GAC Europe

Asia Pacific
Middle East & Africa
America
Europe
Other Countries and Regions
lang
Register

Privacy Policy

Last Updated: September 3, 2025

 

  1. Who We Are

We are pleased about your visit on a website of GAC Motor Europe B.V. (“GAC” or “we”) having its registered office at Alpha Tower, De Entree, 1101 BH Amsterdam, The Netherlands . In this Privacy Policy (“Policy”), we inform you about the processing of your personal data by GAC in connection with your visit to our website (www.gacgroup.com/en-eu, the "Platform"). Therefore, we hope that you will carefully read and fully understand this Policy. Please pay special attention to the terms highlighted in bold or other distinguishing formats, as they may significantly affect your rights and interests.

 

This Policy applies to personal data collected through this Platform or directly provided by you, but it does not apply to other third-party platforms or services. This Platform may contain links to other websites. You may choose whether to access the content, products, or services provided by these third parties. If you click on these links, please note that we are not responsible for the protection of your personal data on those sites. Your access to and use of third-party websites is not governed by this Policy. We have no control over the privacy and data protection practices of such third parties, and they are not bound by this Policy. Before submitting any personal data to third parties, please carefully review their privacy policies.

 

Please read and understand this Policy carefully before using this Platform.

 

  1. How We Collect and Use Your Personal Data

We collect your personal data to provide you with various products and/or services, understand your needs, establish, maintain, and develop our relationship with you, and comply with applicable laws, regulations, and regulatory requirements. As you interact with the Platform, we may collect certain personal data from or about you from the following sources:

 

  • Directly from you: such as when you visit or use the Platform;

  • Cookies and online technologies: We may use cookies and other online tools to automatically collect information about you when you interact with the Platform, as described in Section 3.

 

In general, we collect and use your personal data in the following scenarios:

  • Data Analysis

When you visit and browse the Platform, in order to better provide you with products or services, and continuously improve our products, services, and optimize and enrich your user experience, we use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors interact with the Platform and to improve our services accordingly. In the course of using Google Analytics, the following categories of data may be collected:

  • Analyzing your device preferences: device type (PC/mobile phone/tablet), operating system, browser type, screen resolution.

  • Traffic source analysis: network information: IP address (may be anonymized), internet service provider (ISP), approximate geographical location (country, city).

  • Optimizing user experience: collecting your behavior data: visited pages, time on page, click path, scroll depth, bounce rate.

  • Evaluating marketing effects: collecting your traffic sources: referring websites (such as search engines, social media), advertising campaigns (UTM parameters).

  • Distinguishing independent visitors: collecting your user identification.

The legal basis for processing this personal data is based on your consent, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).

 

  • Conversion Tracking (Google Ads)

In order to measure the effectiveness of our advertising campaigns and understand whether users complete desired actions (such as purchases or registrations) after clicking on ads, we use Google Ads Conversion Tracking. This allows us to perform cross-page and cross-domain attribution analysis. We may collect your advertisement click ID (gclid) and the corresponding click timestamp.

The legal basis for processing this personal data is based on your consent, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).

 

  • Test Drive Reservation Service

In order to provide you with test drive reservation services, you need to provide us with your mobile phone number, email address, and preferred vehicle model, so that we can arrange test drive services for you.

 

  1. How We Use Cookies and Similar Technologies

When you visit this Platform, we use cookies and similar technologies to collect some of your personal data, including web beacons that store user preferences and settings, in order to prevent fraud, authenticate users, and collect information about the operation of the services. Cookies can basically be divided into three categories. There are cookies which are essential for the functionality of the website (so-called functional cookies), cookies which increase the level of comfort when visiting a website and, for example, save your language settings (so-called comfort cookies) and cookies which are used to create a pseudonymised user profile (so-called tracking cookies).

 

The processing of functional cookies is necessary to enable you to visit the website (Article 6 Paragraph 1 letter b GDPR).

 

Tracking cookies are only set if the website visitor has given his/her consent (Article 6 Paragraph 1 letter a GDPR). Consent is given via the so-called cookie banner, which must be actively clicked on.

Cookies and similar technologies are used to collect this data to enhance our products/services. You can refuse or manage cookies by changing the settings of your browser add-ons. However, please note that disabling cookies may affect your experience with our services, and some features may not function properly.

 

For more information on cookies and how we use them, please refer to the Cookie Policy available on this Platform.

 

  1. Who We Share Your Personal Data With

Certain modules or functions within our products or services are provided by external suppliers. For companies, organizations, and individuals that we entrust with the processing of personal data, we will enter into strict confidentiality agreements or other data protection-related agreements with them. These agreements require them to handle your personal data in accordance with our instructions, applicable laws and regulations, and any other appropriate confidentiality and security measures.

 

In principle, we will not share, transfer, or disclose your personal data with any third-party companies, organizations, or individuals, except in the following circumstances:

 

  • With other third parties that you direct or provide consent.

  • Sharing for legal reasons. Subject to the requirements of this Policy, we may share your personal data in specific circumstances, such as to comply with legal regulations, mandatory government directives; to safeguard the legitimate rights and interests of you, us, or third parties; to prevent or address issues related to fraud, security, or technical problems, etc.

