Data Protection and Privacy Notice
Valeo Personal Data Protection general principles
Valeo Privacy notice
- Who we are?
- What information do we collect?
- How do we collect personal data
- Who receives your Personal Data?
- How long do we store your Personal Data
- How do we use Personal Data?
- What legal basis do we have for processing your Personal Data?
- How do we share Personal Data?
- How do we secure Personal Data?
- Your rights in relation to Personal Data
- How to contact us?
- Updating of the Privacy notice
Valeo Personal Data Protection general principles
As a global automotive company, Valeo continuously develops and maintains relationship with clients, suppliers, prospects, employees, candidates, students and other stakeholders. For purely business related purposes, Valeo needs to gather, store and use some of their Personal Data.
Valeo also develops products that may collect, use and transfer Personal Data (drivers, passengers, pedestrians….). In very rare occasions, Valeo may act as data processor.
In any event, Valeo is committed to processing Personal Data in compliance with Data Protection Regulations including the recent European Global Data Protection Regulation (GDPR) and to respecting the rights of Data Subjects.
Valeo policy is to collect Personal Data in a fair, lawful and transparent way, to use it for legitimate purposes only, to implement measures to protect its integrity, to retain it for no longer than necessary and to fully support the exercise of their rights by Data Subjects.
Where Valeo needs to outsource European Personal Data Processes and/or to transfer European Personal Data outside of the European Union, the selected Data Processors must comply with the Data Protection laws and Valeo Data Protection Contractual terms and instructions. They include Valeo’s requirements in terms of Data Breach, Data Subject rights or claims management and the prohibition of using unapproved sub processors. International transfer clauses are also signed as legally required.
When Valeo develops, engineers and manufactures products that may trigger Data Protection obligations under the GDPR, Valeo takes Privacy and Security by Design into account at the time of engineering and developing such products. The Data Protection obligations where applicable are described in the related product Data Protection specifications, thus allowing the customer to fully understand the actions taken to comply with regulation.
To ensure the proper development and safety of our products, Valeo’s prototypes, at the stage of engineering have to be tested. Some of these tests and pilots may need to be conducted in real life environment and may involve drivers, passengers or pedestrian data collection. Data is collected, analyzed and used for testing only, in relation to the technology under development within a specific Data Protection framework meant to protect Data Subjects.
The above commitments are supported by the Valeo Data Protection Compliance Program that encompasses numerous policies, procedures, tools, forms and contractual clauses as well as a detailed training and awareness program. Valeo whistleblowing System is also available to anyone who has reason to believe that the Valeo Data Protection Compliance Program is not being complied with or wants to report potential violations of this program in the law.
The Global Data Protection Officer can be reached for any request, question, or claim at: Dpo.email@example.com
Valeo Privacy notice
The current notice aims at informing Valeo’s stakeholders and business partners of Valeo’s overall approach to Data Protection. It provides them with indication as to their rights and the way their Personal Data is processed and protected.
This notice applies to the data collected in particular as part of our contractual or precontractual relationships, during the recruitment process or during some innovative products pilot or test phases.
1. Who we are ?
Valeo is a global company operating in 30 countries. Mrs. Catherine Delhaye is Valeo Global Data Protection Officer. She is based at the Paris headquarters and can be contacted here:
Valeo Management Services
43, rue Bayen
75848 Paris Cedex France
2. What information do we collect ?
We collect and process the contact details and information necessary to conduct our activities and to develop or maintain business and contractual relationship in a business to business environment.
The personal information we process mostly relates to employees, candidates, clients, suppliers, vendors, stakeholders, journalists, intermediaries, banks or financial institutions and/or from administrations and authorities.
We usually do not collect, nor process private life related data.
3. How do we collect personal data
We collect personal data most of the time, directly from our business partners’ representatives, such as:
- Via business cards, emails
- Via invitations, conferences, events
- Via application forms, RFI, RFQ, proposals submission
- Through work orders, invoices, credit notes
- Via our internet portals, where visitors ask for questions, join our blogs, leave messages, sign up for our news letters or apply or via cookies
- Via resumes or applications
Where we need to conduct due diligence in support of a selection process, we make sure to obtain relevant data from third party specialists and lawful sources. No automated decision is ever made on the basis of such due diligence.
We receive data through the Valeo whistleblowing system which is available to Valeo employees and to Valeo stakeholders. It is governed by Valeo detailed Whistleblowing procedures. The name of the whistleblower and the name of reported or mentioned persons are considered highly confidential. They are stored on a totally separate in house server and only shared on a need to know basis, subject to an individual Non Disclosure agreements. The results of investigations are handled with the same level of care.
