Effective May 5, 2023
1. The personal data collected by Fisker
|Scenarios||Type of information collected and processed||Legal Bases|
|When you visit our website/mobile app||Internet activity information such as search history, browsing history, region, IP address, device type, operating system, pixel tags, cookies, and other tracking technologies||Based on consent, contract, or legitimate interest to optimize the user experience of our website and/or mobile app.|
|When you request for information and/ participate in customer survey, referral program||Identification data such as first & last name, e-mail, phone number, Postal address||Based on consent, contract, or legitimate interest to communicate and manage the contact request.|
|When you become Fisker customer||Product or service order information such as credit card, delivery address, vehicle trade-in information, driver’s license||Based on contract to take steps prior to entering into an agreement and complying with contractual and payment obligation.|
|From Third Party Service Providers||Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Based on legitimate business interest for business operation.|
Affiliates - We may disclose some or all of your personal information to our subsidiaries, joint ventures, and Fisker Group Companies other companies under our common control.
Pursuant to Legal Process - We may also disclose personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for information we receive, or as otherwise pursuant to legal process.
Protection of Rights and Interests - We may also use and disclose personal information to establish or exercise our legal rights, to enforce our agreements, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any person.
Business Transactions - Subject to applicable law, we reserve the right to transfer some or all personal information in our possession to a successor organization in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. If any such transaction occurs, the purchaser will be entitled to use and disclose the personal information collected by us in the same manner that we can, and the purchaser will assume the rights and obligations regarding personal information as described in this Policy.
Vendors - We employ other companies to perform functions both on our and your behalf, such as website monitoring and hosting, maintaining and securing the Properties, sales and order fulfillment, product repairs and maintenance, customer service, credit card processing, IT services, online and offline advertising, analytics, sending and responding to electronic mail, and other functions necessary to support Fisker Properties and the products, future product offerings, and services that we offer.
Third Parties - Where permitted by applicable law or where you have agreed, we may share your name and email with select third parties whose products or services we think you may be interested.
Rewards Program or Other Promotions - If you choose to participate in our Rewards Program or a promotion sponsored by Fisker, we may share your personal information with third parties (including, without limitation, a co-sponsor) or the public in connection with the administration of such promotion, and as required by law or permitted by the Rewards Program or other promotion’s terms or official rules (such as on a winners list).
De-identified Data - We may share de-identified information under applicable law.
4. Your Rights and Choices
A. EU General Data Protection Regulation (GDPR)
Under applicable data protection laws, as a data subject, you have right of access, right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object to processing of personal data.
Right of Access - Data subjects have the right to request access to the data we hold about you at any time. This information includes, but is not limited to, the categories of data we have processed, the purposes for which we have processed this data, the origin of the data if we did not collect it from you directly, and, if applicable, the recipients to whom we have transferred your data. You can request a copy of your data free of charge. If you are interested in obtaining additional copies, we reserve the right to charge you accordingly.
Right to Rectification - The data subject have the right to obtain from the us without undue delay the rectification of inaccurate personal data concerning him or her. Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure – The data subject have right to obtain from us the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
The data is no longer required for the purposes for which it was collected or otherwise processed;
Your consent, which is the basis of data processing, is revoked and there is no other legal basis for the processing;
You object to the processing of your data and there are no overriding legitimate grounds for processing, or you object to the processing of data for direct marketing purposes;
The data was processed unlawfully, unless processing is necessary
to ensure compliance with a legal obligation that requires us to process your data;
particularly with regard to legal retention periods;
to enforce, exercise, or defend legal claims.
Right to Restriction of processing - You have the right to request that we restrict the processing of your personal information in certain circumstances, such as :
You dispute the accuracy of the data for the period of time that we need to verify the accuracy of the data;
The processing is unlawful but you refuse the deletion of your data and instead demand a restriction of use;
We no longer need your information but you need it to enforce, exercise, or defend legal claims;
You have lodged an objection against processing as long as it is not clear whether our justified reasons outweigh yours.
Right to Object - In these circumstances, you may have the right to request that we stop processing your personal data:
If the data processing is based on your consent
If the processing is based on our legitimate interests or those of a third party.
We may still continue to process your data, in the event that we can provide legitimate reasons that outweigh your right or that we may need your data to enforce, exercise or defend legal claims.
You have the right to transfer your personal information to another controller in a machine-readable format, if such personal data was processed by us based on a contract or your consent.
