What are you looking for ?
Search

Home » Privacy Policy

Privacy Policy

NEXTLANE – WEBSITE PRIVACY POLICY

 

  1. INTRODUCTION AND SCOPE
  2. WHO IS THE DATA CONTROLLER FOR THIS WEBSITE?
  3. HOW CAN YOU CONTACT NEXTLANE’S DATA PROTECTION OFFICER (DPO)?
  4. WHAT PERSONAL DATA DO WE PROCESS THROUGH THIS WEBSITE?
  5. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA AND ON WHAT LEGAL BASES?
  6. FROM WHICH SOURCES DO WE OBTAIN YOUR DATA?
  7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
  8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
  9. COOKIES AND SIMILAR TECHNOLOGIES.
  10. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
  11. IS IT MANDATORY TO PROVIDE YOUR DATA?
  12. DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?
  13. WHAT RIGHTS DO YOU HAVE?
  14. HOW CAN YOU EXERCISE YOUR RIGHTS?
  15. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
  16. HOW DO WE PROTECT YOUR PERSONAL DATA?
  17. CHANGES TO THIS PRIVACY POLICY

 

  1. INTRODUCTION AND SCOPE

This Privacy Policy explains how the companies of the NEXTLANE group (“NEXTLANE”, “we”, “us”, “our”) collect and process personal data when you visit and use the corporate website available at www.nextlane.com and its language variants (for example, /en, /fr, /es, /de), including any contact forms, demo request forms, event registrations, downloads and other interactions that are made available on this domain.

This Policy does not apply to:

  • the use of our software solutions and product portals (for example, DMS, CRM, DDS, OEM integration tools, Nextlane Platform, or any dedicated product portal), which are covered by their own privacy notices and data processing agreements, or
  • third-party platforms such as LinkedIn, YouTube or external whistleblowing platforms, which are governed by the privacy policies of those providers.

By browsing this website or submitting your data through it, you acknowledge that your personal data will be processed in accordance with this Privacy Policy and the applicable data protection laws, in particular Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”).

 

  1. WHO IS THE DATA CONTROLLER FOR THIS WEBSITE?

For the corporate website www.nextlane.com, the main data controller, for the purposes of the GDPR, is:

Nextlane France SAS
44, rue Pasquier
75008 Paris
France

Depending on the language you use, the country where you are located, and the nature of your interaction with us (for example, a local demo request or a commercial discussion with a local entity), other NEXTLANE group companies may act as independent or joint data controllers together with Nextlane France SAS.

The NEXTLANE group includes the following entities:

SPAIN
NEXTLANE SPAIN S.L.

  • Registered office (full address): Paseo de la Castellana, 257. Planta 6, 28046 Madrid
  • Company registration number: B-82740838

INSTITUTO DE MARKETING APLICADO, S.L.

  • Registered office (full address): Paseo de la Castellana, 257. Planta 6, 28046 Madrid
  • Company registration number: B-81360380

FRANCE
NEXTLANE FRANCE SAS

  • Registered office (full address): 22 Rue de Palestro. 75002 Paris
  • Company registration number: 853 271 153 R.C.S. Lyon

TELE MERCURE SERVICES SAS

  • Registered office (full address): 2 rue René Viviani. 44000 NANTES
  • Company registration number: 508 727 393 RCS NANTES

KAR SARL

  • Registered office (full address): 2 rue René Viviani. 44000 NANTES
  • Company registration number: 797 667 631 RCS NANTES

SEQUEL BIDCO S.A.S

  • Registered office (full address): 22 Rue de Palestro. 75002 Paris
  • Company registration number: 93692539 RCS

GERMANY

NEXTLANE GERMANY HOLDING GMBH

  • Registered office (full address): Heinrich-Hertz-Straße 1. 64295 Darmstadt. Germany
  • Company registration number: HRB 102541

NEXTLANE GERMANY GMBH

  • Registered office (full address): Heinrich-Hertz-Straße 1. 64295 Darmstadt. Germany
  • Company registration number: HRB 102899

PORTUGAL

NEXTLANE PORTUGAL, S.A.

