By means of this Privacy Policy, we hereby advise you of the collection, processing and use of your personal data as a result of the use of CUPRA PASSPORT.
CUPRA PASSPORT offers you information about the condition of your vehicle, and the option to create a condition report. This report contains details and information relating to the equipment, functions, consumption and age of your vehicle, which may in turn be considered personal information in accordance with EU Regulation 2016/679, on Data Protection (GDPR) and Law 3/2018 on the protection of personal data and the guarantee of digital rights.
The volume and type of information available in CUPRA PASSPORT will depend on the information that CUPRA may provide at any moment, and the extra information that you have added or may add as the data subject directly or via a third party.
It will only be possible to log in to CUPRA PASSPORT using your CUPRA ID. Please check the information on data protection for CUPRA ID in the event of doubts. The vehicle report will be available in Web and App format, and in a PDF file that can be shared through a public link. CUPRA does not accept responsibility for any complaints regarding the violation of their data protection rights as a result of having shared the information or file with unauthorised third parties, and therefore we ask you to make good use of this.
1. Who is the data controller of your data?
Identity of the controller: | SEAT, S.A.U, with TIN A-28049161 (CUPRA) |
Address: | Autovía A-2, Km. 585, 08760 Martorell (Barcelona) SPAIN |
E-mail: | customercare@cupraofficial.com |
2. What sort of data de we process and where does it come from?
We advise you that, as a general rule, CUPRA provides the data in CUPRA PASSPORT because you have a CUPRA vehicle and because you have linked your vehicle via the App and because you have activated your vehicle's online services.
As part of this service, CUPRA will provide you with the following information relating to your vehicle identification number (VIN):
- Vehicle technical data: Vehicle catalogue and static information (vehicle model and type, year/age, fuel type, engine power, vehicle equipment settings, interior and exterior finish and design...)
- Vehicle dynamic data: Updated information about the condition, consumption and vehicle notifications (for example, mileage, battery...) based on the notifications generated by your vehicle when it is connected and has online services activated.
- Data from the service log records: (regular service inspections, repairs under warranty and not under warranty).
3. What is the purpose of the processing and what are the applicable legal grounds?
CUPRA will process your personal data in order to offer you the content shown in CUPRA PASSPORT. The purpose of the processing of your data is to provide you with summarised information regarding the condition of your vehicle via CUPRA PASSPORT, so that, in this way, you can document its condition, history and check the records kept on your vehicle.
As a general rule, we hereby notify you that CUPRA may use your data in accordance with the provisions of the General Data Protection Regulation (GDPR) based on one or more of the following enabling legal grounds:
- When your prior consent has been obtained (Art. 6.1.a)
- When it is necessary to satisfy or execute a contract with you or to satisfy pre-contractual measures with you. (Art. 6.1.b)
- When it is necessary to comply with a legal obligation by virtue of the EU legislation or the law of an EU Member State. (Art. 6.1.c)
- When it is necessary to protect your vital interests or those of another person (Art. 6.1.d.)
- When it is necessary for the performance of a task performed in the public interest or in the exercise of the official authority that has been granted to us (Art. 6.1.e)
- When it is necessary to safeguard the legitimate interests of CUPRA or of a third party, unless your interests or fundamental rights and freedoms prevail, requiring the protection of personal data, in particular in the case of a child (Art. 6.1.f)
In this case, the legal grounds for the processing of your data are the execution of a contract when you accept the terms and conditions of use on contracting CUPRA PASSPORT.
Lastly, we notify you that, no automated decision-making, enrichment or profiling based on your personal data take place with this processing of personal data.
4. How long do we keep your data?
CUPRA will process your personal data for the time required to comply with the terms and conditions of the contract with CUPRA PASSPORT, and, in any case, as a general rule, for a maximum of 10 years and as long as you do not request their deletion. After this period, your data will be duly blocked until they are finally deleted.
5. How are your data protected and who are the recipients of your data?
CUPRA guarantees that your data will be processed with absolute confidentiality, undertaking to observe secrecy with respect to the data and guaranteeing the duty to keep them, adopting all the necessary and reasonable measures to prevent their alteration, loss and unauthorised processing or access, in accordance with that established in the applicable law. Our security measures are updated and revised continuously to improve them in accordance with the latest technological advances.
As a general rule, CUPRA will not disclose your personal data to third parties unless this is in order to comply with a legal obligation. Nevertheless, CUPRA as the approved manufacturer of the vehicle will be bound, at the request of the competent Authorities, to process and disclose certain data stored in the vehicle relating to the owner of the vehicle. Some of these obligations may be derived from investigations into crimes, in the event of traffic accidents, the control of second-hand vehicle sales, etc. The processing and disclosure of data to the Authorities is covered under the compliance of a legal obligation (Art. 6. 1 c) General Data Protection Regulation), as the vehicle manufacturer.
Lastly, in order to be able to offer the services described, we require the support of service providers. These third parties may have access to your data and will act on our behalf, observing our instructions, and in no event will have access to your data for their own purposes.
6. Are you data transferred outside the European Economic Area?
As a general rule, your data will be processed within the European Economic Area. Nevertheless, some of our providers may process your data outside the European Economic Area such as, for example, Amazon Web Services, the provider of our virtual infrastructure in accordance with a “cloud computing” model. This entity has their registered address in the United States of America. Pursuant to the applicable regulations, SEAT regularises the relationship with these providers in order to guarantee and maintain the level of protection in accordance with European Standards under which, if the level of the country receiving the data is not considered adequate, the relation with the recipient third party will be regularised via the corresponding Contractual Provisions adapted by the European Commission, the content of which can be consulted here
7. What are your rights as the data subject?
Your rights as the data subject are indicated below:
Limitation | You may request the limitation of the processing of your data in the following cases:
|
Portability | You may receive, in electronic format, the personal data which you have provided and those which have been obtained from your contractual relation with CUPRA, and transfer then to another entity. |
The exercise of these rights is free except in the case of clearly unfounded or excessive requests. In the event of reasonable doubt regarding your identity, you may be asked for additional information so that CUPRA can confirm your identity and respond accordingly to your right.
8. How can I exercise my rights?
You may exercise your rights by sending a written request to SEAT, S.A.U. [Department: Digital Business and Product Strategy], Autovía A-2 Km. 585, Martorell (Barcelona) or to the e-mail address customercare@cupraofficial.com. The exercise of these rights does not involve any costs unless their exercise is unfounded or excessive.
In the event that you believe that CUPRA has not processed your personal data in accordance with the applicable legislation, you may submit a claim to the Spanish Data Protection Agency (via the web page www.aepd.es or competent control authority.
9. Data Protection Officer
if you have any queries regarding data protection or wish to contact our data protection officer ("DPO"), you may do so by sending an e-mail to dataprotection@seat.es.
May 2023