If you wish to invoke your data subject rights, please e-mail to firstname.lastname@example.org. We make all efforts to comply with all requests within 30 days. However, this timeline may be extended, or we may be unable to provide information about your data for reason relating to the specific subject right or complexity of your request or legal requirements, in such cases, we will inform you with any such information.
If you believe that your rights were not addressed properly, you are entitled to file a complaint with a competent data protection supervisory authority (in particular in the EU Member State of your habitual residence, place of work or alleged infringement) if you believe we have not complied with applicable data protection laws. The Bavarian data protection authority (Bayerisches Landesamt für Datenschutzaufsicht) is responsible for complaints against Fisker GmbH.
B. California Consumer Privacy Act (CCPA) Privacy Rights and Disclosures
California residents have the Right to Know rights under the CCPA to request to disclose what personal information that we collect, use, disclose and sell, in the preceding 12 months.
Right to Delete - If you are a California resident, you may request that we delete your personal information. Note that deletion requests are subject to certain limitations. For example, we may retain personal information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active Account, and to process transactions and facilitate customer requests.
Right to Opt-Out of Sale - If you are a California resident, you may request that we not disclose your personal information to third parties. Please note that we may continue to share your personal information with our affiliates and service providers and for essential purposes described above and other such circumstances. To the extent “sale” is interpreted under the CCPA to include advertising technology activities such as those disclosed in the cookies and analytics and advertising sections as a “sale,” we will comply with applicable law as to such activities. You may update your preferences through the cookie consent banner that may appear at the bottom of Fisker websites.
Right to Non-Discrimination - You have the right not to receive discriminatory treatment in terms of price or services for exercising any of your CCPA rights.
Exercising Your Rights - If you are a California resident and the CCPA applies to you, you can submit a consumer request by emailing us at email@example.com. In your request, please specify the type of request you are making, and provide your name and email. We will verify your request by contacting you via email and respond substantively within the timeframe permitted by law.
5. Privacy of Children
Fisker Properties are intended for persons age 18 and older. We do not knowingly collect personal information from minors under 18 years of age. We will delete any personal information later determined to be collected from such individuals.
What is a Cookie?
A cookie is a small file that stores Internet settings. Almost every website uses cookie technology. It is downloaded by your Internet browser on the first visit to a website. The next time this website is opened with the same user device, the cookie and the information stored in it is either sent back to the website that created it (first-party cookie) or sent to another website it belongs to (third-party cookie). This enables the website to detect that you have opened it previously with this browser and in some cases to vary the displayed content.
Depending on their function and intended purpose, cookies can be divided into four categories: essential cookies, performance cookies, functional cookies, cookies for marketing purposes.
|Strictly necessary cookie – No consent required||Non-essential cookie – Consent required|
Fisker also integrates with social media cookies from third-party advertisers in its website. Cookies of this type save date anonymously. The data collected from using these plug-ins are used to recognize whether the user of our website is connected parallel with the social media account to enable the sharing of our website content on the social media platforms.
You can update your cookie preference through the cookie consent banner that may appear at the bottom of Fisker websites.
7. Cross-Border Data Transfers
If you are located in the EEA, UK, or Switzerland, we comply with applicable legal requirements for the transfer of personal information to countries outside of the EEA, the UK, or Switzerland. In particular, Fisker has entered into Standard Contractual Clauses issued by the European Commission where appropriate.
8. Cybersecurity & Data Protection
Cybersecurity and data protection is governed from the highest levels of the company. Oversight responsibilities for these programs and risks are provided by the Fisker Board of Directors (“Board”) and delegated to its executive steering councils and the Chief Information Security Officer (CISO). The corporate cybersecurity management team drives cybersecurity and data protection functions across all areas of the business and is accountable to the Board.
We use commercially reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain on your behalf against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use.
In the event of any security incident, we will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notice via email or conspicuous posting on the Services, you agree to accept notice in that form.
Cybersecurity and Data protection policies are regularly reviewed to keep up with the changing threat and regulatory landscape. Independent audits and risk assessments are performed periodically to ensure safeguards supporting these policies remain effective and efficient.
9. Data Retention
We will retain your personal information for as long as you maintain an account or have a contractual relationship with us, or for as long as necessary to provide the products, future product offerings, or services, or for such longer period as may be required or permitted by applicable law. We will also retain personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
10. Modifications to This Policy
We reserve the right to modify this Policy at our discretion, and changes will be effective when we post the revised Policy. Use of the Fisker Properties after posting will be understood as consent to the updated Policy, to the extent permitted by law.
11. Contact Information
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at firstname.lastname@example.org.