Stoneridge Global Privacy Policy

Introduction

Stoneridge is committed to the privacy and security of the information you entrust with us. This Privacy Policy explains how we use personal information collected from you when you interact with our websites, or that you otherwise provide to us or that we obtain in the course of our business. We may update this Policy from time to time, so we recommend that you review the terms periodically. Your continued use of our websites or providing your information to us after the changes are communicated will constitute acceptance of the revisions.

Stoneridge is the data controller under applicable data protection law with regard to personal data you provide to us and as to which we determine how it will be used and communicated.  This means that we are responsible for ensuring that your personal data is processed in compliance with this Policy and applicable data protection law.  In addition, Stoneridge processes personal information on behalf of its customers, business and development partners, and others, and in these instances Stoneridge acts as a data processor under applicable data protection laws and will process, store, and communicate that information as instructed.  In addition, our products and services are capable of gathering and processing personal information when used by our customers, but we do not control how our products and services are used by those customers and other end users and therefore are not responsible for their data practices.

This Policy applies to any and all forms of processing of Personally Identifiable Information (or “PII”) in any format or medium, relating to (i) individuals who are or who are affiliated through employment or other similar relationships with customers, prospective customers, suppliers, and service providers with whom Stoneridge does business; or (ii) representatives or contact persons of such customers, suppliers, prospective customers, and suppliers. Because our business is conducted primarily on a business-to-business basis, we control and process limited information of persons in their personal or consumer capacities.  Our policies with regard to the processing of personal information of persons in their role as current or former employees, or potential employees, are separately provided to those individuals.

Stoneridge also provides disclosures about our specific privacy practices and policies applicable to specific products and services.  The additional disclosures supplement this Global Privacy Policy.  When you use those specific products and services, please consult the specific disclosures and policies relevant to them.

Personal Information

As used in this Policy, “Personally Identifiable Information” or “PII” includes any information that, alone or in combination with other information stored or processed by Stoneridge, is sufficient to identify or be associated with a specific individual or household, as well as other information defined as PII by applicable law.  Personally Identifiable Information does not include information to the extent is deidentified and anonymous, nor does it include publicly available information that has not been combined with non-public Personally Identifiable Information.

Depending on where you are located and how you interact with us, your personal data may be collected and used as explained below. You do not need to reveal any personally identifiable information to browse and use our website, but we may require personal information from or about you when you otherwise interact with us.

Our Privacy Practices on this Website

As a rule, the personal data processed by us is provided by you when using this website (the “Site”). The personal data we could collect includes the following categories of data:

  • Name;
  • Contact details, such as email address, address, and phone number;
  • Information relating to customer relationship, such as billing information;
  • Language preferences; and
  • Customer interaction information, customer contacts and replies, contact information including the organization for which you work, all when you provide details through the site.

We also may collect technical data on the use of the Site, which may be associated with you. The technical data we collect includes the following types of data:

  • Time stamps and log data relating to the use of the Service; and
  • Device ID, device type, operating system used and application settings.

We process personal data we obtain in connection with your use of this Site for the following purposes:

Providing service and managing our relationship with you
The primary purpose of collecting personal data is to manage and improve your experience with this Site and to manage and maintain the customer relationship between us and the company you represent.

Marketing & data analytics
We may send you email or other communications to inform you about new features of the Site, ask you for feedback, or provide you other relevant information about our products and services. We may use your information to deliver information to you that, in some cases, is targeted to your interests.  We may ask you to provide us voluntarily with additional information regarding your personal or business interests, experience or requests, which we may use to customise our services for you. We also may use the data provided by you for analyzing and enhancing our advertising, product and service research, testing  and development, marketing, market research, and sales activities. In this respect, processing of personal data is based on our legitimate interest to provide you relevant information regarding our products and services, as well as to develop future services. We provide mechanisms by which you may object to marketing communications (please see section “Your rights” below). You also can unsubscribe to our email communications by clicking at the unsubscribe link at the footer of our newsletters and marketing emails.

