Privacy statement - Representatives of corporate and public sector customers
January 18, 2023
Athlon Mobility Services UK Limited
This Privacy Statement applies to the processing of personal data of representatives of corporate and public sector customers for the purposes of offering vehicle finance and mobility services by Athlon Mobility Services UK Limited.
Protecting your personal data is a high priority for us and is taken into account in all of our business processes. This Privacy Statement provides you with a summary on the processing of your personal data. You will also learn what rights you are entitled to regarding the processing of your personal data.
Since Athlon is part of the Mercedes-Benz Group AG, the way we handle personal data is always based on the applicable Data Protection Policy of Mercedes-Benz Group AG. It can be found on the website https://group.mercedes-benz.com/privacy/.
"Personal data" means all information that relates to a natural person who has been or can be directly or indirectly identified.
The terms "process" and "processing" include, but are not limited to, the collection, use, disclosure and transfer of personal data.
Please read this Privacy Statement carefully in order for you to understand how we collect and use your personal data.
The controller for data processing is:
Athlon Mobility Services UK Limited ("Athlon", "we" or “us”)
Registered Office: Tongwell, Milton Keynes, MK15 8BA, United Kingdom
Postal Address: The Cube, Brinklow, Milton Keynes MK10 0DD, United Kingdom
The joint controller for data processing of your personal data for process, product and price optimization specified below is:
Athlon Car Lease International B.V.
Stationsplein Noord-Oost 414
1117 CL Schiphol, The Netherlands
You can also contact the data protection office of Mercedes-Benz Group at the following address:
Mercedes-Benz Group AG
Chief Officer Corporate Data Protection
70546 Stuttgart, Germany
We process personal data under the principle of data minimization only to the extent necessary, as permitted by applicable laws and regulations, according to our obligations.
- Directly or indirectly from you, through the services we provide
Athlon provides leasing, contract purchase, rental and mobility solutions and additional vehicle related services. Personal data may be obtained from you directly, for example in your capacity as a representative of our corporate customer. If you have engaged with one of our third party service providers partnering with us in the delivery of our services, we may also receive information from them, such as if maintenance services to your fleet have been provided.
- Directly from you, online
We collect your personal data if you contact us via our website, for example by means of a contact form. We also collect personal data if you send us an e-mail.
- Directly from you, offline
We can collect personal data from you, e.g. when you contact us by phone, if you send us a letter by post or if you or we visit our respective offices.
- From other sources
We receive your personal information from other sources, for example:
- The relevant authority (e.g. police) where we are the recipient of traffic fines in relation to leased vehicles;
- From our independent service partners who assist us in providing our leasing and other services to your company, including car dealerships, car maintenance providers, body repair shops;
- Publicly available databases, credit reference agencies and other sources;
We need to collect personal information in order to provide the requested services to you or to handle queries, questions, comments or complaints related to our services. If you do not provide the information requested, we may not be able to provide the services. If you disclose any personal information relating to other persons to us or to our service providers in connection with the services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement.
Athlon offers leasing and contract purchase and additional vehicle related services to corporate and public sector customers. For the provision of these services, we have concluded a master agreement with the organisation you represent. Under this master agreement individual finance contracts are closed. Your organisation determines which additional vehicle related services are available for the employees of your organisation. For the processing of personal data of these employees a separate privacy statement is available. This privacy statement is addressed to employees of an organisation in the capacity of a representative of such organisation, for instance as fleet manager.
3.1 Entering into an individual finance contract
What personal data is processed?
As a representative of your organisation your business contact details and, where applicable, your log-in details to our applications are processed by us.
What is the purpose of this processing?
The purpose of this processing is to be able to contact you, to handle day-to-day management and administration of our customers' accounts and to provide you with information which is relevant for the contract and account of your organisation. The purpose of this processing is to perform the finance contract and additional vehicle related services (e.g. delivery of the vehicle, invoices for your organisation, repair and maintenance, damage reports, traffic fines) and for the daily management of the vehicle.
Athlon may send you surveys to seek your feedback on our services that we provide plus marketing communications on new products and services that are available to your organisation.
Athlon will analyze data that is collected when using digital media however this is always anonymised.
What is the legal basis for processing this data?
The legal basis for processing this data is the performance of the lease agreement that we have with your organisation.
3.2 Additional vehicle related services
Athlon offers additional vehicle related services. Depending on the contract we have with the company you represent, one or more additional vehicle related services are included in the lease contracts.
The processing of your personal data is necessary for the performance of (each of) these contractual services. It is in Athlon’s interests to provide you with the best mobility services possible. Athlon does not perform additional vehicle related services itself. Athlon uses specialized third party service partners for the provision of such services. We process personal data under the principle of data minimization only to the extent necessary, as permitted by applicable laws and regulations, according to our obligations.
3.3. Process, product and price optimization
Athlon processes personal data for product development and process improvements.
What personal data is processed?
Surveys and marketing communication: contact details and your responses to the surveys.
