WEBSITE AND SOCIAL MEDIA PRIVACY NOTICE

Thank you for visiting our Website. We are part of the PHINIA group of companies. PHINIA Inc. (3000 University Drive, Auburn Hills, MI 48326, United States of America) and its Affiliates (together and each for itself “PHINIA”, “we”, “us”, “our”) take data protection very seriously. We have developed this Notice in particular to clearly inform you about how we collect, use, disclose and otherwise process Personal Data as required by applicable law or as we require in the course of fulfilling our professional responsibilities and operating our business as well as about your rights under GDPR, APPI, CCPA, DPL, LGPD, PIPL, and other applicable laws. Please find descriptions of all definitions used in Annex 1 of this Notice.

For whom is this Notice?

This Notice covers our processing of Personal Data under applicable data protection law and regulations with respect to (i) our Website and (ii) your interaction with us via social media.

Should you apply online for a position at PHINIA Inc. or one of its Affiliates, the Candidate Privacy Notice available here will specifically address how PHINIA Inc. or one of its Affiliates processes your Personal Data for recruitment purposes.

By making this Notice available to you, we comply with our information obligations under applicable law and regulations. In certain cases, the information provided in this Notice is only applicable based on your location (e.g., within Japan, Turkey or the EEA/UK); where this is true, we will address which information is applicable to you expressly in the Notice. Please note that this Notice shall not confer upon you any rights or obligations that are not conferred upon you by law and regulations.

If you are a resident of California, please refer to the Additional Information for California Residents section below for information about the categories of personal information we may collect, and your rights under California privacy laws.

In this Notice we inform you of the Personal Data categories we collect and the intended processing purposes for each category. Your Personal Data may be used by our Affiliates and by third party processors in accordance with such processing purposes as explained below. We will also notify you (and obtain your consent, where required by applicable law) if we collect additional Personal Data categories or use Personal Data for unrelated purposes.

I.	Who we are, how to contact us and your rights
II.	Special information for visitors of our Website, including information about the collection, use, and disclosure, of your Personal Data
III.	Special information for people who interact with us via social media
IV.	Information about changes to this Notice
V.	Additional Information for California Residents

I. Who are we, how to contact us and your rights

Below you will find information on how we process personal data of visitors to our Website and regarding your interaction with us via social media.

1. Who are we and how can you contact us and our data protection officer (where one has been appointed)?

The controller of your Personal Data is PHINIA Inc. or the Affiliate company that operates the website you are currently visiting or that is operating the corporate presence in social media where you are interacting with such company, respectively.

Contact information for the data protection contacts and data protection officers (where one has been appointed) is available DPO List - Website Privacy Notice Additionally, you may always contact [email protected] with respect to questions about this Notice, the processing of your Personal Data in general and to exercise your rights towards PHINIA as outlined below under section I.2.

2. What rights do you have with respect to your Personal Data?

2.1 Rights of users located in the EEA/UK

You have the following rights under GDPR provided that the legal requirements therein are met:

i. Right of access. You may request information about the processing of your Personal Data and a copy of the Personal Data undergoing processing insofar as such copy in particular does not adversely affect the rights and freedoms of others.

ii. Right to rectification. You may request correction of your Personal Data that is inaccurate and/or completion of such data which is incomplete.

iii. Right to erasure. You may request deletion of your Personal Data, in particular where (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your Personal Data has been unlawfully processed or (iv) your Personal Data has to be erased for compliance with a legal obligation to which we are subject. The right to deletion, however, does not apply in particular where the processing of your Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

iv. Restriction of processing. You may request restriction of processing (i) for the period in which we verify the accuracy of your Personal Data if you contested the accuracy of the Personal Data, (ii) where the processing is unlawful and you request restriction of processing instead of deletion of the data, (iii) where we no longer need the Personal Data, but you require the data for the establishment, exercise or defense of legal claims or (iv) if you objected to processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.

v. Right to data portability. You may request to receive your Personal Data, which you have provided to us, in a structured, commonly used machine-readable format and transmit those data to another controller without hindrance from us, where the processing is based on consent or a contract and the processing is carried out by automated means; in these cases you may also request to have the Personal Data transmitted directly to another controller where this is technically feasible.

vi. Right to withdraw consent. You may withdraw your consent at any time for the future where processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal.

vii. Right to object.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data which is based on our or a third party’s legitimate interests.

