Dacia

Attention : *Confidentialité non incluse avec ce produit

Dacia

Renault Group
Wi-Fi Bluetooth

Passé en revue le : 15 août 2023

|
Mozilla a effectué 24 heures de recherches
|

L’avis de Mozilla :

|
Vote du public : Très flippant

Dacia is a Romanian car company founded in 1966. In 1999, the company was sold to France-based Renault Group. Dacia sells most of its cars in Europe and Northern Africa. Models include the Sandero, Jogger, and Duster. Their Dacia Media Control app let's owners of Dacia connect their phone to their car and do things like navigate with Waze, find where you parked your car, and receive an alert if you forget your phone in your car. How is Dacia at privacy? Well, being a European-based car company covered by Europe's stronger privacy laws sure seems to help. As far as we can tell, they aren't so bad. Our biggest worry is that we couldn't confirm if they encrypt all the personal data stored on their cars.

Que pourrait-il se passer en cas de problème ?

What? A car company that doesn't seem completely terrible at privacy? Could it be? Could it be because it's a French-based car company that is governed by stricter European GDPR privacy laws and doesn't sell cars in North America where privacy laws are much more lax? We're guessing that is probably it.

Our biggest concern with Renault Group-owned Dacia is that we couldn't confirm if all the data the car collects is encrypted as it sits on the car. It could well be, we just couldn't confirm that and multiple emails to the privacy contact at Renault Group went unanswered, so we just don't know.

They do, like the rest of the car brands, collect a lot of personal information about you like your name, address, and your vehicle’s VIN number. They also collect data about your driving and what you do in your car: When you accelerate, pump the brakes, or use multimedia. They also record all your interactions and conversations with them. Again, for car companies, this level of data collection seems pretty standard.

They're a bit more vague than some of the other car makers about the actual data points they collect. In their UK Privacy Notice, they list the categories of personal data they can collect with a few examples usually followed by “etc.” We don't love that tiny word because it lets us know that we're only getting a sample and not a complete list. And, as privacy researchers, we're nosy as heck -- it’s our job! So for example, Renault Group collects “Data related to your personal and/or professional situation (family situation, socio-professional category, etc.)” Pretty vague! But also, c’est la vie (with most privacy policies)!

They do say that they will ask for your consent when your geolocation is collected. Great! But that’s something Renault Group must do to comply with Europe’s General Data Protection Regulation (GDPR). It’s the law. And that’s the thing about reviewing a European car brand. Like we mentioned, because the GDPR offers pretty strong privacy protections, any car company focused on Europe is going to have better privacy practices by default than brands serving countries, like the United States, with no federal data protection. On that note, you do have the right to get access to and delete your data. Woohoo! Thanks again, GDPR!

We feel that all that data Renault Group can collect about you when you communicate with them, sign up for their services, and purchase or drive their vehicles is more than enough. So we don't like that they can collect even more information about you “through other companies in our group or partners” even if they say they'll get your consent when they have to. That doesn't feel super in line with your commitment to data minimization, Renault Group. More on those commitments, Renault Group sometimes shares your personal information in ways that don't seem totally necessary, or in their words, for "explicit, legitimate and determined purposes." For example, they say then can share it with “[a]ny associated or connected motor manufacturer from whom we purchase or hire goods (and their group companies)” and "partners." It’s also not clear to us whether they will only share your personal data with law enforcement when they are legally obligated to, according to the language they use in their UK Privacy Notice.

We learned that some of the information Renault Group asks for is mandatory and some isn’t. The second kind is collected in the interest of “getting to know you better especially in order to send you personalized marketing information.” So if you're not interested in letting Renault Group get to know you like that, only fill in form fields marked “mandatory.”

In another tip of the hat to the protections of GDPR, Renault Group won't sell your personal data, like so many other car makers do. But that doesn't mean they're not in the data business. We can tell they're investing in big data and digital transformation through their partnerships with Google and IT consultancy, Atos. It does mean that they probably trade in aggregated and anonymised data which is not covered by the GDPR. We also like to point out that it can be relatively easy to de-anonymize those kinds of data sets.

Renault Group says that “Protecting your personal data is central to Renault’s values.” Aww, we love to hear it! Except we're not seeing too much to back that up besides obeying the law. It’s not looking amazing for one of the “good ones,” we know. Yet we still have one last beef (or should we say beouf?) with Renault Group. They're part of a strategic alliance with privacy-monster Nissan, one of the worst car companies we reviewed a privacy. What does that mean exactly for the fate of your personal data? Well, probably not much thanks to the strong legal protections in place. Still, given these companies’ cozy relationship, we’ll take it as a cautionary tale for what Renault Group might do if they could. Bravo, privacy laws! Finally, even though we're getting déja-vue writing this, it’s our duty to tell you that Renault Group, like all of the other car brands we looked at, comes with *privacy not included.