Process mining, business intelligence and business analytics: contact details and contract details, vehicle condition data (technical), vehicle history as well vehicle related events such as accidents and incurred damages.
What is the purpose of this processing?
The purpose of this processing is to develop and optimize our processes, products and prices.
What is the legal basis for processing this data?
The legal basis for processing this data for process mining, business intelligence and business analytics is legitimate interest.
The legal basis for marketing communication is consent or legitimate interest.
Your personal data is treated as confidential and shared only on a need-to-know basis. We will not share your personal data with third parties unless such processing is necessary for the provision of our services provided to you or, if applicable, your employer.
Additionally, Athlon may share personal data:
- For provision of our services: with our third party service partners, such as dealers, garages, body repair shops, maintenance companies and tire-change companies and with our partner companies involved in the sale and provision of our services.
- For audits and risk reviews: within the Mercedes-Benz Group and with external audit parties.
- For data analysis, development of new services, enhancement and improvement of existing services, identifying trends and determining effectiveness of our business activities: within the Mercedes-Benz Group.
- For performing fraud checks, sanctions checks and/or credit checks: with specialized (credit) agencies and/or within the Mercedes-Benz Group.
- If we are required to do so by law and/or regulations: with public or fiscal authorities, with supervisory authorities and investigative agencies.
- For performing certain data processing on our behalf in the area of information technology and related infrastructure, security and legal, financial and accounting services: with third-party service providers that we engage.
- For handling damage or insurance claims: with insurance companies.
- For protecting our assets and our interests, to enforce our contractual terms and conditions, to protect our business operations, (intellectual property) rights, safety and property and that of yours or other third parties, to ensure payment of our claims and to allow us to pursue available (legal) remedies or limit the damages that we may sustain: with specialized (law) firms or within Mercedes-Benz Group.
We may transfer data to providers outside the UK and/or the European Economic Area (EEA) or grant them access to our systems for hosting and/or maintenance of our IT systems. Because countries outside the UK or the EEA usually do not have the same level of data protection as within the UK respectively the EEA, we ensure by way of contract that the service providers take measures to ensure that data is protected in accordance with UK and EEA standards. For more details, please contact us using the information above. The Mercedes-Benz Group companies are also governed by the strict data privacy requirements of the Mercedes-Benz Group.
No. Automated decision-making does not take place.
As a principle, we will retain personal data in accordance with legal and regulatory obligations that apply to Athlon and that contain minimum and maximum retention periods. We will therefore retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by applicable law. Upon expiry of the retention period personal data will be disposed of.
Athlon has implemented appropriate measures to ensure that the processing of personal data is performed in compliance with the principle that personal data shall not be kept longer than necessary for the purposes for which the personal data was obtained. The disposal of personal data is performed on a case by case basis as well as according to our retention schedule.
You have extensive rights regarding the processing of your personal data. Making you aware of these rights is very important to us:
- Right to information: You have a right to information regarding the data stored with us, especially for the purpose of the processing and the duration of the data storage.
- Right to correction of inaccurate data: You have a right to demand from us the immediate correction of your personal data, should it be inaccurate.
- Right to deletion: You have the right to demand that we delete your personal data. The criteria allow you to demand the deletion of your personal data if we, for instance, no longer need the personal data for the purposes for which it was collected or otherwise processed, if we unlawfully process the data, or if you have rightfully objected to the use of your data, revoked your consent to the same or there is a legal obligation to delete. Please note that we need to retain certain information for recordkeeping purposes, to comply with other mandatory (minimum) retention periods and/or to complete transactions that began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
- Right to restriction of processing: You have the right to demand a restriction of the processing of your data. This right especially applies for the duration of the review if you have disputed the accuracy of your personal data, as well as in the case that, for an existing right to deletion, you request restricted processing instead of erasure. Furthermore, there will be restricted processing if the data is no longer required for our purposes, but we still need the data in order to assert, exercise or defend legal rights, as well as if the successful assertion of an objection is in dispute between you and us.
- Right to data portability: You have the right to receive the personal data you have provided us in a structured, common, machine-readable format from us, provided said data has not already been deleted.
- Right to lodge a complaint with a supervisory authority: If you feel that we are violating the data protection related laws and regulations by processing personal data about you, you have the right to lodge a complaint with a supervisory authority, e.g. a data protection agency responsible for your place of residence, workplace or location where the alleged data protection violation occurred.
If you wish to assert one of your rights or receive more information, please contact us via the contact details shown above.
You have the right, for reasons arising from your specific situation, to object at any time to the processing of personal data about you. We will no longer process your personal data unless we can prove compulsory, legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing is required to assert, exercise or defend against legal claims.
If you wish to object to the processing of your personal data, please contact us and/or the data protection officer. In case of an objection, however, it is possible that we will no longer be able to provide the services agreed with you or not within the agreed scope.
Athlon reserves the right to amend this Privacy Statement at any time. At the top hereof you can find the date on which this Privacy Statement was last revised. Any changes to this Privacy Statement will become effective thereafter.