  • Registered office (full address): Alameda da Beloura, Edifício 4. Escritório 5 2710-693 Sintra, PT
  • Company registration number: 509960847

AUSTRIA

NEXTLANE AUSTRIA GMBH

  • Registered office (full address): Primoschgasse 3. 9020 Klagenfurt, Austria.
  • Company registration number: FN 390306 f

DENMARK

NEXTLANE DENMARK HOLDING APS

  • Registered office (full address): C/O Carswip ApS Langdyssen 5 Lisbjerg
  • 8200 Aarhus N
  • Company registration number: CVR : 43907301

CARSWIP APS

  • Registered office (full address): C/O Carswip ApS Langdyssen 5 Lisbjerg
  • 8200 Aarhus N
  • Company registration number: CVR 38 65 34 90

NETHERLANDS

NEXTLANE NETHERLANDS B.V.

  • Registered office (full address): 6717VEEde
  • Company registration number: KVK 32124254 / RSIN 818094011

SWITZERLAND

NEXTLANE SWITZERLAND AG

  • Registered office (full address): Bahnhofquai 11, 8001 Zürich. Switzerland
  • Company registration number: CHE 106.018.335

SLOVAKIA

NEXTLANE SLOVAKIA S.R.O

  • Registered office (full address): Dvorská cesta 3, Nové Zámky. Slovakia
  • Company registration number: ICO: 31 352 146

SWEDEN

NEXTLANE SWEDEN HOLDING AB

  • Registered office (full address): c/o Roschier Advokatbyra. Box 7358. 10390 Stockholm Sweden
  • Company registration number: SE 559352-7566

NEXTLANE SWEDEN AB

  • Registered office (full address): Hedvig Möllers Gata 6. 223 55 Lund Sweden
  • Company registration number: HRB 102541

BELGIUM

NEXTLANE BELUX B.V.

  • Registered office (full address): Keizer Karellaan 584, 1082, Sint-Agatha-Berchem. Bridge Building , 5º floor. Brussels, Belgique
  • Company registration number: n. sté 0830.400.271

If you are unsure which NEXTLANE entity is acting as controller in your specific situation, you can contact us at [email protected] and we will clarify this.

 

  1. HOW CAN YOU CONTACT NEXTLANE’S DATA PROTECTION OFFICER (DPO)?

NEXTLANE has appointed a Group Data Protection Officer (DPO), who is responsible for overseeing data protection compliance within the group and acting as a primary point of contact for privacy topics.

You can contact the DPO at:

  • Email: [email protected]
  • Postal mail:
    To the attention of “Data Protection Officer”
    Nextlane Spain S.L.
    Paseo de la Castellana, 257, 6ª planta
    Edificio Castellana Hall
    28046 Madrid

If your request concerns a different NEXTLANE entity, please mention the country or entity in your message. Your request will be routed to the appropriate local contact under the coordination of the Group DPO.

You may use these channels to:

  • ask questions about this Privacy Policy,
  • request additional information on how we process personal data,
  • exercise your data subject rights, or
  • obtain more details about our legitimate interests or international data transfers.
  1. WHAT PERSONAL DATA DO WE PROCESS THROUGH THIS WEBSITE?

When you browse or otherwise interact with this website, we may process the following categories of personal data:

  1. Identification and contact data
    • first name and last name
    • email address
    • telephone number
    • company name
    • job title or role
    • country and language preference
  2. Professional and business data
    • company type (for example, dealer, OEM, partner, other)
    • size or sector of the company, where relevant
    • area of interest regarding our solutions (for example, DMS, CRM, DDS, OEM integrations, Nextlane Platform)
    • relationship status with NEXTLANE (for example, existing customer, prospect, partner)
  3. Communication and interaction data
    • content of messages and communications that you send to us (for example, through contact forms, demo requests, event registrations, downloads)
    • your preferences for newsletters and marketing communications
    • event attendance and survey responses, where applicable
  4. Browsing and technical data
    • IP address and general location inferred from it (for example, country or region)
    • device information (device type, operating system, browser type and version, language settings)
    • dates and times of access
    • pages visited, navigation paths, and clickstream data
    • log files and security logs generated by our servers and security tools
  5. Cookies and similar technologies
    • information collected through cookies, pixels, tags, and similar technologies used to:
      • enable the website and provide essential functions,
      • remember your preferences (for example, language),
      • measure traffic and performance,
      • improve user experience,
      • support analytics and marketing where allowed.

