Global Privacy Statement

Global privacy statement

Your privacy is important to us and to Société Générale Group to which Ayvens belongs. This is a matter of priority for us and we have implemented strong principles in that respect, especially in regards of the EU General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament, and Law on Personal Data Protection of the Republic of Serbia ("Off. Gazette RS", no. 87/2018).

Ayvens S.A. and its affiliated entities (hereafter “Ayvens”) value the trust of customers, suppliers and business partners and are committed to protecting their personal data. Compliant privacy and information security practices are therefore integral components of Ayvens’ services, corporate governance, risk management and overall accountability. We only process such personal data as is necessary for our business activities and the provision of the Ayvens services.

This Global Privacy Statement (the “Statement”) describes our practices in connection with the personal information (“Personal Data”) that we process about you and your business relationship with Ayvens.

Please read this Global Privacy Statement carefully so that you understand how we collect and use your Personal Data.

1. Scope of this statement

1.
Website visitors/users (“Website Visitors”);
2.
Corporate Customers (“Customers”);
3.
Customers’ employees/drivers (“Drivers”);
4.
Private lease customer (including sole proprietors and partnerships) (“Private Lease Customers”);
5.
Private buyers of used vehicles (“Buyers”);
6.
Professional buyers of used vehicles (“Traders”);
7.
Suppliers of goods and services (“Suppliers”); and
8.
Any third party, other than a customer, buyer, trader or supplier, with a business relationship or strategic alliance (“Business Partners”).
(or prospects in relation to the above; individually and collectively also referred to as “you”, “your” or “yours”).

We collect and use your Personal Data through our various vehicle and ﬂeet leasing, fleet management and driver mobility services and in the course of performing our business activities (“Services”).

Please also note that specific services may be subject to a separate privacy statement referenced in the respective terms.

Responsibilities OF CUSTOMERS

Insofar as Customers in their capacity as employers have access to Personal Data of their employees, i.e. Drivers, the Customer is the controller responsible for the processing and use thereof in such capacity. This Statement does not apply to the processing and use of Personal Data of Drivers by Customers.

2. Who are we?

The local Ayvens entity is responsible for the processing of your Personal Data (controller).

Ayvens d.o.o Beograd, Premises: Milutina Milankovića 7Đ, Novi Beograd Web site – www.ayvens.rs Registration number: 20295325

The Ayvens Group is part of Ayvens S.A. Address: 1, Rue Eugène et Armand Peugeot 92500 Rueil Malmaison, France

Ayvens may also be referred to as “we”, “our” or “us”.

3. How do we collect your personal data?

We and our service providers collect Personal Data in the following ways:

Through sales activities We commence the processing of Personal Data if you provide this, directly or indirectly via third parties, e.g. as part of an offline sales lead, registration, online contact form, inquiry by e-mail, telephone, chat and/or application, survey or price competition.

Through the Services Most of the Personal Data we collect are in relation to the Services we provide or will be providing to you as (i) a Driver and our Customer, your employer, if you are using a company vehicle, or (ii) a Private Lease Customer. This starts with the registration of your Personal Data with respect to the vehicle to be leased (in some circumstances we may do some preliminary credit checks before this) and continues with the registration of the leased vehicle and when we communicate with you about our services, e.g., to arrange for periodic maintenance and repairs. We may also process your Personal Data when your vehicle inadvertently is involved in an accident, to ensure that we restore mobility and handle any damage, or where we are the recipient of trafﬁc, communal and parking ﬁnes in relation to your leased vehicle. Next to our core-leasing activities, we also provide a number of other related services, such as e-mobility services, car rental services, and roadside assistance. Another service we provide relates to car remarketing, sales of used Ayvens vehicles.

Online We collect Personal Data from you online, when:

You visit our websites or social media channels;
Place an order over the phone or contact customer service;
Joint marketing partners share the information with us; and
You connect your social media account to your Services account or where you share information from our websites to your social media platforms, you will share certain Personal Data from your social media account with us, for example, your name, e-mail address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.

From other sources We receive your Personal Data from other sources, for example:

Drivers’ employers, if you use a company vehicle;
The relevant authority (e.g., police or justice department) where we are the recipient of trafﬁc and other ﬁnes or administrative charges in relation to your leased vehicle;
Public and government authorities, including public and government authorities outside your country of residence, where we are subject to sanctions and embargoes or anti-money laundering and counter terrorism regulations;
From our independent service partners who assist us in providing our leasing and other services to you, including dealerships, maintenance providers and body repair shops;
From our partnerships being for instance original equipment manufacturers or dealerships;
Publicly available databases, credit reference agencies and other sources, business registration agency, data taken over from applications used for the identification of money-laundering risk, terrorism financing and international sanctions, in line with Ayvens Group Policy, etc.

We need to collect Personal Data in order to provide the requested Services to you or to handle queries, comments or complaints related to our Services. If you do not provide the Personal Data requested, we may not be able to provide the Services. If you disclose any Personal Data relating to other persons to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Statement.

**Monitoring of communications **Subject to applicable laws, we will monitor and record calls, e-mail, text messages and other communications we have with you. We do this for compliance with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communication systems and procedures, and for quality control and staff training purposes.

For example, where we are required by a regulator to record certain telephone lines (as relevant) we will do so. In addition, where appropriate and having regard to applicable data protection law, our monitoring will be to check for inappropriate content in communications. In very limited and specific circumstances we may conduct short term carefully controlled monitoring of your activities where this is necessary for our legitimate interests or to comply with a legal obligation. We may do this for instance where we have reason to believe that fraud or other crime is being committed, where offences are suspected and where the monitoring is proportionate to the type of the disciplinary offence, or where we suspect non-compliance with sanctions and embargoes or anti-money laundering and counter terrorism regulations to which we are subject. In particular, telephone calls may be recorded for these purposes.

4. Why and on which legal basis do we use personal data?

4.1 DATA PERTAINING TO WEBSITE VISITORS

4.1.1 Websites4.1.1.a To communicate with you

What does this purpose entail? We process your Personal Data when you contact us via one of our online contact forms, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for our Services. This processing is done for the entering into or performance of an agreement that you have with us, to be able to respond to a request or with your consent.

Which Personal Data do we process for this purpose? For this purpose, we may collect your (business) contact details (for instance your name(s), e‑mail address, telephone number), license plate or registration number and any other information that you provide to us in the open text ﬁelds of the contact form, where you can, for example, pose your question, describe your suggestion, make a compliment or share a complaint.

With whom do we share your Personal Data? See section 5

**4.1.1.b For surveys or other

**What does this purpose entail?Which Personal Data do we process for this purpose? For this purpose, we process your name, your address, your e-mail address and topics you may be interested in (as may be indicated by you on our website).

With whom do we share your Personal Data? See section 5 We process your Personal Data when you complete a survey on our website or via another tool, for feedback about our websites and/or Services, with your consent or for which we have a legitimate interest to process these data (improvement of services). With your consent or where we have a legitimate interest, we may send you marketing communication, to keep you updated on events, special offers, possibilities and current and future products and services of Ayvens. When we contact you in regard of surveys or marketing communication, we will do so either by e-mail, phone, or by postal mailings (newsletters/brochures/magazines). If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication or contact your local Ayvens entity via their webform for individuals’ rights on their local website or see the general contact details below. Based on your visit to a website of Ayvens, we can show you personalized advertisements outside the Ayvens website. To understand what is relevant to you, we can use manual and automated tools to analyse your personal information.

