Privacy Policy

Update date: 12/10/2022
Effective from: 12/10/2022

Great Wall Motor Deutschland GmbH (hereinafter referred to as "we") understands the importance of personal information and privacy to you and will do its utmost to protect your personal information and privacy. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: The principles of consistent power and responsibility, clear purpose, confirmation before collection and utilization, collection to the minimum extent as required, openness and transparency, ensuring security, subject participation, and so on. Meanwhile, we undertake to follow the mature security standard of the industry and take appropriate security protection measures to protect your personal information.

Please read the privacy policy carefully before clicking "Agree", and make sure that the meaning of the contents and legal consequences are fully known and understood. After you click on "Agree" and confirm the submission, you will be deemed to have accepted this privacy policy, and we will use and protect your personal information legally in accordance with relevant laws, regulations and the Policy.

The Policy applies to the products and services related to this website provided by us based on the Internet.

We will collect, use, store and share your personal information in accordance with the Policy. Please read and understand the Policy before you submit your personal information to us. Once you begin to use our services or provide us with your personal data information, it means that you have fully understood and agreed to this Policy. You do not have to provide us with personal information, but if you choose not to provide it, we may not be able to provide you with relevant products or services based on this personal information.

This Policy may not completely cover all possible data processing situations in the course of providing services. Information on collecting specific data for products or services might be disclosed by us in our individual product conditions & terms or published in the specific notice or policy provided when collecting data. Please pay attention to the prompt or notice when you enable a specific function or use a specific product or service.

This Privacy Policy section will help you understand following points:
I. The Data we collect about you
II. How is your personal data collected and used
III. Cookies and similar technologies
IV. How we share, transfer and disclosures of your personal data
V. How we protect your personal information
VI. Your rights (access, correction, deletion, withdrawal of consent, cancellation, restriction of processing, obtaining copies of personal information, constraint of automatic decision-making)
VII. How we process personal information of minors
VIII. Third-party links and their products and services
IX. International Data Transfers
X. Updates of the Policy
XI. How to contact us

(I) The Data we collect about you

In this privacy policy, personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where identity has been removed (anonymous or anonymised data),

We may in certain situation ask for, collect, use, store and transfer different kinds of personal data about you. The data we may collect about you is listed as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, age, date of birth and gender.
  • If you use different devices or browsers to visit our website, you need to tell us your preferences again.
  • Financial Data includes bank account number, bank name and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you purchase from us.
  • Technical Data includes your IP address, login data, browser type and version, operating system and platform, other technology on the device you use to access this website, time zone setting and location, browser plug-in types and versions.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third-party service providers and your communication preferences.
  • Social Network Data includes information that you share publicly or share with us directly, or is part of your profile on a third-party social network (including but not limited to user ID, location, profile image, list of friends, photos, videos, text, audio etc.)
  • Market Research Data includes questions in our voluntary survey about your automotive purchase and usage behaviour, vehicle preferences, etc.

We might also collect, use and share aggregated data such as statistical or demographic data for our business purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we might not be able to perform the reservation or contract as planned or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel the contract or reservation based on the products or services you would like to purchase, but we will notify you if this is the case.

(II) how is your personal data collected and used

1. When you try to purchase our products and/or services, we may use different methods to collect your personal information through following ways:

  • Direct interactions. From time to time, you may give us your Identity, Contact, Social Network and Financial Data by filling in forms or by corresponding with us by post, telephone, email, social media or otherwise. This includes personal data you provide when you:
    • apply for or purchase our products or services;
    • create an account on our website;
    • subscribe to our services or publications;
    • request marketing to be sent to you;
    • take part in a campaign, promotion or survey;
    • comment on our social media pages;
    • create content and share such content with us via third-party social networks;
    • provide information in connection with our careers web pages; and/or
    • give us some feedback or otherwise contact us.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties:
    • analytics providers such as Matomo based inside the EU
    • search information providers based inside or outside the EU
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside or outside the EU
    • Identity and Contact Data from data brokers or aggregators based inside or outside the EU
    • Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU
    • Social Network Data from third party social network sites or applications.

2. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Respond to your service request
  • Process your personal information based on your consent
  • Where we need to perform the reservation or contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

If we rely on consent as a legal basis for processing your personal data (for example, in relation to sending third-party direct marketing communications to you via email, phone call or text message), you have the right to withdraw consent to marketing at any time by contacting us at dataprotection@gwm-eu.com.

3. Promotional offers from us

We may use your Identity, Contact, Technical, Usage, Social Network and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You might receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing

4. Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at dataprotection@gwm-eu.com.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

5. You understand and agree that:

1) In order to make sure the basic functions of our products and/or services run smoothly, we highly recommend you authorize us to collect and use the necessary personal information. Please note: You may not be able to use our products and/or services smoothly if you refuse to provide the corresponding information;

2) In order to provide you with full functions of our products and/or services, you might need to authorize us to collect and use further personal information. If you refuse to authorize, you might not be able to use the full functions or achieve the full functional effect we intend to achieve. However, your normal use of the basic functions of our products and/or services will not be affected.

We will seek your prior consent when we expect to use the information for other purposes not specified in this Policy; and we will seek your prior consent when expect to use the information collected for other purposes based on special purposes.

3) We are committed to creating a variety of products and services to meet your needs. Due to a great variety of products and services we provide to you and differences in the specific product/service scope selected by different users, the basic/additional functions and the type and scope of personal information collected and used will be different correspondingly. Please refer to the specific product/service functions;

4) In order to bring you a better product and service experience, we are constantly striving to improve our technology. Accordingly, we may launch new or optimized functions from time to time, for which we may need to collect and use new personal information or change the purpose or method of using personal information. In this regard, we will separately explain to you the purpose, scope and usage of the corresponding information by updating this Policy, pop-up windows, page prompts, etc., and provide you with a way to choose whether to agree or not and collect and use it upon your express consent. In case of any questions, opinions or suggestions in the process, you can contact us through the contact information provided in this Policy, and we will answer you as soon as possible.

(III) Cookies and similar technologies

In order to make your access easier, when you use our products or services, we may collect and store your access data by adopting various technologies. Therefore, we can identify your identity and provide you with better and more services through analytical data when you access or re-access the products or services. This includes the use of small data files to identify your identity, and the purpose is to understand your using habits, to help you save the steps of repeatedly entering account information, or to help determine the security of your account. These data files may be cookies, Flash Cookie, or other local storage provided by your browser or associated application (collectively referred to as "cookies"). Please refer to our Cookie Policy for a detailed description of how we use Cookie technology.

Please understand that some of our services can only be achieved through the use of Cookies. If your browser or its additional service allows, you can modify the acceptance of Cookie or reject it, but you may not be able to use some services and functions that depend on Cookies after rejection.

(IV) How we share, transfer and disclosures of your personal information

If some services are provided by our authorized partner, we will share your personal information with such partner according to the principles described in this Policy. We may also disclose your personal information to relevant law enforcement agencies or other government agencies as required by applicable laws or in response to legal procedures. The specific processing method is shown below:

1. Sharing

Respecting users' privacy is one of our fundamental principles. We will not share your personal information with any third-party other than us without your express consent. Except for the following circumstances:

1) We may share your personal information with others according to laws and regulations or mandatory requirements of the competent government departments.

2) In terms of IT services, there may also be entrusted service providers outside the EU that must access personal data.

3) We will sign strict confidentiality agreements with the companies, organizations and individuals with whom we share personal information, to require them to process personal information in compliance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures. We will not share personal data that can identify you with unrelated third parties that do not provide any services for marketing purposes.

2. Transfer

We will not transfer your personal information to third-party without your express consent. Except for the following circumstances:

When transfer of personal information is involved in merger, acquisition or bankruptcy liquidation, we will require the new company or organization obtaining your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require the company or organization to seek your authorization and consent again.

We use a Consent Management Platform (CMP) from Usercentrics (Usercentrics GmbH, Sendlinger Str. 7, 80331 München, Germany, on our website, which makes it easier for us and you to deal correctly and safely with scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a cookie consent for you that is required by data protection law and helps us and you to keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. You as a website visitor then decide for yourself whether and which scripts and cookies you allow or do not allow.