Detailed information about the cookies and similar technologies used on this website is available in our Cookie Policy.

  1. Recruitment data (if you apply for a job)
    • when you apply for a position via links on our website (for example, redirecting to LinkedIn or a recruiting platform), we may receive data such as your résumé/CV, cover letter, qualifications, work experience, and any other information you choose to share during the recruitment process.

We only process personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this Privacy Policy.

 

  1. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA AND ON WHAT LEGAL BASES?

In this section we describe, for each purpose, what we do, on which legal basis we rely, and what categories of data are involved.

5.1 Website browsing, security and maintenance

Purpose
To enable you to access and browse the website, to operate and maintain our web pages, and to ensure the security, availability, and performance of our digital infrastructure. This includes monitoring for misuse, detecting security incidents, and handling technical issues.

Legal basis

  • Legitimate interest of NEXTLANE (Article 6.1 f GDPR) in providing a secure and functional website and protecting our systems, services, and users.

Data involved

  • browsing and technical data
  • security and technical logs
  • essential cookies and similar technologies strictly necessary to provide the service

5.2 Cookies, analytics and personalization

Purpose
To use cookies and similar technologies to:

  • remember your preferences (for example, language and cookie settings),
  • generate aggregated statistics on how visitors use the website,
  • understand and improve the performance and usability of the website,
  • measure the effectiveness of marketing campaigns and content,
  • provide or support personalized content where applicable.

Legal basis

  • Consent (Article 6.1 a GDPR) for non-essential cookies (for example, analytics, marketing, personalization), obtained and managed through our cookie banner and preferences center, in line with the GDPR and the guidance of EU data protection authorities.
  • Legitimate interest (Article 6.1 f GDPR) for cookies that are strictly necessary to provide the website or services you explicitly request.

Data involved

  • cookie identifiers and online identifiers
  • usage and interaction data
  • information on your preferences (for example, cookie choices, language settings)

Full details are provided in our Cookie Policy, which forms an integral part of this Privacy Policy.

 

5.3 Contact and demo requests

Purpose
To manage and respond to your contact requests, demo requests, and other inquiries submitted through web forms or contact details available on the website. This includes:

  • answering your questions about NEXTLANE and our solutions,
  • scheduling demos or meetings,
  • providing offers or commercial information,
  • routing your request to the most appropriate NEXTLANE entity or team.

Legal basis

  • Performance of a contract or pre-contractual measures (Article 6.1 b GDPR) when your request is directly related to the evaluation, conclusion, or performance of a contract or service with NEXTLANE.
  • Legitimate interest (Article 6.1 f GDPR) in responding to requests and maintaining or developing business relationships.

Data involved

  • identification and contact data
  • professional and business data
  • communication and interaction data related to your inquiry

 

5.4 B2B marketing, newsletters and commercial communications

Purpose
To send you marketing and commercial communications related to NEXTLANE’s products and services and the automotive software ecosystem, such as:

  • newsletters and product updates,
  • invitations to webinars, events or trade fairs,
  • surveys or feedback requests,
  • information about new features, solutions, or partnerships.

These communications may be addressed to you:

  • because you subscribed through the website,
  • because you requested a demo or information,
  • because you are an existing or former customer or business contact, or
  • because your professional contact details were lawfully obtained in a B2B context (for example, at events, through partners, or from legitimate business lists), in accordance with applicable e-privacy and marketing regulations.

Legal basis

  • Consent (Article 6.1 a GDPR) when required by law or when you actively opt in to receive marketing communications.
  • Legitimate interest (Article 6.1 f GDPR) in sending B2B marketing communications about similar products or services to existing customers or professional contacts, subject to your right to object at any time.

