PRIVACY POLICY

Global Privacy Policy for Maserati Connected Vehicles (in effect since 09/09/2020)

If you are reading this document it is because you have signed the General Conditions as a “Customer” or because, as authorized by the latter, you are using Connected Services through the Vehicle and our Application.

We are Maserati SpA, Data Controller with registered offices in Italy. This document supplements the “Global Privacy Policy for Maserati Vehicles” that you received when you purchased your Vehicle, and which you can also find on Our Websites and App.

In this document, you will find some examples of how data are processed, and Definitions referring to more detailed explanations at the end of the document. If you would like any clarifications regarding this Privacy Policy or how your data are processed, please send your request here.

1) Information we process
Depending on the type of Connected Services, and how you access them, we may collect the following information from you.

 a) Registration data and access to the Connected Services
When you register to access the Connected Services, we will ask you to enter or confirm some Personal Data such as your name, surname, e-mail address, date of birth and mobile phone number, as well as other information such as the answer to a security question and a PIN code, in order to help us have proof of your identity when accessing services from the Vehicle Device or Our Websites and App.

 b) Vehicle Data
When using the Connected Services, we can collect information about your Vehicle, such as driving data (e.g. location, speed and distances), engine running time and turning off time, if the battery cable is cut, battery diagnostics, movements with the key out, presumed collision, as well as diagnostic data such as, but not limited to, oil and fuel levels, tire pressure, and engine status.
Such information is attributable to you to the extent that it is associated with a Unique Identifier such as the Vehicle Identification Number or VIN.

 c) Vehicle Device Data
Through the Vehicle Device, we are able to collect and provide information on battery status, on the use of native applications installed on the Vehicle, as well as on mobile network connection, such as, for example, when you connect the Device to provide the Vehicle data connection.

 d) Data collected through the Application
Through the Application, we are able to collect information on the Device it is installed on, for example, the Unique Identifier and information about your location. Personal data collected through the Application and the Device are subject to the processing described in the “Global Privacy Policy” on Our Websites and App and entirely referenced herein.

 e) Information about your location
We collect information about your location in order to provide Connected Services such as roadside assistance by sharing the precise Vehicle location with the rescue services, as well as to offer you Content that could be useful to you. Your location can be determined through:
 - the Vehicle Sensors;
 - the Device Sensors when you use the Application;
 - the IP address.
Your location is defined based on the privacy settings you select each time you start the Vehicle, which you can change through the Vehicle Device settings (“Privacy Mode”) or those of the Device or Application, as described in the section on “How to control your Data” section below.

Please note that you cannot refuse the use of information concerning your location if required in order to provide Connected Services or to protect our interests and those of our customers, as explained below.

 f) Data inferred by your activity
We may collect further information about you based on your interactions with the Connected Services. For example, we can understand your driving style, routes most travelled, places of interest, whether you prefer the services of one of Our Dealers or of a third party in particular, or based on your response to periodic Vehicle maintenance “alerts”, if we should remind you in another way.
In some cases, information about you is collected and combined through your interaction with Our Dealers and/or Our Websites and App, as well as our Partners' Websites and Apps, or because you have participated in one of Our Events, as explained in our “Global Privacy Policy” available here.

 g) Third-party Data
As we specify in the "Global Privacy Policy for Maserati Vehicles", which you received when you purchased your Vehicle, in some cases, we may collect information that concerns third parties. An example is the case of a presumed collision of the Vehicle, after which the Connected Services activate an emergency call to us and/or the public emergency services, which could involve the processing of your passengers' data. By way of example, but not limited to, other cases could include a change of ownership, when you purchase a Maserati fleet, or if you indicate that the driver is not the owner of the Vehicle.
If you provide us with the data of third parties, you will be held responsible for sharing such information with us and must be legally authorized to do so (i.e. authorized by the third party to share their information, or for any other legitimate reason). You must also fully indemnify us against any complaints, claims or demands for compensation of damages which may arise from the processing of third party Personal Data in violation of applicable data protection law.

For your convenience, we will collectively refer to all Personal Data mentioned so far as “Data”.

2) Why we collect your Personal Data
Data is used for the following purposes:

 a) Providing the Connected Services and responding to your requests
We use Data to help you connect to and use the Connected Services, including but not limited to emergency calls (e.g. eCall, Help, advanced roadside assistance), the Vehicle Health Report (VHR), change of ownership, and to respond to you requests, suggestions or reports. The purpose also includes optional services that allow you to share your Vehicle Data history and functions through the Application. When some Connected Services are not provided directly by us but by our commercial partners, we will only provide the Data strictly necessary for providing those services.

