Privacy policy

1. Preliminary information

This Privacy Policy describes how Sirocco Mobile spółka z o.o. (hereinafter: the "Administrator") processes your personal data that you provide via the contact form on our website dealer360.eu (hereinafter: the "Website"). We care about your privacy and want you to know how we use your data.

2. Contact with the Administrator and the Data Protection Officer

The administrator of your personal data is Sirocco Mobile sp. z o.o. with its registered office in Warsaw (02-672) at ul. Domaniewska 48, NIP: PL5213478053, REGON: 141311127, District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register, KRS: 000301170. In all matters related to the processing of personal data, you can contact us by mail to the Administrator's registered office. The Administrator has appointed a Data Protection Officer - Barbara Chaberka, who can be contacted by writing to the e-mail address: iod@sirocco.eu.

3. Data processing in connection with the contact form

Source and scope of data

The Controller processes personal data obtained directly from you when you contact us via the contact form available on the Website. This includes: first name and last name, e-mail address, telephone number, company name, and also position, if you provide it.

Purpose, legal basis and data processing period

PURPOSE

LEGAL BASIS

PROCESSING PERIOD

Handling inquiries sent via the contact form and responding to potential cooperation.

For individuals representing a company (proxies, employees): Article 6(1)(f) GDPR – the Controller's legitimate interest in communicating with potential clients or contractors. For owners of sole proprietorships (parties to the contract): Article 6(1)(b) GDPR – processing necessary to take action before entering into a contract or to perform it.

The data will be processed until the inquiry is handled, and then for a period not exceeding 36 months from the end of contact, unless an objection to processing is raised earlier. If negotiations are completed and a contract is concluded – for the duration of the contract and its settlement.

Archiving data to secure evidence and potential defense of claims related to the communication or negotiations.

Article 6(1)(f) GDPR – the Controller's legitimate interest in protecting its rights.

The data will be stored until the statute of limitations for potential claims arising from the communication or negotiations, or until an effective objection to processing is raised.

Conducting direct marketing of the Company's products and services, consisting of sending commercial information in the selected communication channel (e-mail and/or telephone contact).

Article 6(1)(f) GDPR – the Company's legitimate interest in marketing its own products and services, in connection with your consent to use the selected communication channel, in accordance with the Electronic Communications Act.

Data is processed until consent is withdrawn, an objection to processing for marketing purposes is raised, or the Company's legitimate interest ceases – whichever occurs first.

Voluntariness of data provision

Providing data is voluntary, but necessary to handle your inquiry. Granting consent additionally enables the sending of commercial, including marketing, information in the selected communication channel (e-mail and/or telephone). Without providing data, we will not be able to contact you or send commercial information. We treat the content of the correspondence as unstructured data. If it contains personal data other than those you provided in the other fields of the form, we process it in a way that prevents identification of the person, in accordance with Article 11 GDPR. You have the right to withdraw your consent to the processing of data for marketing purposes at any time. The withdrawal of consent does not affect the lawfulness of data processing carried out before its withdrawal.

Recipients of personal data

Only authorized employees of the Controller will have access to your data, to the extent necessary to perform their duties. Data may also be transferred to:

  • external entities supporting us in customer management (CRM), IT services, hosting and marketing,

  • public authorities - if we are required to do so by law.

Transfer of data outside the EEA

In connection with the Controller's use of cloud service providers, your personal data may be transferred outside the European Economic Area (EEA), in particular to Israel and the USA. The transfer of personal data may take place on the basis of:

  • Commission Decision 2011/61/EU of 31 January 2011, stating that Israel ensures an adequate level of protection of personal data in accordance with Article 45 GDPR;

  • The European Commission's decision of July 10, 2023, stating that the EU-U.S. Data Privacy Framework (DPF) ensures an adequate level of protection for personal data in accordance with Article 46 of the GDPR.

  • Standard contractual clauses adopted by the European Commission based on Article 46 of the GDPR, in the case of recipients outside the DPF or other countries where an adequate level of data protection has not been established.

You have the right to obtain a copy of personal data transferred outside the EEA. To do so, please contact us using the contact details provided in the Privacy Policy.

Automated decision-making and profiling

Your data will not be subject to automated decision-making, including profiling.

Rights of data subjects

In accordance with the GDPR, you have the following rights:

  • the right to access personal data and obtain a copy thereof;

  • the right to rectify (correct) or complete data;

  • the right to erasure of data ('the right to be forgotten') – in cases provided for by law;

  • the right to restriction of processing;

  • the right to object – at any time, for reasons related to your particular situation, to processing based on the legitimate interest of the Controller; the objection should include a justification;

  • the right to lodge a complaint with a supervisory authority – in Poland, this is the President of the Personal Data Protection Office.

In order to exercise the above rights, please contact the Controller using the contact details provided in point 2.

4. Final provisions

This Privacy Policy is for informational purposes. The Controller reserves the right to make changes, including in the event of changes to legal regulations or the scope of services provided.

The current version of the Privacy Policy is effective as of 04.11.2025

Effective IT products for the automotive industry

A comprehensive solution for the automotive market supporting dealers and importers in their daily challenges. Dealer 360 ecosystem is owned by Sirocco.

Follow us:
Our products:
For new cars
For new and used cars
For used cars
Copyright © Sirocco Mobile sp. z o.o., ul. Domaniewska 48, 02-672 Warsaw, Poland, NIP: PL5213478053, REGON: 141311127, 
District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register, KRS: 000301170.
Do you have any questions?
Find out how Dealer 360 can increase your margin and streamline processes.
Free consultation