We then will no longer process your Personal Data for the purpose to which you have objected unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where we process your Personal Data for direct marketing purposes, you have the right to object at any time to processing of your Personal Data for such direct marketing. We then will no longer process your Personal Data for direct marketing purposes.

viii. Right to lodge a complaint. You may lodge a complaint with a supervisory authority if you consider that the processing of your Personal Data infringes the GDPR.

A list of the EEA supervisory authorities can be found here.

The UK Data Protection Authority’s (Information Commissioner’s Office) can be contacted at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (United Kingdom), telephone number +44 (0)303 123 1113 or here.

ix. France – Right to digital legacy. Should you be located in France, you additionally have the right to define (general or specific) directives regarding the fate of your Personal Data after your passing.

Please address your requests to exercise your rights to [email protected] (with the exception of the right to lodge a complaint with a supervisory authority).

2.2 Rights of users located in Japan

i. Right to access. You may access your Personal Data and record of transfer we are keeping about you, if applicable.

ii. Right to correct, add and delete incorrect or incomplete Personal Data. If the Personal Data we have pertaining to you are incorrect or incomplete, you are entitled to have the Personal Data corrected, added or deleted

iii. Right to erase and cease processing. You have the right to request deletion of or cessation of processing of your Personal Data if your Personal Data has been used beyond the scope necessary to achieve the purpose for which they were collected, processed or obtained by deceit or in violation of the APPI, if our use of your Personal Data triggers illegal acts, are no longer necessary in relation to the purposes for which they were collected, compromised or otherwise processed in a manner which could harm the rights or legitimate interest of you. We may be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.

iv. Right to cease transfer to third parties. You have the right to request cessation of transferring of your personal data if your personal data is transferred to a third party in violation of the APPI or the transfer could harm your rights or legitimate interest.

v. Other rights. If you have any complaints regarding our processing of your Personal Data, questions on this Notice, our use of your Personal Data or our data protection measures implemented, and/or want to confirm the measures to exercise your privacy rights above, please contact at [email protected].

2.3 Rights of users located in the PRC

You have certain rights as set forth in this Notice, which include the following rights:

i. Right of access. You may request information about the processing of your Personal Data and a copy of the Personal Data.

ii. Right to rectification. You may request correction of your Personal Data that is inaccurate and/or completion of such data which is incomplete.

iii. Right to erasure. You may request deletion of your Personal Data, in certain circumstances.

iv. Right to data portability. You have the right to request your Personal Data to be transferred to your designated third party where it is technically feasible to do so.

v. Right to limit or withdraw consent. You may limit or withdraw consent at any time.

vi. Right to de-register account. You may request deregistration of your account if you have registered an account with us.

vii. Right to lodge a complaint. You may lodge a complaint with us and/or a supervisory authority, if you have a privacy-related dispute or concern that remains unresolved by us internally. You may also bring a civil action against us in accordance with applicable laws. However, we would encourage you to first contact us should you have any requests for exercising your data subject rights, or for any enquiries and complaints.

Please address your requests to exercise your rights to [email protected].

2.4 Rights of users located in Brazil

You have the following rights under LGPD provided under article 18, as follows:

i. Right of confirmation and access. You have the right to obtain confirmation as to whether or not your personal data is being processed. If we are processing personal data concerning you, you have the right of access to the personal data and to certain information regarding the processing, as provided for in the LGPD, including information regarding the public and private entities with which we share your personal data.

ii. Right to rectification. You have the right to require the correction of incomplete, inaccurate, or out-of-date personal data concerning you.

iii. Right to anonymization, blocking or erasure. You have the right to request the anonymization, blocking or erasure of unnecessary or excessive personal data or personal data processed in non-compliance with the provisions of the LGPD.