  • Sharing with affiliates.To assist, operate, enhance, and fulfill services on our behalf based on our legitimate interests to outsource certain operations, we may share your personal data with Companies that are owned or controlled by us, or where we have a substantial ownership interest.

  • Sharing with third-party service providers. To arrange your test drive reservation, we may share the following personal data with our local affiliated company or distributors: mobile phone number, email address, preferred vehicle mode.

  • Sharing with Third-Party Technology Integrations (SDKs). To provide certain functionalities and improve your experience, we may integrate technologies from third parties into our Platform through Software Development Kits (SDKs). These third parties may collect or process personal data on our behalf or in connection with your use of our services.

 

SDK Name

Purpose of Sharing

Types of Personal Data Shared

Sharing Method

Privacy Policy Link

Google Map SDK

To provide map and location-based services

User device information, user interaction coordinates, and IP-inferred coarse location

SDK embedded

https://policies.google.com/privacy

Google Analytics SDK

To analyze user behavior and optimize the app experience

App information; device information (system settings, system attributes, device model, operating system, IP address, approximate location); network information (network connection type, Wi-Fi status, carrier information); user behavioral data

SDK embedded

https://policies.google.com/privacy

 

You may request us to assist in contacting the third-party recipient to exercise your statutory rights through the contact details described in Article 9.

 

  • Sharing as a result of a change in our corporate structure. In the event of a merger, division, dissolution, acquisition, or declaration of bankruptcy that involves the transfer of personal data, we will inform you of the name and contact details of the recipient of your personal data. We will require the new company or organization that holds your personal data to continue to be bound by this Privacy Policy; otherwise, we will require that company or organization to obtain your authorization and consent again.

 

  1. How We Store and Protect Your Personal Data

    • Safeguarding Personal Data Security

We are committed to ensuring the security of your personal data. We employ a variety of security technologies and procedures to protect your personal data from unauthorized access, use, modification, destruction, or disclosure. Our primary security measures include:

  • We store your personal data in computer systems located in controlled facilities and have implemented general security measures.

  • We only permit specific employees who need to process the relevant data for the purpose of operating our products and services to access personal data, and we require them to fulfill strict confidentiality obligations.

  • We continuously strive to ensure the security of your personal data and employ end-to-end encryption during data transmission to prevent unauthorized access, use, modification, destruction, or disclosure of your data.

  • When transmitting and storing your sensitive or special categories of personal data, we will exercise greater caution and employ technical security measures such as encryption to ensure data security.

  • In the event of a personal data security incident, we will notify you in a timely manner in accordance with legal and regulatory requirements, using push notifications or public announcements. The notification will inform you of the basic facts and potential impacts of the incident, the measures we have taken or plan to take, suggestions for your own risk mitigation, and any remedies we may provide. We will promptly address system vulnerabilities, network attacks, virus intrusions, and other security threats.

  • Retention Period of Personal Data

We will retain your personal data only for the shortest period necessary to achieve the purposes described in this Policy (such as the duration of the services we provide to you), unless otherwise stipulated by law or administrative regulations (for example, tax records are typically required to be retained for at least six years). Since the retention period may vary depending on different scenarios and the types of products or services, we determine the appropriate retention period by primarily consider the following criteria and use the longest applicable period among them:

  • The period required to retain personal data to fulfill the relevant business purposes, including providing products and services, maintaining corresponding transaction and business records, managing and enhancing the performance and quality of products and services, ensuring the security of systems, products, and services, addressing potential user inquiries or complaints, and troubleshooting;

  • Whether you have consented to a longer retention period;

  • To address potential inquiries, complaints, or legal proceedings;

  • Whether there are any special requirements for data retention under applicable laws, contracts, etc.

Once the storage period necessary to achieve the purposes set forth in this Policy has expired, we will irreversibly delete your personal data or anonymize it in accordance with applicable legal requirements, unless otherwise stipulated by law or you have separately agreed to extend the retention period.

  • Location of Personal Data Storage

The personal data is stored on our behalf and in accordance with our instructions on servers of the following service providers:

Cloud Service Providers

Purpose of Sharing

Types of Personal Data Shared

Sharing Method

Privacy Policy Link

Storage Location

Huawei Cloud

To provide cloud server, database, and storage services

User stored data (order information / content, etc.), operational metadata (access logs / IP, etc.)

API call / Service subscription

https://www.huaweicloud.com/intl/en-us/declaration/sa_prp.html

Dublin, Ireland

 

  1. International Transfers

As a multinational company headquartered in the People’s Republic of China (“China”), the personal data we collect may be processed or accessed in the country/region where you use the platform, or in other countries/regions where we or our affiliates, service providers, or business partners are located. As such, your personal data may be transferred to China or other jurisdictions where privacy laws may not offer the same level of protection as those in your jurisdiction. In such cases, we will take measures to ensure that the personal data we collect is processed in accordance with this Policy and applicable laws.

