PRIVACY POLICY ECX
VERSION 25 JULY 2022
This privacy policy ("Privacy Policy") applies to the usage of the website https://www.europeancarxchange.com ("Platform") operated by ECX ("European Car Xchange AG", "we", "our", or "us"). By accessing the Platform, you ("User", "you", "your", or "yours") agree to the collection, usage, processing and disclosure of information in accordance with this Privacy Policy.
Unless otherwise defined in this Privacy Policy or our Users Agreement (https://europeancarxchange.com/terms), the terms used in this Privacy Policy have the same meanings as in the Swiss Federal Act on Data Protection.
1. ANONYMIZED DATA
We may process anonymized vehicle data for the purpose of establishing the Auction, listing the vehicle, and for any matters related to the purchase or sell of vehicles on the Platform.
The list of anonymized vehicle data include the following:
? VIN number
? Matriculation number
? Photography
2. PERSONAL DATA
We collect the following types of personal data when you use our Platform.
• Identity and contact data
• Professional details
• Financial and payment data
• Profile, usage and website interaction
• Unique user IDs
• Location-based data
3. HOW WE COLLECT PERSONAL DATA
We collect information about you when you use our Platform, including taking certain actions within it.
Directly
• When you access, use, or otherwise interact with our Platform.
• When you correspond with us by electronic means.
• When you create a User account on the Platform.
• When you sign up to receive our newsletter and other marketing material.
Indirectly
• From third parties, such as social media plugins and third-party cookies.
• Through public sources.
4. LEGAL BASIS AND PURPOSES
• User Account verification & creation
• Create and verify user accounts on Lemonway
• Know-your-customer (KYC) processes for payment and escrow services
• Appointment & Pick up scheduling
• Notifications
• Invoice creation and delivery
• Tax purposes
Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.
Contract: To perform our contractual obligations or take steps linked to a contract with you.
• To provide and protect our Platform and services
• To administer, manage and develop our business and services
Consent: We may rely on your freely given consent at the time you provided your personal data.
• To provide you with information related to the Auction you are participating in.
• To provide you with news, special offers, newsletters, and general information about goods and services which we offer (with your explicit consent).
Legitimate interests: We may rely on legitimate interests based on our evaluation that the processing is fair and reasonable.
• To maintain and improve our Platform and services
• To develop new services
Public interest: To meet regulatory and public interest obligations.
• To comply with applicable regulation and legislation.
5. DATA STORAGE AND RETENTION
We retain your personal data only for as long as is necessary for the purposes set out in Section 3 of this Privacy Policy, and to the extent necessary to comply with our legal obligations, resolve potential disputes and enforce our legal agreements and policies.
We keep the data backup for 1 year. This timeframe could be increased or decreased based on customer needs. We use Encrypted EBS volumes in our servers and daily backup snapshots are enabled.
This procedure helps us to:
• Protect valuable data by enforcing a regular backup schedule.
• Create standardized AMIs that can be refreshed at regular intervals.
• Retain backups as required by auditors or internal compliance.
• Reduce storage costs by deleting outdated backups.
• Create disaster recovery backup policies that back up data to isolated accounts.
• Financial data will be kept as of how long the law would require it
6. SERVICE PROVIDERS AND DATA TRANSFERS
We may employ third party companies ("Service Providers") to facilitate the operation of our Platform, assist us in analysing how our Platform is used, or perform Platform-related services, such as payment, delivery or IT infrastructure services. These third parties have access to your personal data only and insofar as necessary to perform these tasks on our behalf and are required to safeguard it in accordance with our contractual obligations and applicable data protection legislation.
Where Service Providers process data outside of Switzerland or the EU, we ensure through adequate safeguards that your data remains protected abroad. Such safeguards may include transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner; applying standard data protection model clauses, binding corporate rules or other standard contractual obligations which provide for appropriate protection of data.
7. DATA DISCLOSURE
We may disclose your personal data in the good faith belief that such action is necessary:
? To comply with a legal & financial obligation (i.e. if required by law or in response to valid requests by public authorities, such as a court or government agency);
? To protect the security of the Platform and defend our rights or property;
? To prevent or investigate possible wrongdoing in connection with ECX
? To prevent or investigate possible wrongdoing in connection with third party providers
? To protect ourselves against legal liability.
8. DATA SECURITY
We take reasonable technical and organizational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments.
We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.
The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system.
We follow the Shared responsibility model to strengthen our client’s data security.
9. DATA PROTECTION RIGHTS
You have the below data protection rights on the basis of the Swiss Federal Act on Data Protection and the EU GDPR. Please note that we may ask you to verify your identity before responding to such requests.
• Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
• Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
• Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. This includes cases where you wish to opt out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the 'unsubscribe' link in the email you received.
• Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when it was unlawfully processed.
• Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
• Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or in order to perform our contractual obligations.
• Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests, or if we need to continue to process the personal data for the exercise or defence of a legal claim.
• Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html).
10. LINKS TO THIRD-PARTY APPS AND SITES
Our Platform may contain links to websites or apps that are not operated by us. If you click a third-party link, you will be directed to that third party’s site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
11. COOKIE POLICY
Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.
Usually, we keep Cookie Lifetime for 7 days or 1 month. This can be changed based on the customer needs.
Our Platform uses these “cookies” to collection information and to improve our Platform. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Platform. For more information, please refer to our Cookies Policy (https://www.europeancarxchange.com/cookies, the terms used in this Privacy Policy have the same meaning in the Cookie Policy).
12. CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page.
13. CONTACT US
If you have any questions about this Privacy Policy, please contact us at: privacy@ecx.ag