Genesis Motor France (hereinafter referred to as “Genesis”) respects the privacy of its customers, employees, members of its network of authorized distributors and repairers, service providers and any other third parties whose Personal Data is provided to it, and is committed to protecting such data (hereinafter the “Data Subjects”).
This Charter applies to the processing of Personal Data carried out by Genesis as part of its own activities as well as in the context of the operation and management of the Genesis brand in France, unless otherwise stated.
You may consult our online privacy policy applicable to the website at: https://www.genesis.com/fr/fr/footer/privacy-policy/
To ensure the protection of Personal Data, it is essential to establish standardized rules and procedures to guarantee the effective and lawful handling of requests from Data Subjects seeking to exercise their rights.
The rights granted to Data Subjects allow them to control the use of their Personal Data and prevent misuse of such data, including data breaches.
This privacy charter (the “Charter”) describes how GENESIS handles requests from Data Subjects in compliance with applicable data protection laws, including the European General Data Protection Regulation (EU) 2016/679 (GDPR).
1. Scope of application
This Charter applies to all GENESIS employees, service providers and their employees acting on behalf of GENESIS (collectively the “Collaborators”) who process Personal Data when responding to requests from individuals, whether internal or external, exercising their GDPR rights.
It describes the fundamental principles and methods applicable to how GENESIS handles requests from Data Subjects, ensuring compliance with applicable Personal Data protection laws.
Definitions
“Personal Data”: information relating to an identifiable natural person (identified directly or indirectly). It may be factual (name, address, date of birth) or subjective (performance evaluation).
“Rights of Data Subjects”: all rights granted under GDPR Chapter III, including the right to information (Art.12+), access (Art.15), rectification (Art.16), erasure (Art.17), restriction (Art.18), portability (Art.20), objection (Art.21) and rights relating to automated decision-making (Art.22). Detailed in Annex 1.
“Data Subjects”: all natural persons whose Personal Data is held by GENESIS, including employees and their family members.
“Processing”: any operation involving Personal Data, including obtaining, recording, organizing, modifying, retrieving, using, disclosing, erasing or destroying Personal Data; also includes data transfers.
“Data Breach”: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Personal Data.
2. Handling of Data Subject requests and related responsibilities
Every Collaborator must identify requests from Data Subjects and process them according to this Charter.
3. Identification of Data Subject requests
3.1 The Collaborator must review each request, whether it clearly concerns GDPR rights. Annex 1 provides guidance for identifying relevant rights.
4. Analysis and handling of Data Subject requests
4.1 Any request received must immediately be transferred to the following email addresses:
- For customers, prospects or third parties: [email protected]
- For employees: [email protected]
- In case of data breach: [email protected]
GENESIS employees must copy their line manager when forwarding a request.
4.2 Oral requests must be summarized in an email and sent immediately to one of these addresses.
4.3 Postal requests may be scanned and emailed or forwarded directly.
4.4 Requests received by partner service providers must also be forwarded.
4.5 Any forwarded request must include: date/time received; initial recipient; contact person; actions taken; other useful information.
5. Priority handling
5.1 GENESIS assesses requests and may consult relevant departments. Replies must comply with legal deadlines.
5.2 Departments must process requests as a priority and forward them no later than midday on the next day.
GENESIS responds within one month; deadline may be extended by two months due to complexity. If no action is taken, GENESIS must notify the requester and inform them of their right to lodge a complaint.
6. Processing by GENESIS
GENESIS will:
- Verify the requester’s identity.
- Determine which GDPR right is exercised.
- Assess the legitimacy of the request.
- Identify whether additional measures (e.g., notifying authorities in case of breach) are required.
- Archive all exchanges and decisions.
7. Post-mortem rights
Under French Data Protection Act Art.48, Data Subjects may define instructions for their data after death.
8. Questions
Questions may be addressed to:
Annex 1 – Rights of Data Subjects
1. Right of Access (Article 15 GDPR)
Data Subjects have the right to obtain:
• confirmation as to whether their data is being processed;
• access to their Personal Data;
• and additional information.
2. Right to Rectification (Article 16 GDPR)
Data Subjects have the right to obtain the rectification of their Personal Data that is inaccurate or incomplete. If the information in question has been communicated to a third party, GENESIS is required to inform that third party of the rectification request, insofar as possible. The Data Subject also has the right to be informed of the third parties to whom the data has been disclosed, where applicable.
3. Right to Erasure or “Right to be Forgotten” (Article 17 GDPR)
Data Subjects may request the deletion of their Personal Data if GENESIS has no compelling reason to continue processing it. The right to erasure applies in the following cases:
• the Personal Data is no longer necessary in relation to the purposes for which it was originally collected;
• the Data Subject withdraws the consent on which the processing is based;
• the Data Subject objects to specific processing operations and GENESIS does not have an overriding legitimate interest;
• the data has been unlawfully processed;
• the data must be erased to comply with a legal obligation.
Personal Data may be stored for longer periods in cases of legal retention obligations or for judicial purposes. In such circumstances, a careful assessment must be carried out to justify the continued storage of Personal Data.
4. Right to Restriction of Processing (Article 18 GDPR)
Data Subjects have the right to obtain the restriction of the processing of their data. When this right is exercised, GENESIS is permitted to store the Personal Data but may not continue to process it. Limited information regarding the Data Subject may be kept ensuring that the restriction is respected in the future.
The right to restriction of processing applies in the following cases:
• where a Data Subject contests the accuracy of their Personal Data, processing must be restricted to storage only while the accuracy of the Personal Data is verified;
• where a Data Subject objects to processing necessary for the performance of a task carried out in the public interest or for GENESIS’s legitimate interests, GENESIS must restrict the processing to storage only while verifying whether its legitimate grounds override the Data Subject’s rights and freedoms;
• where processing is unlawful and the Data Subject opposes erasure and requests restriction of processing instead;
• where GENESIS no longer needs the Personal Data but it is still required by the Data Subject for the establishment, exercise, or defense of legal claims.
5. Right to Data Portability (Article 20 GDPR)
Data Subjects may obtain their Personal Data and reuse it for their own purposes and across different services. The right to data portability allows the Data Subject to easily move, copy, or transfer their Personal Data from one IT environment to another, in a safe and secure manner, in a commonly used format.
The right to data portability applies in the following cases:
• when the Personal Data has been provided to the controller directly by the Data Subject;
• when processing is based on consent or on the performance of a contract;
• when processing is carried out by automated means.
Unless a specific process exists for handling such requests at GENESIS, these cases must be reported to GENESIS and carefully reviewed to ensure compliance with the law.
6. Right to Object (Article 21 GDPR)
Data Subjects have the right to object to:
• processing based on legitimate interests or on the performance of a task carried out in the public interest or in the exercise of official authority (including profiling);
• direct marketing (including profiling);
• processing for statistical purposes or for scientific or historical research.
7. Rights Relating to Automated Decision-Making and Profiling (Article 22 GDPR)
Data Subjects have the right not to be subject to a decision based solely on automated processing, including profiling. This right provides safeguards to Data Subjects against the risk that a potentially harmful decision could be taken without human involvement.
The right not to be subject to automated decision-making applies where:
• the decision is based solely on automated processing;
• the decision produces legal effects concerning the Data Subject or significantly affects them.
It does not apply to decisions necessary for entering or performing a contract, to decisions authorized by law, or to decisions based on the Data Subject’s consent.