Personal data can be accessed by those appointed by LeasePlan to be in charge of data processing, who require access to the data in order to perform their duties (e.g. LeasePlan staff and any external persons in charge of data processing and who deal with the management of Clear Box services) and data processors, as indicated below. The updated list of data processors and subjects to whom LeasePlan transmits the data is available at any point when requested from LeasePlan at the addresses listed below.
Personal data can be transmitted and processed on behalf of LeasePlan by companies and professionals appointed by LeasePlan to carry out specific technical and organizational services for the provision of services delivered by the Clear Boxes and for other processing purposes indicated above in point 2. LeasePlan shall only inform such third parties of the information required for the provision of related services. Such parties are appointed by LeasePlan as data processors and act according to the instructions provided by LeasePlan.
As at the date of this disclosure, LeasePlan has appointed the following service provider as data processor: LeasePlan Information Services, LeasePlan House - Level 2 Central Park, Leopardstown Dublin 18, Dublin (Ireland).
Personal data can be communicated to the following third parties, acting as data controllers, data processors or persons in charge of data processing, as appropriate, for the purposes indicated above in point 2 and in compliance with applicable privacy laws:
- insurance companies and insurance intermediaries, e.g. in dealing with accidents;
- consultants and professionals, operating in association with others, for example, legal advisors;
- companies and agencies managing response activities and road assistance;
- judicial authorities, police forces, official bodies and public authorities for their respective institutional purposes, for example, in the case of a stolen vehicle or road accident, or in legal proceedings;
- the legitimate recipients of communications on the basis of a law or regulation.
LeasePlan can access the personal data of the driver (when a different person from the LeasePlan customer) only to the extent that it is strictly necessary for the implementation of Services, in order to fulfil legal obligations or for protection purposes of any LeasePlan rights. The personal data of the driver of the vehicle are communicated to the LeasePlan customer (when the driver and the customer are different people) for Crash Management Services. This is limited to the necessary data to fulfil the operational leasing agreement in place with the customer, to fulfil legal requirements and to exercise rights in court, and only in one of the following circumstances: (i) where the driver has been proved to be fraudulent (e.g. falsely reporting an accident); (ii) gross negligence on the part of the driver in their operation of the vehicle.
For Theft services LeasePlan does not communicate the driver’s details to its customer.
Personal data will not be circulated under any circumstances, except in cases of specific provision of law.