Service development and information security
We also process personal data to ensure the security of the Site, to improve the quality of the Site and to develop new features of the Site. In these cases, the processing of personal data is within our legitimate interest to ensure that our Site has an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Service.

Transfers and disclosures of personal data

We may disclose personal data you provide through your use of the Site to third parties:

  • when permitted or required by law, such as to comply with requests by competent authorities or related to legal proceedings;
  • when our trusted service providers provide services to us on behalf of us and under our instructions. Please note that Stoneridge does not sell personal information about you to other people or non-affiliated companies as that term is defined in applicable law. We will control and be responsible for the use of your personal data through our trusted services providers;
  • to entities with which we work in connection with product research and development, testing, and design;
  • if we are involved in a merger, acquisition, or sale of all or a portion of our stock, assets, or business; and
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government or court demand or request.

Transfers of personal data outside the European Economic Area (EEA)

We may transfer the personal data you provide to or through the Site to entities and facilities located  outside of the United Kingdom and the EEA, including the United States of America. As a result, this information may be subject to access requests from governments, courts, or law enforcement in the United States according to its laws.  By submitting information to us, including non-public personal information, you consent to the transmission of your information to and the storage of that information in the United States.  In some cases, those countries have been acknowledged by the European Commission as providing adequate data protection. For other countries, we will employ one of the approved mechanisms to transfer personal data is in place, such as EU Standard Contractual Clauses for the transfer of personal data.

Data Security
We take measures to protect the security of personal information you provide to us through this Site. To protect your information, we use a secure server when you place orders or access your account information. SSL (the secure server software) encrypts your information before it is sent to us. We maintain security , authentication, and access controls to our computer systems. We also take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.

Your rights
Depending on where you reside, you may have a right to access personal data we process about you, to have us disclose to you what types of information we share with other persons or entities, to delete your information, to correct information that we have about you that you believe to be in error and to object to certain types of processing of your information.  However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law.

You have a right to object to certain processing. To the extent required by applicable data protection law, you have a right to restrict data processing.

You may have a right to data portability, that is, the right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.

If your personal details change, if you change your mind about any of your marketing preferences or if you have any queries about how we use your information, please let us know by contacting us (see above).

Children
This website is not designed for children and is not intended to appeal to children. We do not knowingly collect data from children. If you are under 16 years of age, please do not use this website. If a child under the age of 16 has provided us with personally identifying information without parental or guardian consent, the parent or guardian should contact us and we will remove the information.

Links to Other Sites
We may link to other sites and we may display advertisements from third parties on our site. We are not responsible for the content or privacy policies of these sites and third-party advertisers, or for the way in which information about their users is treated. In particular, unless expressly stated, we are not agents for these sites or advertisers nor are we authorized to make representations on their behalf. This Policy only applies to this website; when you link to other websites, you should read those privacy policies.

Cookies

When we provide services, we want to make them easy, useful, and reliable. This sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies.

Cookies are pieces of information that a web site sends to your computer while you are viewing the web site. Cookies allow the website to remember important information that will make your use of that site more useful. Companies use cookies for a variety of purposes. For instance, cookies enable a web site to remember you and to improve your navigation through the web site features. You may choose to have your computer warn you each time a cookie is being sent, or you may choose to turn off all cookies. You do this through your browser settings. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

We use the information we gather to improve the services we provide on the web and ensure the sites we control work properly for our customers. For example:

  • Recognizing that you may already have given us your details so that you do not need to repeat this every time you use the site;
  • Measuring how many people are using the website, so the services and information we provide can be made easier to use, to ensure they are working properly; and
  • Analyzing anonymous statistical data to help us understand how people use our website so we can improve them.

There are two types of cookie you may encounter when using our sites.