iv. Right to data portability. You have the right to request that the personal data that we process concerning you is transmitted to another service or product provider, limited to our commercial or industrial secrets.

v. Right to withdraw consent. You have the right to withdraw consent at any time with future effect. This shall be without prejudice to the lawfulness of the processing of your personal data until consent has been withdrawn. You also have the right to request the erasure of personal data concerning you once consent is withdrawn and to be informed about the possibility of denying consent, and the consequences of such denial.

vi. Right to object. You have the right to object to the processing of your personal data to the extent that we rely on legal bases other than your consent, in case of violation of the LGPD.

vii. Right to revision. You have the right to request the revision of decisions taken solely on the basis of automated processing of your personal data which affects your interests, including decisions intended to define personal, professional, consumer or credit profile or aspects of your personality.

viii. Right to lodge a complaint. You have the right to lodge complaints before the supervisory authority and consumer protection entities.

2.5 Rights of users located in Turkey

You have certain rights under the DPL, which include the following rights:

i. to learn whether your Personal Data are processed or not,

ii. to demand information as to if your Personal Data have been processed,

iii. to learn the purpose of the processing of your Personal Data and whether these Personal Data are used in compliance with the purpose,

iv. to know the third parties to whom your Personal Data are transferred within the country or abroad,

v. to request the rectification of the incomplete or inaccurate data, if any,

vi. to request the erasure or destruction of your personal data, provided that the reasons for the processing no longer exist,

vii. to request reporting of the transactions carried out regarding the rectification request and erasure/destruction request to third parties to whom your Personal Data have been transferred,

viii. to object to the result occurred against yourself after analyzing the data processed solely through automated systems,

ix. to claim compensation for the damage arising from the unlawful processing of your Personal Data.

To make use of any of the above-mentioned rights or make any queries related to the DPL, please send an email to [email protected].

II. Special information for visitors of our Website

1. Where do we collect your data and what types of data are collected?

With your consent (where required by applicable law), we collect your Personal Data when you use, navigate through, search on, contact us via or register as a potential supplier, distributor or technician on the Website. This may concern the following categories of Personal Data:

(should you contact us or request a quote or register as a potential supplier), such as first name and last name, date of birth, gender;
Contact details (should you contact us or request a quote or register as a potential supplier), such as email address, phone number and mailing address (among others ZIP code, city, state, country);
Message details, i.e. data related to your messages sent to PHINIA via the Website, such as the company you work for/on behalf of which you contact PHINIA, country in which you are located, area of interest on which your message is based and the contents of your message;
Supplier, distributor or technician registration details, i.e. data related to registration as potential supplier, distributor or technician, such as company name, country, and job title;
Press distribution list details, i.e. data related to registration to the press distribution list, such as position, company name, publisher website and region;
Responses and feedback, such as service satisfaction information or other information related to your use of our services, and any other information you so choose to provide if you participate in our surveys or questionnaires.
Details with respect to the Delphi Configurator and other PHINIA Portals, such as your identification details and contact details (see above), message details, types of services received or products bought and payment information;
Types of services received or products bought, such as the specific service or name, product ID of the product you purchased on our Website or for which you requested a quote;
, such as your skill level, the course booked, your identification details and contact details (see above), payment information;
Website activity data, such as your IP address, the name of your internet service provider, the operating system and the browser you use, browser language the date, time and duration of your visit to the Website, the name(s) of the visited pages and the Internet address of the website from which you accessed the Website;
Events and other requests, such as if you register for or attend an event or webinar that we host or sponsor, we may collect information related to your registration for and participation in such event.
Loyalty and rewards program data, such as the points you earned for one of our loyalty and rewards programs.
Preferences, such as communications preferences, preferences related to your use of services, and any other preferences or requests you provide when interacting with us.
Location information, such as general location information (e.g., city/state and/or postal code associate with your IP address);
Subject to obtaining your further consent (where required by applicable law), any other Personal Data reasonably related to the conduct of PHINIA’s business.