**4.1.2 Social Media 4.1.2a To facilitate social sharing functionality

**What does this purpose entail? Our websites may contain various social media sharing functionalities, such as LinkedIn, Facebook or Snapchat buttons, which, with your consent, you may use to share information provided on our websites with the social media of your choosing. Our websites may also contain links to our own social media pages, such as our LinkedIn or Facebook pages or our X feed, which you may choose to use to post feedback.

Likewise, various social media websites, such as LinkedIn, Facebook, Snapchat or X, may contain Ayvens advertisements containing links to our websites. These social media websites may, with your consent, share information provided by you with us when you choose to follow a link to one of our websites.

Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Meta (Facebook), X, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with our social media functionalities and/or advertisements. Processing of personal information is subject to privacy policies and practices of these other organizations.

Which Personal Data do we process for this purpose? For this purpose, we process your name, e-mail address, IP-address, photo, list of social media contacts and any other information that may be accessible by us when using social media functionalities.

With whom do we share your Personal Data? See section 5

4.1.3 Cookies and similar technologies

Any processing of your Personal Data via cookies and/or similar technologies will take place in accordance with our cookie statement, available on ayvens.com or the local website of the relevant Ayvens entity.

**4.1.4 Ayvens Business Purposes

4.1.4.a Management reporting **

What does this purpose entail? Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as audits, developing new products, enhancing, improving or modifying our websites and Services, data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your e-mail address, your IP address, gender, date of birth, place of residence, digits of your postal code and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data? See section 5

4.1.4.b Compliance with laws and legal obligations and protection of Ayvens assets and interests

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) under applicable law, including laws outside your country of residence and including sectorial recommendations; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your contact information, your correspondence with Ayvens, your use of any of our Services and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, or if we have a legitimate interest to that effect, your Personal Data will be provided to supervisory agencies, fiscal authorities and investigative agencies. See also section 5.

**4.2. Data pertaining to customers

4.2.1 Customer account management** 4.2.1.a To provide, manage and administer the Customer account

What does this purpose entail? We process your Personal Data to handle day-to-day management and administration of the Customer accounts, such as maintaining contracts and keeping you informed of all important developments concerning the Services and other information which is relevant for the Customer contract and account. This processing is based on the performance of the lease agreement that we have with you or based on a legal obligation.

Which Personal Data do we process for this purpose? For this purpose, we may process business contact details and log-in details to our Customer online accounts.

With whom do we share your Personal Data? See section 5

4.2.1.c For surveys or other (marketing) communication ** **What does this purpose entail? We process your Personal Data to send you surveys, for which we have a legitimate interest to process these data (improving or modifying our Services). With your consent or where we have a legitimate interest, we may send you marketing communication, for example, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. We will send you such surveys in the form of either a periodic e-mail or an e-mail to request your feedback on our Services and other services performed on the vehicle. We may also send you postal mailings (newsletters/brochures/magazines). To understand what is relevant to you, we can use manual and automatic tools to analyse your personal information. If you would no longer like to receive surveys or marketing communication from us, please opt out or contact us via the local Ayvens entity website form or via the contact details set out below.

To facilitate your use of our online Services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your name and your business contact details.

With whom do we share your Personal Data? See section 5

**4.2.2 Ayvens premises

4.2.2.a Access to and security control of Ayvens premises**

What does this purpose entail? We may process your Personal Data when you visit us on our premises for the purpose of ensuring appropriate access controls and security, for which we have a legitimate interest (safety and security of our assets).

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your contact information and the person you are visiting. We may also process video and/or audio information about you through video/audio recording equipment, such as for instance CCTV.

With whom do we share your Personal Data? See section 5

**4.2.3 Customer reporting

4.2.3a Fleet reporting tool**

What does this purpose entail? We provide a designated fleet reporting tool. Customers’ contact persons can log onto these tools to review the status of their ﬂeet, damage reporting, contract management and to use other ﬂeet reporting functionalities, such as dashboard reporting, trend analysis reporting, vehicle mileage and end of lease term. This processing is done based on our legitimate interest (to be able to service Drivers being employees of our Customers) and relates to the performance of the lease agreement that we have with our Customer.

Which Personal Data do we process for this purpose? For this purpose, we process contact details and job function (e.g., (International) Fleet Manager) of Customer’s contact person, and login details (e.g., username and password).

With whom do we share your Personal Data? See section 5

**4.2.4 Ayvens business purposes

4.2.4.a Management reporting**

What does this purpose entail? We process your Personal Data for various business purposes, for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities. To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process various information that we collect in the context of providing our Services (such as your name, contact details, fleet details etc.), as needed for one of the purposes set out above.

With whom do we share your Personal Data? See section 5 **

4.2.4.b Compliance with laws and legal obligations and protection of Ayvens assets and interests**

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g. counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) credit checks; (c) to comply with legal process; (d) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (e) to enforce our terms and conditions and other applicable policies; (f) to protect our operations; (g) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (h) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose? For this purpose, we process the name, contact information, the date, place and country of birth of the ultimate beneﬁcial owner of the counterparty that Ayvens want to do business with; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens and of the persons shareholders, as well as Identification data and documents of representatives; Data about employment (title of working position) your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons, information on the performance of public office (status of officials) and anti-slavery screening. Same data is processed of your guarantor, if applicable. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

NOTE: informing of data subjects, related to personal data processing, performed by Ayvens, is an obligation of the Client/Supplier/Partner, legal entity, with which the Company is establishing or has established business relationship.

With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 **

4.3 DATA PERTAINING TO DRIVERS (EMPLOYEES OF OUR CUSTOMERS) ** **4.3.1. Driver contact

4.3.1.a To communicate with you**

What does this purpose entail? You can contact us by various means (such as e-mail or telephone, or via our website). In this case we will use your Personal Data to answer your question/request. We can also contact you in relation to your vehicle or other relevant driver-related issues. In relation to you this processing is based on our legitimate interest and is part of delivering the Services to you and/or your employer (under the lease agreement that we have with your employer) or with your consent.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your contact information, your correspondence with Ayvens pertaining to your question/request and all other Personal Data you provide to us and/or which is necessary to appropriately respond to you, including your license plate number. For quality and training purposes we may also record your telephone calls with customer services departments for which we have a legitimate business interest.

With whom do we share your Personal Data? See section 5

4.3.1.b For surveys or other (marketing) communication

What does this purpose entail? We process your Personal Data when we send you periodic surveys to request your feedback on our Services and other services performed on the vehicle, for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest, we may send you marketing communication, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. When we contact you in regard of surveys or marketing communication, we will do so either by e-mail or by postal mailings (newsletters/brochures/magazines). To understand what is relevant to you, we can use manual and automatic tools to analyse your personal information. If you would no longer like to receive marketing communication from us, please contact us via the contact form or marketing communication from us.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your address, your e-mail address, your license plate number and your interests (as indicated by you).