The following data is processed for this purpose:

Date and time of access Browser information; Device information; Geographic location; Cookie preferences; URL of the visited page. The functionality of the website is not guaranteed without the processing. Usercentrics is a recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. For more information about objection and removal options vis-à-vis Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.

3. Disclosures

We will not publicly disclose your personal information without your express consent or your voluntary choice. Except for the following circumstances:

Law-based disclosure: We may publicly disclose your personal information in the event of compulsory requirements by laws, legal procedures, lawsuits, or competent government departments. We will also disclose your data in the event of reasonable needs, for example, for the purpose of executing a contract and when we believe that such disclosure is necessary and appropriate to prevent physical damage or property loss or investigate possible or actual illegal acts.

You are clear and aware that our external provision of your personal information does not require your authorization and consent under the following circumstances:

  • Related to national security, public safety and major social interests;
  • Related to criminal investigation, prosecution, trial and enforcement of judgment, or required by the public security, procuratorate, court, Administrative Bureau for Industry and Commerce, and other competent authorities;
  • When it is difficult to obtain the consent of the person himself/herself for the purpose of safeguarding major legal interests and rights such as life and property of the personal information subject or other individuals;
  • When the personal information collected is that disclosed to the public by the personal information subject;
  • When the personal information collected is from legally disclosed information, such as legal news reports and government information disclosed;
  • When it is necessary for entering into a contract at your request;
  • Other circumstances provided by laws or administrative regulations.

(V) How we protect your personal information

1. We attach importance to your information security and take security protection measures that conform to industry standards to protect the personal information you provide from unauthorized access, public disclosure, usage, modification, damage or loss. For example, we will ensure that only authorized personnel and necessary personnel can access personal information and dedicated security personnel is responsible for data security protection and evaluation; we will hold training courses on security and privacy protection to enhance employees' awareness of the importance of protecting personal information; encryption technology will be adopted to ensure the confidentiality of data, and effective security protection schemes will be purchased as encryption protection measures. We will do our best to protect your personal information, but please note that no security measures can be 100% safe and perfect.

2. We will take all reasonable and feasible measures to ensure that personal information that is irrelevant to the achievement of a specific purpose is not collected.

3. We will only retain your personal information for the period required to achieve the purposes stated in the Policy. Our criteria for determining the retention period include: the necessary time to retain personal information for business purposes, including provision of products and services, guarantee of product and service security, answer to possible user inquiries or complaints, problem locating, and users' intention to agree on a longer retention period.

4. If your lawful rights and interests are damaged as a result of unauthorized access, public disclosure, tampering, or destruction of information arising from the damage to our physical, technical, or management protection facilities, we will bear corresponding legal responsibilities.

5. In case of any unfortunate personal information security incidents, we will inform you, according to the requirements of laws and regulations, the basic information and possible impacts of the same, the treatment measures we have taken or will take, suggestions for users to independently prevent and reduce risks, remedial measures for you and the like. Announcements will be issued in a reasonable and effective manner. In the meanwhile, we will also take the initiative to report the disposition of personal information security incidents to the regulatory authorities according to their requirements.

(VI) Your rights (access, correction, deletion, withdrawal of consent, cancellation, restriction of processing, obtaining copies of personal information, constraint of automatic decision-making)

We guarantee that you may exercise following rights on your personal information according to relevant laws, regulations and standards, as well as established practices in Germany:

1. Access User´s Personal Information

If you want to access your own personal information in our official website, based on certain exceptions, we may refuse the request within the scope permitted by applicable German laws and regulations. We reserve the right to adjust the above-mentioned rights of users in accordance with applicable laws and regulations.

2. Modify Your Personal Information

When the user finds that the personal information about the user which we process includes wrong or incomplete information, the user is allowed to correct or update wrong or incomplete information under the premise that such correction does not affect the objectivity and accuracy of the information, only after the user goes through the verification of the user's identity successfully.