You are generally not required to provide your Personal Data to us. However, in order to facilitate access to the Website and features provided via the Website, we require certain Personal Data (e.g., contact details if you contact us as we are otherwise unable to respond). Hence, if you do not provide such Personal Data, we might not be able to provide all features available via the Website to you (e.g., contacting PHINIA via the Website, registration as potential supplier, distributor or technician).

There may be instances in which the Personal Data that you provided to us is considered as sensitive data under local data protection laws.

Most of the Personal Data we process is information that is knowingly provided to us. However, please note that in some instances, we may process Personal Data received from a third party with their knowledge.

2. How is your data used (purposes and legal bases)?

2.1 General

We may process your Personal Data for the purposes set forth in the table below. With respect to some specific purposes of processing (e.g., provision of newsletters) you will find additional information below the following table. We do not sell your Personal Data to any other company.

For Website users within the EEA/UK, Brazil, or Turkey we rely on the legal bases listed in the table below. Where relevant, the legitimate interest we pursue is included in the table below as well. The relevant legal bases for users within the EEA/UK, Brazil, or Turkey are:

Performance of a contract (including processing necessary to take steps at your request prior to entering into a contract);
Compliance with legal obligations;
Legitimate interests;
Consent; and
For Brazil only: Regular exercise of rights in administrative, judicial or arbitration proceedings.