With whom do we share your Personal Data? See section 5

**4.3.2. Vehicle services

4.3.2.a Management of the vehicle**

What does this purpose entail? We process your Personal Data in relation to administering your use of the vehicle and to handle the day-to-day management of the vehicle, for which we have a legitimate interest, and this is also related to delivering the Services to you and your employer under the lease agreement that we have with your employer.

Which Personal Data do we process for this purpose? For this purpose, we process your name, address, (company) e-mail address, lease category, license plate number, make and model, service history and operational contact with you. In addition, you may provide certain information pertaining to vehicle management to us through the Ayvens or third party portals or apps, or when you call Ayvens.

With whom do we share your Personal Data? We share information pertaining to the management of the vehicle with our Customers (your employer). See also section 5

4.3.2.b Repair, maintenance and tires

What does this purpose entail? We process your Personal Data in relation to providing (scheduled) repair and maintenance and tire services and to analyse, predict and pro-actively steer on maintenance and repairs for your vehicle, for which we have a legitimate interest, and this is also related to delivering the Services to you and your employer under the performance of the lease agreement that we have with your employer.

Which Personal Data do we process for this purpose? For this purpose, we collect your name, address, (company) e-mail address, license plate number, make and model, service history and operational contact with you. In addition, you may provide certain information to us through the Ayvens portal (e.g., your phone number to make an appointment for maintenance of the vehicle), or when you call Ayvens.

With whom do we share your Personal Data? We share information with our Customers (your employer) and with third parties performing maintenance/repair on the vehicle or changing or replacing tires, such as dealers/garages, body repair shops. See also section 5

4.3.2.c Accident management

What does this purpose entail? We process your Personal Data by recording and administering accidents that you and/or your vehicle may have been involved in, to restore mobility and handle damage. We will do so by (i) giving you an opportunity to report accidents at our customer services department or via our driver portals, (ii) providing, where applicable, roadside assistance and/or a replacement vehicle and (iii) arranging repair and other necessary follow-up. This processing is based on our legitimate interest, and this is also related to delivering the Services to you and your employer under the performance of the lease agreement that we have with your employer. We may also use this information for assessing damage repairs under our damage, for which we have a legitimate interest to process these data.

Which Personal Data do we process for this purpose? For this purpose, we collect the following Personal Data:

Us: license plate number, make and model, service history and operational contact with you.

From you: your name, contact details, vehicle details, accident details, damage details, photos of the incident, date of birth, number of passengers in the vehicle, information of witnesses to the accident (if applicable) and any other information you choose to provide to us in the context of the accident (including any information pertaining to possible injuries).
From third parties, such as individuals involved in the accident or insurance companies: information of third parties involved in the accident/incident (such as the identity of your passengers, driver and passengers of third-party vehicles, and other third parties involved), information of other third parties (such as witnesses, investigating police ofﬁcers and others) insurance information, information about the incident and third-party claims.
From authorities (such as police): your name, address, license plate number, information regarding the accident, police reports and witness statements.

With whom do we share your Personal Data? We share this information with our Customer (your employer) through the designated fleet reporting tool. We may also share certain information with dealers/garages, body repair shops, car ﬁtters, insurance companies (which may be both afﬁliated and third-party insurance companies) and professional experts employed on our behalf or on behalf of third parties (such as lawyers, medical experts, investigators, etc.) for the purpose of damage or claim resolution. See also section 5

4.3.2.d Traffic, communal and parking fines management

What does this purpose entail? The following may depend on the country where Drivers may have committed trafﬁc and/or parking violations, and/or communal violations: as the registered owner of the vehicles, trafﬁc and/or parking ﬁnes, and other fines, incurred by Drivers of the vehicles may be addressed to Ayvens by the authority that issued a speciﬁc trafﬁc or parking ﬁne (such as police or local municipality).

We process your Personal Data for the purpose of processing and managing the payment of the ﬁne and, if applicable, obtaining reimbursement from our Customer (your employer), for which we have a legitimate interest to process these data.

Which Personal Data do we process for this purpose? We process information that we receive from the competent authorities (such as police or local municipalities): your name, address and license plate number, the, nature, place, date and time of the offense/incident committed by you and the imposed fines.

With whom do we share your Personal Data?Ayvens may need to share this information with our Customer (your employer) in certain situations, for example, when leased vehicles are used in carpools and Ayvens does not know who the actual driver of a speciﬁc vehicle is. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.3.2.e Tolls

What does this purpose entail? This processing is based on our legitimate interest and is also related to delivering the Service to you and your employer under the performance of the lease agreement that we have with your employer).

We may collect certain information about you to manage toll-related activities of the ﬂeet of vehicles of your employer.

Which Personal Data do we process for this purpose? For this purpose, we collect the following information: your name, contact information, e-mail address, address, phone number, license plate number mileage. We may also collect toll-related information, such as information on location, time and costs.

With whom do we share your Personal Data? Our Customers (your employer) may have access to certain Personal Data made available by us on our Internet or e-Mobility portal or online reporting tool. Customers can log in and review the status of their ﬂeet (e.g., mileage), and use other ﬂeet reporting functionalities See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.3.3 MOBILITY SERVICES

4.3.3.a Renting (relief or pre run vehicle)**

What does this purpose entail? In case we provide our rental program services to you we collect your Personal Data, so that you can, for example, reach Ayvens’ rental specialists through our customer services department, rent a vehicle from the most appropriate rental location or have a rental vehicle delivered to you. This processing is based on our legitimate interest, and this is also related to delivering the Service to you and your employer under the performance of the lease agreement that we have with your employer or, if applicable, the agreement that you have with us.

Which Personal Data do we process for this purpose? For this purpose, we collect: your name, e-mail, mobile phone number, driver’s license details, license plate number, related costs, delivery location, rental time and company contact person.

With whom do we share your Personal Data? We share your data with Ayvens’ (external) rental specialists, as well as with our Customers (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.3.3.b Roadside assistance

**What does this purpose entail? When you experience a malfunction, for example, a ﬂat tire or mechanical difﬁculties while on the road, Ayvens is able to arrange roadside assistance, for which we work closely with contracted third parties. This processing is based on our legitimate interest and is also related to delivering the Service to you and your employer under the performance of the lease agreement that we have with your employer.

Which Personal Data do we process for this purpose? For this purpose, we collect the following information: your name, e-mail address, mobile phone number, license plate number and location of where assistance was needed and provided.

With whom do we share your Personal Data? We share your information with third parties providing on the road repair services, towing services or a replacement vehicle, as well as with our Customers (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.3.4 ONLINE PORTALS AND APPS ** 4.3.4.a Various portals and apps for drivers

What does this purpose entail?

Depending on the country you live in, we provide online portals and apps that have a number of functionalities. For example, through our portals and apps you can ﬁnd practical information about your lease vehicle, change your name, contact details and other personal information, report damage to your vehicle, schedule appointments for repairs, maintenance or changing tires through online appointment planners, contact our customer services department, view and pay ﬁnes. We may also provide you with dashboard-type overview that can provide your insight into your use of the vehicle (such as your damages, etc.). This processing is based on our legitimate interest, and this is also related to delivering the Service to you and your employer under the performance of the lease agreement that we have with your employer) or with your consent.

Which Personal Data do we process for this purpose? We receive your name and e-mail address from your employer (our Customer) to provide you with Ayvens generated log-in data (username and temporary password) so that you can access our various online portals and apps.