This processing is based on the execution of a contractual obligation indicated in the General Conditions or pre-contractual measures taken at your request.

 b) Complying with legal obligations
We may use your Data to comply with legal and tax obligations, which form the legal basis for the processing of your information. These obligations include any recall notices we are required to issue in our capacity as a manufacturer of the Vehicle. If these notices are not required by law in your country, we will send them regardless, as explained in more detail in the “Protecting our interests and your interests” section.

 c) Detecting anomalies in the Connected Services or the Vehicle
We may use your Data, especially the Vehicle Data, to detect and (if possible) to avoid anomalies in the Connected Services or the Vehicle. We may detect anomalies from a report you have sent, from the fact that you systematically prefer to consult one of Our Dealers, or from the Vehicle Data.

This processing is based on the need to provide the Connected Services in the manner and timeframe indicated the General Conditions, as well as on our legitimate interest in ensuring the Vehicle efficiency to the extent possible. You will not receive any communications to this regard, unless in response to your anomaly report or if you have consented to receive promotional communications, in which case we will take the initiative to ask your opinion.

 d) Customizing our Services including any Content that may be useful to you
We use your Data, especially the Data inferred by your activity and Information about your location, to improve and customize the Connected Services as well as to show you only Content that may be useful to you. You may view Content that may be useful to you on the Vehicle Device, on Our Websites and App, or on other platforms, for example, because it has been uploaded to Programmatic advertising platforms, only to the extent to which you have authorized us to upload them on these platforms.

The customization of our Services and the provision of Content that may be useful to you may be more or less accurate depending on how much information we have collected about you (e.g. only information collected from Our Dealers and/or on Our Websites and Apps, etc.), and above all, on the basis of the your consent, which you may or may not decide to provide through the Vehicle Device, the Application and the forms in which we ask you to express your preferences.

If you do not wish to receive personalized Services or Content that may be useful to you, you can change your preferences, as explained in the "How to control your data" section.

 e) Measuring the performance of the Vehicle, the effectiveness of the Connected Services and creating new ones
We use your Data, especially the Data inferred by your activity and the Vehicle Data, to measure the performance of the Vehicle and the effectiveness of the Connected Services, as well as to create new services. For example, from the Vehicle Data, we can detect whether certain components of the Vehicle may benefit from improvement, understand whether our periodic maintenance reminder has been useful, or understand whether you or other customers need something we do not offer, and meet such needs through the creation of new and even more useful services. This is accomplished through the use of Aggregated Information, which does not allow us to identify you.

Subject to consent to the customization of our Connected Services as above, this activity is based on our legitimate interest in creating increasingly efficient Vehicles and providing our customers with truly useful Connected Services.

 f) Sending you promotional communications
We use the contact data you provide, as well as the Vehicle Device and/or the Application, to send you communications about new models and services we offer, about our initiatives and/or to ask you to participate in our surveys, which may include surveys on the services provided by Our Dealers. In some cases, communications may include product or service promotions from selected Partners (without sharing your Data with them). Such communications may also be customized if you have consented to the customization of the Connected Services, including Content that may be useful to you.

On this point, we specify that no communication will be sent to you without your prior consent, which you can provide through specific tick-boxes for this purpose, as well as through the settings on the Vehicle Device, the Device or the Application. We remind you that you can also select specific contact channels (e.g. only e-mail or SMS) by clicking on the link "if you want to partially select the approval on the contact channels click here" in the consent form provided. These communications do not include e-mails regarding the Vehicle Health Report (VHR) as they are part of the Connected Services.

 g) Protecting our interests and your interests
We may need to use your Data to detect, react to, and prevent fraudulent and illegal behavior or activity which could compromise your security, our security, or that of Our Dealers. This could be the case when we have to verify the expiration/exclusion of the warranty on a Vehicle, fraudulent use of the Connected Services or requests for service/repair from a data subject other than the owner of the Vehicle, which could imply a change of ownership or a theft. We will also use your Data to send you communications about the safety of your Vehicle/fleet (e.g. recall campaigns, software updates, etc.), even if there is no established legal requirement to this effect in the country you are in. These are not promotional, but service communications to ensure your safety when using your Vehicle.

