Privacy Policy : AmberMotors

UAB MOBILITY FLEET SOLUTIONS PRIVACY POLICY

UAB Mobility Fleet Solutions (hereinafter – we or the Company) values and protects the privacy and security of your data, therefore in this Privacy Policy (hereinafter – the Privacy Policy) we explain how we handle the personal data of our Customers (hereinafter – you): (a) when you using our website www.ambermotors.com; (b) when you enter into an agreement with us; (c) when you communicate with us by phone, e-mail, social networks and how we handling other information collected and/or received about you in an informed and lawful manner.

Our services are intended only for legal entities to use our Website and/or enter into an Agreement with us. However, despite the fact that our Custumer ir a legal entity, we also inevitably process individuals personal data for directors, employees, authorized persons (hereinafter – the Employee). Therefore the Customer must introduce all its Employees who are entitled to use the Website and/ or enter or prosses and Agreement with the conditions set forth in the Privacy Policy.

In this Privacy Policy, we provide the most important structured information about the processing of personal data: i.e. what personal data we collect, how and why we use it, what legal bases we use to process it, how long we store it, to whom we transfer it, and your rights and how to exercise them.

We process personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as the GDPR) and other applicable legal acts in the field of personal data protection as well as this Privacy Policy. If you use the Website we will consider that you have read this Privacy Policy and agree to the purposes, methods and procedures for the processing of your personal data set out therein. If you do not agree with the Privacy Policy, please do not use our Website and do not provide us with your personal information in any other way.

The Privacy Policy is a constantly changing document, therefore, we can improve, modify, update it. You will be additionally informed about critical policy changes, but we encourage reviewing this Privacy Policy from time to time.

DEFINITIONS

The following terms are defined as follows in this Privacy Policy:

We, or the Company, shall mean UAB Mobility Fleet Solutions a private limited liability company, established and operating under the laws of the Republic of Lithuania, legal entity 302735731 , address of registered office Ozo g. 10A, LT-08200 Vilnius.

Customer, shall mean any legal entity to whom we create Account and/or with whom we sign an Agreement.

Employee – means an employee of the Customer (legal entity) or other natural person specified by the Customer, who is connected to the Account by the Customer and grants the right to use the Services in the name and for the account of the Customer and/ or grants the rights to sign and process an Agreement.

Services shall mean all services that the Company offers and provides to Customer via Website and/ or Accroding to an Agreeement.

Website shall mean the website accessible at www.ambermotors.com

Account shall mean a digital account created in the Website.

Agreement shall mean the agreement between you and the Company in order to establish a car purchase and sale transaction.

Other terms shall have the meanings assigned to them and defined in the GDPR and/or the Services Agreement.

WHAT IS PERSONAL DATA AND WHAT IS USED FOR?

Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of personal data – the processing of personal data refers to activities such as the collection, storage, use, transfer and disclosure of personal data.

The Company shall use Customer legal entity details and it‘s Employee personal data mainly to provide Website Servises and in order to conclude and fulfil an Agreement obligations. All purposes and legal bases of how the Company process personal data are detailed in Chapter 14 below.

ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

We generally process your data specified in this Privacy Policy on these legal bases:

for conclusion, performance, amendment and administration of the Agreement (Article 6(1)(b) of the GDPR);
for fulfilment of legal obligations and requirements of legal acts applicable to us (Article 6(1)(c) of the GDPR);
for pursuing our legitimate interests and those of third parties (Article 6(1)(f) of the GDPR);
for acting in accordance with your consent (Article 6(1)(a) of the GDPR).

In the scope and under the conditions set by applicable legal acts, one or several of the abovementioned legal grounds may apply to processing of the same of your personal data. The purposes and legal bases of how the Company process your personal data are detailed in Chapter 14 below.

FROM WHAT SOURCES DO WE OBTAIN YOUR DATA?

We receive almost all of your personal data from you when you register in our Website and/or enter into an Agreement with us.