Conseils pour vous protéger

  • Do not give consent to tailored advertisement.
  • Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
  • Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
  • Before reselling your car, make sure to notify the company
  • When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
  • Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
  • Only give access to your data to trusted third-parties
  • When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
  • Opt out from your mobile device's location sharing.
  • Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
  • mobile

Ce produit peut-il m’espionner ? informations

Caméra

Appareil : Oui

Application : Oui

Microphone

Appareil : Oui

Application : Oui

Piste la géolocalisation

Appareil : Oui

Application : Oui

Que peut-on utiliser pour s’inscrire ?

Quelles données l’entreprise collecte-t-elle ?

Comment l’entreprise utilise-t-elle les données ?

We ding this product as it is may obtain information about you from other companies, and the consent will be asked only if required by your local regulation.

Renault Group Privacy Notice

"We may also obtain information about you through other companies in our group or partners, with your consent when required by the regulations."

"We collect your personal data in particular when:
- You visit one of our websites, which may use cookies or other tracers,
- You contact us via an online form, email, telephone, live chat, visit to a dealership or by any other means,
- You participate in a game or event, or subscribe to one of our newsletters,
- You purchase a vehicle or a service (maintenance, repair, warranty, connected services),
- You use a connected vehicle,
- You respond to one of our studies or satisfaction surveys,
- You create a user account to access our services from your computer or smartphone,
- You interact with us on social media, including through the Facebook, Instagram and Twitter "Like", "Share" or " Tweet" buttons on the Renault pages, which can lead to collection and exchange of personal data between the social networks and us."

"Within the context of our relationship, and in line with the context in which your personal data is collected, we may use your data to:
A - Manage our initial interactions
B - Manage our commercial relationship
C - Manage services provided by your connected vehicle and on-board applications
D - Conduct studies and analyses
E - Manage our marketing operations"

"We analyse the personal data of our customers and prospects, both the data they have provided to us directly (including data related to browsing on our websites and the use of our mobile applications, subject to consent) and data from third parties (subject to consent where necessary), to create algorithms that enable us to assess and/or predict their potential interests and preferences for our products and services (using scores and segmentation).
The use of such tools is defined as profiling by the regulations. We believe it is in our legitimate interests to understand the preferences of our customers and prospects in order to provide them with content that meets their needs or desires. We have weighed up the respective interests and have put in place measures to ensure that your fundamental rights and freedoms are not breached.
The analysis activities are intended to provide you with personalised content, such as specific offers by email, on Renault phone applications, and content on our websites or third-party websites (e.g Facebook). For example, processing of this data may lead us to send you offers relating to the car segment likely to be of interest to you. This also enables us to not send you certain advertising offers if we understand that they will not match your interests."

"We may share your personal data with our approved dealer network and Renault SAS. We may also share your personal data with other companies in Groupe Renault such as Renault MAI, in charge of mobility activities (such as car sharing and remote test drive services), or subsidiaries offering financial services, such as RCI Banque SA and RCI Bank UK Limited, either under such companies’ legitimate interest or in order to fulfil our contractual obligations. Your consent will be obtained where consent is required by the regulations. These entities may act as data controller, in accordance with their personal data protection policy, or as processor, to perform tasks according to the instructions we give them.

In order to process all or part of your personal data, we call upon trusted third-party providers, acting as processors, in accordance with our instructions and solely on our behalf, to fulfil the following functions:
- Hosting, operation or maintenance of our databases, websites and mobile applications,
- Provision of authentication services,
- Credit/debit card payment processors (including WorldPay);
- RAC, AXA or other provider of services directly to you;
- A purchaser or potential purchaser of our business or otherwise in the event of a merger, re-organisation or similar event;
- Customer relations management (call centres, communication tools, etc.);
- Provision of services relating to our marketing, including the sending of commercial offers;
- Organisation of competitions and events;
- Performance of studies and surveys;
- Any associated or connected motor manufacturer from whom we purchase or hire goods (and their group companies);
- Other members of the Renault group for product development, statistical analysis and audit purposes;
- Third party insurance providers;
- Credit reference and fraud prevention agencies to help us make credit decisions and fraud prevention checks (they may also share information about you with us);
- Debt collection agencies;
- The police, fraud prevention and identity authentication entities, other law enforcement agencies, government and tax authorities in the United Kingdom or abroad in order to detect, investigate and prevent crime (please note that fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime);
- The courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations."

"Your data may be shared with social media companies (e.g Facebook) and other advertising partners (e.g Google) to match you on their sites and send you online personalised advertising and offers, this processing is carried out under legitimate interest.

In some cases, we may share some of your personal data with partners, who will use it for their own purposes. In such a case, these partners shall act as data controllers and their personal data processing policy shall apply to the data shared. We make sure to ask you for your consent to this sharing when required by the regulations, or at least to enable you to object."