We may finally collect data in the context of tests and pilots or our products during their development phases.
4. Who receives your Personal Data ?
Most Personal Data is processed and managed by Valeo employees, located in your country or in any country where Valeo operates. Irrespective of their location, all Valeo entities are subject to the Valeo detailed Data Protection Program. Some employees, such as HR employees or internal auditors and investigators, are particularly trained and aware of the sensitivity of certain data.
Where Valeo needs to use sub contractors or Data Processors, the latter are bound, by the necessary terms and conditions and can only use the data for clearly identified purposes. Their personnel is subject to strict Non disclosure agreements and training.
Where Valeo needs to transfer Personal Data outside of the European Union, all necessary safeguards are implemented to maintain the protection of individuals’ Personal Data.
Valeo is not involved in any Personal Data transaction nor business; We do not sell personal data to third parties. As an example, if names and phone numbers have to be temporarily made available to a third party, an organizer for instance, it is temporary and for a specific reason and period of time; the third party having undertaken to destroying the Personal Data at the end of the event.
5. How long do we store your Personal Data
Valeo will keep your Personal Data in a secure environment for the time necessary to achieve the purposes for which it was collected or during the minimum retention period provided by the applicable legislation including civil, criminal and commercial law.
6. How do we use Personal Data?
Personal Data may be used in relation to:
- Providing responses to your questions or delivering marketing and events communication
- Extending and managing invitations
- Sending and processing work orders, invoices, credit notes
- Providing goods and services
- Account set up and administration
- Exchanging information on RFI, RFQ, proposals, projects, quality or maintenance matters, etc.
- Carrying out legal obligations (e.g. prevention of fraud, anti-bribery due diligence, economic sanctions background check)
- Meeting internal audit requirements
- Carrying out polls and surveys
- Testing products under development as described below
Where you visit our websites, your Personal Data may be used:
- To send email alerts providing you with information about Valeo
- To send a newsletter about recent events in Valeo
- To process questions, comments and other requests you wish to make by contacting us via the website
- To share certain content of the website on social platforms
- For commercial and marketing purposes, such as information on Valeo product
- For technical purpose through dedicated technical assistance
- For the administration and technical management of the website, its functionalities and services
- To measure the website’s audience to obtain information on visitors’ browsing
Where Valeo as a high technology automotive company that massively invests in Research and Development needs to design and test innovative products or technology or applications in a real life environment, you may be involved and your data may be used in support of our research, analysis and/or verifications:
- As an example, the attitude and behaviour of pedestrians or other drivers on a street may be captured by cameras for analysis and development of the appropriate detection sensors in new vehicles to be sold by car manufacturers. Similarly, drivers or passengers reactions in the car can be studied during test phases and but this data will never be related to you as an individual, nor used in relation to you, as a data subject but used for statistical purposes in order to develop products that are adapted to the highest number of end users
- Valeo has developed a specific protocol to manage the related data collection, the data transfer, the use of the data and the associated confidentiality and security measures etc. This protocol applies to all of those who contribute to vehicle testing
What we do usually do not do: We usually do not use automated decision-making and profiling tools.
7. What legal basis do we have for processing your Personal Data?
We generally collect and process Personal Data to support our business and/or contractual relationships. We may also have legal obligations to fulfil, such as issuing invoices.
We also have legitimate interests in processing Personal Data such as developing business with new clients, promoting new offerings and technologies, ensuring compliance with international regulations such as export control or anti-bribery by carefully selecting our agents or intermediaries, assessing the reliability of our products in real life environment in order to comply with our obligations relating to product safety.
Finally, we obtain consent from the Data Subject we interact with, especially our web site visitors. You can withdraw and manage your consent as described in section 10.
8. How do we share Personal Data?
Valeo is and acts as a global company. As a result, some data may be shared with other Valeo companies for processing. Such data will be subject to the Valeo Data Protection Compliance program and will be treated with the same level of care and attention throughout the Valeo organization.
Where Valeo needs to outsource data to a third party provider, the Data Processor is carefully selected, data processing agreements and international data transfer clauses both consistent with the Global Data Protection Regulation are duly signed.
9. How do we secure Personal Data?
We are committed to ensuring data security, confidentiality and integrity.
Our Global Data Protection Compliance Program includes programs, controls and relevant policies, procedures and guidelines that help us develop and maintain cultural, organizational, physical and technical security measures.
