This policy was last updated 18 July 2022 and is effective from 18 July 2022.
This Policy covers any Personal Data we collect in connection with your use of www.carconnectivity.org (the “Website”), where you can
- Learn more and request for information and content about the CCC’s benefits and technologies
- Apply to be a CCC member or developer
- Find our technical standards
- Access our developer portal, tools and process documents for developing and testing devices, developing and testing applications, reporting test results, reporting bugs, and requesting support (“Other Tools”)
- Register for CCC-run events (e.g. webinars).
You can navigate to the relevant sections of the policy by clicking the links below:
- About us
- What data do we collect about you?
- How do we use your Personal Data and on what grounds?
- Marketing Communications
- Who do we share your Personal Data with?
- Will my Personal Data be sent abroad?
- Your rights over your Personal Data
- How long do you keep my Personal Data?
- How do you keep my Personal Data secure?
- Third Party Website
- Contact us
IMPORTANT: IF YOU ARE BASED OUTSIDE OF THE EUROPEAN UNION OR CALIFORNIA
Some of these provisions here, particularly your rights in respect of your data, will only apply if you are an individual based in the EU or the state of California. We have highlighted these sections as relevant.
For the purposes of applicable data protection laws, Car Connectivity Consortium, LLC, a company incorporated in Oregon, USA with its registered address at 3855 SW 153rd Drive, Beaverton, OR 97003 USA is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.
WHAT DATA DO WE COLLECT ABOUT YOU?
When you access or receive the CCC Services, we may collect a variety of Personal Data about you, including:
Personal Data that you provide to us directly
The CCC primarily collects Personal Data provided by you directly when you receive or request the CCC Services. For example, we may receive your name, address, telephone number, company name, job title, e-mail address and any other information that you voluntarily submit to us (e.g. special access or dietary requirements for events) when you register for an account on our Website, agree and accept license terms for specifications, sign up for the CCC Community, subscribe to our newsletter, sign up to or attend our events, or raise an enquiry/correspond with us face to face, through phone, email or our online contact form.
We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide to you.
Personal Data received from other sources
We may also receive information about you from:
- publicly available sources (e.g. LinkedIn or your profile on your company website, if you provide this information in your member/developer profile)
- our third party service providers providing the CCC Services on our behalf (see “Who do we share your personal data with?” below)
- Automatically collected technical information regarding your visitsto the Website including, but not limited to, IP addresses, traffic data, location data, weblogs and other communication data.
HOW DO WE USE YOUR PERSONAL DATA AND ON WHAT GROUNDS?
We will only use your personal data if we have a permitted lawful basis to do so. The primary purpose for which we collect information about you is to provide members and developers with services to support the technologies developed by the CCC (e.g. what you need to develop Digital Key devices and applications). We also collect information about you for the following purposes:
To perform our contract with CCC Members (i.e. to provide you with our services and resources if you sign up to be a CCC member or developer)
- To process membership applications
- To provide members with their membership benefits, e.g. enable participation in CCC work groups, online collaboration with other members and signing up to related email lists
- For continuity of service, (e.g. to restore your membership if you are coming back after a long break). This will be in accordance with our data retention practices (see “How long do you keep my data?” below)
- To provide you with information, products or services that you request from us
- For handling contacts, queries, complaints or disputes.
To perform our contract with individuals who subscribe to the CCC Community (subscription to the CCC Community does not constitute membership in CCC)
- To manage and operate the CCC Community
- To otherwise develop, operate, improve, deliver, promote, maintain, and protect the CCC Community
- To send you our newsletter and to manage your subscription to our newsletter
- To notify you of CCC news, activities, programs, events, meetings, conferences, services, and products.
- For CCC’s own internal record keeping (e.g. to determine the parties to clickthrough licenses)
- To enforce our clickthrough licenses, to comply with legal requirements, and to protect or exercise our legal rights or defend against legal claims.
For our legitimate interests
- For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles
- To ensure network and information security in the CCC Services and your Personal Data
- For improving existing services and developing new products and services
- For promoting, marketing and advertising our services
- Protecting the CCC and our members/users by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to the CCC
- To effectively handle any legal claims or regulatory enforcement actions taken against the CCC
- To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable service
- Making important communications about your membership
- For keeping you informed of CCC events and activities (only in certain circumstances, see “Marketing communications” below)
- Maintaining our membership database.
To comply with our legal obligations
- To help prevent fraudulent activity, including on your account (for example, if we collect your card details we will check these details with credit agencies and reserve the right to refuse to make available the CCC Services if, for example, the card details provided are reported to be fraudulent or credit agencies report the activities as being fraudulent)
- To monitor and record telephone calls for training purposes and to improve the Service to you
- To comply with our legal and regulatory obligations (including under applicable data protection laws)
- For preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
- To fulfil our duties to our members, colleagues and other stakeholders.
We may also (where required by law) use your Personal Data for marketing purposes with your consent (see “Marketing communications” below).
Where you are a CCC member or have subscribed to the CCC Community, we may also use your Personal Data to keep you updated about CCC events and activitiesthrough marketing communications.
This means we may use your contact information to contact you by email with announcements and newsletters regarding information that we think may be of interest to you.