Also, when permitted by law and when necessary to achieve the performance of the Agreement and/or the main purposes of personal data, the Company collects and receives information about you from the following various sources in accordance with the requirements of legal acts:

From the following third party sources (the list is not exhaustive):
information about your payment transactions from payment service providers;
information on inquiries, requests, information, etc. from companies (eg insurance companies), authorities (eg police, state authorities);
debt, claims management, administration, credit rating information from authorised service providers;
information we receive from public registers and information systems.

DO WE SHARE YOUR DATA WITH OTHERS?

Yes, the Company discloses all or part of the personal data about you to these people or company categories: various service providers with whom it has entered into agreements; Group companies; the competent authorities, authorities, organizations and other data controllers who have a right to information in accordance with applicable law and / or our legitimate interests. Also, with your consent, your data may be disclosed to persons and/or companies specified by you.

The Company has a variety of service providers (eg, transportation providers, software, server hosting, data center, cloud, service, IT, payment, audit, accounting, legal, tax advisory, claims management, debt collection, etc.). All service providers have entered into service agreements with us and are considered to be processors of your personal data who may process your personal data only in accordance with our instructions and in strict compliance with the purposes of the processing of personal data. All data processors, like Us, must ensure the security of your data in accordance with applicable law and the agreements entered into with us.
In order to ensure the smooth provision of the Service and the quality of your service, it may be necessary to transfer certain of your personal data to the companies of the Company’s group. All companies in the Company’s group are considered service providers and have entered into service agreements with us and are considered to be processors of your personal data who may process your personal data only in accordance with our instructions and in strict compliance with the purposes of processing personal data.
Cases where we provide your data to various other third parties (non-exhaustive list):
State institutions;
Courts;
Debt Collection agencies;
Insuance companies;
Legal, tax and other advisors.

DO YOU TRANSMIT DATA OUTSIDE THE EEA?

The data processors or independent data controllers we use are usually located in the Member States of the European Union or who store the data entrusted to them by the Company in the European Union. However, we have cases where carefully selected processors (such as Google pvz., Microsoft Azure and etc.,) and independent data controllers (such as social networking platform operators LinkedIn, Facebook) process data outside the European Union.

We closely monitor the practices and guidelines of data protection supervisors regarding the transfer of data outside the European Union and carefully assess the conditions under which data are transferred and may be further processed and stored after the transfer outside the European Union. To ensure an appropriate level of data security and to guarantee the lawful transfer of data, we create, where possible, the Standard Contract Terms approved by the European Commission for the transfer of data outside the European Economic Area (EEA) or in accordance with other terms and conditions set out in the BDAR.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We store your personal data for no longer than required by the purposes of the processing or as required by law. Details of the possible purposes for which your data will be processed and the time limits for the retention of personal data obtained for those purposes are set out in Chapter 14 at the bottom of the text of this Privacy Policy.

In those cases when the data storage period is not indicated in this Privacy Policy, your data will be stored no longer than necessary for achievement of the purposes, for which the data were collected, or for a period set by legal acts.

After the end of your data processing and storage duration set in this Privacy Policy, we destroy your data or anonymise them irreversibly and reliably as soon as possible, within a period reasonably necessary for performance of such an action.

If different processing or storage periods can be applied to the same data category for different purposes in accordance with this Privacy Policy, the longest of the applicable periods shall apply.

Your personal data can be stored for a period longer than indicated in this Privacy Policy only when:

your data is necessary for the proper administration of the debt, damages (for example, you have not fulfilled your financial and/or property obligations or caused damage to us or other persons), examination and settlement of a dispute, complaint, the protection of our legitimate interests or those of third parties;
that is necessary in order that we could defend ourselves from existing or threatening demands, claims or legal actions and exercise our rights;
there are reasonable suspicions of violations, illegal activities, which are or may be subject to investigation;
this is necessary for ensuring the functioning, resilience, integrity of backup copies, information systems, traceability of operations, statistical and other similar purposes;
there are other grounds provided for in legal acts.

HOW DO WE CARE FOR THE SECURITY OF YOUR PERSONAL DATA?