Renault Group and your personal data

"Renault Group ensures that each processing of personal data complies with the principles arising from the applicable regulations:
- Renault Group undertakes to collect and process your personal data for explicit, legitimate and determined purposes in connection with its various activities (determined purpose)
- Only the data strictly necessary to carry out the activity are collected (minimization)
- Data is accurate, complete, and, when necessary, updated (data relevance)
- A data retention policy is defined, and at the end of the retention periods, the data is deleted or anonymized (limited retention)
- An activity creating a high risk for the rights and freedoms of individuals is subject of a prior impact study (data protection impact assessment)
- Data protection is integrated "by design" (privacy by design) and "by default" with a high level of protection (privacy by default)
- Data is secure and kept confidential (security)
- Each processing is based on a legitimate basis provided by law (lawfulness)
- Relations with our partners and service providers are under control and data transfers are supervised"

USE OF COOKIES

"If your device is used by more than one person and if the same device has more than one browser, we cannot be sure that the services and advertisements intended for your device correspond to your own use of that device and not to that of another user of the device.

In such cases, you are responsible for any shared use which you may allow of your device and for any settings in your browser which you are free to configure with respect to cookies. In particular, it is your responsibility to inform other such users of such shared use and settings."

Comment pouvez-vous contrôler vos données ?

"You have the following rights in respect of the processing of your personal information:
- To request access to your information, in other words to receive a copy of them,
- To have your information corrected, if it is inaccurate or not up to date, which will help us to comply with our obligation to have up-to-date information about you,
- To have your information erased (also known as right to be forgotten), although such right might be limited in view of our contractual or legal obligations,
- To receive a copy of your information in a structured, commonly used and machine-readable format, and transmit it to another data controller (also known as right to data portability),
- To object to processing of your information, on grounds relating to your particular situation, and to restrict processing of your information, in the cases provided by the regulation,
- To object to marketing information (notably when profiling is used), said right could be notably exercise by using the unsubscribe link in the email we send you,
- To withdraw your consent at any time, for the purposes for which we collected your consent.

To exercise any of these rights, you may contact us, providing a proof of your identity, by email at [email protected] or by post at Renault SAS, Direction juridique – Délégué à la protection des données, 122-122 bis avenue du Général Leclerc – 92 100 Boulogne-Billancourt.

Finally, you have the right to lodge a complaint with the CNIL about the processing of your personal data. We encourage you to contact us before making any complaint and we will seek to resolve any issue or concern you may have."

"In accordance with the regulations, we are committed to keeping your personal data only for the time necessary to achieve the objective pursued, to meet your needs, or to meet our legal obligations.

In determining this time, we take into account, in particular, the following:
• The length of your contract,
• The time required to process your request or complaint,
• The length of time your user account has been open, unless it has been inactive for 3 years,
• Your interest in our brands,
• The need to keep a record of your interactions with us, to effectively manage our business relationship. This period will vary depending, in particular, on whether you have bought a vehicle or a service such as repair, or whether you have only interacted with us without entering into contracts with us, and
• Our legal or regulatory obligations (this is particularly the case for the technical data of our vehicles).

When we no longer need to use your personal data, it is deleted from our systems and records or made anonymous so that we can no longer identify you. However, it may be necessary to archive some of your personal data in order to be able to respond to any legal proceedings, throughout the statute of limitations provided for in the applicable legislation."

Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?

Moyen

In 2017, Renault was hit by a ransomware attack.

Informations liées à la vie privée des enfants

We found no policy about minors' data in Renault privacy documentation.

Ce produit peut-il être utilisé hors connexion ?

Oui

Informations relatives à la vie privée accessibles et compréhensibles ?

Non

Renault Group's privacy policies are lengthy and somewhat complicated.

Liens vers les informations concernant la vie privée

Ce produit respecte-t-il nos critères élémentaires de sécurité ? informations

Inconnu

Chiffrement

Impossible à déterminer

We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.

Mot de passe robuste

Ne s’applique pas

Mises à jour de sécurité

Oui

Gestion des vulnérabilités

Oui

Politique de confidentialité

Oui

Le produit utilise-t-il une IA ? informations

Oui

The recent cars by Renault Group include advanced driver assistance systems on its vehicles.

Cette IA est-elle non digne de confiance ?

Impossible à déterminer

Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?

L’entreprise est-elle transparente sur le fonctionnement de l’IA ?

Impossible à déterminer

Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?

Impossible à déterminer

*Confidentialité non incluse

Pour aller plus loin

  • Renault Group and Google Accelerate Partnership to Develop the Vehicle of Tomorrow and Strengthen Renault Group's Digital Transformation
    Cision PR Newswire Le lien s’ouvre dans un nouvel onglet

Commentaires

Vous avez un commentaire ? Dites-nous tout.