  • First party cookies: these are our own cookies, controlled by us and used to deliver the sites as you currently see them. They also form part of how the websites work, so many are essential if you want to view the sites properly.
  • Third party cookies: these are cookies found in other companies’ internet tools which we use. For example, Google own cookies, which are controlled by them.

At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating Do Not Track signals.  Thus, like many other websites and online services, our Online Services are currently unable to respond to Do Not Track Signals.  To find out more about “Do Not Track”, you may wish to visit http://www.allaboutdnt.com.  If and to the extent that global privacy signals enable you to effectively communicate your preferences with regard to use of your personal information in a manner that allows us to authenticate the request, we will endeavor to honor the request communicated through that signal.

Our General Privacy Practices

This section of the Policy describes the general privacy principles that Stoneridge follows with respect to PII that is processed in our business operations. In addition to this Global Privacy Policy, there may be specific campaigns, promotions, products, services, programs, and websites that are governed by additional privacy terms or policies. Stoneridge encourages you to read these additional terms or policies before participating in or utilizing these campaigns, promotions, programs, or websites as the processing of your PII in this context will be governed by those additional privacy terms and policies.

This section of the Policy applies to all forms of processing of PII, in any format or medium, relating to (i) individuals who are customers, prospective customers, suppliers, and prospective suppliers with whom Stoneridge does business or (ii) representatives or contact persons of such customers, suppliers, and prospective customers and suppliers.   This section of the Policy does not apply to our processing of information of Stoneridge employees or prospective employees in their capacities as such; the processing of the PII of employees is disclosed in a separate policy we make available to our employees.

The Policy also does not apply to any information processed about legal entities as such.

As used in this Policy, “Processing” means and includes any operation or set of operations that is performed upon PII , whether or not by automatic means, including collecting, recording, organizing, storing, adapting or altering, retrieval, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, blocking, erasing or destroying, and the verb “to process” shall be construed accordingly.

Categories of Personal Information We Gather and Process

In the course of our relationship with you, we may collect

  • basic identification information, such as your name, title, position, company name, email and postal address, and your telephone or mobile phone number;
  • financial and financial account information;
  • information regarding the status of promotional and marketing efforts;
  • vehicle and equipment performance information;
  • data gathered through our products and services;
  • vehicle identification information (including license plate to the extent it is permitted under applicable law);
  • telematics and tachographic data gathered through our products and services;
  • product warranty registration information and reference numbers; and
  • product performance, warranty, and repair information; and
  • any additional information you voluntarily provide.

In connection with developing, testing, and analyzing the performance of our products and services we may incidentally capture personal information, including images that may contain the likeness of individuals or objects.  We endeavor to anonymize and deidentify that information, and do not further the images for the personal information they may contain.

Collection and Processing of PII

Your PII may be collected whenever Stoneridge:

  • interacts with individuals who are prospective and existing customers, suppliers, or service providers;
  •  interacts with individuals who are representatives or contact persons of prospective and existing customers, suppliers, or service providers that are legal entities (e.g. for the selling or ordering of products or for marketing related purposes);
  • Obtains information as a result of our customers’ use of our products or services; or
  • uses public databases to facilitate the provision of goods or services (e.g. to link a license plate with car identification information).

When processing PII, Stoneridge shall follow these principles:

Notice and Consent

Stoneridge endeavors to inform persons whose PII Stoneridge collects, in accordance with applicable law. This includes providing information about (i) the purposes for which Stoneridge collects and uses the PII, (ii) the types of third parties to which Stoneridge discloses (or may disclose) that PII, and (iii) the choices and means Stoneridge offers the subjects of the PII for limiting the use and disclosure of their PII.

Unless otherwise required under applicable law, Stoneridge will endeavor to provide notice when persons are first asked to provide PII to Stoneridge, or as soon as practicable thereafter.

When you provide PII to Stoneridge, you acknowledge that you have read this Policy and, where required under applicable law, consent to the collection, use and disclosure of your PII in accordance with this Policy and other applicable Stoneridge privacy policies. You may, as provided by applicable law, be free to refuse or withdraw your consent.