With whom do we share your Personal Data?We share your information with third parties engaged by us to administer and execute the various portals and apps for drivers, as well as with our Customers (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.3.4.b Fleet Reporting Tool

What does this purpose entail?The designated fleet reporting tool entails dashboard reporting on a country and/or international level to our Customers (your employer). The fleet reporting tool allows Customers for instance to access and evaluate the mileage or the remaining lease period of (individual) vehicles. We also use the data contained in this fleet reporting tool to provide (aggregated) insights to our Customers (your employer) into key aspects of their country’s ﬂeet management (such as cost and risk issues) for the purpose of implementing a balanced ﬂeet management approach (cost, environment and safety), managing ﬂeet policy implementation, having the ability to report on global carbon emission as part of the Customer’s corporate social responsibility obligations and compliance, assessing the effectiveness of policy changes and proactively communicating relevant ﬂeet developments. This processing is based on our legitimate interest and is also related to delivering the Service to you and your employer under the performance of the lease agreement that we have with your employer).

By way of example, on the basis of such dashboard reporting, each Customer has access to (i) various data pertaining to the CO2 emissions of its vehicle ﬂeet per country, and (ii) measures proposed by Ayvens to reduce the ﬂeet’s environmental impact. Ayvens and the Customer can then study and discuss the company’s ﬂeet/vehicle policies and set targets in order to achieve a lasting reduction of CO2 emissions and other vehicle related expenses. Thus, based on such information, each Customer can take informed decisions aimed at reducing CO2 emissions within its ﬂeet in a certain country, e.g., by providing eco-driving style training to its Drivers or acquiring more climate neutral vehicles.

Which Personal Data do we process for this purpose?

For this purpose, we may process the following Personal Data:
From our Customer (your employer): Driver name, customer-generated Driver identification number, name and contact details of Customer’s contact person, (e-mail) address, telephone number, nationality, social insurance number (optional: only if required by applicable law or for ﬁscal purposes). Ourselves: vehicle details (e.g., make, model, registration number, license plate number), remaining contract duration, damages sustained by a vehicle, and insurance data. From Driver: mileage and description of damages sustained by a vehicle involved in an accident. Data received from others (such as police, local municipalities, service garage/centre): trafﬁc and/or parking ﬁnes, mileage and information on vehicle maintenance and repairs.

With whom do we share your Personal Data? We share this information with the authorized (International) Fleet Manager on behalf of the Customer (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.3.5 AYVENS BUSINESS PURPOSES **

4.3.5.a Management reporting**

What does this purpose entail?

We process your Personal Data for various business purposes, for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process various information that we collect in the context of providing our Services (such as your name, contact details, vehicle details etc.), as needed for one of the purposes set out above.

With whom do we share your Personal Data? We share this information with the authorized (International) Fleet Manager on behalf of the Customer (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.3.5.a Management reporting

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) under applicable law, including laws outside your country of residence and including sectorial recommendations; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. If you and your employer have given consent, Ayvens can also analyse information about your vehicle(s) if you have already leased a vehicle via Ayvens, for example to determine the lease price of your new lease vehicle.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your contact information, your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data?Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. In which case we may share this information with the authorized (International) Fleet Manager on behalf of the Customer (your employer). See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.4 Data pertaining to private lease CUSTOMER

(Including sole PROPRIETORS and partnerships)**

**4.4.1 SIGN UP

4.4.1.a To be able to accept you as a customer**

What does this purpose entail? We collect Personal Data when you sign up (via our website) as a customer. This processing is required for the conclusion and performance of the lease agreement, including assessment, identifying and acceptance of you as a customer and any credit checks.

Which Personal Data do we process for this purpose? For this purpose, we collect your name, gender, title, address, contact details (including your e-mail address and telephone number), driver’s license details, delivery address or pick-up location, transaction data (such as order, amount(s) to be paid, date of payment), your bank account information and the authorization you give to Ayvens. Additionally, where relevant, we may process your identification card and biometric data for online identification and verification purposes.

With whom do we share your Personal Data? We share your information with a third party with whom we have an agreement for making online payments, such as the deposit payment and the monthly payments of the lease amount. We share information that is necessary for the execution of the payments. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.1.b Portals and apps

What does this purpose entail? Depending on the country you live in, we offer you online portals or apps. Via these portals or apps, you can ﬁnd practical information on your lease vehicle, your contact information and other personal information, report changes thereto, report damage to your vehicle, record appointments for repairs, maintenance or tire change, contact our customer service, consult and pay ﬁnes. This processing is required for the performance of the lease agreement or done with your consent.

Which Personal Data do we process for this purpose? For this purpose, we collect your name and e-mail address to send you a temporary password, which you will need to use the platform and apps.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.2 CONTACT

4.4.2.a To communicate with you

What does this purpose entail? You can contact us by various means (such as via e-mail, telephone, our website). In this case we use your Personal Data to answer your question/request. We can also contact you in relation to the private lease contract. This processing is required for the performance of the lease agreement or with your consent.

Which Personal Data do we process for this purpose?For this purpose, we may process your name, your contact information, your correspondence with Ayvens pertaining to your question/request and all other Personal Data you provide to us and/or which is necessary to appropriately respond to you, (incl. the license plate number), the agreed term of the private lease contract and your ﬁnancial obligations to us.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.2.b For surveys or other (marketing) communication

What does this purpose entail? We process your Personal Data when we send you periodic surveys to request your feedback on our Services and other services performed on the vehicle, for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest we may send you marketing communication, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. When we contact you in regard of surveys or marketing communication, we will do so either by e-mail or by postal mailings (newsletters/brochures/magazines). To understand what is relevant to you, we can use manual and automatic tools to analyse your Personal Data. If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication, contact the local Ayvens entity via its webform for individual rights or use the contact details below.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your address, your e-mail address, the license plate number and topics you may be interested in (as may be indicated by you on our website).

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.3 VEHICLE SERVICES

4.4.3.a Management of the vehicle

What does this purpose entail?We process your information in relation to administering your use of the vehicle and to handle the day-to-day management of the vehicle. This processing is required for performance of the lease agreement.

Which Personal Data do we process for this purpose? For this purpose, we process your name, address, (company) e-mail address, lease category, license plate number, make and model, service history and operational contact with you. In addition, you may provide certain information pertaining to vehicle management to us through the Ayvens portal, or when you call Ayvens or any partners.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.3.b Repair, maintenance and tires

What does this purpose entail? We process your Personal Data in relation to providing (scheduled) repair and maintenance services and tires services for your vehicle and to analyse, predict and pro-actively steer on maintenance and repairs. For this processing we have a legitimate business interest and is required for performance of the lease agreement.

Which Personal Data do we process for this purpose? For this purpose, we process your name, address, (company) e-mail address, license plate number, vehicle identification number, make and model, service history and operational contact with you. In addition, you may provide certain information to us through the Ayvens portal (e.g., your phone number to make an appointment for maintenance of the vehicle), or when you call Ayvens.