Data involved

  • identification and contact data
  • professional and business data (for example, company, role, type of customer or partner, area of interest)
  • interaction data with our communications (for example, opens, clicks, unsubscribes) in order to measure reach and improve relevance in a proportionate way.

You may unsubscribe or object to receiving marketing communications at any time by using the unsubscribe link in any marketing email or by contacting [email protected].

5.5 Customer and partner management via web interfaces

(where NEXTLANE acts as data controller)

Purpose
To support and manage our relationships with customers and partners who use certain web-based interfaces operated by NEXTLANE through this website, for example:

  • customer or partner contact areas,
  • forms or pages dedicated to partners or resellers,
  • access points for documentation or support managed directly by NEXTLANE.

This can include updating contact information, managing preferences and permissions, or supporting ongoing business relationships.

 

Legal basis

  • Performance of a contract or pre-contractual measures (Article 6.1 b GDPR).
  • Legitimate interest (Article 6.1 f GDPR) in managing and improving business relationships with customers and partners.

Data involved

  • identification and contact data
  • professional and business data
  • relevant communication data

Important – Processing as data processor on behalf of customers

When NEXTLANE provides its software solutions and product portals (including DMS, CRM, DDS, OEM integrations, Nextlane Platform and other related services) and processes personal data on behalf of a dealer, OEM, or other customer, NEXTLANE acts as a data processor within the meaning of Article 28 GDPR.

In those cases, the customer is the data controller and is solely responsible for providing data subjects with the information required by Articles 13 and 14 GDPR.

This Website Privacy Policy does not describe those processing activities, which are governed by the relevant contracts and privacy notices of our customers.

5.6 Event and webinar registration

Purpose
To manage your registration and participation in events, webinars or similar activities organized or co-organized by NEXTLANE, including:

  • processing your registration,
  • sending confirmations, reminders and access details,
  • providing materials or recordings,
  • collecting feedback and improving future events.

Legal basis

  • Performance of a contract or pre-contractual measures (Article 6.1 b GDPR) to organize and manage your participation in the event or webinar.
  • Legitimate interest (Article 6.1 f GDPR) in evaluating the impact of events and improving the quality of our activities.

Data involved

  • identification and contact data
  • professional and business data
  • event-related data (for example, sessions attended, participation)
  • survey or feedback data, if you choose to provide it.

5.7 Download of whitepapers and other resources

Purpose
To provide you with access to downloadable resources (for example, whitepapers, case studies, brochures, reports) and to understand your interests in our solutions and content.

Legal basis

  • Performance of a contract or pre-contractual measures (Article 6.1 b GDPR) where access to the resource is part of providing information you requested.
  • Legitimate interest (Article 6.1 f GDPR) in understanding which resources are relevant and in following up with you about related solutions, subject to your right to object to such follow up.

Data involved

  • identification and contact data
  • professional and business data
  • data related to downloads and interactions with these resources.

5.8 Job applications submitted via the website (Careers)

Purpose
To manage job applications submitted through or referred from this website, including:

  • redirecting you to third-party recruitment platforms (for example, LinkedIn),
  • reviewing your application and profile,
  • managing interviews and selection processes,
  • retaining your profile for future opportunities, where appropriate and lawful.

Legal basis

  • Pre-contractual measures at your request (Article 6.1 b GDPR), prior to entering into an employment contract.
  • Legitimate interest (Article 6.1 f GDPR) in maintaining a pool of candidates for future roles, where permitted by applicable law and subject to your right to object.
  • Consent (Article 6.1 a GDPR) where required by national laws to keep your data beyond a specific recruitment process.

Data involved

  • identification and contact data
  • recruitment data (résumé/CV, cover letters, references, professional profiles)
  • information you provide during interviews or assessments.

When you are redirected to platforms such as LinkedIn or other external recruitment tools, the collection and initial processing of your data is governed by the privacy policy of that platform. NEXTLANE then processes the data it receives from those platforms in the context of its own recruitment processes.