We process your personal data responsibly and securely in accordance with the Director’s approved “Personal Data Processing Policy” and the technical and organizational measures in place to protect your personal data from accidental or unlawful destruction, damage, alteration, loss, disclosure, or any other unlawful processing. We follow the following basic principles of data processing:

We collect personal data only for defined and legitimate purposes;
We process personal data fairly and only for the original purpose;
We store personal data for no longer than required by the established purposes of data processing
We assign the processing of personal data only to employees who have been granted such a right and official access;
We only process personal data using reasonable technical and administrative means;
We disclose personal data to third parties only if there is a legal basis;
We inform the State Data Protection Inspectorate about the recorded or alleged violation of personal data;
We carry out periodic deepening of employees’ knowledge of personal data processing issues;
We perform periodic internal and / or external audits of IT security.

We emphasize that we regularly monitor our systems for potential breaches or attacks, but it is not possible to fully ensure the security of information transmitted over the internet, as well as breaches that may occur due to your negligence or data disclosure to others. In view of this, you provide the data to us via Website and other communication channels partly on your own discretion and at your own risk.

WHAT RIGHTS DO YOU HAVE?

If we process your personal data for the purposes set out in this Privacy Policy or if you have reason to believe that we are processing your personal data, then you have the following rights:

to request access to your personal data and get their copy;

If you are our Customer you can ask to provide a copy of Company’s details and your Employees personal data related to your Account and performance of the Agreement.

to request rectification or restriction of inaccurate or incomplete personal data;

In case of changes in data presented by you to us (Employees, their last name, e-mail address, telephone number or in case you think that the information processed by us about you is inaccurate or incorrect, you have the right to demand to modify, amend or correct such information.

to request deletion or restriction of personal data which are excessive or processed unlawfully;

When there are certain circumstances indicated in personal data protection legal acts (when personal data is processed unlawfully, when you challenge data accuracy, you stated an objection to data processing on the basis of our legitimate interest, etc.), you also have the right to restrict your data processing.

to object to the processing of your personal data;

you have the right to object to personal data processing, when personal data is processed based on our legitimate interests at any time by contacting us the ways indicated in Chapter 10 of the Privacy Policy.

Right to erasure (right to be forgotten);

When there are certain circumstances indicated in legal acts on personal data protection (e.g. when the basis for data processing has disappeared, etc.), you have the right to request that we erase your personal data.

If you provide us with the request to erase all or some of your data and express your wish “to be forgotten”, we will no longer process those data of yours which will no longer be necessary for the purposes for which they were collected or otherwise processed. After you have exercised the right “to be forgotten”, your personal data will be further processed for the following main purposes and on the following main grounds (the list is non-exhaustive):

for the purposes of meeting accounting, tax requirements, personal data will be further processed according to Article 6(1)(c) of the GDPR (data processing is necessary to fulfil the legal obligation imposed on the data controller);
in order to manage customers’ complaints and other requests and inquiries, personal data will be processed according to Article 6(1)(b) of the GDPR (it is necessary to process data in order to fulfil the contract, a party to which the data subject is);
in case of disputes, administration of damages and debts, in order to pursue our other legal claims and protect our rights, data will be further processed according to Article 6(1)(f) of the GDPR (data processing is necessary in pursuance of legitimate interests of the data controller or a third party).
to request transfer of your personal data provided in a structured, machine-readable format;

In order to exercise this right, contact us the ways indicated in Chapter 10 of the Privacy Policy and we will send you a letter with information (or will explain in person) how you can obtain a copy of personal data or transfer it to other organization.

to withdraw your consent at any time if data processing is based on the data subject’s consent. Withdrawal of the data subject’s consent shall not affect lawfulness of data processing before the withdrawal of the consent;

In case where we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will stop. For example, you can withdraw your direct marketing consent to receive offers and information at any time. The withdrawal of these consents will not prevent you from concluding an Agreement with us, however this will mean that we will not be able to give offers that may be useful to you. You have the right to withdraw consent at any time by clicking on the link “Unsubscribe from newsletters” in the e-mail at any time or by contacting us the ways indicated in Chapter 10 of the Privacy Policy.

to file a complaint with the State Data Protection Inspectorate

If you think that we process your data in breach of requirements of personal data protection legal acts, we always ask that you contact us directly at first. We believe that our good will efforts will be enough to disperse any doubts you may have, to answer your questions, to satisfy requests and correct any errors we made, if any. If you are not satisfied with a problem solution we suggest or if, in your opinion, we are not taking actions that must be taken in order to satisfy your request, you will have the right to lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, LT-10312 Vilnius, e-mail ada@ada.lt).