With whom do we share your Personal Data? We share information with third parties performing maintenance/repair on the vehicle or changing or replacing tires, such as dealers/garages, body repair shops or car ﬁtters. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.3.c Accident management

What does this purpose entail? Where applicable, we process your Personal Data by recording and administering accidents that you and/or your vehicle may have been involved in, to restore mobility and handle damage. We will do so by (i) giving you an opportunity to report accidents as they happen at our customer services department, (ii) providing, where applicable, roadside assistance and/or a replacement vehicle and (iii) arranging repair and other necessary follow-up. This processing is required for the performance of the lease agreement. We may also use this Information for assessing damage repairs under our damage handling and risk retention policies, for which we have a legitimate interest to process these data.

Which Personal Data do we process for this purpose? For this purpose, we process the following Personal Data:

Us: license plate number, make and model, service history and operational contact with you.
From you: your name, contact details, vehicle details, accident details, damage details, photos of the incident, date of birth, number of passengers in the vehicle, information of witnesses to the accident (if applicable) and any other information you choose to provide to us in the context of the accident (including any information pertaining to possible injuries).
From third parties, such as individuals involved in the accident or insurance companies: information of third parties involved in the accident/incident (such as the identity of your passengers, driver and passengers of third-party vehicles, and other third parties involved), information of other third parties (such as witnesses, investigating police ofﬁcers and others) insurance information, information about the incident and third-party claims.
From authorities (such as police): your name, address, license plate number, information regarding the accident, police reports and witness statements.

With whom do we share your Personal Data?

We may share certain information with dealers/garages, body repair shops, car ﬁtters, insurance companies (which may be both afﬁliated and third-party insurance companies) and professional experts employed on our behalf or on behalf of third parties (such as lawyers, medical experts, investigators, etc.) for the purpose of damage or claim resolution. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.4.3.e Trafﬁc, communal and parking ﬁnes management

**What does this purpose entail? The following may depend on the country where you may have committed trafﬁc and/or parking and/or communal violations: as the registered owner of the vehicles, trafﬁc and/or communal, and/or parking ﬁnes incurred by drivers of the vehicles may be addressed to Ayvens by the authority that issued a speciﬁc trafﬁc or communal or parking ﬁnes (such as police or local municipality).

We process your Personal Data for the purpose of processing and managing the payment of the ﬁne. This processing is required for the performance of the lease agreement.

Which Personal Data do we process for this purpose? We process information that we receive from the competent authorities (such as police or local municipalities): your name, address and license plate number, the nature, place, date and time of the offense/incident committed by you and the imposed ﬁnes.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.4 MOBILITY SERVICES

4.4.4.a Roadside assistance

What does this purpose entail? When you experience a malfunction, for example, a ﬂat tire or mechanical difﬁculties while on the road, depending on the contract we have with you, Ayvens is able to arrange roadside assistance, for which we work closely with contracted third parties. This processing is required for the performance of the lease agreement.

Which Personal Data do we process for this purpose? For this purpose, we process the following information: your name, e-mail, mobile phone number, license plate number and location of where assistance was needed and provided.

With whom do we share your Personal Data? We share your information with third parties providing on the road repair services, towing services or a replacement vehicle. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.4.5 AYVENS BUSINESS PURPOSES

4.4.5.a Management reporting **

What does this purpose entail? We process Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our websites and Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose?For this purpose, we may process your name, your e-mail address, your IP address, gender, date of birth, place of residence, digits of your zip code and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.4.5.b Compliance with laws and legal obligations and protection of Ayvens assets and interests

What does this purpose entail?To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g., counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) part of a credit check process; (c) to comply with legal process; (d) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (e) to enforce our terms and conditions and other applicable policies; (f) to protect our operations; (g) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (h) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose?For this purpose, we process your name, contact information, the date, place and country of birth, in case of a company of the ultimate beneﬁcial owner of the company; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens; your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons and anti-slavery screening. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.5 DATA PERTAINING TO PRIVATE BUYERS OF USED VEHICLES

4.5.1. PURCHASE

4.5.1.a Purchase of Ayvens used vehicle**

What does this purpose entail? We process your Personal Data in relation to your (potential) purchase of a Ayvens used vehicle, if applicable, and other related Services. This includes the execution of the purchase agreement, the delivery of Services and the settlement of the payment transaction. This processing is required for the conclusion and performance of the agreement, including assessment, acceptance of you as a customer and preliminary credit checks.

Which Personal Data do we process for this purpose? For this purpose, we process your name, gender, title, (business) contact details (including your e-mail address, telephone number, name of your company), information related to your trade in vehicle and details needed to complete the transaction, including bank account information.

With whom do we share your Personal Data?We may share this information with trade in parties or ﬁnancial services partners. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.5.2 BUYER CONTACT

4.5.2.a To communicate with you

What does this purpose entail?We process your Personal Data when you contact us via one of our online contact forms (or provide information in one of our used vehicle centres), for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for our Services. We can contact you relating to a (potential) purchase of a vehicle. This processing is required for the performance of the agreement that you have with us or with your consent.

Which Personal Data do we process for this purpose?For this purpose, we process your name, gender, title, (business) contact details (including your e-mail address, telephone number, name of your company) and any other information that you provide to us in the open ﬁeld entry of the contact form, where you can, for example, pose your question, describe your suggestion, make a compliment or share a complaint.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.5.2. b For surveys or other (marketing) communication

What does this purpose entail? We process your personal information when we send you a survey to request your feedback on our Services, for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest, we may send you marketing communication, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. When we contact you in regard of surveys or marketing communication, we will do so either by e-mail or by postal newsletters/brochures/magazines (postal mailings). To understand what is relevant to you, we can use manual and automatic tools to analyse your Personal Data. If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication, contact the local Ayvens entity via its webform for individual rights or use the contact details below.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your address, your e-mail address, and your interests (as indicated by you).

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.5.3 AYVENS BUSINESS PURPOSES

4.5.3.a Management reporting

**What does this purpose entail? We process Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our websites and Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your e-mail address, your IP address, gender, date of birth, place of residence, digits of your zip code and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.5.3.b Compliance with laws and legal obligations and protection of Ayvens assets and interests

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g., counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose? For this purpose, we process the name, contact information, the date, place and country of birth of the ultimate beneﬁcial owner of the counterparty that Ayvens want to do business with; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens and of the persons shareholders, as well as Identification data and documents of representatives; Data about employment (title of working position) your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons, information on the performance of public office (status of officials) and anti-slavery screening. Same data is processed of your guarantor, if applicable. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

NOTE: informing of data subjects, related to personal data processing, performed by Ayvens, is an obligation of the Client/Supplier/Partner, legal entity, with which the Company is establishing or has established business relationship. With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.6 DATA PERTAINING TO PROFESSIONAL BUYERS OF USED VEHICLES (TRADERS)

4.6.1 REGISTRATION AND PURCHASE

4.6.1.a Registration as a professional trader

What does this purpose entail? To be able to purchase Ayvens Used vehicle on an auction or purchase a vehicle via our car remarketing website(s), traders need to be registered with Ayvens as a professional trader. This processing is based on our legitimate interest (and also relates to the providing of Services under the performance of an agreement, including assessment, acceptance or credit checks) or based on a legal obligation.