5.9 Legal and compliance inquiries, including privacy requests

Purpose
To manage inquiries related to legal, compliance, and data protection issues that you may raise via the contact channels provided on this website, including:

  • handling requests to exercise data protection rights,
  • responding to privacy or security concerns,
  • managing complaints and other legal or compliance issues.

Legal basis

  • Legal obligation (Article 6.1 c GDPR) where we are required to respond to and document certain requests (for example, data subject requests or regulatory inquiries).
  • Legitimate interest (Article 6.1 f GDPR) in managing legal and compliance communications and defending our rights.

Data involved

  • identification and contact data
  • any information you provide in your inquiry
  • internal records related to the handling of your request.

5.10 Use of third-party platforms and external portals

Our website contains links or access points to third-party platforms and portals, such as:

  • product portals or solutions hosted on separate domains,
  • video and social media platforms (for example, YouTube, LinkedIn),
  • recruitment platforms (for example, LinkedIn),
  • other tools or services operated by third parties.

Purpose
To allow you to access relevant content, tools and services that are hosted or operated by third-party providers or on separate NEXTLANE product portals.

Legal basis

  • Legitimate interest (Article 6.1 f GDPR) in providing a complete online experience and integrating our solutions with external platforms that are commonly used in our industry.
  • Consent (Article 6.1 a GDPR) for any non-essential cookies or tracking associated with embedded or linked content when required by law.

Data involved

  • data necessary to follow the link or integrate the external content,
  • data further processed by the third-party platform according to its own privacy policy.

When you access a third-party platform or external portal, its own privacy policy will apply in addition to this Privacy Policy. In many product portals, NEXTLANE may act as data processor on behalf of its customers, and the details of such processing are governed by the relevant contracts and privacy notices of those customers.

5.11 Whistleblowing channel

Our website may provide a link to a whistleblowing or speak-up channel operated via a dedicated platform (for example, hosted by a specialized third-party provider) to allow employees and other stakeholders to report concerns about potential misconduct.

Purpose
To receive and manage whistleblowing reports in a secure and confidential way, in line with applicable laws and our internal policies (such as the Speak Up Policy).

Legal basis

  • Legal obligation (Article 6.1 c GDPR) where applicable whistleblower protection laws require the establishment and use of such channels.
  • Legitimate interest (Article 6.1 f GDPR) in preventing and detecting misconduct and ensuring ethical and compliant behavior within the NEXTLANE group.

Data involved

  • identification and contact data, where you choose to provide it, or any pseudonymous or anonymous information that you submit,
  • details of the incident or concern reported,
  • follow-up information and internal investigation records.

The whistleblowing platform will display a specific privacy notice that applies in addition to this Policy and explains in more detail how whistleblowing data is handled, protected, and retained.

 

  1. FROM WHICH SOURCES DO WE OBTAIN YOUR DATA?

We collect personal data:

  • Directly from you, when you:
    • complete a form on our website,
    • contact us by email or phone using the details on the website,
    • register for an event,
    • download a resource,
    • apply for a job, or
    • interact with us on platforms linked from our site.
  • Automatically, when you browse the website, through:
    • cookies and similar technologies,
    • server logs and security tools.
  • From third parties, in limited cases, such as:
    • recruitment platforms or agencies,
    • event or marketing partners in joint activities,
    • other NEXTLANE group entities that refer your request internally.

In all cases, we ensure that any third party providing us with personal data has a lawful basis to do so and, where required, has provided you with the necessary information.

 

  1. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We share personal data only with parties that need to know it for the purposes described above and in accordance with the GDPR.

The categories of recipients include:

  1. NEXTLANE group entities
    For internal administration, coordination of marketing and sales, security and IT management, or where another entity is better placed to respond to your request or manage the relationship.
  2. Service providers (data processors)
    Third parties that provide services to us, such as:
    • hosting and infrastructure providers,
    • website and content management tools,
    • CRM and marketing automation systems,
    • email and communication tools,
    • event and webinar platforms,
    • recruitment platforms,
    • IT and security service providers.