HOW CAN YOU APPLY FOR THE EXERCISE OF YOUR RIGHTS?

You can submit your enforcement request in the following ways:

You can unsubscribe from the newsletter at any time by clicking on the email the “Unsubscribe from Newsletter” link in the email;
You can exercise other rights by submitting an application by e-mail X, signed by a qualified e-mail. signature (eg using “Smart-ID” or “M. signature”), or attaching a notarized copy of an identity document to the application sent by e-mail X;
upon arrival at our customer service department and filling in the application form (in which case we will ask for an identity document).

HOW DO WE PROCESS YOUR REQUESTS?

In order to protect our Customers’ data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity. For identity verification, we, first of all, use the ways indicated in Chapter 10 of the Privacy Policy.

Upon receipt of your request regarding implementation of any right of yours and having successfully performed the above-indicated verification procedure, we undertake without undue delay, but in any case no later than within 1 (one) month after receipt of your request and completion of the verification procedure, to give you information about actions we took upon your request. With regard to complexity and number of requests, we have the right to extent the period of one month for 2 (two) more months, informing you about it before the end of the first month and indicating reasons for such an extension.

If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g. due to a particularly large scope of information) or when you request to answer you in some other way.

We have the right to refuse to satisfy your request by our reasoned written response under the conditions and grounds provided for in legal acts. We will provide you with information free of charge, however, if the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, we may require a reasonable fee to cover administrative costs or may refuse to act upon your request.

HOW CAN YOU CONTACT US?

The data controller that processes your personal data indicated in this Privacy Policy, when you use the Company’s Service, is UAB UAB Mobility Fleet Solutions , legal entity code 302735731, address: Ozo g. 10A, LT-08200 Vilnius.

You can contact us on all issues concerning this Privacy Policy, data processing as follows:

by e-mail: info@ambermotors.com

VALIDITY OF AND CHANGES TO THE PRIVACY POLICY

If we change this Privacy Policy, we will publish its updated version on our Website and in the App, besides, you will be additionally informed about the most important/essential changes via e-mail and/or otherwise. The latest changes to the Privacy Policy were made on and are valid from July 12,2022

WE COLLECT YOUR PERSONAL DATA AND USE IT FOR THESE PURPOSES

The tables below, which are divided into convenient individual categories, provides an additional descriptions of data processing processes and detailed information on how we collect, process and store your personal data.

ACCOUNT CREATION IN THE WEBSITE

Data categories	In the Account creation process, you provide us with and we collect the following data: Company name, company code, company registration address. We collect the following personal data of the employee and director: first name, surname, mobile phone number, e-mail address. Also technical data such as Account creation date, date of accepting the last version of the Terms, consents, IP address.
Legal grounds for data processing	Conclusion, performance, amendment and administration of the Website Services (Article 6(1)(b) of the GDPR).
Duration of data processing	If the Website Account was terminated/deleted without using the Website Services – during the effective term of the Account and for a maximum period of 1 year after its expiry.
	In all other cases, during the effective term of the Website Account and for a maximum period of 5 years after its expiry.
	Chapter 7 of the Privacy Policy lists cases and conditions where personal data of yours can be stored or otherwise processed for a longer period of time.

CONCLUDING AN AGREEMENT

In order to sign an Agreement it is important for us to collect an Employee proof for legal ground representation and copy of passport or ID card along with all other documents. According to Lithuanian VAT code we must have documents proving that the specified transaction for the supply of goods, acquisition of goods or provision of services has taken place. Insufficient evidence may lead that, the tax administrator may charge the supply of goods at the standard VAT rate.