Which Personal Data do we process for this purpose? For this purpose, we process your name, contact details (including your e-mail address, telephone number), your identification card and information related to your company including Chamber of Commerce document and VAT certiﬁcate.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.6.1.b Purchase of Ayvens used vehicles

What does this purpose entail? We process your Personal Data in relation to your (potential) purchase of an Ayvens used vehicle and/or other related Services via an auction or via our car remarketing website(s), this includes the execution of the purchase agreement, the delivery, and the settlement of the payment transaction. This processing also relates to the providing of Services under the conclusion and performance of the purchase agreement and is also based on our legitimate interest.

Which Personal Data do we process for this purpose?For this purpose, we process your name, contact details (including your e-mail address, telephone number), your identification card and information related to your company including Chamber of Commerce document and VAT certiﬁcate, details needed to complete the transaction, including bank account information.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**

4.6.2 TRADER CONTRACTS**

4.6.2.a To communicate with you

What does this purpose entail? We process your Personal Data when you contact us via one of our online contact forms (or provide information in one of our used vehicle centres), for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for our Services. We can contact you relating to a (potential) purchase of a vehicle. This processing is based on our legitimate interest (and also relates to the providing of Services under the performance of the agreement that we have with the Trader) or with your consent.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your business contact details, your correspondence with Ayvens pertaining to your question/request and all other Personal Data you provide to us and/or which is necessary to appropriately respond to you.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.6.2.b For surveys or other (marketing) communication

What does this purpose entail? We process your Personal Data when we send you a survey to request your feedback on our Services for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest, we may send you marketing communication, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. When we contact you in regard of surveys or marketing communication, we will do so either by e-mail or by postal newsletters/ brochures/magazines (postal mailings). If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication, contact the local Ayvens entity via its webform for individual rights or use the contact details below.

Which Personal Data do we process for this purpose? For this purpose, we process your name, your address, your e-mail address, and your interests (as indicated by you).

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.6.3 AYVENS BUSINESS PURPOSES

4.6.3.a Management reporting

What does this purpose entail? We process Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our websites and Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your e-mail address, your IP address, gender, date of birth, place of residence, digits of your zip code and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.6.3.b Compliance with laws and legal obligations and protection of Ayvens assets and interests

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary (a) under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g., counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose? For this purpose, we process the name, contact information, the date, place and country of birth of the ultimate beneﬁcial owner of the counterparty that Ayvens want to do business with; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens and of the persons shareholders, as well as Identification data and documents of representatives; Data about employment (title of working position) your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons, information on the performance of public office (status of officials) and anti-slavery screening. Same data is processed of your guarantor, if applicable. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

NOTE: informing of data subjects, related to personal data processing, performed by Ayvens, is an obligation of the Client/Supplier/Partner, legal entity, with which the Company is establishing or has established business relationship. With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’. 4.7 DATA PERTAINING TO SUPPLIERS

4.7.1 SUPPLIER ACCOUNT MANAGEMENT

**4.7.1.a To provide, manage and administer the Supplier account ** What does this purpose entail? We process your Personal Data to handle day-to-day management and administration of the Supplier accounts, such as maintaining contracts, and keep you informed of all important developments concerning the services you render and other information which is relevant for the Supplier contract and account. This processing is based on the agreement that we have with you or based on a legal obligation.

Which Personal Data do we process for this purpose?For this purpose, we may process business contact details and log-in details to our Supplier online accounts.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.7.1.b To communicate with you

What does this purpose entail? You can contact us by various means (such as e-mail or telephone, or via our website). In this case we use your Personal Data to answer your question/request. We can also contact you, for example, regarding day-to-day management and administration of your Supplier account. This processing is based on the agreement that we have with you or with your consent.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your business contact details, your correspondence with Ayvens pertaining to your question/request and all other personal information you provide to us and/or which is necessary to appropriately respond to you.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.7.1.cFor surveys or other (marketing) communication

What does this purpose entail? We process your Personal Data to send you surveys, for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest, we may send you marketing communication, for example, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. We send you such surveys in the form of either a periodic e-mail or an e-mail to request your feedback on our communication and relationship. We may also send you postal mailings (newsletters/brochures/magazines). If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication, contact the local Ayvens entity via its webform for individual rights or use the contact details below.

Which Personal Data do we process for this purpose? For this purpose, we may process your name and your business contact details.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’

4.7.2 AYVENS PREMISES

4.7.2.a Access to and security control of Ayvens premises

What does this purpose entail? We may process your Personal Data when you visit us on our premises for the purpose of ensuring appropriate access controls and security, for which we have a legitimate interest (safety and security of our assets).

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your contact information and the person you are visiting. We may also process video and/or audio information about you through video/audio recording equipment, such as for instance CCTV.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**

4.7.3 SUPPLIER REPORTING**

**4.7.3.a Fleet reporting tool ** What does this purpose entail? We provide a designated fleet reporting tool. Suppliers’ contact persons can log onto these tools to review the status of their ﬂeet, and to use other ﬂeet reporting functionalities, such as dashboard reporting, trend analysis reporting, vehicle mileage and end of lease term. This processing is based on our legitimate interest (and also relates to the providing of Services under the performance of the agreement that we have with the Supplier).

Which Personal Data do we process for this purpose? For this purpose, we process contact details and job function of Suppliers’ contact persons and login details (e.g., username and password).

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.7.4 AYVENS BUSINESS PURPOSES

4.7.4.a Management reporting

**What does this purpose entail? We process Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our websites and Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your name, your e-mail address, your IP address, gender, date of birth, place of residence, digits of your zip code and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.**

4.7.4.b Compliance with laws and legal obligations and protection of Ayvens assets and interests

**What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary:

(a) Under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g., counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose? For this purpose, we process the name, contact information, the date, place and country of birth of the ultimate beneﬁcial owner of the counterparty that Ayvens want to do business with; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens and of the persons shareholders, as well as Identification data and documents of representatives; Data about employment (title of working position) your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons, information on the performance of public office (status of officials) and anti-slavery screening. Same data is processed of your guarantor, if applicable. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

NOTE: informing of data subjects, related to personal data processing, performed by Ayvens, is an obligation of the Client/Supplier/Partner, legal entity, with which the Company is establishing or has established business relationship. With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8 DATA PERTAINING TO BUSINESS PARTNERS

4.8.1 BUSINESS PARTNER ACCOUNT MANAGEMENT

4.8.1.a To provide, manage and administer the Business Partner account

What does this purpose entail? We process your Personal Data to handle day-to-day management and administration of the Business Partner accounts, such as maintaining contracts, and keep you informed of all important developments concerning the arrangements between us, other information which is relevant for the Business Partner contract and account. This processing is based on the agreement that we have with you or based on a legal obligation.

Which Personal Data do we process for this purpose? For this purpose, we may process your business contact details.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8.1.b To communicate with you

What does this purpose entail? You can contact us by various means (such as e-mail or telephone). In this case we use your Personal Data to answer your question/request. We can also contact you, for example, regarding day-to-day management and administration of your Business Partner account. This processing is based on the agreement that we have with you or with your consent.