Purpose of processing	Legal basis (EEA/UK; Brazil; Turkey)	Legitimate interest (where relevant) (EEA/UK; Brazil; Turkey)	Categories of Personal Data
To provide the Website	Legitimate interests	We have a legitimate interest in making an Internet site available in order to present and develop our business.	Website activity data, location information
To provide PHINIA Portals (including the Delphi Configurator, online catalogue, diagnostic portals and other portals on our Website)	Performance of a contract or - where this is not appropriate - legitimate interests	We have a legitimate interest in making an auto parts and related services configurator, diagnostic portal and other portals available to the public in order to allow for insights into our offerings.	Website activity data, location information, details with respect to the Delphi Configurator, diagnostic portals and other PHINIA Portals, identification details, contact details, message details, types of services received or products bought, preferences
To provide a protected website area for suppliers, distributors or technicians	(i) Performance of a contract if you are contractual partner of PHINIA or (ii) legitimate interest (e.g., if you are a contact person at a supplier, distributor or technician)	We have a legitimate interest in providing a protected website area to suppliers, distributors or technicians.	Identification details, contact details, supplier, distributor or technician registration details, preferences
To contact you and provide you with information, which you have requested	Performance of a contract or - where this is not appropriate - legitimate interests	We have a legitimate interest in communicating with you upon your request.	Identification details, contact details, message details, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), types of services received or products bought or supplier, distributor or technician registration details, press distribution list details, preferences, events and other requests, loyalty and rewards program data
To improve our services, goods and the Website	Legitimate interests	We have a legitimate interest in developing and improving our services, goods and the Website in order to preserve and grow our business.	Website activity data, location information
To collect statistical information about the use of this website (web analytics)	(i) Consent or (ii) - where your consent is not required - legitimate interests	We have a legitimate interest in analyzing the usage of the Website in order to improve it.	Website activity data, location information
To show personalized advertisement / content to you	(i) Consent or (ii) - where your consent is not required - legitimate interests	We have a legitimate interest to advertise our services and goods to grow our business.	Website activity data, location information, preferences
To determine disruptions and to ensure the security of the Website and our systems, including the detection and tracing of (the attempt of) unauthorized access to our web servers	(i) Compliance with our legal obligations regarding data security or (ii) - where no such obligations exist - legitimate interests	We have a legitimate interest in resolving disruptions and ensuring the security of the Website and our systems.	Website activity data, location information, identification details
To provide you with our training and courses	Performance of a contract	N/A	Website activity data, location information, identification details, contact details, message details, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), types of services received or products bought, preferences
To provide you with direct marketing communication (such as a newsletter) regarding products and/or services we offer (including via email)	(i) Consent or (ii) – where lawful under applicable national direct marketing rules – our legitimate interests	We have a legitimate interest in marketing our products and/or services.	Identification details, contact details, supplier, distributor or technician registration details, press distribution list details, location information, message details, types of services received or products bought, preferences, responses and feedback, loyalty and rewards program data, events and other requests
To carry out the Delphi loyalty and rewards program	Performance of a contract	N/A	Loyalty and rewards program data, identification details, contact details, message details, supplier, distributor or technician registration details, responses and feedback, details with respect to the Delphi Configurator and other PHINIA Portals, types of services received or products bought, details with respect to training and courses by PHINIA (including the Delphi Academy), preferences, location information
To plan and manage events, including webinars, such as to manage registration, attendance, connecting you with other event attendees	Performance of a contract or - where this is not appropriate - legitimate interests	We and our event attendees have a legitimate interest in strengthening customer relationships and enabling our customers to network.	Events and other requests, preferences
To carry out auditing, reporting, and other internal operations (including to conduct financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping, and legal functions, and to maintain appropriate business records and enforce company policies and procedures)	(i) Compliance with our legal obligations regarding auditing or reporting or (ii) - where no such obligations exist - legitimate interests	We have a legitimate interest in ensuring compliance with applicable laws and regulations.	Identification details, contact details, message details, types of services received or products bought, loyalty and rewards program data
To carry out research and surveys (including administering surveys and questionnaires, such as for market research or user satisfaction purposes)	Legitimate interests	We have a legitimate interest in engaging with customers and other users of our products and services to obtain their thoughts and opinions on our products and services.	Responses and feedback, identification details, contact details, message details, preferences
To enable corporate transactions (including sale of all or part of our asset(s) and/or activity(ies))	Legitimate interests	We may have a legitimate interest in disclosing information to (potential) buyers or acquirers and their external counsels in certain scenarios.	Identification details, contact details, message details, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), types of services received or products bought, supplier, distributor or technician registration details, loyalty and rewards program data, press distribution list details
To safeguard our rights	For EEA/UK and Turkey: Legitimate interests For Brazil: Regular exercise of rights in administrative, judicial or arbitration proceedings	We have a legitimate interest in the establishment, exercise and defense of legal claims.	Identification details, contact details, message details, supplier, distributor or technician registration details, press distribution list details, website activity data, location information, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), loyalty and rewards program data, events and other requests, preferences, responses and feedback, types of services received or products bought
To comply with legal obligations to which we are subject (e.g., deriving from tax law, or foreign trade law)	(i) Compliance with legal obligations or (ii) legitimate interest for compliance with international legal requirements where no legal obligation under applicable data protection law exists	We have a legitimate interest to comply with international legal requirements where no legal obligation under applicable data protection law exists.	Identification details, contact details, message details, supplier, distributor or technician registration details, press distribution list details, website activity data, location information, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), loyalty and rewards program data, events and other requests, preferences, responses and feedback, types of services received or products bought
Sanction list screenings	(i) Compliance with our legal obligations or (ii) - where no such obligations exist - legitimate interests	We have a legitimate interest in complying with sanctions regulations applicable to PHINIA in various jurisdictions.	Identification details, contact details, supplier, distributor or technician registration details
To carry out compliance investigations	Legitimate interests	We have a legitimate interest carrying out compliance investigations to safeguard that we comply with our legal obligations.	Identification details, contact details, message details, supplier, distributor or technician registration details, press distribution list details, website activity data, location information, details with respect to the Delphi Configurator and other PHINIA Portals, details with respect to training and courses offered by PHINIA (including the Delphi Academy), loyalty and rewards program data, events and other requests, preferences, responses and feedback, types of services received or products bought
For any of the above listed purposes it might be necessary to transfer data to our Affiliates	(i) Consent where the relevant processing activity listed above relies on consent or (ii) legitimate interests	We, as part of the PHINIA group of companies, have a legitimate interest in transferring your Personal Data within the group of companies with our Affiliates for internal administrative purposes.	The data categories correspond to those listed with respect to the relevant purpose for processing.