Stoneridge, and third parties on its behalf, use the PII collected from you for purposes such as, but not limited to, user registration; product and service development and improvement; administering and tracking a purchase, payment, return, warranty, or rebate; arranging for services; inviting participation in online surveys; requesting feedback on products and services; and otherwise communicating with you through various channels.

Choice

Where required by applicable law, rule, or regulation, Stoneridge will endeavor to offer persons whose PII it possesses an opportunity, where feasible and reasonable under the circumstances, to choose whether their PII is to be (a) disclosed to a third party, or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Stoneridge will endeavor to provide individuals with mechanisms, reasonable under the circumstances, to exercise their choices.

Access and Correction

Where required by applicable law, and upon request or when required or otherwise appropriate, and within periods (if any) set by applicable law, Stoneridge will endeavor to grant individuals reasonable access to the PII that Stoneridge holds about them. Such access may be denied by Stoneridge where the denial is permitted by applicable law and every request from an individual will be assessed on a case-by-case basis. In the event a request is denied, Stoneridge will notify the individual regarding the reasons for denial in writing. Consistent with how your PII is maintained in the ordinary course of Stoneridge’s business, and where required by applicable law, Stoneridge will provide the information in an understandable form. We may impose a reasonable charge when a request is made (e.g., for photocopying or postage) to the extent permitted under applicable law. In addition, where required by applicable law Stoneridge will endeavor to take reasonable steps to permit individuals to correct, amend, or delete PII that is demonstrated to be inaccurate or incomplete. To guard against fraudulent requests for access, Stoneridge may require sufficient information to allow it to confirm the identity of the individual making the request before granting access.

Data Integrity

Subject to any stricter requirements under applicable law, Stoneridge will endeavor to use PII only in ways that are compatible with the purposes for which the PII was collected or in ways that are subsequently authorized by the individual. Stoneridge will endeavor to take reasonable steps to ensure that PII is relevant to its intended use, accurate, complete, and current.

Disclosure and Transfer to Third Parties

Stoneridge does not sell PII to others as that term is defined in applicable law, but may share your PII with subsidiaries or affiliates controlled by Stoneridge, and with third-party service providers that perform services on Stoneridge’s behalf.  Examples of these services include fulfilling orders; sending postal mail and e-mail; analyzing product and service performance and testing data; assisting in the development and improvement of our products and services; complying with applicable laws, rules, regulations, and standards; providing marketing assistance; processing payments; providing customer service; requesting feedback on products and services; and sending you marketing and promotional materials, service updates and reminders.

Stoneridge may buy or sell business operations, subsidiaries, or business units. In these types of transactions, PII is generally one of the business assets that is transferred. That PII remains subject to the obligations stated in any pre-existing Privacy Policy. In the event that Stoneridge or substantially all of its assets are acquired, PII will be one of the transferred assets.

Cross-Border Transfers

Because Stoneridge does business in many countries, PII collected by Stoneridge in one country may be processed in another country, the laws of which may provide different levels of protection from those in the country where the PII was first collected. PII gathered in one country may be subject to access by and disclosure to law enforcement agencies of jurisdictions other than the country where the PII was first collected. Stoneridge also may share PII with organizations and entities that perform services on its behalf, and these organizations and entities may be located in countries other than the country in which the PII was first collected.

Stoneridge will endeavor to obtain appropriate and reasonably enforceable assurances from third parties, including its subsidiaries and affiliates, to which it discloses or transfers PII that these third parties will safeguard PII in a manner consistent with this Policy. When Stoneridge becomes aware that a third party is using or disclosing PII in a manner contrary to this Policy, Stoneridge will endeavor to take reasonable steps to prevent or stop such use or disclosure. To the extent applicable law requires an individual’s consent before disclosing PII to third parties, Stoneridge will endeavor to obtain the individual’s consent prior to such transfer. There may be circumstances where Stoneridge is required to transfer PII without obtaining prior consent, including (i) where required by a court order; (ii) where Stoneridge believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, or safety or property of a person or group of persons; (iii) where it is necessary to establish or collect monies owing to Stoneridge or to complete a transaction with a third party; (iv) where it is necessary to permit Stoneridge to pursue available remedies or limit any damages we may sustain; or (v) where the information is public. When Stoneridge is obliged or permitted to disclose PII, Stoneridge will endeavor not to disclose more than is required.

