PRIVACY POLICY

1.1 The privacy of your Personal Data is of the utmost importance to us. This Privacy Policy covers and is designed to help you understand how we process information that we collect about or from you, how it is used by us, how we share it with others, how we manage the information we hold and how you can contact us.

1.2 This is our main Privacy Policy which describes how we use your Personal Data that we collect as part of our business activities. We may provide you with supplemental privacy notices tailored to our specific relationships with you where this is helpful to you. This Privacy Policy does not apply to job applicants or employees, workers or contractors as the way we collect and use their personal data is governed by separate privacy notices.

1.3 This Privacy Policy is issued on behalf of the Pirelli Group companies within the United Kingdom. When we refer to “Pirelli”, “we”, “us” or “our”, we are referring to the company in the UK Pirelli Group that will be responsible for your Personal Data. Your relationship with us will determine which of our group companies has access to and processes your Personal Data and which of our group companies are the “Data Controllers”. A list of the UK registered Pirelli Group companies is available here. Usually the Data Controller will be the member of Pirelli that originally collects Personal Data from or about you however, depending on our relationship with you, we may provide you with further information in separate privacy notices tailored to our relationship. For more information about the specific company or companies that have access to or are responsible for your Personal Data, including the relevant companies that are the Data Controllers of your Personal Data, please contact us using the details provided in section 12 below.

2.1 We collect personal data, which under applicable data protection legislation, complies with the retained EU law version of the General Data Protection Regulation 2016/679 and the Data Protection Act 2018, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (also referred to as the "GDPR"). This includes information that can be used to identify you, including some or all of the following: your first and last name, address, phone number, date of birth, email address, vehicle information (including registration number, VIN, the vehicle’s make and model, service reminders, the use of the vehicle and mileage), the date and time you purchased any of our products or services and from who, device information, images and videos of you at any of our marketing events, CCTV, GPS information, your IP address, the pages you visited on our website, your social media profile/ accounts, voice recordings of calls to and from us (including our contact centre), any information within correspondence you send to us and, where you contact us in the course of a business or trade, we may collect your job title, company contact details and other company details (hereinafter as "Personal Data").

2.2 We collect your Personal Data when you use our website, applications, attend any of our events, purchase our goods or services or when you contact or interact with us, which includes sales and marketing activities.

2.3 We also obtain Personal Data from Pirelli & C. S.p.A. and/or any of its subsidiaries incorporated in Europe (“Group Companies”) and other third parties including, for example, companies that handle services on our behalf, authorised dealers or sellers of our products or services,government departments or public directories. We may also request additional information from you in certain circumstances. When we receive this information we add it to the information we already hold about you in order to help us make sure that your details are as up to date and as accurate as possible.

2.4 When you browse our website, we may collect information which can be used to identify your computer and its browser program or any mobile devices that you use to surf the internet. It is collected by installing small text files called “Cookies” and other, similar information technology techniques (which are comprehensively referred to in this document as “Cookies”). In addition to other functions, when you visit our website again, the Cookies previously stored allow us to recognise your browser. Cookies may store unique identifiers, user preferences, or other information as described in our Cookie Policy. For any other information on the Cookies we use, please refer to our Cookie Policy.

There are various ways in which we may process your Personal Data however we will only process this information for the purpose for which it has been collected unless we inform you otherwise prior to any further processing. We have set out below the ways we may use your Personal Data along with the legal grounds for processing this information.

Contractual Performance

When you opt-in to receive direct marketing emails or communications, you consent to Pirelli sending you promotional emails (including newsletters) and other commercial electronic communications concerning promotions, contests, events products and/or services of Pirelli or of other Pirelli Group Companies.

You can always limit the marketing communications that Pirelli sends to you. To refuse future marketing correspondence, simply click the link labelled “unsubscribe” at the bottom of any email Pirelli sends you or contact us at dpo_pirelliuktyres@pirelli.com

Legal Obligation

We may process your Personal Data where we are under a legal obligation to do so.

Vital Interest

Sometimes we may need to process your Personal Data if there is something urgent we need to discuss with you, for example, to advise you of any safety or product concerns.

Legitimate Interests

We may use or process your Personal Data where it is necessary for us to carry out activities which are in our legitimate interest as a business to do so. In order to rely on this legal ground we have to consider the impact the processing has on your interests and ensure that we implement appropriate safeguards so that your privacy is protected. We have set out the legitimate interests that apply to our business below:

Processing necessary for us to assist you with sales and any other enquiries:

• To respond to correspondence received from you (which includes requests for product information, enquiries regarding products or services you are providing to us in a business context along with dealing with any complaints and/or other queries);
• To enable us to provide products or services along with any other support necessary.

Processing necessary for us to understand customers’ and drivers’ needs:

• To analyse evaluate and improve our products and services;
• To undertake market analysis and research so that we can better understand customers’ requirements including driver behavioural data.

Processing necessary for us to promote our business, brands and products and to measure the effectiveness of our marketing campaigns:

• To send you marketing information from time to time after you have purchased a product or service, made an enquiry, attended any of our marketing events or requested information from us;
• To contact you from time to time with marketing information if you are acting on behalf of a business or where we have obtained your Personal Data from any of our Group Companies, our service providers or any public directory. (You can, of course, always unsubscribe to any of these communications);
• To identify and record when you have received, opened or engaged with our website or electronic communications (please see our Cookie Policy for further information);
• To administer competitions, activities, initiatives and promotions that you enter and to distribute the prizes.

