Version update date: [Nov 11th, 2024]
Version effective date: [Nov 11th, 2024]
The entity responsible for the processing of personal data referred to below is O&J Automotive Netherlands B.V. (hereinafter referred to as “O&J”, “we” or “us”), a private company with limited liability established under the law of Netherlands, having its statutory seat in Kingsfordweg 151, 1043GR Amsterdam. To ensure compliance with European data protection legislation, O&J is the data controller of this personal data.
We give top priority to the protection of your personal data, and we process your data in accordance with applicable data protection laws. This statement provides comprehensive information about the processing of personal data when you use our website.
This Privacy Statement does not apply to:
- The processing of personal data when you use our vehicle;
- Your use of third-party services in our website. The data processing of these services is subject to their individual privacy policies, which we strongly advise you to read carefully;
- Your use of mobile apps provided by O&J;
- Our employee personal data or candidate recruiting practices
In this Privacy Statement, we will explain to you:
- What personal data we collect and how do we use it?
- What third-party services do we use?
- With whom will we share this data?
- How do we transfer your data outside the EU?
- What rights do you have in relation to your personal data?
- How long do we retain your data?
- How do we protect your data?
- Privacy of Children
- How can you contact us and make a request?
- How will we update this Privacy Statement?
1. What personal data we collect and how do we use it?
Data Processing Purpose |
Type of Personal Data |
Legal Basis for Processing |
To satisfy requests or service appointments you make with us, including test drives, service appointments, and events. |
Your contact information, including name, phone number, and email address. (Note: we may contact you to confirm your booking or request) |
Fulfillment of a contract with you or necessary to take measures at your request before concluding a contract. |
To respond to any feedback, requests, inquiries, or complaints about our products and services (in person, online, phone, email, etc.). |
Your contact information, including name, phone number, and email address. Information about communications and interactions, including details of the request. |
Fulfillment of a contract with you or necessary to take measures at your request before the conclusion of a contract. Necessary for our legitimate interests: managing customer inquiries and requests. |
To participate in surveys or offline events about your experience with our products and services. |
Account information, your contact information, including your name, details of the survey or feedback. |
Necessary for our legitimate interests: understanding, analyzing, and improving the customer experience. |
Signing up for marketing communications. |
Your basic information, including contact information, and order information. |
Where you have provided your consent. |
To detect and defend against unauthorized access to data and to improve information security. |
Device information, network activity information |
Necessary for our legitimate interests: protecting the confidentiality, integrity, and availability of IT systems. |
To understand and analyze the behavior and usage of the website's user interface to improve our services. |
Analytical data (aggregated data on user interface behavior, usage, and website analysis) |
Necessary for our legitimate interests: understanding, analyzing, and improving the customer experience. Where you have provided your consent (website cookies). |
2. What third-party services do we use?
Note: Please visit the Cookie Policy for further details.
On our websites, we incorporate social plugins from popular social networks like Instagram, Facebook, LinkedIn and YouTube. Here’s how they work:
When you visit our websites, social media plugins are initially deactivated. This means no information is transmitted to the network operators. If you want to use any of these networks, simply click on the respective plugin to establish a direct connection to their servers.
If you’re logged into your user account on a social network when you activate the plugin, the network can recognize your visit to our websites and associate it with your account. To prevent this, please log out of the network before activating the social plugin. The social network cannot detect your visits to other websites of ours unless you activate its social plugin on those sites too.
When you activate a social plugin, the network directly transfers the available content to your browser, which integrates it into our websites. During this process, data transfers controlled by the respective social network may occur. Your connection to a social network, the data transfers between the network and your system, and your interactions on the platform are governed solely by the network’s data protection provisions.
The social plugin remains active until you deactivate it or delete your cookies. For more information about cookies setting, please read our
Cookies Policy
Please note that our website may feature links to external websites beyond our control, and this Privacy Statement does not apply to them. If you access these websites through the provided links, the operators of those websites may collect information from you according to their own privacy policies, which may differ from ours.
3. With whom will we share this data?
3.1 Services providers and business partners as data processors
On our websites, we do not share your information to any third party for the purpose of service currently. If the functions or services provided are about to change and update, we will update this statement in accordance with Article 10 of Privacy Policy.
We share data with our service providers and partners to maintain our business operations, our relationship with you, and to provide our services:
Categories of Providers |
Reason for Sharing |
IT Providers and Their Sub-Processors |
Personal data is transferred to IT providers who provide general corporate support systems, such as software providers and data storage. |
Authorized Resellers (and related sub-processors) |
Personal data is transferred to authorized resellers for the purpose of communicating and managing the delivery of vehicles (if applicable). |
Marketing and Advertising Providers |
To assist, manage, and provide services through digital marketing and advertising services. |
Cloud Service Providers |
To improve vehicle functionality and provide cloud services. |
3.2 Law enforcement and government authorities
To fulfil our legal obligations, we may be required to disclose information in response to subpoenas, court orders, or lawful requests from government authorities conducting investigations. This includes compliance with law enforcement requirements, regulatory inquiries, and the verification or enforcement of our policies and procedures. We may also disclose information in emergency situations to prevent or halt potentially illegal, unethical, or legally actionable activities. When we receive a request for personal data from a law enforcement authority, we assess the necessity and proportionality of the requested information.
4.How do we transfer your data outside the EU?
In principle, the personal data we collect is stored in the countries of your place of residence or within the European Economic Area and UK, your data will be stored at our data center located in Irelandk.