In some cases, for example for Website users within the PRC, your Personal Data may be collected, used, disclosed, and processed for the abovementioned purposes based on your consent. Where we process your Personal Data for purposes not mentioned in this Notice, we will obtain your consent for such processing (as may be required by applicable law). Website users within the EEA/UK, or Brazil will be informed about the purposes of such processing prior to being asked to give consent.

2.2 Log files

As indicated in the table above, we save log files including website activity data for the purpose of determining disruptions and ensuring security of the Website and our systems.

We also use such log files for website analytics by means of cookies; for further information on our use of cookies please see our Cookie Notice.

2.3 Direct Marketing and Newsletter

As mentioned above, we may use your Personal Data to let you know about our products and services that we believe will be of interest to you and/or provide you with our newsletter. We may contact you by email or through other communication channels that we think you may find helpful.

If you subscribe to a newsletter, we will process your Personal Data in order to dispatch the newsletter based on your consent. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you. You may ask us to stop direct marketing and withdraw your consent at any time, without affecting the lawfulness of processing based on such consent before its withdrawal, by cancelling the subscription by clicking on the respective link provided in each newsletter or contacting us.

2.4 Cookies

PHINIA uses cookies to improve Website performance and enhance the user experience for those who visit the Website.

Cookies which are not strictly necessary for the provision of the Website will only be stored on your device and accessed based on your consent. You may withdraw such consent at any time, without affecting the lawfulness of processing based on such consent before its withdrawal, by accessing our PHINIA - Cookie Policy Further information on our use of cookies can be found in our Cookie Notice.

We also use Google Analytics to collect usage data about our services in order to provide us with reports and metrics to help us evaluate usage of our services and improve performance and user experience. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

3. Who has access to your information (recipients)?

3.1 Within PHINIA, only authorized PHINIA employees with appropriate responsibilities have access to your Personal Data. In addition, we may share your Personal Data with the categories of recipients mentioned in this section.

3.2 With your consent (where required by applicable law), we may share your Personal Data with service providers that process Personal Data on our behalf in the jurisdictions mentioned below, and subject to our instructions as so-called processors, for the purpose of providing their professional services to us:

IT service providers (hosting services) (EEA, US, UK, Taiwan)
Newsletter service provider (handling and dispatch of newsletter) (EEA)
Provider of website analytics tools (website analytics) (EEA, US)
Web agency developing functions and maintaining operation of website (EEA)

Where we share your Personal Data with these service providers, we will – as required by law – put in place contracts to ensure they process your Personal Data in accordance with our instructions and to adopt security measures to protect your Personal Data.

3.3 With your consent (where required by applicable law), we may share your Personal Data with the following third parties:

Affiliates: We may share your Personal Data of the categories listed in section II.1 above with Affiliates for the purposes listed in section II.2 above. For Website users within Japan, PHINIA Inc. is responsible for management of your Personal Data jointly used within PHINIA. The name of the representative persons of PHINIA Inc. is available at https://www.phinia.com/company/executive-management.
Other third parties (data controllers):
- Financial services providers (including banks for the purpose of carrying out financial transactions, e.g., when you purchase one of our products or services)
- State authorities (including tax authorities and law enforcement agencies) for the purpose of compliance with laws and regulations applicable to us
- Consultants (lawyers and auditors) for the purpose of compliance with legal obligations, corporate transactions and safeguarding our rights
- Courts for the purpose of safeguarding our rights
- Third party marketing providers
- Potential buyer or acquirer of all or part of our asset(s) and/or activity(ies) for the purpose of corporate transactions

For Website users within the EEA/UK, Brazil, or Turkey the legal bases relevant for the transfer of Personal Data to third parties can be found in section II.2 above.

For Website users within the PRC, you may contact us at [email protected] for further information about our sharing of Personal Data with third party data controllers.

4. Do we transfer your data internationally (third country transfers)?

Some recipients of Personal Data may be located outside the EEA/UK and/or outside of the countries which you reside in (e.g., outside of Japan or the PRC) and these countries may not offer a level of protection equivalent to the one granted in your jurisdiction.