These providers act under our instructions and are subject to data processing agreements that require them to implement appropriate technical and organizational measures to protect personal data.

  1. Business partners
    Where an event, webinar, or solution is organized or delivered together with a partner, and where it is necessary to share your data to fulfill your request (for example, joint events with OEMs or other providers in the automotive sector). In such cases, we inform you of the involvement of the partner and ensure that data sharing is based on an appropriate legal basis and transparency.
  2. Public authorities and courts
    Where required by law or regulation, or where necessary to protect our rights, we may disclose personal data to:
    • data protection authorities,
    • law enforcement agencies,
    • courts and other public bodies.
  3. Professional advisors
    Lawyers, auditors, or consultants, to the extent necessary to obtain professional advice or to protect our legal interests.

We do not sell your personal data and do not share it with third parties for their own independent marketing purposes without your consent.

 

  1. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Some of the recipients mentioned above may be located outside the European Economic Area (EEA) or may access personal data from outside the EEA. When this happens, NEXTLANE ensures that appropriate safeguards are in place, in accordance with Chapter V of the GDPR.

These safeguards may include, in particular:

  • Adequacy decisions of the European Commission (Article 45 GDPR),
  • EU–U.S. Data Privacy Framework certification, where applicable,
  • Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46 GDPR),
  • Transfer Impact Assessments (TIAs) and supplementary technical, organizational and contractual measures where needed.

You may request more information about international transfers concerning your data, or a copy of the relevant safeguards (with appropriate redactions), by contacting [email protected].

  1. COOKIES AND SIMILAR TECHNOLOGIES

Our use of cookies and similar technologies is described in detail in our Cookie Policy, which you should read together with this Privacy Policy.

In summary:

  • we use essential cookies that are necessary for the basic functioning of the website;
  • we use analytics, personalization, and marketing cookies only if you give your consent through the cookie banner/preferences center;
  • you can change your preferences at any time by revisiting the cookie settings;
  • you can also configure your browser to block or delete cookies, although this may affect the functionality of some parts of the site.

For full details, please consult our Cookie Policy.

 

  1. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We keep personal data only for as long as necessary to achieve the purposes described in this Privacy Policy and to comply with legal, regulatory or contractual obligations, as well as to defend our rights in case of claims or disputes.

As a general guideline:

  • Website and security logs are retained for a limited period (usually months) justified by security and troubleshooting needs, and may be extended where needed in the context of a specific incident or investigation.
  • Contact and demo requests are stored for the time necessary to respond and follow up, and, if a business relationship is established, for the duration of that relationship and applicable limitation periods.
  • Marketing and B2B contact data is retained until you unsubscribe or object to processing, plus a short additional period to document your request.
  • Event and webinar data is kept for the duration of the event and associated follow up, and thereafter for a limited period to evidence the organization and management of the activity.
  • Download-related data is stored for a period consistent with typical B2B sales and marketing cycles, and in any case subject to your right to object to such processing.
  • Recruitment data is retained for the duration of the selection process and, where permitted by law and subject to your consent where required, for an additional period to consider you for future roles.

When personal data is no longer needed for the purposes for which it was collected, it is either:

  • deleted securely, or
  • anonymized, so that it no longer identifies you, or
  • restricted (blocked), where we still need to keep it to comply with legal obligations or defend against potential claims.
  1. IS IT MANDATORY TO PROVIDE YOUR DATA?

In general:

  • When we request personal data in forms on the website, we indicate which fields are mandatory and which are optional. If you do not provide mandatory data, we may not be able to process your request or provide the service you are asking for.
  • You are not obliged to provide optional information, and your decision not to provide it will not have any negative consequences beyond our inability to take it into account (for example, not being able to tailor our response as precisely).

Regarding cookies:

  • Essential cookies are necessary for the operation of the website and cannot be disabled through our internal cookie tools (you can still block them through your browser settings, but that may affect the use of the site).
  • Non-essential cookies are subject to your consent, and you can refuse them without affecting your ability to browse the website, though some features may not be available.

