(2) CONTROLLER AND DATA PROTECTION OFFICER
The data controller is Ferrari S.p.A., with registered office at Via Emilia Est, N. 1163, Modena, Italy. You can contact the Ferrari's Data Protection Officer by email at: firstname.lastname@example.org.
(3) COLLECTION OF YOUR PERSONAL DATA
We collect personal data, which is information that identifies you or relates to you as an identifiable individual.
(A) Information You Provide To Us
If you choose to engage in certain services offered on our Websites, we will collect personal data from you. We collect personal data from you when you:
- Apply for employment. When you apply for employment with Ferrari, we collect your identifiers (name, email address, physical address, and telephone number), and your professional or employment information (resume, cover letter, employment history, and educational history). We use this personal data to manage and consider your application with Ferrari, as necessary to comply with the law, and to create your candidate account. Once your candidate account is created, we will also store your username and password. The legal basis for this processing is that the processing is necessary to perform a contract or to take steps at your request, before entering a contract. Ferrari also processes this personal data as part of its legitimate interest in the facilitation and optimization of the recruitment process.
- Contact us. When you send Ferrari a question or inquiry, or ask for other support, you will need to provide us with personal identifiers (name and email address), protected classifications (gender), and any other information you choose to provide in your correspondence. We use this personal data to respond to your questions or inquiries, troubleshoot where necessary, and address any issues you have with the Websites or the services offered thereon. The legal basis for this is performance of our contract with you.
- Download the MyFerrari mobile application. When you download the MyFerrari mobile application, you will need to activate your account. To do so, we will collect your personal identifiers (name and email address). Once your account is activated, we will store your password. We use this personal data to activate your account and confirm your registration as a Ferrari owner. The legal basis for this is performance of our contract with you.
- Inquire about financial services. To obtain more information on Ferrari financial services, you will need to provide us with your personal identifiers (name, email address, telephone number, and physical address). We use this personal data to manage and communicate with you about your request for more information. The legal basis for this is your consent.
- Report a violation of Ferrari's Code of Conduct. Ferrari provides an Ethics Helpline for individuals to request advice and/or report concerns that may be inconsistent with Ferrari's Code of Conduct. If you request advice and/or report a concern, we will collect your personal identifiers (name, telephone number, and email address) and any additional information you choose to disclose in your correspondence. We use this personal data to assess, investigate, and resolve your report and to comply with the law. The legal basis for this processing is your consent.
- Register as an owner. If you register as a Ferrari owner, we will collect your personal identifiers (name, email address, date of birth, and physical address), protected classifications (gender), professional or employment information (your job activity), and commercial information (Vehicle Identification Number, vehicle information, and license plate number). Once your owner account is created, we will also store your password. We use this personal data to process your owner registration and create your account. The legal basis for this is performance of our contract with you.
- Request a service at an official Ferrari dealer. To request a service, we will collect your personal identifiers (name, email address, telephone number, and physical address) and commercial information (Vehicle Identification Number and details of your vehicle). We use this personal data to book your service appointment and communicate with you about your service request. The legal basis for this is performance of our contract with you.
- Profiling activities. If you opt-in, we may use this personal data described in this section to analyze your behaviors, habits and propensity to consume to enhance products and services provided by the Ferrari, to satisfy your expectations as well as to send you marketing communications we feel may be of interest to you. In doing so, Ferrari will analyze your preferences and interests using automated analysis techniques that provide Ferrari with inferences concerning you, including profiling. The legal basis for this is your consent. You may revoke your consent at any time by clicking the unsubscribe link provided within each email. This link will redirect you to our consent management page where you can opt-out of our newsletters.
- Subscribe to marketing communications. If you opt-in, we may also use this personal data described in this section to send you marketing communications as well as sending advertising on Ferrari products and services, or performing market researches. This data may be processed in hardcopy, by automated or electronic means including via mail or e-mail, phone (e.g. automated phone calls, SMS, MMS), fax and any other mean (e.g. web sites, mobile apps). In doing so, Ferrari will analyze your preferences and interests using automated analysis techniques that provide Ferrari with inferences concerning you, including profiling. The legal basis for this is your consent. You may revoke your consent at any time by clicking the unsubscribe link provided within each email. This link will redirect you to our consent management page where you can opt-out of our newsletters.
- Subscribe to the Ferrari Newsletter. When you subscribe to the Ferrari newsletter, we will collect your personal identifiers (email address) and your preferences on the newsletters you wish to receive. We use this personal data to send you the newsletter(s) as requested. The legal basis for this is performance of our contract with you.