 

If you are located in the European Economic Area (EEA) and the United Kingdom (UK), we ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place. We will use various legal mechanisms, such as entering into the Standard Contractual Clauses approved by the European Commission, or obtaining your consent for the cross-border transfer of personal data, or anonymizing personal data before cross-border data transfer, to ensure continued protection under applicable data protection laws.

 

  1. Your Rights

Depending on your country/region and the applicable data protection laws, you may have certain rights with respect to your personal data. These rights may include, but are subject to any exceptions or limitations:

  • Right to be Informed:

You have the right to obtain information regarding whether your personal data is being processed, as well as the categories of personal data and the purposes of the processing.

  • Right to Rectification:

You have the right to request that we rectify any of your personal data that is incorrect or incomplete.

  • Right to Restrict Processing:

You have the right to request the restriction of the processing of your personal data if the requirements specified under Article 18 of the GDPR have been met. This is the case, for example, if you dispute the accuracy of your data. You may request that processing is restricted for as long as it takes to examine the correctness of your data.

  • Right to Object:

If the processing is based on a predominantly legitimate interest, you have the right to object to the processing of your data. In the event of objection, we ask you to inform us of the reasons for which you object to data processing. In addition, you have the right to object to data processing for direct marketing purposes. This also applies to profiling in so far as it is related to direct marketing.

  • Right to Data Portability:

If data processing is based on consent or contract fulfilment and is also based on the use of automated processing, you have the right to receive your data in a structured, standard and machine-readable format and to transmit it to another data processor.

  • Right of Revocation:

Insofar as the data processing is undertaken based upon consent, you have the right to revoke your consent for the data processing, with future effect at any time, free of charge.

  • Right to Erasure:

You have the right, in the event that the requirements specified in Article 17 of the GDPR have been met, to demand the deletion of your data. Accordingly, you may request the deletion of your data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you may request deletion if we process your data on the basis of your consent and you revoke this consent.

Due to technical limitations, we may not be able to delete your personal data immediately. Such data will be removed during subsequent system updates. In the interim, upon receiving your deletion request, we will cease all processing activities related to your personal data. If we are required to retain your personal data due to applicable legal or regulatory obligations, or if immediate deletion is technically infeasible, we will cease all processing other than storage and the implementation of necessary security measures.

  • Right to lodge a complaint:

You also have the right to lodge a complaint with your local data protection supervisory authority regarding our processing of your data. However, we would appreciate it if you first contact us to try and solve your problem – you can find our contact details below.

For users in the European Economic Area, you can find the contact information of the data protection regulatory authority in your residence at the following link: https://edpb.europa.eu/about-edpb/board/members_en

  • Other Rights

If the personal data protection laws of your country/region provide for different protections of data subjects’ rights than those stipulated in this Policy, please inform us through the contact details listed in Article 9. We will take appropriate measures to protect your rights, taking into account the applicable laws of both the data processing jurisdiction and your location, as well as the available technical safeguards.

  • Respond to Your Request

When you wish to exercise the aforementioned rights, you may contact us through the contact details described in Article 9. Upon receiving your request, we may first verify your identity and may ask you to provide necessary information for the purpose of identity verification.

We will contact you as soon as possible after receiving your request. For requests that are technically infeasible, or not required to be fulfilled under applicable laws or regulations, or where fulfilling the request would violate legal or regulatory obligations, we may refuse such requests and explain the reasons to you. If we have reason to believe that no action needs to be taken in response to your request, we will also inform you of our decision and provide a corresponding explanation.

 

  1. Protection of Children’ Personal Data

This Platform and its services are primarily intended for adults. We do not knowingly collect personal data from children under the minimum legal age in their jurisdiction (e.g., 16 in most EU Member States). If you are under the minimum legal age in your jurisdiction, you may only use this Platform with the participation of your parents or guardians.

If we discover that we have collected personal data from children without obtaining verifiable parental consent in advance, we will endeavor to delete the relevant data as soon as possible. If you are a guardian of a child and have questions about the processing of the personal data of a child under your guardianship, or if you have evidence that a child has registered to use this platform without your consent, please contact us using the contact details provided in this Policy. We will take steps to delete the child’s personal data from our systems as soon as possible, unless otherwise required by applicable laws or regulations.

 

  1. Contact Us

If you have any questions or suggestions regarding this Policy, or if you discover any violations of this Policy, please feel free to contact us. We provide multiple channels to assist you and hope to offer a satisfactory resolution:

We will make every effort to help resolve your concerns.

 

  1. Update to the Privacy Policy

We are committed to keeping this Policy clear and up to date. Whenever we make material changes to this Policy, and in particular when this notice underlies your consent, we will inform you of the changes and acquire your consent where required. This Policy is current as of the date which appears at the top of the document.

Changes referred to in this Policy include, but are not limited to:

  • Significant changes to our service model, such as the purposes for which personal data is processed, the types of personal data collected, or how such data is used

  • Changes to the primary recipients of shared, transferred, or disclosed personal data;

  • Changes to your rights regarding the processing of personal data and how you may exercise those rights;

  • Any other changes that may have a significant impact on your rights and interests relating to personal data.