3. Delete Your Personal Information

You may request us to delete your own personal information under the following circumstances that:
1) The way we process personal information violates laws and regulations in Germany;
2) We collect and use your personal information without your consent;
3) The way we process personal information goes against the agreement with you;
4) You no longer use our products or services, or you have cancelled your account;
5) We no longer provide you with products or services.

4. Withdraw Your Authorization

It takes some basic personal information to complete each service function. For the collection and use of personal information additionally collected, you can offer or withdraw your authorization at any time.

5. Ask for Copies of Your own Personal Information

You have the right to get a copy of your personal information. As long as it is technically feasible, for instance, mutually matching data interfaces, we can also directly transfer copies of your personal information to a third party designated by you as required.

6. Restrictions on automatic decision-making of IT system

In some of our business functions, we may make decisions based solely on non-manual automatic decision-making mechanisms such as information systems and algorithms. If such decisions significantly affect your legitimate rights and interests, you are entitled to request explanations from us, and we will also provide appeal methods without infringing on our trade secrets or rights and interests of other users and social public interests.

7. Response to Your Requests Above

1) For your reasonable requests, we will not charge you any fees in principle, but for repeated requests that exceed the reasonable limit, we will charge a certain amount of cost as the case may need. For requests that are malicious, or repeatedly occur without justified reasons, require too much technical capacity (for example, it is required to develop new systems or fundamentally change the existing practices), pose risks to the legitimate rights and interests of others, or are very impractical, we may reject them.

2) Time limit for processing your requests: Under normal circumstances, we will reply within [fifteen days]. This period may be extended to one month if necessary, given the complexity and quantity of requirements.

3) We will not be able to respond to private user´s request under the following circumstances:

  • Requesting information of third person;
  • Where the information requested is that shared under confidential conditions;
  • Directly related to national security and national defence security;
  • Directly related to public security, public health and major public interests;
  • Directly related to crime investigation, prosecution, trial and execution of judgment etc.;
  • There is sufficient evidence to demonstrate that you have subjective malice or abuse your rights;
  • Seriously prejudicial to your, other individuals' or organizations' legitimate rights and interests if your requests are responded;
  • Referring to trade secret.

4) You can contact us in the ways listed in the "Contact Us" section below.

(VII) How we process personal information of minors

Our products, websites and services are aimed primarily at adults, especially those involved in driving vehicles. Please be sure to abide by the traffic laws and do not allow minors and adults without driver's license to drive vehicles.

For the collection of personal information of children with the consent of parents, we will only use or publicly disclose the same if permitted by law, explicitly agreed by parents or guardians or it is necessary for the protection of children.

Although the term "Children" may be differently defined by local laws and customs, we regard anyone under the age of 16 as a child.

If you are a parent or guardian, and you think that your children or person under your guardianship who are under eighteen-years-old have submitted personal information to our official website, please contact us in the ways listed in "Contact Us" section below to ensure that such personal information is deleted immediately.

(VIII) Third parties collect personal information from you through our products and services

Our products and services may contain links to third-party websites, products and services, including guiding users to Instagram, Facebook and other platforms to access our social media accounts. Our products and services may also use or provide products or services from third parties. For example, we may process your access data through the data statistics service provided by Matomo to optimize our website experience. For the use, processing, preservation, transfer, retention and destruction of such personal information collected by a third party through our systems, products and services, the privacy policy regarding the third party shall be complied with. If we do not capture or collect your personal information during this process, we do not assume relevant responsibilities, and you are expected to understand the privacy policies and regulations involving these third parties; however, we will strictly comply with the terms of this Privacy Policy if we capture or collect your personal information during this process.

Please note that the server data used by Matomo in processing your information is located in the EU and Matomo will follow the legal framework related to data transmission. In this process, we do not directly collect, store or transfer your personal information.

Matomo

We use software on our website to evaluate the behaviour of website visitors, known as web analytics for short. This involves collecting data that is stored, managed and processed by the respective analytic tool provider (also known as a tracking tool). The data is used to create analyses of user behaviour on our website and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors.

