Women in leasecar getting instructions

Privacy Statement - Representatives of international customers, suppliers and other contractual partners

December 22, 2022

    Athlon Car Lease International B.V.

    This Privacy Statement applies to the processing of personal data of representatives of international customers, partners, suppliers and other contractual partners for the purposes of managing international framework, partner and purchasing agreements by Athlon Car Lease International B.V.

    Protecting your personal data is a high priority for us and is taken into account in all of our business processes. This Privacy Statement provides you with a summary on the processing of your personal data. You will also learn what rights you are entitled to regarding the processing of your personal data.

    Since Athlon is part of Mercedes-Benz Group AG, the way we handle personal data is always based on the applicable Data Protection Policy of Mercedes-Benz Group AG. It can be found on the website https://group.mercedes-benz.com/privacy/.

    "Personal data" means all information that relates to a natural person who has been or can be directly or indirectly identified.

    The terms "process" and "processing" include, but are not limited to, the collection, use, disclosure and transfer of personal data.

    Please read this Privacy Statement carefully in order for you to understand how we collect and use your personal data.

    The controller for data processing is:
    Athlon Car Lease International B.V. ("Athlon", "we" or “us”)
    Stationsplein Noord-Oost 414
    1117 CL  Schiphol, the Netherlands
    Email: dataprotection.int@athlon.com 

    We process personal data under the principle of data minimization only to the extent necessary, as permitted by applicable laws and regulations, according to our obligations.

    Directly from you in your capacity as a representative of our international customer, supplier or other contractual partner. 

    • Directly from you, online: We collect your personal data if you contact us via our website, for example by means of a contact form. We also collect personal data if you send us an e-mail. Or if you use one of our online portals/applications.
    • Directly from you, offline: We can collect personal data from you, e.g. when you contact us by phone, if you send us a letter by post or if you visit our offices.

    From other sources
    We receive your personal information from other sources, for example:

    • From other representatives of your organization;
    • Publicly available databases and other sources.

    We need to collect personal information in order to provide the requested services to you or to handle queries, questions, comments or complaints related to our services. If you do not provide the information requested, we may not be able to provide the services. If you disclose any personal information relating to other persons to us or to our service providers in connection with the services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement.

    3.1 Entering into and managing international framework, partner and purchasing agreements

    What personal data is processed?
    As a representative of your organisation your business contact details and, where applicable, your log-in details to our applications are processed by us.

    What is the purpose of this processing?
    The purpose of this processing is to be able to contact you, to handle day-to-day management and administration and to provide you with information which is relevant for the contract and account of your organisation.

    What is the legal basis for processing this data?
    The legal basis for processing this data is to enter into and for the performance of the agreement that we have with your organization.

    Your personal data is treated as confidential and shared only on a need-to-know basis. We will not share your personal data with third parties unless such processing is necessary for the provision of our services provided to you or, if applicable, your employer.

    Additionally, Athlon may share personal data:

    • For forwarding your requests and complaints to the relevant Athlon entity with whom your organization has lease agreements.
    • For audits and risk reviews: within Mercedes-Benz Group and with external audit parties.
    • For performing sanctions checks within Mercedes-Benz Group.
    • If we are required to do so by law and/or regulations: with public or fiscal authorities, with supervisory authorities and investigative agencies.
    • For performing certain data processing on our behalf in the area of information technology and related infrastructure, security and legal, financial and accounting services: with third-party service providers that we engage.
    • For handling damage or insurance claims: with insurance companies.
    • For protecting our assets and our interests, to enforce our contractual terms and conditions, to protect our business operations, (intellectual property) rights, safety and property and that of yours or other third parties, to ensure payment of our claims and to allow us to pursue available (legal) remedies or limit the damages that we may sustain: with specialized (law) firms or within Mercedes-Benz Group.

    We may transfer data to providers outside the European Economic Area (EEA) or grant them access to our systems for hosting and/or maintenance of our IT systems. Because countries outside the EU usually do not have the same level of data protection as within the EU, we ensure by way of contract that the service providers take measures to ensure that data is protected in accordance with EU/EEA standards. For more details, please contact us using the information above. The Mercedes-Benz Group companies are also governed by the strict data privacy requirements of the Mercedes-Benz Group.

    No. Automated decision-making does not take place.

    As a principle, we will retain personal data in accordance with legal and regulatory obligations that apply to Athlon and that contain minimum and maximum retention periods. We will therefore retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by applicable law. Upon expiry of the retention period personal data will be disposed of.

    Athlon has implemented appropriate measures to ensure that the processing of personal data is performed in compliance with the principle that personal data shall not be kept longer than necessary for the purposes for which the personal data was obtained. The disposal of personal data is performed on a case by case basis as well as according to our retention schedule.

    You have extensive rights regarding the processing of your personal data. Making you aware of these rights is very important to us:

    • Right to information: You have a right to information regarding the data stored with us, especially for the purpose of the processing and the duration of the data storage.
    • Right to correction of inaccurate data: You have a right to demand from us the immediate correction of your personal data, should it be inaccurate.
    • Right to deletion: You have the right to demand that we delete your personal data. The criteria allow you to demand the deletion of your personal data if we, for instance, no longer need the personal data for the purposes for which it was collected or otherwise processed, if we unlawfully process the data, or if you have rightfully objected to the use of your data, revoked your consent to the same or there is a legal obligation to delete. Please note that we need to retain certain information for recordkeeping purposes, to comply with other mandatory (minimum) retention periods and/or to complete transactions that began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
    • Right to restriction of processing: You have the right to demand a restriction of the processing of your data. This right especially applies for the duration of the review if you have disputed the accuracy of your personal data, as well as in the case that, for an existing right to deletion, you request restricted processing instead of erasure. Furthermore, there will be restricted processing if the data is no longer required for our purposes, but we still need the data in order to assert, exercise or defend legal rights, as well as if the successful assertion of an objection is in dispute between you and us.
    • Right to data portability: You have the right to receive the personal data you have provided us in a structured, common, machine-readable format from us, provided said data has not already been deleted.
    • Right to lodge a complaint with a supervisory authority: If you feel that we are violating the data protection related laws and regulations by processing personal data about you, you have the right to lodge a complaint with a supervisory authority, e.g. a data protection agency responsible for your place of residence, workplace or location where the alleged data protection violation occurred.

    If you wish to assert one of your rights or receive more information, please contact us via the contact details shown above.

    You have the right, for reasons arising from your specific situation, to object at any time to the processing of personal data about you. We will no longer process your personal data unless we can prove compulsory, legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing is required to assert, exercise or defend against legal claims.

    If you wish to object to the processing of your personal data, please contact us and/or the data protection officer. In case of an objection, however, it is possible that we will no longer be able to provide the services agreed with you or not within the agreed scope.

    Athlon reserves the right to amend this Privacy Statement at any time. At the top hereof you can find the date on which this Privacy Statement was last revised. Any changes to this Privacy Statement will become effective thereafter.