Which Personal Data do we process for this purpose? For this purpose, we may process your business contact details, your correspondence with Ayvens pertaining to your question/request and all other data you provide to us and/or which is necessary to appropriately respond to you.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8.1.c For surveys or other (marketing) communication

What does this purpose entail? We process your Personal Data to send you surveys, for which we have a legitimate interest to process these data. With your consent or where we have a legitimate interest, we may send you marketing communication, for example, to keep you updated on events, current and future offers, possibilities and current and future products and services of Ayvens. We send you such surveys in the form of either a periodic e-mail or an e-mail to request your feedback on our communication and relationship. We may also send you postal mailings (newsletters/brochures/magazines). If you would no longer like to receive surveys or marketing communication from us, please use the opt out options in the communication, contact the local Ayvens entity via its webform for individual rights or use the contact details below.

Which Personal Data do we process for this purpose? For this purpose, we may process your name and your business contact details.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

**4.8.2 AYVENS PREMISES ** **4.8.2.a Access to and security control of Ayvens premises

**What does this purpose entail? We may process your Personal Data when you visit us on our premises for the purpose of ensuring appropriate access controls and security, for which we have a legitimate interest (safety and security of our assets).

Which Personal Data do we process for this purpose?For this purpose, we may process your name, your contact information and the person you are visiting. We may also process video and/or audio information about you through video/audio recording equipment, such as for instance CCTV.

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8.3 BUSINESS PARTNER REPORTING

**4.8.3.a Fleet reporting tool

**What does this purpose entail? We provide a designated fleet reporting tool. Business Partners’ contact persons can log onto these tools to review the status of their ﬂeet, and to use other ﬂeet reporting functionalities, such as dashboard reporting, trend analysis reporting, and end of lease term. This processing is based on our legitimate interest (and also relates to the providing of Services under the performance of the agreement that we have with the Business Partner).

Which Personal Data do we process for this purpose?For this purpose, we process contact details and job function of Business Partner’s contact person, and login details (e.g., username and password).

With whom do we share your Personal Data?See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8.4 AYVENS BUSINESS PURPOSES

4.8.4.a Management reporting

What does this purpose entail? We process Personal Data for various Ayvens business-related purposes for which we have a legitimate interest to process these data, such as data analysis, audits, developing new products, enhancing, improving or modifying our websites and Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

To facilitate your use of our online services or applications, we may analyse data that we collect when using our digital media and combine it with information collected via cookies, based on your consent. For example, to better understand which digital channel (Google search, e-mail, social media) or device (desktop, tablet or mobile) you prefer, we can optimize or limit our communication and marketing activities by channel and by device.

Which Personal Data do we process for this purpose? For this purpose, we may process your business contact details and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.

With whom do we share your Personal Data? See section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

4.8.4.b Compliance with laws and legal obligations and protection of Ayvens assets and interests.

What does this purpose entail? To comply with a legal obligation or where we have a legitimate interest, we process your Personal Data as appropriate or necessary: (a) Under applicable law, including laws outside your country of residence and including sectorial recommendations (e.g., counterparty due diligence (CDD), money laundering, ﬁnancing of terrorism and other crimes); (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and other applicable policies; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Which Personal Data do we process for this purpose?For this purpose, we process the name, contact information, the date, place and country of birth of the ultimate beneﬁcial owner of the counterparty that Ayvens want to do business with; we may also process the name, address and the date, place and country of birth of the person(s) who represent the company towards Ayvens and of the persons shareholders, as well as Identification data and documents of representatives; Data about employment (title of working position) your correspondence with Ayvens, your use of Services and any other information mentioned in this Statement, if such is required for one of the purposes mentioned in the previous paragraph. For counterparty due diligence (CDD) purposes we periodically also process investigation data based on sanctions, enforcement, adverse media, politically exposed persons, information on the performance of public office (status of officials) and anti-slavery screening. Same data is processed of your guarantor, if applicable. For this purpose, a risk-based approach is used to ensure only necessary Personal Data is collected. Please note, multiple (trained) employees are involved to evaluate the screening results in case of a ‘hit’ (human intervention).

NOTE: informing of data subjects, related to personal data processing, performed by Ayvens, is an obligation of the Client/Supplier/Partner, legal entity, with which the Company is establishing or has established business relationship. With whom do we share your Personal Data? Only if we are required to do so by law or sectorial recommendation to which Ayvens is subject, your Personal Data will be provided to supervisory agencies, ﬁscal authorities and investigative agencies. See also section 5 ‘WHO HAS ACCESS TO YOUR DATA?’.

5. Who has access to your data?

In addition to what is indicated for each purpose above regarding who has access to Personal Data under the control of Ayvens, we may also share Personal Data:

Within Ayvens Group for the purposes described in this Privacy Statement. For a list of the Ayvens affiliates and their locations, that may process Personal Data on behalf of the Controller, see the country signs on the top right of www.ayvens.com.
Within Société Générale Group to which Ayvens belongs, for internal administrative purposes, to fulfil a legal obligation, to improve our services, to enable us to comply more efficiently and more effectively with laws and regulations or for monitoring, control and reporting purposes. Reporting purposes relate to any regulatory and statutory reporting obligations and data requests as required by Société Générale Group’s regulators.
To our third-party service partners, service providers and unaffiliated partners, or business partners such as original equipment manufacturers (OEMs) – Authorized service and sales network for vehicle, and brokers (intermediary agencies), to facilitate services they provide to you and us.

In order to provide you with our services, we often work closely with service partners, service providers and unaffiliated partners. Our independent service partners assist us in providing our leasing and other services to you, and include dealerships, maintenance providers, body repair shops, and roadside assistance providers, but also rental service companies and the administrators of our driver safety programs. Dealerships or suppliers of (electric) vehicles may require contact details of a driver to activate a personal account necessary to be set up as a driver, otherwise the vehicle does not work.

Service providers are companies we retain that support us in running our business, for example to help us maintain our IT network and related infrastructure and security and access controls to our premises.

**To whom? ** Ayvens S.A., France **

What data?** Identification and contact data **

Purpose?**

Performing Company’s business operations (input of data in the information system)

To whom?

Ayvens Austria Fuhrparkmanagement und Leasing Gmbh and Ayvens Shared Service; Center in Bucharest Romania**

What data?**

Identification data, contact data, Information on the performance of public office (status of officials) and esxposure to the risk of international sanctions, Data about employment**

Purpose?**

Credit analyses and KYC assessment

To whom?Repair shop network and other suppliers* with which Company has signed business cooperation contract What data?Identification and contact data**Purpose? **Performing contracted services (service and vehicle repair, replacement of tyres, pre-run and relief car, etc)

To whom?Insurance Companies (in line with contracted policy)What data?Identification and contact dataPurpose?Performing activities related to vehicle damage assessment, and similar.

To whom?Auto Moto Savez Srbije (AMSS) What data?Identification data Purpose?Making of Yellow Card for the vehicle user

**To whom? **Autokomerc d.o.o. **What data? **Identification data **Purpose? **Vehicle takeover upon end/termination of business relationship

**

To whom? **SL Solucija d.o.o., Hrvatska **What data? **Audio record (reording of calls within Ayvens - Call centre) **Purpose? **Realization of clients' requests based on contracted services

**To whom? Ayvens Automotive Magyarország Kft, HungaryWhat data? **Identification and contact data **Purpose? **Data back up

We also use and disclose your Personal Data as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:

To comply with applicable law and regulations. This can include laws outside your country of residence.
To cooperate with public and government authorities. To respond to a request or to provide information we believe is important. These can include authorities outside your country of residence.
To cooperate with law enforcement. For example, when we respond to law enforcement requests and orders or provide information, we believe is important.
For other legal reasons. To enforce our terms and conditions and to protect our rights, privacy, safety or property, and/or that of our afﬁliates, you or others.
In connection with a sale or business transaction. We have a legitimate interest in disclosing or transferring your Personal Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Ayvens business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.