Processing necessary for us to operate the administrative and technical aspects of our business:

• To enable us to accept your application to register as a user on our website or applications;
• For network and information security purposes;
• To comply with a request from you in connection with the exercise of your rights;
• Internal filing;
• To inform you of updates in any of our key documentation (including our terms and conditions);
• To support the investigation of complaints, to check any instructions given to us and for quality, training and security purposes.

We may share your Personal Data with other data controllers or data processors when authorised by law or as follows (but please note that we will not sell your Personal Data to third parties):

(a) Group companies. Your Personal Data may be shared with Pirelli & C. S.p.A. and/or any of its subsidiaries incorporated in Europe, to pursue legitimate interests related to the performance of technical and organisational activities functional to the purposes described in Section 3.

(b) Third party or affiliated service providers. Your Personal Data may also be processed by service providers, including authorised dealers that we use to facilitate or outsource one or more aspects of the operation of our business. These service providers are subject to confidentiality agreements with us and other legal restrictions that prohibit their use of the information we provide them for any purpose other than to facilitate the specific outsourced or service related operation, unless you have explicitly agreed or given your prior permission to them for additional uses.

(c) Payments by debit or credit card. In order to allow you to pay for the products and/or services purchased by debit or credit card, if applicable, your Personal Data will be processed by the selected operator of the banking circuit, which shall act as autonomous personal data controller.

(c) As permitted or required by law. In certain cases, we may be required to provide Personal Data in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful or in violation of applicable laws. We may release certain Personal Data when we believe that such release is reasonably necessary to protect the rights, property, and safety of others and ourselves, or to detect, prevent, or otherwise address fraud, security, or technical issues.

(d) Business transaction. In the event that we intend to sell or transfer ownership or control of any or all of our business, operations or services to a third party, we may need to disclose your Personal Data to a potential buyer both before and after the purchase. We will do so in accordance and in compliance with the data protection laws applicable to you. In any case, in the event the sale goes through, we will require that the receiving party agree that they will be similarly bound by the provisions of this Privacy Policy and that they will only use and disclose your Personal Data as we are similarly entitled under this Privacy Policy. In the event the sale does not go through, we will require the potential purchaser to not use or disclose your Personal Data in any manner whatsoever and to completely erase the same.

You have several privacy rights in accordance with the GDPR.

5.1 You have the right to access to your Personal Data processed by us, correct it, delete it, limit/restrict the processing of your data that can be performed by us, you have the right to transfer your Personal Data and the right to be notified about any possible data breaches. In order to exercise your rights you can contact us at dpo_pirelliuktyres@pirelli.com.

5.2 You can also lodge a complaint with the Information Commissioner’s Officer. Their contact details can be found on their website at www.ico.org.uk. We may not be able to accommodate every request related to certain information if we believe this would violate any law or other legal requirement, or other data subjects' rights. However, we would appreciate the opportunity to deal with any concerns which you have before you approach the ICO, so please contact us directly in the first instance.

6.1 We will retain Personal Data of participants to the P ZERO™ Experience as follows: (i) if you have submitted support requests without creating an account, for a period of 1 (one) year from our last communication; (ii) if you have created an account, for a period of 7 (seven) Years from the date of the collection of such data, except where it is necessary to retain it for longer periods due to mandatory provisions of law; (iii) for marketing purposes, for a period of 7 (seven) years from the date of collection your consent, unless you request otherwise (in this case, limited to Personal Data of participants who have provided marketing consent). Furthermore, if within the period indicated in paragraphs (ii) and (iii) you take actions on your account or on one of Pirelli's websites or apps (such as, by way of example and not limitation, registering for promotions or events, requesting new services, responding to surveys) that demonstrate your interest in maintaining the account or relationships and contacts with Pirelli related to Pirelli's products and/or services and/or Pirelli group companies, we will retain your Personal Data for an additional 7 (seven) years from the date of registering such actions, without, however, sending marketing communications in the absence of your specific consent. Following the data retention periods for the purposes stated above, your Personal Data will be archived and retained where necessary (for example, in relation to products and/or services you have purchased or used, or in the event of your participation in contests), for the period of time required by applicable laws concerning the storage of data and documents for administrative, accounting, tax, and defensive purposes (in accordance with the applicable statute of limitations).

7.1 We will store your Personal Data on our IT systems which are based in the European Union.

8.1 This Privacy Policy only addresses the use and disclosure of information by Pirelli. We are not responsible for the privacy policies of other websites, applications or service providers and we encourage you to read all applicable terms, conditions and privacy policies provided by all third parties prior to providing them with your information.

9.1 If you are a minor, please do not provide us any Personal Data about yourself without the provision of adequate consent by the holder of parental responsibility over you. If we learn that we have collected Personal Data from a minor, without the holder of parental responsibility's consent, we will promptly delete that information. If you believe we have collected Personal Data from a minor, please contact us at dpo_pirelliuktyres@pirelli.com

10.1 We have security protocols in place to protect your Personal Data from unauthorised access, improper use or disclosure, unauthorised modification, and unlawful destruction and accidental loss. We only allow access to our databases when necessary, and then under strict guidelines as to what use may be made of such data.

10.2 It is your responsibility to protect the security of your login information, and we recommend that you use a unique password for our website that is different from the password you may use on any other site.

11.1 Privacy laws and practice are constantly developing. Our policies and procedures are therefore under continual review. Our Privacy Policy may change from time to time but we will not reduce your rights under this Privacy Policy without your explicit consent. The date the Privacy Policy was last revised is identified at the beginning of this document

12.1 If you have questions or concerns regarding this Privacy Policy or if you wish to exercise your rights in relation to your Personal Data please contact our Data Protection Officer by email to dpo_pirelliuktyres@pirelli.com