Data categories	In order to conclude a contract for purchase of the vehicle, we will process the following personal data: Company’s name, company’s code, company’s registration address, country name, VAT code and other company information, sales details, financial assessment, creditworthiness reports, payment information and other information that is included in the Agreement. We collect the following personal data of the Employee: first name, surname, mobile phone number, e-mail address, job title, proof legal ground for representation, copy of passport or ID card. Also technical data such as Account creation date, date of accepting the last version of the Terms, consents, IP address.
Legal grounds for data processing	Agreement (Article 6(1)(b) of the GDPR). Legal interest to collect Employee proof for legal representation and copy of passport or ID card (Article 6(1)(f) of the GDPR – Article 41, 47, 49 and 56 of the Lithuanian VAT Code provides that a VAT payer who has applied a 0% VAT rate and in other circumstances must have documents proving that the specified transaction for the supply of goods, acquisition of goods or provision of services has taken place.
Duration of data processing	In all other cases, during the effective term of the Agreement and for a maximum period of 10 years after its expiry.
Duration of data processing	Chapter 7 of the Privacy Policy lists cases and conditions where personal data of yours can be stored or otherwise processed for a longer period of time.

CUSTOMER SERVICE – INQUIRIES, REQUESTS, COMPLAINTS

We also use your contact data (e-mail, phone number) to provide you with relevant information about use of our Website Services, changes in the terms of Agreement, pricelist and/or the Privacy Policy. Also to contact you if you haven‘t completed all vehicle request steps or if we notify problems in connection with Services provided, etc.

Data categories	The telephone number you are calling from or the e-mail address, other information pertaining to your inquiry, including, but not limited to, first name, surname, inquiry content, etc.; call record, technical details of the call (date, duration, etc.); history of calls; complaint, request, inquiry text, description of the circumstances of the complaint or another inquiry, documents supporting the complaint, request, inquiry, other information provided to us.
Legal grounds for data processing	Your consent (Article 6(1)(a) of the GDPR). Conclusion, performance, amendment and administration of the Website Services and Agreement (Article 6(1)(b) of the GDPR).
Duration of data processing	Complaints, claims, written requests related to the performance of the Agreement and/or Website which may be related to disputes, shall be stored throughout the entire effective term of the Agreement or Website Service use and no longer than for 5 years after its expiry, unless longer periods specified below apply.
Duration of data processing	Chapter 7 of the Privacy Policy lists cases and conditions when these personal data of yours can be stored or otherwise processed for a longer period of time.

DIRECT MARKETING – NOTIFICATIONS, OFFERS AND INFORMATION BY E-MAIL, SMS, WEBSITE NOTIFICATIONS, ETC.

Data categories	Your name, surname, e-mail address and/or telephone number; login type; country, city, customer registration date, status (complete/incomplete); the App version; operating system; direct marketing consents; the Website usage statistic, Agreement information.
Legal grounds for data processing	Our legitimate interest (Article 6(1)(f) of the GDPR, Article 13(2) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), paragraph 2 of Article 81 of the Law on Electronic Communications): – to send you general and personalized offers and information; – to send you push notifications in the Website; – to perform automation of marketing tools. Your consent (Article 6(1)(a) of the GDPR) – to receive our Service notifications, offers and other information via phone call or SMS; – partners’ offers and information;
Duration of data processing	The consent validity period shall be up to 36 months, unless it is withdrawn by you earlier. We will store the fact of consent during the period of validity of the consent and for 12 months after its expiry.
Duration of data processing	Chapter 7 of the Privacy Policy lists cases and conditions when these personal data of yours can be stored or otherwise processed for a longer period of time.

MARKETING AND COMMUNICATION IN SOCIAL MEDIA

Data categories

Name, surname, gender, country, photograph, information about communication in the account (“like”, “follow”, “comment”, “share”, etc.), notifications sent, information on notifications (message receipt time, message content, message attachments, correspondence history, etc.), comments, reactions to published entries, sharing, information on participation in events and/or games organized by us.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR).

Our legitimate interest (Article 6(1)(f) of the GDPR) to manage our social media profiles.

