapter V of the GDPR, and that an essentially equivalent level of protection is guaranteed to the Data Subjects' personal data. This may be achieved, for example, by ensuring the existence of a European Commission Adequacy Decision relating to the country of destination or by concluding Standard Contractual Clauses and, if necessary, implementing additional measures.

9. USE OF COOKIES

When you visit the Site, a small text files (Cookies) are recorded on your browser. These text files will allow the browsing on the website and logging into reserved area. Each time you visit the Site, your internet browser sends these cookies back to the Site, allowing the recognition and the identification of the Users.

These Cookies will be installed based on the Controller’s legitimate interest, since they are strictly necessary for the operation of the Site.

To find out all the information about the cookies we use on the Site, including their purposes, categories, duration, and to whom they belong, you can consult our Cookie Policy  available here.

10. THIRD PARTY TOOLS USED IN THIS SITE

10.1 LinkedIn

The Site has an interactivity with LinkedIn. When you access a webpage using such buttons, a connection with LinkedIn’s servers is established. This allows LinkedIn to identify the Site that the User is visiting, and potentially store other data such as the IP address.

You can find more information about how LinkedIn processes data on LinkedIn Site: https://linkedin.com/legal/privacy-policy. 

11. USER RIGHTS

Under the GDPR, the Users are entitled to exercise the following rights:

Right of access The Data Subject has the right obtain confirmation as to whether his/her personal data are being processed and, where that is the case, access. A copy of the data being processed will be made available to the Data Subject on request, as long as no legal restrictions are applicable. 
Right to rectification The User may request for inaccurate or incomplete personal data concerning him/her to be rectified or completed.
Right to erasure Where one of the legal grounds for doing it so under the GDPR applies, the User may also, at any time, request the deletion of personal data concerning him/her. The Data Controller may refuse to grant such request in certain situations, in particular when the data is still necessary for the purpose for which it was collected or when the processing is required for compliance with a legal obligation.
Right to restriction of processing The Data Subject may obtain the restriction of processing when: a) the accuracy of the personal data is contested and it is being verified; b) the processing is unlawful and the data subject requests limitation as an alternative to erasure; c) the Data Controller no longer needs the data for its original purpose and the data is requested by the data subject for the purposes of declaring, exercising or defending a right in legal proceedings and; d) when the Data Subject has objected to the processing, until it is ascertained whether the legitimate interests of the Data controller override those of the data subject.
Right to data portability When the legal basis for data processing is consent or the performance of the contract, and there is processing by automated means, the Data Subject shall have the right to request the portability of their data. This right may not, however, adversely affect the rights and freedoms of third parties.
Right to object When data is processed on the basis of legitimate or public interest, or for the purposes of direct marketing, the data subject shall have the right to object to the processing.
Right to withdraw consent When consent is the lawful basis for data processing, the User has a right to withdraw consent at any time. This does not, however, not affect the lawfulness of processing based on consent before its withdrawal.

12. PROCEDURES FOR THE EXERCISING OF RIGHTS BY THE USER

The User can exercise the right to access, rectification or erasure of personal data or restriction of processing concerning your data and to object to processing as well as the right to data portability through the following e-mail sales@cars2click.com.

The Data Controller will respond in writing (including by electronic means) to the User without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, namely particularly complex cases.

If the requests submitted by the User are manifestly unjustified or excessive, especially due to their repetitive nature, Cars2click reserves the right to charge administrative costs or refuse to comply with the request.

13. PERSONAL DATA BREACH

In the case of a personal data breach and insofar as such breach is likely to result in a risk to the rights and freedoms of the User, the Data Controller undertakes to report the personal data breach to the Supervisory Authority within 72 hours from the knowledge of the incident.

In addition, the Data Controller may communicate the data breach to the User if such breach is likely to result in a high risk to the rights and freedoms of the User.

This communication is not required: 

  • If the Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
  • If the Controller has taken subsequent measures which ensure that the risk to the rights and freedoms of data subjects is no longer likely to materialize; or
  • If communication to the User would involve a disproportionate effort to the Controller. In this case, the Controller will release a public communication or take a similar action by which the User will be informed.

14. QUESTIONS

If you have any questions or concerns regarding the way the Data Controller handles your personal data, please contact Tatiana Alves Madsen:

       a. (+351) 919 60 59 41 (national mobile call)

       b. ta@cars2click.com

15. APPLICABLE LAW AND LEGAL JURISDICTION

The Privacy Policy as well as the collection, processing or transmission of Personal Data are all governed by the provisions of GDPR, and by the laws and regulations applicable in Sweden.

Any litigation arising from the validity, interpretation or implementation of the Privacy Policy, or related to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the courts of Stockholm, without prejudice to mandatory legal rules.

16. AMENDMENTS TO THE PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time. In the case of modification to the Privacy Policy, the date of the most recent change shall also be updated. If the change is substantial, a notice will be placed on the Site.

17. RIGHT TO COMPLAIN BEFORE THE SUPERVISORY AUTHORITY

Please note that you have also the right to lodge a complaint before the competent supervisory authority for the protection of personal data.

Last amended: 2024-03-21