Valeo Personal Data Protection General Principles
Valeo Privacy notice
As a global automotive company, Valeo continuously develops and maintains relationship with clients, suppliers, prospects, employees, candidates, students and other stakeholders. For purely business related purposes, Valeo needs to gather, store and use some of their Personal Data.
Valeo also develops products that may collect, use and transfer Personal Data (drivers, passengers, pedestrians….). In very rare occasions, Valeo may act as data processor.
In any event, Valeo is committed to processing Personal Data in compliance with Data Protection Regulations including the recent European Global Data Protection Regulation (GDPR) and to respecting the rights of Data Subjects.
Valeo policy is to collect Personal Data in a fair, lawful and transparent way, to use it for legitimate purposes only, to implement measures to protect its integrity, to retain it for no longer than necessary and to fully support the exercise of their rights by Data Subjects.
Where Valeo needs to outsource European Personal Data Processes and/or to transfer European Personal Data outside of the European Union, the selected Data Processors must comply with the Data Protection laws and Valeo Data Protection Contractual terms and instructions. They include Valeo’s requirements in terms of Data Breach, Data Subject rights or claims management and the prohibition of using unapproved sub processors. International transfer clauses are also signed as legally required.
When Valeo develops, engineers and manufactures products that may trigger Data Protection obligations under the GDPR, Valeo takes Privacy and Security by Design into account at the time of engineering and developing such products. The Data Protection obligations where applicable are described in the related product Data Protection specifications, thus allowing the customer to fully understand the actions taken to comply with regulation.
To ensure the proper development and safety of our products, Valeo’s prototypes, at the stage of engineering have to be tested. Some of these tests and pilots may need to be conducted in real life environment and may involve drivers, passengers or pedestrian data collection. Data is collected, analyzed and used for testing only, in relation to the technology under development within a specific Data Protection framework meant to protect Data Subjects.
The above commitments are supported by the Valeo Data Protection Compliance Program that encompasses numerous policies, procedures, tools, forms and contractual clauses as well as a detailed training and awareness program. Valeo whistleblowing System is also available to anyone who has reason to believe that the Valeo Data Protection Compliance Program is not being complied with or wants to report potential violations of this program in the law.
The Global Data Protection Officer can be reached for any request, question, or claim at: Dpo.external@valeo.com .
The current notice aims at informing Valeo’s stakeholders and business partners of Valeo’s overall approach to Data Protection. It provides them with indication as to their rights and the way their Personal Data is processed and protected.
This notice applies to the data collected in particular as part of our contractual or precontractual relationships, during the recruitment process or during some innovative products pilot or test phases.
Valeo is a global company operating in 30 countries.
Mrs. Catherine Delhaye is Valeo Global Data Protection Officer. She is based at the Paris headquarters and can be contacted here: Valeo Management Services 43, rue Bayen 75848 Paris Cedex France
dpo.external@valeo.com
We collect and process the contact details and information necessary to conduct our activities and to develop or maintain business and contractual relationship in a business to business environment.
The personal information we process mostly relates to employees, candidates, clients, suppliers, vendors, stakeholders, journalists, intermediaries, banks or financial institutions and/or from administrations and authorities.
We usually do not collect, nor process private life related data.
We collect personal data most of the time, directly from our business partners’ representatives, such as:
Where we need to conduct due diligence in support of a selection process, we make sure to obtain relevant data from third party specialists and lawful sources. No automated decision is ever made on the basis of such due diligence.
We receive data through the Valeo whistleblowing system which is available to Valeo employees and to Valeo stakeholders. It is governed by Valeo detailed Whistleblowing procedures. The name of the whistleblower and the name of reported or mentioned persons are considered highly confidential. They are stored on a totally separate in house server and only shared on a need to know basis, subject to an individual Non Disclosure agreements. The results of investigations are handled with the same level of care.
We may finally collect data in the context of tests and pilots or our products during their development phases.
Most Personal Data is processed and managed by Valeo employees, located in your country or in any country where Valeo operates. Irrespective of their location, all Valeo entities are subject to the Valeo detailed Data Protection Program. Some employees, such as HR employees or internal auditors and investigators, are particularly trained and aware of the sensitivity of certain data.