Where Personal Data of Website users from the EEA/UK is transferred to locations outside the EEA/UK, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 45 GDPR) or the transfer is subject to appropriate safeguards provided by entering into standard data protection clauses of the European Union or the UK equivalent with the recipient (Art. 46 GDPR) unless GDPR provides for an exception or you have given explicit consent (Art. 49 GDPR). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

If we transfer your Personal Data from the EEA to such a jurisdiction which has been recognized as providing an adequate level of data protection, we will rely on adequacy decisions. When transferring Personal Data to recipients in the US we may rely on the DPF (EU-U.S. DPF / UK Extension to the EU-U.S. DPF) which ensures an adequate level of protection for recipients certified under the DPF. A list of the European Commission’s adequacy decisions can be found here. A list of the UK’s adequacy decisions can be found here.

Where we rely on standard data protection clauses of the European Union or the UK equivalent, insofar as the transfer is made to a service provider (including Affiliates acting as such) processing Personal Data on our behalf, Module Two (transfer from controllers to processors) of the standard contractual clauses or the UK equivalent is relevant; insofar as the transfer is made to recipients which do not process Personal Data on our behalf but for their own purposes, Module One (transfer from controllers to controllers) is relevant.

Where Personal Data of Website users from Japan is transferred to locations outside Japan, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 28.1 APPI) or the transfer is subject to appropriate safeguards provided by entering into an appropriate data processing agreement (Art. 28.1 APPI) APPI provides for an exception or you have given explicit consent (Art. 28.1 APPI). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

For Website users from PRC, with your consent and where your Personal Data is being transferred or shared outside of your country of residence, we will, as required by applicable law, put in place contractual and other measures to ensure your Personal Data is provided with protection that is at least comparable to that required under applicable law in your jurisdiction. If you require more details about our transfer activities, please contact us at [email protected].

Where Personal Data of Website users from Turkey is transferred to locations outside Turkey, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. (9) (1) DPL) or the transfer is subject to appropriate safeguards (Art. (9) (4) DPL) or conditions for derogations for specific situations have been met (Art. (9) (6) DPL).

A copy of the standard data protection clauses of the European Union or the UK equivalent can be obtained by contacting [email protected]. Please also contact this email address if you would like to know which of the clauses apply to a specific transfer or for copies of other safeguards.

5. How long do we store your data and how we protect your personal data?

5.1 General

Your Personal Data will generally only be stored until the Personal Data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed).

As an exception, Personal Data may be stored longer where their processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defense of legal claims.

5.2 Log Files

We save log files including website activity data for the purpose of determining disruptions and ensuring security of the Website and our systems for a period of 7 to 10 days, or longer, if required by applicable laws, and deleted them thereafter; log files which need to remain stored for evidence purposes are excluded from deletion unless the respective incident has been resolved and may be forwarded to investigating authorities on a case-by-case basis.

5.3 Newsletter

With respect to newsletters your Personal Data actively provided by you when registering to the newsletter will be stored as long as the newsletter subscription is active; your consent will be stored for up to three further years, depending on the respective standard limitation period.

5.4 Cookies

Cookies not deleted by you will expire after the time span indicated in the PHINIA - Cookie Policy

5.5 Data security

We use appropriate technical and organizational measures aimed to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. However, do note that the risk of such incidents always remains.

6. No automated decision-making

In the context of this Website no automated decision-making takes place.

III. Special information for people who interact with us via social media

Below you will find information on how we process personal data of individuals who interact with us through social media.

1. Where do we collect your data?

We have a presence on (i) LinkedIn, (ii) YouTube, (iii) X (formerly known as Twitter), (iv) Instagram, (v) Facebook, and (vi) WeChat / Weixin.

The providers of these social media networks process information about how you interact with our corporate presence in the respective social media network and data that you provide in your respective profile. The providers aggregate this data and provide it to us as statistics; however, you are not identifiable from these statistics. These statistics help us to better understand trends and demographics of the groups of people who interact with our corporate presence in social media networks.