If you are based in the EU, we will only make marketing communications if you have given your consent to do so
if you are a developer using your individual, sole trader or partnership (rather than company employee) email address.
You have the right to withdraw your consent to these activities at any time, which will mean (unless we have another lawful basis to continue using your data) that we will cease to use your Personal Data for these marketing purposes.
If you wish to stop receiving marketing emails from the CCC, you can do so by contacting the CCC at contact information below or changing your communications preferences in your member portal (under “User Settings” and “Manage Your Email Subscriptions”).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may disclose the Personal Data that we collect with the following third parties:
- Our third party providers of our business and operational services. These parties are authorized to process your Personal Data on our behalf and pursuant to our instructions, and only as necessary to provide the CCC Services.
- Providers of payment processing and accounting, as necessary to process payment (such as Paypal)
- Providers of the support tools and systems available on our Website
- Providers of Association Management services (in particular Vital Technical Marketing, Inc., “VTM”, who operate our member/developer portals on the Website)
Please note that the member/developer portal systems on the Website use a shared sign-on system. This means that your name, email address and company name will be shared between Comarch and VTM as our external providers of these systems, as this enables you to use one set of log-in details to access all member/developer features of the CCC Services.
- Any potential or actual third party buyer of our business and/or assets in the event that we sell, trade or license ownership of any part of the CCC business or assets (including management of the Website)
- Third parties we may be required to disclose such personal data to in order to comply with our legal obligations, to enforce our legal rights or to protect our members, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies or emergency services.
WILL MY PERSONAL DATA BE SENT ABROAD?
Our main database is located in the U.S. and we collect, store and process the information from our Website and Other Tools in both the U.S. and the EU. This means that if you are outside the U.S., then your Personal Data may be transferred abroad to a country with different data protection laws. By providing your Personal Data in connection with the CCC Services, you agree to this potential international transfer of your Personal Data.
If you are based in the EU, we will ensure that such transfers are made subject to appropriate safeguards as required by applicable data protection laws to ensure that a similar degree of protection is afforded to your personal data, including by ensuring that overseas recipients of your data have been self-certified under the Privacy Shield framework or through the use of EU Commission approved standard contractual clauses. You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us (see “Contact Us” below) and the Privacy Shield scheme at www.privacyshield.gov.
YOUR RIGHTS OVER YOUR PERSONAL DATA
You can exercise all the rights applicable to you by contacting us (see details in the “Contact Us” section below) or submitting an online enquiry form on our Website.
If you are based in the EU
You may, in circumstances, have the following rights in relation to the Personal Data we hold about you.
You can request to:
- access a copy of the information held about you
- rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.
You can also update any incorrect contact information yourself by updating your profile information in the member’s portal or by email@example.com.
- delete, restrict or remove the data we hold about you
- transfer the data we hold about you to another party
- object to any further processing of your data, if we are processing your Personal Data on the basis of our legitimate interests (see “How do we use your personal data and for what grounds” above), or for direct marketing.
We will endeavor to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:
- refuse your request based on the exemptions set out in the applicable data protection laws.
- request for proof of your ID to process the request or request further information
- charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests.
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If we have shared your data with others, we will tell them about your request to rectify, erase, restrict or object to the processing where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence.
If you are based in California
Your Rights and Choices
As a California resident, you may be able to request to exercise the following rights:
- The Right to Know any or all of the following information relating to your Personal Information we have collected and disclosed in the last twelve (12) months, upon verification of your identity:
- The specific pieces of Personal Information we have collected about you;
- The categories of Personal Information we have collected about you;
- The categories of sources of the Personal Information;
- The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of Personal Information we have sold and the categories of third parties to whom the information was sold; and
- The business or commercial purposes for collecting or selling the Personal Information.
- The Right to Request Deletion of Personal Information we have collected from you.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
- The Right to Opt Out of Personal Information Sales to third parties now or in the future.
The CCC will not sell your personal information at any time. We do not sell the personal information of consumers.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
Calling us at +1.503.619.1163
Emailing us at firstname.lastname@example.org
We will need to verify your identity before processing your request, which may require us to request additional Personal Information from you. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process Personal Information, for example, if you submit a deletion request, we may no longer be able to provide you our products and services or engage with you in the same manner.
Other California Privacy Rights
In addition to the information provided in this California Notice, under California’s “Shine the Light” law (Civil Code Section § 1798.83), permits users of our Website that are California residents to request certain information regarding our disclosure of personal information (as defined in the statute) to third parties for their direct marketing purposes. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year. To obtain this information, please contact us by sending a letter or calling us at the contact information below. You may also submit a contact form electronically through the Website.
If you are based anywhere else
The CCC acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe.
Upon request, the CCC will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.
HOW LONG DO YOU KEEP MY DATA?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
HOW DO YOU KEEP MY PERSONAL DATA SECURE?
We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and service providers (described in “Who we share your data with” above) who need to know the information to operate, develop, or improve the CCC Services.
We retain your Personal Data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. We retain Personal Data collected through the Platforms we process for as long as needed.
THIRD PARTY WEBSITE
The CCC Services are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. Children under 13 should not use the Website or Other Tools. California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information, please see the California Notice above for more information.
Address: Car Connectivity Consortium, 3855 SW 153rd Drive, Beaverton, OR 97003 USA