Regardless of where your personal data is processed, we apply the same protections described in this Notice. We transfer your personal data in compliance with the legal frameworks required by various jurisdictions. Recipients of your personal data are required to adhere to the same level of privacy protection imposed by applicable data protection laws. These include, but are not limited to:
- Adequacy decisions, such as:
- European Commission Adequacy Decisions
- United Kingdom Adequacy Regulations
- Contracts, such as:
- Standard Contractual Clauses (SCC)
- International Data Transfer Agreement (IDTA) of the United Kingdom
5. What rights do you have in relation to your personal data?
To make a query, raise a concern, or exercise your data subject rights, please feel free to contact us via privacy@omodajaecoo.nl
5.1 Right to withdraw consent
Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
5.2 Right to access your personal data
You have the right to request information about the personal data we hold regarding you. Upon request, we will provide you with a copy of your personal data.
5.3 Right to rectification
You may request from us the rectification of incorrect or incomplete personal data concerning you. We make reasonable efforts to keep personal data in our possession or control, which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
5.4 Right to restriction
You may request from us the restriction of processing of your personal data, if:
- You contest the accuracy of your personal data, for the period we need to verify the accuracy;
- The processing is unlawful and you request the restriction of processing rather than erasure of your personal data;
- We no longer need your personal data for the processing purpose, but you require them for the establishment, exercise, or defense of legal claims; or
- You object to the processing while we verify whether our legitimate grounds override yours.
5.5 Right to portability
You have the right to receive your personal data provided to us and, where technically feasible, request its transfer to another organization. This right applies if we process your personal data through automated means, based on your consent or for the performance of a contract you are a party to. Your personal data must have been provided by you, and this right should not adversely affect the rights and freedoms of others. You can receive your personal data in a structured, commonly used, and machine-readable format. The transmission of your personal data to another organization is subject to technical feasibility.
5.6 Right to erasure
You have the right to request that we delete the personal data we process about you. We must comply with this request unless the processing of your personal data is necessary for:
- Compliance with a legal obligation requiring processing by laws to which we are subject;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; or
- The establishment, exercise, or defense of legal claims.
5.7 Right to object
You have the right to object, at any time, to the processing of your personal data based on our legitimate interests or the legitimate interests of a third party, provided that the processing is not based on your consent. If you exercise this right, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing is necessary for legal claims. If you object to the processing, please let us know if you also wish for your personal data to be erased.
5.8 Right to be informed
You have the right to be informed about the collection and use of your personal data. We have prepared this Statement for this purpose, and you will be informed of any changes to this Statement.
5.9 Right to lodge a complaint
You have the right to lodge a complaint with your local data protection supervisory authority or with any other data protection authority in the EU. However, we would appreciate it if you first contact us to try to solve your issue – you can find our contact details in Section 9.
6. How long do we retain your data?
We retain data related to our provided services in accordance with legal obligations. If you are a customer, we will keep your data for the duration of any contractual relationship you have with us, and, where permitted, beyond the end of that relationship for as long as necessary to fulfil the purposes set out in this Privacy Statement.
We retain the data we collect from or about you for the period necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law. Once the data is no longer necessary for these purposes, we either delete it or retain it in an anonymized form. In determining the appropriate retention period, we take into account various criteria, including the type of services requested by or provided to you, the nature of our relationship with you, the potential impact on the services we provide to you if we delete certain data about you, and the retention periods mandated by law.
7. How do we protect your data?
We strive to maintain high security standards and have implemented robust technical and organizational measures to protect your data, in accordance with the current, general state of technology. We ensure that your personal data is adequately secured against loss, falsification or unauthorized access. However, please note that the transmission of information via the internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee 100% security of your data transmitted to us.
Once we have received your personal data, we use strict procedures and security features to prevent unauthorized access. In the unfortunate event of a personal data incident, we will report it and take remedial measures in accordance with the requirements of the law and regulatory authorities.
We take the security and privacy of your data seriously. To ensure the highest standards of data protection, all personal data collected through our services is stored in a secure data storage centre located in Dublin, Ireland.This location adheres to the stringent data protection regulations set by the European Union under the General Data Protection Regulation (GDPR).
8. Privacy of children
We do not knowingly collect or use any personal data from children (we define ‘children’ as minors younger than 16) without prior, verifiable consent which is given or authorized by the holder of parental responsibility over the child. We do not knowingly allow children to order our vehicles, communicate with us, or use any of our online services.
If you become aware that a child has provided us with personal data, please contact us:
privacy@omodajaecoo.nl . We will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required by law.
9. How can you contact us and make a request?
If you have any questions about the processing of your personal data, we recommend reading through this Privacy Statement first.
To make a query, raise a concern, or exercise your data subject rights, please feel free to contact us via:
We take your privacy seriously and aim to respond to you within one month or within the timeline specified by the relevant local privacy protection law, after confirming your identity. If you believe that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.
For the Netherlands, the competent data protection authority is Autoriteit Persoonsgegevens (https://www.autoriteitpersoonsgegevens.nl/en).
10. How will we update this Privacy Statement?
We may update this Privacy Statement, for example, to reflect changes in our business operations and measures for protecting personal information. If we make changes to this Privacy Statement, we will notify you. Where changes to this Privacy Statement significantly impact the nature of our data processing or have a substantial effect on you, we will provide sufficient advance notice, allowing you the opportunity to exercise any applicable rights.