The program includes:
- The Valeo Data Protection General Policy
- The Valeo Business Partner Code of Conduct under which business partners and providers must commit to treat Personal Data as confidential information
- The Data Processor policy which imposes to Data Processors, contractual terms consistent with the European regulation
- The Valeo Policy for International Transfer of Personal Data with International transfer clauses which are mandatory in case of transfer of data outside of Europe
- The Valeo Personal Data Breach Notification Procedure
- A test and pilot products data use protocol
- Non disclosure agreements
- Mandatory training programs
- Tools and methods
- Audits and controls
The program is supported by a Global multidisciplinary team.
In addition, the Data Protection Office, the Information Security Office and the Information System Department collaborate closely to provide adequate security to the Personal Data we process.
As an example, we have specific measures and plans:
- To protect data against accidental loss
- To prevent unauthorised access, use, destruction or disclosure
- To ensure business continuity and disaster recovery
- To restrict access to personal information
- To conduct privacy impact assessments in accordance with the law and your business policies
- To train staff and contractors on data security
- To manage third party risks, through use of contracts and security reviews
We also have:
- Valeo Internal Security Policy
- Valeo Confidentiality Image and Social Media Policy
- Valeo IS Security Policy applicable for external partners
Please note this list is not exhaustive.
10. Your rights in relation to Personal Data
Your first right is to not provide Valeo with personal information. Please note that refusing to provide certain Personal Data may prevent us from fulfilling our obligations or limit your use of the Website and its functionalities and Services if such Personal Data are necessary for such use.
Where the collection of data results from on the road recordings, the recording vehicle provides adequate notices to the Data Subjects which allows them to access the relevant privacy notices issued by the Valeo Group and understand further the purpose of such data collection and how it is processed.
As per GDPR, you also have the right to request:
- Acces to personal information: you can ask to access the following information:
- The purposes of the processing
- The categories of the personal data concerned
- The recipients, or categories of recipients, of the data, if any, in particular any third countries or international organisations
- The length of time that the personal data will be stored for (or the criteria used to determine that period)
- Whether the personal data will be subject to automated processing, including profiling and, if so, the logic and potential consequences involved
- Where the data is transferred to a third country or international organisation, information about the safeguards that apply; Information about the source of the data, if not directly from the data subject
- Withdrawal of consent: you may withdraw consent where it was the basis for processing your personal data
- Correction of your personal data: where personal data is inaccurate you have the right to request/claim that it be corrected and that incomplete personal data be completed based on information you may provide
- Erasure, also known as “the right to be forgotten”: you have the right to require to erase personal data without undue delay where one of the following applies:
- The personal data is no longer necessary for the purpose for which it was collected
- Consent is withdrawn and there is no other legal ground for processing
- The data subject objects to the processing of the personal data
- The personal data has been unlawfully processed
- Processing restriction: you can exercise the right to a restriction of processing of your personal data in one of the following circumstances:
- You contest the accuracy of the data
- You need the data for legal claims
- Automated decision: you have the right to not be the subject of automated decision-making where the decision has a significant effect on you, and can insist on human intervention
- Data portability: you have the right to request/claim that your personal data be provided to you in a “structured, commonly-used and machine-readable format” and to transfer that data to another party e.g. service provider. This applies to personal data for which processing is based on your consent and the processing carried out by automated means. Where feasible, you can also request/claim that the personal data be transferred directly from our systems to those of another provider
- The right of lodging a complaint with the Information Commissioner’s Office: you may file a complaint either with Commission Nationale Informatique et Libertés (French national privacy authority), with Valeo group Data Protection Officer, or the National Agency for Data Protection having jurisdiction in the country where you are located
You can also exercise your right of opposition and unsubscribe from Newsletters thanks to the unsubscribe link located at the bottom of each Newsletter.
You can exercise this right by writing, for legitimate reasons, at our registered office address or by sending an email to firstname.lastname@example.org
As part of the exercise of these rights, you will be asked for a proof of identity document, and if necessary the information needed to process your request.
Please note all requests may not be legitimate nor satisfied.
11. How to contact us?
Should you have questions or concerns about data protection, your personal information, or should you wish to file a complaint, please contact the Valeo Data Protection Officer at: email@example.com
12. Updating of the Privacy notice
Valeo reserves the right to modify this Policy at any time.
You will be informed of any significant modification of this Policy with an “update” notice, with the date of such update.