Sale and Sharing of Your Data

Stoneridge does not sell PII as the term “sell” is defined by applicable law, and does not share your information for the purposes of cross-context behavioral advertising.

Your Rights

You may have additional rights with regard to the information we gather about you.  Upon verifiable written request, we will provide to you information regarding the personal information we gather about you, the types of sources from which we obtain the information, the purposes for which the information is gathered, and the types of third parties with which we share or to whom (if any) we sell the information.  In addition, upon verifiable request or when required or otherwise appropriate, and within periods (if any) set by applicable law, we will grant you reasonable access to the personally identifiable information that we hold about you provided that you establish to our reasonable satisfaction that you are the person whose personal information is requested. We may deny such access where the denial is permitted by applicable law and every request from an individual will be assessed on a case by case basis.  In the event a request is denied, we will notify you regarding the reasons for the denial in writing.  Consistent with how your personally identifiable information is maintained in the ordinary course of our business, we will provide the information in an understandable form, and to the extent feasible in a format that permits you to use the information on other systems. We may impose a reasonable charge when a request is made (e.g., for photocopying or postage) to the extent permitted under applicable law. In addition, we will take reasonable steps to permit you to correct or amend personally identifiable information that is demonstrated to be inaccurate or incomplete. We also will delete personal information we have gathered about you when you make a verifiable request that we do so, except to the extent applicable law permits or requires us to maintain that information.  To guard against fraudulent requests for access, we will require sufficient information to allow us to confirm the identity of the individual making the request before granting access or deleting the information.  We will not discriminate against consumers who exercise their rights under applicable law. However, we may charge different prices or provide a different quality of goods or services if the difference is reasonably related to the value provided by your personal information and may offer financial incentives to an individual for the collection, sale, or deletion of personal information if the individual provides its prior consent to the terms of those incentives.

In addition, residents of the State of California may request a list of all third parties to which we have disclosed certain personal information (as defined by California law) during the preceding year for those third parties’ direct marketing purposes.  If you are a California resident and want such a list, please contact us via the Contact Us information provided below.   For all requests, you must put the statement “Your California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code.  In the body of your request, please provide enough information for us to determine if this applies to you.  You need to attest to the fact that you are a California resident and provide a current California address for our response.  Please note that we will not accept requests via the telephone, and we are not responsible for notices that are not identified or sent properly, or that do not have complete information.

Your Rights in the United Kingdom and the European Economic Area

If you are a resident of the United Kingdom or the European Economic Area, you may have additional rights, including notice of:

  • why and how the relevant Stoneridge entity collects, processes and stores your PII;
  • what its role as “controller” of your PII involves; and
  • what your rights and our obligations are in relation to this processing.

Definitions

For the purposes of this section of the Policy, the following definitions shall apply:

“Controller” generally means the legal entity that determines the purposes (i.e. why) and the means (i.e. how) of the processing of PII under this Policy.

“Personally Identifiable Information” or “PII” means any information that constitutes “personal data” under the GDPR or the UK GDPR, namely any information relating to an identified or identifiable natural person.

“Processor” means a natural or legal person that processes PII on behalf of the Controller. Stoneridge’s processors may be Stoneridge subsidiaries, affiliates or third-party suppliers and service providers. Stoneridge will conclude a data processing agreement with its Processors to ensure your PII is processed in accordance with the GDPR.