We use Matomo, a website analysis software, on our website. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can learn more about the data processed through the use of Matomo in the Privacy Policy at https://matomo.org/privacy-policy/. Questions about data protection can be sent by e-mail to privacy@matomo.org.

E-Mail Marketing and Newsletter

In order to keep you up to date, we also use the possibility of e-mail marketing. If you have agreed to receive our e-mails or newsletters, your data will be processed and stored. E-mail marketing is a subarea of online marketing. If you want to participate in our e-mail marketing (usually by newsletter), you normally only need to register with your e-mail address, fill out an online form and send it. However, we may also ask you for your name and title so that we can write to you personally.

You have the possibility to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. In most cases, you will find a link to unsubscribe directly at the end of each email. If you really can't find the link in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately.

We use Mautic, a marketing automation software for our website. The service provider is the American company Acquia Inc, 53 State Street, 10th Floor, Boston, MA 02109, USA. Mautic is used as an on premise tool in Germany and data is therefore not transfered to Acquia USA.

YouTube

directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area. On YouTube, users can view, rate, comment on and upload videos themselves free of charge. In order for us to display videos on our website, YouTube provides a code snippet that we have built into our site.

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our UR. If you are logged in to your YouTube account, YouTube can mostly assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet service provider. Other data may include contact details, any ratings, sharing content via social media or adding to your favourites on YouTube. If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting is retained. But a lot of interaction data can't be stored because fewer cookies are set.

(IX) International Data Transfers

Your data is stored exclusively within the EU by us, or the service provider strictly checked and entrusted by us.

In terms of information technology services, especially for the purpose of business function support, it may be necessary to allow contracted service providers located outside the EU to access personal data. We carefully select these service providers and ensure an appropriate level of data protection through contracts and technical and organizational measures. Our transfer actions comply with the EU standard contract terms and where applicable, the contract will be supplemented by additional rules that comply with the business scenario.

Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it, including by ensuring that there is a legal agreement in place which covers such transfer of personal data (which may include using specific contracts approved by the European Commission which give personal data the same protection it has in EU).

For some countries outside the EU, such as the UK and Switzerland, the EU has already defined the sufficient data protection level of these countries, and no special authorization or agreement is needed to transfer data to these countries; for data receivers in other countries, such as China, we provide "appropriate protection level" as required by law using EU standard contract terms, binding company rules or other permitted mechanisms. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EU.

(X) Updates of the Policy

We reserve the right to update or modify this Policy from time to time. We will publish any changes to this Policy on this page. For significant changes, the latest privacy policy will be published immediately on our official website www.ora-eu.com. For significant changes, we will additionally furnish more prominent notices (we will explain the specific changes of the privacy policy by including but not limited to special prompts on the browsing page and pop-up prompts).

Significant changes referred to in this Policy include, but are not limited to:
1. Significant changes in our service mode. For example, the purpose of processing personal information, the type of personal information processed, the way we use personal information;
2. Significant changes in our ownership structure and organizational structure, etc. For example, changes of ownership caused by business adjustments, bankruptcies, mergers and acquisitions, etc.;
3. Changes to main objects that the personal information is shared with, transferred to or publicly disclosed to;
4. Significant changes to your right to participate in the processing of personal information as well as the mode of exercising that right;
5. Changes to the contact information of the department that is responsible for the personal information security, and the complaint channel;
6. Possible high risks indicated in the impact assessment report on personal information security.

(XI) How to contact us

In case of any comments, suggestions or questions about this Privacy Policy or, to your knowledge, our collection and use of your personal information in violation of the laws and regulations or the agreement with you, you can contact us in the following ways, and we will handle your comments, suggestions and related issues in time. Generally, we will reply within fifteen days.
Company name: Great Wall Motor Deutschland GmbH
Address: Max-Diamand-Str. 7, 80937, Munich
E-mail: info@gwm-eu.com
E-mail (Data Protection): dataprotection@gwm-eu.com
DPO E-mail: dpo@gwm-eu.com
(Working hours: 9:00-17:00 CET from Monday to Friday, except public holidays)