We will limit access to Personal Data to personnel with a business need to know for the purposes described in this Statement.

6. Why personal data may be transferred to third countries?

Ayvens is a global service provider that has customers and locations around the globe. Your Personal Data may be stored and/or processed in a country other than the one you reside in. For a list of the Ayvens affiliates and their locations, that may process Personal Data on behalf of the Controller, see the country signs on the top right of www.ayvens.com.

Some of the non-EEA countries are considered to provide for an adequate level of protection of your Personal Data, according to EU standards. You can find a list of these ‘adequate countries’ [here](targetSelf:Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules of the applicable regulations.). For the transfer of Personal Data to other countries, Ayvens has put in place adequate measures to protect your Personal Data, such as Standard Contractual Clauses. You may obtain a copy of these measures by contacting us using the address in the ‘How can you contact us?’section below or by following PrivacyWeb Form.

Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules of the applicable regulations.

7. Children's privacy

Our Services are not directed at individuals under the age of 18.

8. Do we use your data for other purposes?

We may also use your Personal Data for a purpose other than the initial purpose. This is subject to the condition that the secondary purpose is in line with the initial purpose. The following factors are inter alia taken into account: are the purposes clearly related; is the secondary purpose appropriate and/or expected, was the Personal Data obtained directly from you or in another way; what kind of Personal Data is concerned for the secondary purpose; what would be the implications for you; and what data protection measures are applied when using your data for the secondary purposes.

It is generally permissible to process Personal Data for the following secondary purposes: transfer of the Personal Data to an Archive, internal audits or investigations, implementation of business controls and operational efficiency, IT systems and infrastructure related Processing such as for maintenance, support, life-cycle management, and security (including resilience and incident management), statistical, historical or scientific research, dispute resolution, legal or business consulting or insurance purposes.

9. How long will we keep your data?

Personal data of data subjects will be kept for the period necessary to fulfil the purposes described in this Statement unless a longer retention period is required or permitted by law.

The criteria applied to determine the applicable retention periods are:

the duration of a relationship and to provide the Services to you (for example, for as long as you use or lease an Ayvens vehicle);
as required by a legal obligation to which we are subject; and
as advisable in light of our legal position, such as in regard of applicable statutes of limitations, litigation or regulatory investigations.

After the relevant retention period, Ayvens will securely delete or destroy or de-identify your Personal Data or transfer your Personal Data to an Archive, unless this is prohibited by law or an applicable records retention schedule..

In the event that the business relationship is not established, the personal data obtained during the process of creating the offer is stored for a period of 24 months from the moment of non-acceptance of the offer.

10. How do we secure your data?

We seek to use appropriate organizational, technical and administrative measures to protect Personal Data within our organization, in accordance with applicable privacy and data protection laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us in accordance with the ‘How can you contact us?’ section below immediately.

11. Changes to this statement

We reserve the right to amend this Statement at any time in order to, for instance, address future developments of Ayvens or changes in industry or legal trends. The ‘Last Updated’ legend at the top of this Statement indicates when this Statement was last revised.

12. How can you contact us?

If you have questions, requests or complaints, please feel free to contact us via the contact page of the relevant Ayvens entity or contact our Data Protection Correspondent via PrivacyWeb Form. Because e-mail communication is not always secure, please do not include sensitive personal information in the e-mails you send us.

13. How can I exercise my personal data rights?

Please contact our Data Protection Correspondent via PrivacyWeb Form if you have any questions or concerns about how Ayvens processes your Personal Data; if you would like to exercise your right to request access, correct, suppress or delete Personal Data about you or request that we cease using it (right to object), withdraw your consent or if you would like to request a copy or portability of your Personal Data. We will respond to your request consistent with applicable law.

Please note that we may not be required to comply (or fully comply) with your request. Applicable laws or regulations may impose conditions or restrict certain of such rights. For instance, for as long as we have a relationship with you, or where personal data is kept in a backup system (for the purpose of restoring the data in case of a data loss event) and the data purging cycle may be different than applicable to the production system. In those circumstances, we will write to you explaining why we are unable to comply at that moment or, in the case of backup data, the request may be implemented at a later stage (when the backup is overwritten).

In your request, please make clear what Personal Data you would like to access or have changed or deleted, or otherwise let us know what limitations you would like to put on our use of your Personal Data.

For your protection, in principle we only implement requests with respect to the information associated with the particular e-mail address that you use to send us your request, and we may request additional information necessary to verify your identity before implementing your request. Please note that certain Personal Data may be exempt from such requests pursuant to applicable data protection laws or other laws and regulations.

You may also lodge a complaint with a data protection authority for your country or region, or in the place of the alleged misconduct. Please see here a link to the national data protection authorities located in the European Union and the European Economic Area. To contact Commissioner in Serbia please consult following link: Prijava- Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti

Right of access Data subjects have the right to request information from the Company as to whether their personal data is being processed, as well as to provide them with access to such data. In addition to access to data, the person has the right to request information about the purpose of the processing of personal data, the types of personal data to be processed, the recipients or types of recipients to whom the personal data have been disclosed or will be disclosed, the stipulated period for which the personal data will be stored, and the rights you can exercise in relation to the Company as a personal data controller. Right to rectification and completion Persons whose personal data are processed have the right to rectification of the data, i.e. They have the right to submit a request for the correction of inaccurate data, as well as the right to supplement incomplete data by providing additional statements. Right to restriction of processing Persons whose personal data are processed have the right to restrict the processing of data in the following cases: a) when the accuracy of personal data is disputed (within a period that allows the Company to verify the accuracy of the data); b) where the processing of personal data is unlawful and the data subject objects to the erasure of the data and instead requests the restriction of processing; c) when there is no longer a need to process personal data for the purpose of achieving the purpose, but the person requests that the processing be continued in order to establish, exercise or defend legal claims; d) when an objection is filed to the processing on the basis of the Law on Personal Data Protection, expecting confirmation of whether there are legal reasons for the processing of personal data that outweigh the interests and rights of the person. Right to object Persons whose personal data are processed have the right to object to the processing of personal data to the Company, in the event that the processing is carried out for the purpose of: a) performing tasks in the public interest or exercising the powers prescribed by law of the Company; b) the pursuit of the legitimate interests of the Company, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject who require the protection of personal data. When an objection is submitted, the Company will not process personal data, unless there are legal reasons for the processing that override the interests, rights or freedoms of the person or are related to the establishment, exercise or defence of a legal claim. Right to erasure The right to erasure ("right to be forgotten") means the right to erasure of personal data in the following cases: a) where the personal data are no longer necessary for the purpose for which they were collected or otherwise processed; b) when the data subject revokes the consent on the basis of which the processing was carried out; c) when a person objects to processing in accordance with the law; d) when the personal data has been unlawfully processed; e) when personal data must be erased in order to comply with legal obligations in accordance with the Law of the Republic of Serbia