These purposes are based on our legitimate interest in safeguarding our interests, and those of our customers, including you.

3) How we use your Data
Data collected for the purposes indicated above are processed both manually and via automated processing, through programs and/or algorithms that analyze Data inferred by your activity, the Vehicle Data and Information about your location.
Your Data also may be subject to combination and/or crossing. For example, this allows us to distinguish the owner from the Vehicle Data; whether you receive quality services through Our Dealers; or whether we should send you promotional communications or Content that may be useful to you strictly related to Data inferred by your activitity or Information about your location.

4) Whom we share your Data with
We share your Data with the following list of persons/entities (“Recipients”):
 - persons authorized by us: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
 - our data processors: external subjects to whom we delegate some processing activities. For example, security systems providers, accounting, administrative, legal, tax, financial and debt collection consultants, data hosting providers, etc. This category also includes Our Dealers and commercial partners, who help us provide roadside assistance, so they can recognize you as a Maserati customer and offer you the same services anywhere in the world. We have signed agreements with each of our data processors to ensure that your personal data is processed with appropriate safeguards and only under our instruction;
 - system administrators: our employees or those of data processors to whom we have delegated the management of our IT systems and are therefore able to access, modify, suspend or limit the processing of your Data. These subjects have been previously selected, adequately trained and their activities tracked by systems they cannot modify, as provided for by the provisions of the Italian Supervisory Authority;
 - our Affiliates: for example, if you are a Brazilian citizen, we may share your requests or questions with the Affiliate in your country to help you in your language or the one you prefer. The same applies if we want to create business initiatives based on our market analyses. All our Affiliates have signed personal data processing agreements with us;
 - our partners: when some Connected Services are not provided directly by us but by our commercial partners, we will only communicate the Data strictly necessary for providing those services. Each of the above carries out the processing as the data controller of your Data. For more information, we invite you to read their privacy notices that you will receive when you activate their services.
 - law enforcement or any other authority whose provisions are binding for us: this is the case, for example, after a presumed collision activates an emergency call to rescue services (e.g. eCall), if the Vehicle has been stolen or, in general, when we have to comply with a judicial order or law or defend ourselves in legal proceedings.

5) Where your Data is located
Connected Services are available almost all over the world. We ensure that the processing of your Data by our Recipients is compliant with the EU and Italian law to which we are subject. Transfers of your Data to the Recipients may be based on adequacy decisions (for example, the EU-US Privacy Shield; Swiss-US Privacy Shield) or Standard Contractual Clauses approved by the European Commission. For more information on where your data are located, please write to us here

6) How long we retain your Data
Personal Data processed for the purposes indicated above will be kept for the period deemed strictly necessary to fulfill such purposes or until your consent is revoked, if consent is the legal basis that allows us to process the Data.
Personal Data processed in compliance with the legal obligations to which we are subject will be kept for the period required by law. Personal Data processed to protect our interests, and our users' interests are kept until the time provided for by Italian law to protect our interests (Art. 2946 of the Italian Civil Code et seq.). You can ask us for more information on our data retention criteria and policy by writing us here.

7) How to control your Data
At any time, you can ask to:
 - Access your Data: according to your interactions with us, we will provide the Data we have related to you, such as your name, age, e-mail address and preferences, along with the Privacy Notice you received when you provided us with your Data.
 - Exercise your right to portability of your Personal Data: according to your use of our Services, we will provide you with an Excel file containing your Personal Data;
 - correct your Data: for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
 - Limit the processing of your Data: for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
 - delete your Data: for example, if you don’t want us to keep your Personal Data, and there is no other reason for keeping it (e.g. if you are no longer the owner of the vehicle and do not want to remain in touch with us);
 - update your preferences for processing your Data based on your consent: depending on your interactions with us, you can ask us not to send you commercial communications and/or to not personalize the Connected Services.

In accordance with EU data protection law, we will reply to your request within one month of its receipt (extendable for two further months in case of particular complexity). You can exercise any of the above rights by writing to us here

At any time, you may also:
 - contact our Data Protection Officer (DPO), by writing to Maserati
 - contact the Italian or European Data Protection Authority, the addresses of which are available here
 - stop the sending of promotional communications by clicking on the link at the bottom of each e-mail.
 - Block any Content that may be useful to you through the Digital Advertising Alliance in the United States, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe.
 - Set your preferences for the Vehicle Device, Device and Application data, and the information about your location, following the instructions you can find in Section 11.