- Subscribe to the Official Ferrari Magazine. When you subscribe to the Official Ferrari Magazine, we will collect personal identifiers (name, email address, physical address, telephone number, and date of birth) and customer records information (payment card number, expiration date, and CVV). We use this personal data to send you the Official Ferrari Magazine as requested and to process your payment. The legal basis for this is performance of our contract with you.
Ferrari may also use the personal data we collect as described in this section to improve our products and services, to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in HOW WE SHARE YOUR PERSONAL DATA. This is part of our legitimate interest in the performance of our contractual obligations, protection of legal rights, and compliance with legal obligations. Ferrari may also deidentify or aggregate the personal data for benchmarking purposes.
(B) Information Collected Automatically.
Cookies and Tracking Technologies
In addition to the personal data you provide directly, we may also collect information from you automatically as you use our Websites. This information includes the following internet or other electronic network activity information and location information:
- Usage information. This includes information regarding your interaction with our Websites, such as which pages you visit, the frequency of access, how much time you spend on each page, what you click on while on the Websites, and referring website addresses.
- Device information. This includes certain information about your device that you use to access our Websites, such as browser type, browser language, hardware model, operating system, and your preferences. For the MyFerrari mobile application, we will also assign a unique identifier to your mobile device.
- Location information. This includes information about your location, which may be determined through your IP address.
- Essential. We use essential cookies to authenticate users, prevent fraudulent use of the Websites, and to allow the Websites and its features to function properly.
- Functional. We use functional cookies to provide enhanced functionality and personalization, to remember your login information, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
- Analytics. Analytics cookies allow us and our analytics provides to recognize and count the number of users to the Websites, see how users interact with the Websites and different functions, and when users are using the Websites. We use this information to improve the Websites.
These cookies include also the following categories:
- Facebook Pixel. We use Facebook Pixel to customize our advertising and to serve you ads on your social media based on your browsing behavior. This allows your behavior to be tracked after you have been redirected to our Websites by clicking on the Facebook ad. The Facebook Pixel stores a cookie on your device to enable us to measure the effectiveness of Facebook ads for statistical and market research purposes. We do not have access to the information collected through the Facebook Pixel. However, the information collected via the Facebook Pixel, on the Websites as well as other websites on which Facebook Pixel is installed, is also stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes in accordance with Facebook's Data Usage Policy. The Facebook Pixel also allows Facebook and its partners to show you advertisements on and outside of Facebook. Such sharing may be deemed a sale under the California Consumer Privacy Act. To opt-out of this sharing and displaying of Facebook ads, visit your Facebook Ad Settings, and you can clear and control the information third parties share with Facebook in your Off-Facebook Activity page. If you do not have a Facebook account, you can opt-out of Facebook ads through the Digital Advertising Alliance here.
- Bing Ads. Bing Ads is a remarketing service provided by Microsoft. We use Bing Ads to service you advertisements based on your past visits to the Websites. You can learn more about the privacy practices of Microsoft here. Such sharing may be deemed a sale under the California Consumer Privacy Act. To opt-out of this sharing and of Bing Ads. You can follow the instructions here.
(4) RECIPIENTS OF YOUR PERSONAL DATA
Ferrari may need to make the personal data identified in this Privacy Notice available within Ferrari, with service providers, or with other third parties. These instances include:
Within Ferrari. We may share your personal data with Ferrari subsidiaries for legitimate business purposes and general business management. The legal basis for this is our legitimate interest in carrying out our business efficiently. Upon your consent, we may also share your personal data within the Ferrari Group Companies for marketing purposes. You may revoke your consent at any time.
With Service Providers. We may share your personal data with our service providers that assist us in providing the Websites. The legal basis is our legitimate interest in providing the Websites efficiently. These service providers include communication providers, web-hosting providers, IT support, our customer management platform, shipping providers, payment processors, call center providers, marketing providers, and e-commerce providers.
With Third Parties. We may need to disclose your personal data to third parties, such as legal advisors, law enforcement agencies, or governmental/regulatory bodies in order to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm, for risk management purposes, and to comply with our legal obligations. The legal basis for this is compliance with the law, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
In the Event of a Corporate Reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal data with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We would also share personal data with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings.
With Your Consent. Apart from the reasons identified above, we may request your permission to share your personal data for a specific purpose. We will notify you and request consent before you provide the Personal data or before the personal data you have already provided is shared for such purpose. You may revoke your consent at any time.
Sharing in the Last Twelve (12) Months
For a Business Purpose. In the preceding twelve (12) months, Ferrari has disclosed the following categories of personal data for a business purpose to the following categories of third parties:
- We have disclosed your personal identifiers, internet and other network activity information, and customer records information to service providers that perform services on our behalf. These service providers include our e-commerce provider, communication providers, web-hosting providers, IT support, our customer management platform, shipping providers, payment processors, call center providers, and marketing providers.