Duration of data processing

Personal data used for this purpose shall be stored as long as you are registered on a specific social network or as stated in the specific social network privacy policy.

WEBSITE USE AND WEBSITE ADMINISTRATION, SUPPORT, IMPROVEMENT

Data categories	Data about login to the Website Account, data about the device operating system, entry, use, changes of the Account data or other activities, previous history data, settings, other system parameters, IP address, duration of visit, pages visited, devices and applications used for web browsing, cookies consent and collected data.
Legal grounds for data processing	Conclusion, performance, amendment and administration of the Website and Website Account (Article 6(1)(b) of the GDPR). Your consent (Article 6(1)(a) of the GDPR). – For cookies use; Legitimate interest pursued by us or by third party (Article 6(1)(f) of the GDPR): – to ensure security, resilience, recoverability, traceability, integrity, functioning of actions, operations of the App and information systems; – to ensure uninterrupted provision of our Services, their support and improvement.
Duration of data processing	Logs and related entries – up to 3 months.
	Cookies see the Cookie Policy.
	If the Website Account was terminated/deleted without using the Website Services – during the effective term of the Account and for a maximum period of 1 after its expiry
	In all other cases, during the effective term of the Website Account and for a maximum period of 5 years after its expiry.
	Chapter 7 of the Privacy Policy lists cases and conditions when these personal data of yours can be stored or otherwise processed for a longer period of time.

FRAUD PREVENTION AND ENFORCMENT OF LEGAL REQUIREMENTS, ADMINISTRATION OF DEBTS AND DAMAGES

Data categories	Information on your debt to the Company, including the debt amount, date, history, information on performance of the Agreement. Data about you from public registers and information systems lawfully available to our service providers (involved in debt administration, administration of damages, debt recovery). Information about inquiries, requests, information, etc. provided by companies (e.g. insurance companies), authorities (e.g. police), medical institutions, other organisations. Information on assets, driving license data, information about other persons that were in the Vehicle and/or were driving it (in case of damage, violations of the Road Traffic Regulations, etc.). Information from variety of authority organizations about initiated prior to judicial investigations, criminal investigations, etc. All other personal data specified in this Privacy Policy.
Legal grounds for data processing	Our legitimate interest (Article 6(1)(f) of the GDPR): – to perform risk assessment and management; – to ensure protection of our property, property interests and those of our customers, other persons; – to ensure collection of fees for the Services provided, administration of debts, management of damages; – to ensure prevention of fraud, other actions of bad faith; – to administer, manage and recover your debts and damages inflicted on us and our property; – to ensure pursuance of our rights and legitimate interests. Conclusion, performance, amendment and administration of the Services Agreement (Article 6(1)(b) of the GDPR).
Duration of data processing	During the entire effective term of the Agreement and for a maximum period of 5 years after its expiry.
Duration of data processing	Chapter 7 of the Privacy Policy lists cases and conditions when these personal data of yours can be stored or otherwise processed for a longer period of time.

COMPLIANCE WITH TAX, ACCOUNTING, OTHER STATUTORY OBLIGATIONS

Data categories	Employee first name, surname, address, personal ID number, VAT number (when a person is registered as a VAT payer), data about the Service (Service description; price/amount paid), issued accounting documents and their details, other accounting and tax data that we must collect, process and store under laws and other legal acts.
Legal grounds for data processing	Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR): – accounting, taxes, other public obligations; – prevention of money laundering; – protection of consumer rights; – product safety; – information security; – other areas relevant for us.
Duration of data processing	Legal acts provide for periods of storing documents and data therein (e.g. a period of 10 years is set for accounting documents, invoices, etc.).
	The periods of storage, archiving and management of documents of the Company apply and are set according to effective legal acts, in compliance with requirements of the Index of the General Document Storage Periods, as approved by the Chief Archivist of Lithuania, and other documents and/or recommendations.
	Chapter 7 of the Privacy Policy lists cases and conditions when these personal data of yours can be stored or otherwise processed for a longer period of time.

END OF THE PRIVACY POLICY.