Where Valeo needs to use sub contractors or Data Processors, the latter are bound, by the necessary terms and conditions and can only use the data for clearly identified purposes. Their personnel is subject to strict Non disclosure agreements and training.
Where Valeo needs to transfer Personal Data outside of the European Union, all necessary safeguards are implemented to maintain the protection of individuals’ Personal Data.
Valeo is not involved in any Personal Data transaction nor business; We do not sell personal data to third parties. As an example, if names and phone numbers have to be temporarily made available to a third party, an organizer for instance, it is temporary and for a specific reason and period of time; the third party having undertaken to destroying the Personal Data at the end of the event.
Valeo will keep your Personal Data in a secure environment for the time necessary to achieve the purposes for which it was collected or during the minimum retention period provided by the applicable legislation including civil, criminal and commercial law.
Personal Data may be used in relation to:
We generally collect and process Personal Data to support our business and/or contractual relationships. We may also have legal obligations to fulfil, such as issuing invoices.
We also have legitimate interests in processing Personal Data such as developing business with new clients, promoting new offerings and technologies, ensuring compliance with international regulations such as export control or anti-bribery by carefully selecting our agents or intermediaries, assessing the reliability of our products in real life environment in order to comply with our obligations relating to product safety.
Finally, we obtain consent from the Data Subject we interact with, especially our web site visitors. You can withdraw and manage your consent as described in section 10.
Valeo is and acts as a global company. As a result, some data may be shared with other Valeo companies for processing. Such data will be subject to the Valeo Data Protection Compliance program and will be treated with the same level of care and attention throughout the Valeo organization.
Where Valeo needs to outsource data to a third party provider, the Data Processor is carefully selected, data processing agreements and international data transfer clauses both consistent with the Global Data Protection Regulation are duly signed.
We are committed to ensuring data security, confidentiality and integrity.
Our Global Data Protection Compliance Program includes programs, controls and relevant policies, procedures and guidelines that help us develop and maintain cultural, organizational, physical and technical security measures.
The program includes:
In addition, the Data Protection Office, the Information Security Office and the Information System Department collaborate closely to provide adequate security to the Personal Data we process.
As an example, we have specific measures and plans:
Your first right is to not provide Valeo with personal information. Please note that refusing to provide certain Personal Data may prevent us from fulfilling our obligations or limit your use of the Website and its functionalities and Services if such Personal Data are necessary for such use.
Where the collection of data results from on the road recordings, the recording vehicle provides adequate notices to the Data Subjects which allows them to access the relevant privacy notices issued by the Valeo Group and understand further the purpose of such data collection and how it is processed.
As per GDPR, you also have the right to request:
Access to personal information: you can ask to access the following information:
Withdrawal of consent: you may withdraw consent where it was the basis for processing your personal data
Correction of your personal data: where personal data is inaccurate you have the right to request/claim that it be corrected and that incomplete personal data be completed based on information you may provide
Erasure, also known as “the right to be forgotten": you have the right to require to erase personal data without undue delay where one of the following applies:
Processing restriction: you can exercise the right to a restriction of processing of your personal data in one of the following circumstances:
Automated decision: you have the right to not be the subject of automated decision-making where the decision has a significant effect on you, and can insist on human intervention
Data portability: you have the right to request/claim that your personal data be provided to you in a “structured, commonly-used and machine-readable format” and to transfer that data to another party e.g. service provider. This applies to personal data for which processing is based on your consent and the processing carried out by automated means. Where feasible, you can also request/claim that the personal data be transferred directly from our systems to those of another provider
The right of lodging a complaint with the Information Commissioner’s Office: you may file a complaint either with Commission Nationale Informatique et Libertés (French national privacy authority), with Valeo group Data Protection Officer, or the National Agency for Data Protection having jurisdiction in the country where you are located
You can exercise this right by writing, for legitimate reasons, at our registered office address or by sending an email to dpo.external@valeo.com
As part of the exercise of these rights, you will be asked for a proof of identity document, and if necessary the information needed to process your request.
Please note all requests may not be legitimate nor satisfied.
Should you have questions or concerns about data protection, your personal information, or should you wish to file a complaint, please contact the Valeo Data Protection Officer at: dpo.external@valeo.com
Valeo reserves the right to modify this Policy at any time.
You will be informed of any significant modification of this Policy with an “update” notice, with the date of such update.