- We have disclosed your internet or other electronic network information and location information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair Websites errors that impair functionality.
- We have disclosed your internet or other electronic network information and location information to our IT support to maintain, improve, and upgrade the Websites.
(5) YOUR DATA CHOICES
Correct or View Your Information. You may access your Ferrari owner’s account to correct or view certain personal data you have provided to us and which is associated with your account.
Online Advertising. To opt-out of interest based advertising generally or to learn more about the use of this information by our service providers you can visit the Network Advertising Initiative or the Digital Advertising Alliance. For European users, please visit the European Interactive Digital Advertising Alliance here.
Marketing Emails. You may opt-out of receiving marketing emails from us by clicking the “unsubscribe” link provided with each email. Please note that we will continue to send you notifications necessary to the Websites, your account, or requested products or services.
Device Location Settings. You may prevent your mobile device from sharing your location data by adjusting the permissions on your mobile device or within the MyFerrari mobile application.
Uninstall MyFerrari. You can stop all further collection of your personal data by the MyFerrari mobile application by uninstalling the mobile application.
(6) GENERAL DATA PROTECTION REGULATION (GDPR)
a. Right of Individuals Under the GDPR
If our processing of your personal data is subject to the GDPR, you have the following rights with respect to your personal data:
- Right to Access. You have the right to ask Ferrari for copies of your personal data. This right has some exceptions, which means you may not always receive all personal data we process.
- Right to Rectification. You have the right to ask Ferrari to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to Erasure. You have the right to ask Ferrari to erase your personal data in certain circumstances.
- Right to Restrict Processing. You have the right to ask Ferrari to restrict the processing of your personal data in certain circumstances. See YOUR DATA CHOICES for additional ways you can restrict processing of your personal data.
- Right to Data Portability. You have the right to ask that we transfer the personal data you gave us from one organization to another, or give it to you in a structured, ordinarily used, and readable format.
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.
To exercise your rights, you may submit a request in writing to Ferrari S.p.A., via Abetone Inferiore 4, Maranello (MO), Italy or by email at email@example.com.
b. Personal Data Transfer Outside of the European Economic Area
Within its contractual relations, Ferrari may transfer personal data to countries outside of the European Economic Area (“EEA”). In the event personal data is transferred outside of the EEA, Ferrari will use appropriate contractual measures to guarantee an adequate protection of personal data, including implementation of agreements based on the standard contractual clauses adopted by the EU Commission.
(7) CALIFORNIA RESIDENTS
To the extent the California Consumer Privacy Act (CCPA) applies to the processing of your personal data you would be entitled to the following rights:
- Right to Access. You have the right to request what personal data Ferrari has collected, used, disclosed, and sold about you within the preceding twelve (12) months. You may make a request for access twice within a twelve (12) month period.
- Right to Deletion. You have the right to request the deletion of your personal data that Ferrari collects or maintains, subject to certain exceptions.
- Right to Opt-Out. You have the right to opt-out of the sale of your personal data to third parties. Ferrari does not have actual knowledge that it sells personal data of minors under the age of sixteen (16) years.
- Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA.
For requests submitted via telephone or email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal data and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal data. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.
(8) NEVADA RESIDENTS
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of certain of your personal data. We do not currently sell any of your personal data under Nevada law, nor do we plan to do so in the future. If you have any questions regarding our data privacy practices, or would like to opt-out of the future sale of your personal data, please contact us at firstname.lastname@example.org.
(10) DO NOT TRACK
We do not respond to Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform Websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
(11) INFORMATION SECURITY
To protect your personal data from unauthorized access, destruction, use, modification, or disclosure, we have implemented technical, administrative, and physical security measures. These security measures include encryption, access controls, and anti-virus and anti-malware protection. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal data we have collected from you.
(12) CHILDREN’S PRIVACY
The Websites and the services offered thereon are not intended for individuals under the age of eighteen (18) years. If we learn that we have collected or received personal data from individuals under the age of eighteen (18), we will delete the personal data. If you believe we have personal data on individuals under the age of eighteen (18), please contact us at the contact information provided below.
(14) LINK TO THIRD PARTY WEBSITES
Third party websites accessible from this website are under the third party responsibility.
The Company declines all responsibility concerning requests and/or provision of personal data to third party websites.
For questions, please contact Ferrari at:
Data Protection Officer
Legal and Corporate Affairs
Via Abetone Inf. 4; I-41053, Maranello, (MO); Italy