Controller

Stoneridge companies operating in the United Kingdom or the EEA are made up of different legal entities.  When we mention “Stoneridge,” “we,” “us,” or “our” in this section of the Policy, we are referring to the relevant Stoneridge legal entity in the United Kingdom or EEA that determines the purposes and means of processing your PII under this policy.

Collection of PII

Your PII may be collected whenever Stoneridge:

  • interacts with individuals who are prospective and existing customers or suppliers;
  •  interacts with individuals who are representatives or contact persons of prospective and existing customers or suppliers that are legal entities (e.g. for the selling or ordering of products or services or for marketing related purposes; or
  • uses public databases to facilitate the provision of goods or services (e.g. to link a license plate with car identification information).

Categories of PII Collected

We may collect:

  • basic identification information, such as name, title, position, company name, email and postal address and your telephone or mobile phone number;
  • financial information (e.g. bank account details, credit card information);
  • information regarding the status of direct marketing emails (e.g. not delivered, delivered, opened);
  • vehicle identification information (including license plate to the extent it is permitted under applicable law);
  • telematics and tachographic data gathered through our products and services;
  • product warranty registration information and reference numbers; and
  • any additional information you voluntarily provide, (e.g. by filling in a form or registering for an email newsletter).

This information may either be directly provided by the above individuals or provided by the legal entity for whom they work (e.g. if they are the contact person designated by their employer to manage the commercial relations with Stoneridge).

Please note that in some countries, car identification information may also be obtained from publicly accessible sources to which we have access to link the license plate with the car identification information.

Consequences of a Refusal to Provide PII

You are not subject to any legal obligation to provide your PII to Stoneridge. However, access to and use of any goods or services provided by us may not be able to commence or continue if you do not provide such PII.

Purposes of the Processing

Stoneridge, and Processors acting on its behalf, process the PII collected from you for a specific purpose and only process the PII that is relevant to achieve that purpose.

We process PII to:

  • undertake sales and procurement activities relating to our products and services;
  • market our products and services;
  • administer our customers and suppliers (e.g. user registration, account opening, credit checks);
  • manage and enhance the relationship with our customers and suppliers;
  • supply our products and services to our customers (e.g. administering and tracking a purchase, payment, return, warranty or rebate; managing billing and invoicing; arranging for services);
  • prepare and manage contracts with our customers and suppliers;
  • measure consumer interest in our various products and services;
  • improve our existing products and services (or those under development) by means of customer and non-customer surveys, statistics and tests, or requesting feedback on products and services;
  • improve the quality of services taking into account preferences in terms of means of communication (phone, email, etc.) and frequency;
  • periodically send promotional emails about our products, special offers and information that the company for which you work may find interesting, using the email address provided by you or for you (if any);
  • otherwise communicate with you through various channels, (e.g. by periodically sending you promotional emails about our products, including special offers and information);
  • monitor activities at our facilities, including compliance with applicable policies as well as security, health, and safety rules;
  • manage and monitor our IT resources, including infrastructure management and  business continuity;
  • manage our archiving and records;
  • track our activities (measuring sales, number of calls, etc.);
  • preserve the company’s economic interests;
  • reply to an official request from a public or judicial authority with the necessary authorization; and
  • manage legal and regulatory requirements, defend our legal rights and prevent and detect crime, including regular compliance monitoring.

Legal Basis of the Processing

We may process PII if we have a valid legal ground to do so. Therefore, we process PII to the extent:

  • we have obtained your prior consent;
  • the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
  • the processing is necessary to comply with our legal or regulatory obligations (e.g. tax or accounting requirements); or
  • the processing is necessary for the legitimate interests of Stoneridge and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your PII on this basis, we seek to maintain a balance between our legitimate interests and your privacy.Examples of such ‘legitimate interests’ are:
    • to buy products and services from our suppliers or from potential suppliers;
    • to offer our products and services to our customers or prospective customers;
    • to benefit from cost-effective services (e.g. we may decide to use certain platforms offered by external suppliers to process data);
    • to better manage and administer the relationships with the customers and their data;
    • to improve the quality of our products and services by taking into account customers’ experiences, recommendations, and preferences;
    • to measure the customers’ interest in Stoneridge products and gain a better understanding of Customer interaction with the marketing emails, including by performing statistical and other research and analysis of data with respect to the status of the emails (e.g. not delivered, delivered, opened);
    • to enable Stoneridge to offer advertising and offers tailored to its customers so that Stoneridge can market its products better;
    • to prevent fraud or criminal activity, misuses of our products or services, as well as the security of our IT systems, architecture and networks;
    • to sell any part of our business or its assets or if substantially all of our assets are acquired by a third party, in which case PII could form part of one of the assets we sell; and
    • to meet our corporate and social responsibility objectives.

Third-Party Recipients

We may transfer PII to our employees (to the extent they need it to perform their tasks) and other Stoneridge affiliates. Such other companies will either act as another controller (in which case you will be separately informed about this processing) or only process PII on behalf and upon request of the Controller (thereby acting as a Processor).

In addition, we may also transfer your PII to third party Processors that are not Stoneridge affiliates to complete the purposes listed above, to the extent they need it to carry out the instructions we have given to them.

Such third-party Processors include:

  • our IT service providers, cloud service providers and database providers;
  • our consultants, suppliers, and service providers that assist Stoneridge in developing, engineering, improving, and testing our products and services; store and analyze the PII; conduct user and consumer ratings, reviews, and surveys; communicate with you on Stoneridge’s behalf; process and fulfill transactions, including purchases and installations and other vehicle services; and as otherwise necessary to provide promotional communications or services to customers.

Your PII may also be disclosed to:

  • any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
  • any local, national, or international regulatory, enforcement, or exchange body or court where we are required to do so by applicable law or regulation or at their request; and
  • any central or local government department and other statutory or public bodies.

Transfers outside the United Kingdom and the European Economic Area

The PII transferred within or outside Stoneridge may also be processed in a country outside the United Kingdom and the EEA.

If your PII is transferred outside the United Kingdom or the EEA, we will enter into authorized standard contractual clauses prior to such transfer to ensure the required level of protection for the transferred PII. You may request additional information in this respect and obtain a copy of the relevant safeguard we have put in place by exercising your rights as set out below (see section “Your Rights”).

PII Retention

We will retain your PII for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The criteria we use to determine retention periods for PII include: the purposes for which the PII is collected, legal statutory limitation periods, retention periods imposed by law, applicable contractual requirements and relevant industry standards.

Your Rights

You have a right of access to your PII as processed by Stoneridge under this Policy. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction thereof. Stoneridge will promptly correct any such information.

You also have the right to:

  • request the erasure of your PII;
  • request the restriction of the processing of your PII;
  • withdraw your consent where Stoneridge obtained your consent to process PII (without this withdrawal affecting the lawfulness of processing prior to the withdrawal);
  •  object to the processing of your PII for direct marketing purposes; or
  • object to the processing of your PII for other purposes in certain cases where Stoneridge processes your PII on another legal basis than your consent.

Stoneridge will honor such requests, withdrawals, or objections to the extent required under the applicable data protection rules.

In addition, you also have the right to data portability. This is the right to obtain the PII you have provided to Stoneridge in a structured, commonly used and machine-readable format and request the transmission of such PII to you or a third party, without hindrance from Stoneridge and subject to your own confidentiality obligations.

Contact Information

For further information about this Policy or our privacy practices, or to exercise your rights under this Policy, or if you have any questions or are not satisfied with how Stoneridge processes your PII, or to request changes or corrections to personal information maintained by Stoneridge, please contact:

Stoneridge, Inc.
39675 MacKenzie Drive, Suite 400
Novi, Michigan, USA 48377
privacy@stoneridge.com
001 248 419 0407