8) What this Privacy Policy does not cover
This Privacy Policy explains and covers the processing we carry out as data controller on the Data you provide because you have signed the General Conditions as a “Customer” or because authorized by the latter, you are using the Connected Services through the Vehicle and/or our Application. It is a supplement to the “Global Privacy Policy for Maserati Vehicles” that you received when you purchased your Vehicle, and the “Global Privacy Policy” for the Application, which you can also find on Our Websites and App.

This Privacy Policy does not cover processing carried out by subjects other than Maserati SpA and in particular does not cover:

 - processing carried out by companies of the FCA Group or our Affiliates in your area as independent Data Controllers.
 - processing carried out by national emergency number operators in case of emergency calls (eCall);
 - processing carried out by way of cookies on the Connected Services site for which you will find a specific cookie policy in the footer of each page;

Regarding these cases, we are not responsible for any processing of your Data which are not covered by this document. If we should need to process your Data differently or for purposes other than those indicated herein, you will receive specific notice before the processing begins.

9) Are you outside the European Union?
The following sections explain how we handle your information if you are outside the European Union or if the law in the country you are in provides for exceptions or necessary clarifications to the provisions set out above in our Privacy Policy.

 - Australia
 - Bahrain
 - Belarus
 - Brazil
 - Chile
 - China
 - Colombia
 - South Korea
 - Costa Rica
 - Egypt
 - Ecuador
 - Philippines
 - Georgia
 - Japan
 - Jordan
 - Guatemala
 - Hong Kong
 - India
 - Indonesia
 - Kazakhstan
 - Kuwait
 - Lebanon
 - Macao
 - Malaysia
 - Morocco
 - Mexico
 - New Zealand
 - Oman
 - Panama
 - Peru
 - Puerto Rico
 - Monaco
 - Qatar
 - Dominican Republic
 - Russia
 - Saudi Arabia
 - Serbia
 - Singapore
 - South Africa
 - Thailand
 - Taiwan
 - Turkey
 - UAE
 - USA
 - Ukraine
 - Uruguay
 - Vietnam

10) Changes to the Privacy Policy
This Privacy Policy entered into force on the date indicated at the beginning of this document. We reserve the right to modify or update this Policy, in full or in part, at our discretion or as a consequence of changes in applicable regulations. You will receive a message informing you of any substantial changes we may make to the Privacy Policy.

11) Setting your preferences for Data collected by your Browser, Device or Application

 a) Cookies
To set your preferences for processing by way of cookies on the Connected Services site follow the instructions in the cookie policy located in the footer of each page of the site.

 b) Application
The SDKs we use on the Application are all third party and depend on the type of Device you use, as shown below. You can object by clicking on the links provided or by using the privacy settings of the Application.

Adobe Analytics: www.adobe.com;
Crashlytics: www.crashlytics.com

 c) Content that may be useful to you
Due to its very nature and structure, we are not able to exhaustively list the identity of the participants engaged in Programmatic Advertising and we cannot therefore know who is communicating your data or IP Address to us to show you Content that may be useful to you.
If you wish to block the sharing of your Personal Data within the Programmatic Advertising platforms that allows us to send you Content that may be useful to you, you can use the AdChoice tool or those provided by the Digital Advertising Alliance in the United States, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe.

 d) Unique Identifiers
If you do not want your Device to share Unique Identifiers with us, or if you want to reset them, you can do so by setting your Device accordingly.
If your Device is IOS, go to "Settings", then "Privacy", then "Advertising" and activate the "Restrict Data Collection" button. On the same page, you can also restore your advertising ID (so-called IDFA).
Concerning Data from the Vehicle Device, we inform you that at present, it is not possible to block the sharing of the Unique Identifiers with us. However, we point out that we will only use these data for providing the Connected Services, customizing the services only based on your prior consent and on our legitimate interest only once converted into Aggregated Information.

 e) Information about your location
If you do not wish to share information on your location with us, you can disable location permissions from the Vehicle Device settings, by selecting “Privacy Mode ON/OFF” when you start the Vehicle, or by using the Application or Device settings. Information about your location may be used for other purposes only with the appropriate legal basis (e.g. consent). Please note that under no circumstances will setting the Privacy Mode to “OFF” prevent us from knowing your Vehicle's location for the provision of Connected Services, or to protect our interests and those of our customers.

 f) Promotional communications on the Device
If you wish to block the sending of promotional communications via push notifications, you can disable this permission or select the kind of Content you wish to receive by changing the settings of your Device.