 

  1. DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?

We do not use automated decision-making within the meaning of Article 22 GDPR on this website that produces legal effects concerning you or similarly significantly affects you.

We may use limited profiling for marketing and communication purposes, for example to:

  • segment our B2B audience by country, language, company type or area of interest,
  • send communications that are more relevant to your role or industry.

This is done in a proportionate and non-intrusive way and is always subject to your right to object to direct marketing at any time.

 

  1. WHAT RIGHTS DO YOU HAVE?

Under the GDPR and applicable national laws, you have the following rights with respect to your personal data:

  • Right of access: to obtain confirmation of whether we process your personal data and, if so, to access that data and receive information about how it is processed.
  • Right to rectification: to request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): to request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected or where you withdraw consent and there is no other legal basis.
  • Right to restriction of processing: to request the restriction of processing in certain situations, for example when you contest the accuracy of the data or object to processing.
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to request that we transmit it to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
  • Right to object:
    • to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling; and
    • to object at any time to the processing of your data for direct marketing, including any profiling related to such direct marketing.
  • Rights related to automated decision-making: to request not to be subject to decisions based solely on automated processing, including profiling, where such decisions produce legal effects concerning you or similarly significantly affect you.

Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing that took place before the withdrawal.

 

  1. HOW CAN YOU EXERCISE YOUR RIGHTS?

You can exercise your rights at any time by contacting NEXTLANE’s DPO using the following contact details:

  • Email: [email protected]
  • Postal mail:
    To the attention of “Data Protection Officer”
    Nextlane Spain S.L.
    Paseo de la Castellana, 257, 6ª planta
    Edificio Castellana Hall
    28046 Madrid

Please:

  • clearly state which right you wish to exercise,
  • include a brief description of your request,
  • provide information that allows us to identify you (and, if necessary, we may ask for additional information to verify your identity).

We will respond to your request as soon as reasonably possible and in any case within the time limits set by the GDPR, usually within one month. This period may be extended by two further months if necessary due to the complexity or number of requests, in which case we will inform you.

The exercise of your rights is normally free of charge. However, if requests are manifestly unfounded or excessive, especially because of their repetitive character, we may charge a reasonable fee or refuse to act on the request, in line with Article 12(5) GDPR.

 

  1. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you believe that the processing of your personal data infringes the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a competent supervisory authority, in particular in:

  • the Member State of your habitual residence,
  • your place of work, or
  • the place of the alleged infringement.

In particular, you may lodge a complaint with:

  • the Commission nationale de l’informatique et des libertés (CNIL), the French data protection authority, as the authority of the main establishment of Nextlane France SAS, or
  • the data protection authority of your own country in the EEA.

For visitors located in Germany, this may include the competent German State data protection authority, for example the Hessian Commissioner for Data Protection and Freedom of Information for entities based in the State of Hesse.

This right is without prejudice to any other administrative or judicial remedy you may have.

 

  1. HOW DO WE PROTECT YOUR PERSONAL DATA?

NEXTLANE takes the security of personal data very seriously. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR and with reference to recognized standards such as ISO/IEC 27001.

These measures may include:

  • access control and authentication mechanisms,
  • encryption and pseudonymization where appropriate,
  • network and infrastructure security,
  • logging and monitoring of systems,
  • backup and disaster recovery procedures,
  • regular testing and evaluation of security measures,
  • information security policies and training for employees.

We also ensure that our service providers implement comparable security measures and that they only process personal data in accordance with our instructions and applicable law.

 

 

  1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time, for example to:

  • reflect changes in our website or services,
  • comply with new legal requirements or regulatory guidance,
  • reflect organizational changes within the NEXTLANE group, or
  • improve clarity and transparency.

When we make material changes that significantly affect your privacy, we will take appropriate steps to inform you, for example by displaying a notice on the website or, where appropriate, by contacting you directly.

You can always find the current version of this Privacy Policy on our website.
At the bottom of the published version, we will indicate the date of the last update.

 

Last updated: November 2025