Data Processing Policy

This Data processing agreement (“Agreement ”) forms an integral part of the Terms and conditions. This Agreement is between Performance Car Exclusive (“PCE ”, “we ”, “us ”) and the legal entity or natural person (“User ”) that uses the services other than for personal use.

Details of processing

Roles. User is the controller, and we are the processor of the User and shall only process personal data on behalf of the User.

Instructions. We shall process personal data:

  • as necessary to perform our services,
  • as instructed by the User in its use of the services and behalf of the User, and
  • in compliance with the applicable data protection laws and regulations.

Data subject categories. During the provision of our services, we may process the personal data of recipients and potential recipients of User messages and communication.

Type of personal data. By providing our services, we may process the following personal data:

  • Members

    Personal details of members, contact details and their vehicles

  • Content

    Messages or comments which you may send/receive.

  • Technical information

    E.g., time, date, status, amount

  • Additional

    Any information you upload, share, or disclose

Obligations of the User

Compliance.  User shall process personal data according to applicable data protection laws and ensure a legal basis and the purpose for processing personal data.

Responsibility. User is responsible for the legality and accuracy of personal data shared with us.

Liability. User is liable for all claims, liabilities, costs, expenses, losses, and damages incurred by us arising directly or indirectly from the breach by the User.

Obligations of PCE

Compliance. We shall treat the User's personal data confidential and process it according to applicable data protection laws.

Personnel. We shall ensure that all persons (employees, agents, and other persons) involved in processing personal data have signed a confidentiality agreement or are under any other binding obligation of confidentiality.

Security. We use appropriate technical, organizational, and administrative measures to ensure personal data security, confidentiality, and integrity.

Breach. If a data breach occurs, we shall notify the User according to applicable data protection laws, provide reasonable assistance regarding the investigation of the personal data breach, and notify the supervisory authority and data subjects regarding such personal data breach.

Assistance

Taking into account the nature of the processing, we shall assist the User with the provision of technical and organizational measures, insofar as possible, for the fulfillment of the User's obligations as the data controller regarding:

  • Requests

    Any requests from the User's data subjects regarding access to or the erasure, restriction, rectification, portability, blocking, or deletion of personal data

  • Investigation

    Investigation of the personal data breach and any notification obligations

  • Assessment

    Preparation of data protection impact assessments and, where necessary, carrying out consultations with any supervisory authority

Subprocessors

We work with third parties (“Subprocessors ”) that provide us with different services to operate our business.

Authorization. You provide us a general authorization to engage Subprocessors in connection with the provision of our services.

Categories. The categories of Subprocessors include hosting, communication, email, content delivery, security, billing, payment processing, analytics, customer support service providers, etc.

Protection. We may share personal data only with Subprocessors that have agreed to comply with the data protection obligations, provide sufficient guarantees, implement appropriate technical and organizational measures, and otherwise comply with applicable personal data protection laws.

Minimalization. We may share only a minimum amount of personal data with Subprocessors to provide us with the requested service.

Liability. Under applicable laws, we remain liable for processing personal data carried out by our Subprocessors.

Data transfers. If any Subprocessor is located outside the European Economic Area, such Subprocessor shall ensure an adequate level of protection or provide adequate guarantees as specified in applicable data protection laws.

Audit

We agree to provide you, upon request, with sufficient information to demonstrate compliance with the obligations set out in the Agreement and applicable data protection laws. If the provided information is not sufficient to confirm our compliance, we agree to allow and contribute to the data processing audit.

  • Auditor

    The audit shall be carried out by an independent third party with a good market reputation, experience, and competence to carry out data processing audits. The auditor shall be confirmed by both you and us. The auditor shall have to sign a confidentiality agreement with us

  • Costs

    You are responsible for all costs and fees related to such audits

  • Results

    The audit report shall not include any business information of us. You shall provide us with a copy of any audit report without any fee

Return and deletion

Term.  We will process personal data until the User has an account.

Deletion.  At the User's choice, we shall delete or return all the personal data to the User after the end of the provision of services and delete existing copies unless applicable law requires longer storage of the personal data.

Permitted processing. We may continue to process information that does not identify individuals or to protect our legitimate interests or for any legal related issues.

General

  • Changes

    We may unilaterally change this Agreement. In that case, we will inform you in advance, giving you the right to terminate the service agreement. All changes take effect from the date indicated on our website

  • Governing law

    The Agreement shall be governed by the laws of the United Kingdom. Any dispute or claim related to this Agreement shall be brought in the courts of United Kingdom

    If you have any questions about personal data or this Agreement, or if you would like to file a complaint about how we process personal data, please contact us by email.

    Effective as of 27 June 2023.