______________________________________________________________________

Definitions

Affiliates: refers to entities that are part of our group, including Maserati S.p.A. – parent company; Maserati North America Inc.; Maserati Canada Inc.; Maserati Japan KK; Maserati West Europe SA; Maserati GB Limited; Maserati Deutschland GmbH; Maserati (CHINA) Cars Trading Co. Ltd.; Maserati Schweiz AG.

Aggregated information: refers to statistical information about you that does not contain your Personal Data. These include the Vehicle Data linked with Unique Identifiers such as the VIN. We use this information to measure the performance of the Vehicle, the effectiveness of the Connected Services, and to create new services.

Application: means our “Maserati Connect App” for smartphone and smartwatch available from the Apple, Google and Huawei stores (LINK TO THE STORES).

Combination and/or crossing: refers to a set of operations, fully automated or otherwise, with which we combine the information about your location with Data inferred by your activity to measure the efficiency of the Vehicle and the Connected Services, and to create new ones, as well as to offer Content that may be useful to you. We may also combine and/or cross-reference information from different sources, such as information collected from our Websites and Apps during Our Events and/or Data collected from public or publicly accessible sources.

Connected Services: refers to the set of services described in the General Conditions, as well as the standard and optional services, if activated.

Content that may be useful to you: for example, if you search for frequent destinations (Trip History) or places of interest (so-called POI) we can display such information on the Vehicle Device, the Application and/or Our Websites and App, or through Programmatic Advertising , other consent similar to what you have searched for. The customization of content may also take place through the Combination and/or Crossing of Data.

Data controller: refers to the legal person, public authority, service or other entity which, individually or jointly determines the purposes and means for processing your Personal Data. This definition typically refers to Maserati SpA. In other cases, it is preceded by the word "independent” (e.g. "Independent controller") to indicate that your Personal Data is processed by a subject other than Maserati SpA.

Device Sensors: depending on your Device, these are sensors such as accelerometers, gyroscopes, Bluetooth, Wi-fi and GPS which one way or another share the information they collect through the Device and therefore through the Application. If enabled by the Device settings, these allow us to obtain information about your location.

Device: means the electronic Device (e.g. smartphone, smartwatch) on which you downloaded the Application and/or with which you access the Connected Services.

General Conditions: mean the "General conditions of connectivity-based services for Maserati Vehicles" you signed when you activated the Connected Services, which is always available on Our Websites and App.

Our Dealers: these are dealers with whom Maserati SpA has signed commercial agreements for the sale of its vehicles and fleets, and who provide assistance services.

Our Events: these are events/showrooms organized by Maserati, its Dealers, or in collaboration with other brands with which Maserati has signed partnership agreements.

Our Websites and App: include our social network pages, the Application, some sections of our Dealers’ websites where the Maserati S.p.A. privacy policy is available, as well as the following sites: www.maserati.com, www.maseratistore and www.connect.maserati.com.

Personal Data: means any information relating to an identified or identifiable natural person. Examples include, e-mail address (if it refers to one or more aspects of an individual), name and surname, an ID document, a mobile phone number, or Unique Identifiers such as a Vehicle Identification Number (VIN).

Programmatic advertising: these are platforms that can share the information they collect about you, such as your IP Address and data collected by the Application with people who have an interest in showing you other Content that may be useful to you. In our case, if you visualize the “Ghibli” model on Our Websites and App, we will ask participants in Programmatic Advertising to grant us an advertising space on one of the Websites you visit to display Content that may be useful to you.

Unique Identifiers: means information that uniquely identifies you or through which you may be identified. On the Vehicle Device, the license plate number and Vehicle Identification Number (VIN) are Unique Identifiers. On the Device, the IP Address and the Advertising identifiers (e.g. IDFA on Apple) are considered Unique Identifiers.

Vehicle Device: means the telematic Device (and associated sim card) installed on the Vehicle and better described in the General Conditions.

Vehicle Sensors: these are sensors such as Wi-fi and GPS which in one way or another share the information they collect through the Vehicle Device.

Vehicle: refers to a Maserati brand vehicle equipped with a Vehicle Device providing the Connected Services.