The social media network providers may include the following companies among others:

LinkedIn: LinkedIn Ireland Unlimited Company ("LIUC"), Wilton Place, Dublin 2, Ireland
In connection with the processing of Personal Data of social media users within the EEA/UK to produce the statistics, we and LIUC are joint data controllers. In this context, we and LIUC have entered into a joint controllership arrangement (available here). Pursuant to this arrangement, LIUC assumes compliance with the data protection obligations that exist in connection with the provision of the statistics. This includes the fulfillment of all rights you have as a user of LinkedIn. These are, for example, your rights to information, disclosure, deletion and objection. LIUC will also ensure that any existing notification obligations due to personal data breaches (such as towards authorities or you) are fulfilled. LIUC will therefore also ensure that LinkedIn members are informed about the processed data.
Information about LIUC's processing of your personal data when using LinkedIn can be found in LIUC's privacy notice, which is available here. You can view the user agreement for LinkedIn here.
YouTube: Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
Information about Google's processing of your personal data when using YouTube can be found in Google's privacy notice, which is available here. You can view the terms of service for YouTube here.
X (formerly known as Twitter): Twitter International Unlimited Company ("TIUC"), One Cumberland Place, Fenian Street Dublin 2, Ireland
Information about TIUC's processing of your personal data when using Twitter can be found in Twitter's privacy notice, which is available here. You can view the Twitter terms of service here.
Instagram: Meta Platforms Ireland Limited ("Meta"), 4 Grand Canal Square, Dublin 2, Ireland
Information about Meta's processing of your personal data when using Instagram can be found in Meta's privacy notice, which is available here. You can view the terms of use for Instagram here.
Facebook: Meta Platforms Ireland Limited ("Meta"), Block J, Serpentine Avenue, Dublin 4, Ireland
In connection with the processing of Personal Data of social media users within the EEA/UK to produce the statistics, we and Meta are joint controllers. In this context, we and Meta have entered into a joint controllership arrangement (available here). Thereafter, we and Meta have agreed that Meta is obligated to enable data subjects' rights under Articles 15 to 20 of the GDPR (in particular, the right of access, the right of rectification, the right of erasure, the right to restrict processing and the right to object) with respect to personal data stored by Meta after joint processing. You may exercise your rights in relation to the processing of your personal data towards Meta. Under this arrangement, we are also required to inform you of the following: Meta relies on the legal basis of "legitimate interests" (Art. 6 (1) (f) GDPR) for the processing of your personal data in connection with the statistics.
Information about Meta's processing of your personal data when using Facebook, in particular Meta's contact details and the contact details of Meta's designated data protection officer, as well as your rights vis-à-vis Meta, can be found in Meta's privacy notice, which is available here. You can view the terms of service for Facebook here.
WeChat / Weixin:
- WeChat: For users using a non-PRC phone number: Tencent International Services Europe BV ("Tencent EU"), Buitenveldertselaan 1-5, 1082 VA Amsterdam, the Netherlands (for users using a UK, EEA, or Switzerland phone number) or WeChat International Pte. Ltd. ("WeChat International"), 10 Anson Road, #21-07 International Plaza, Singapore 079903 (for users using a non-UK, EEA, or Switzerland phone number)
  Information about Tencent EU's and WeChat International’s collection, processing, and sharing of your personal data with us when using WeChat can be found in their privacy notice, which is available here. You can view the terms of use for WeChat here.
- Weixin: For users using a PRC phone number or contracted with Tencent Computer Systems Company Limited for Weixin: Shenzhen Tencent Computer Systems Company Limited ("Tencent PRC"), 35/F., Tencent Building, Kejizhongyi Avenue, Maling Community, Yuehai Street, Nanshan District, Shenzhen, PRC.

Information about Tencent PRC's collection, processing, and sharing of your personal data with us when using Weixin can be found in Tencent PRC's privacy notice, which is available here. You can view the terms of use for Weixin here.

For social media users outside of the EEA/UK the legal entities providing the social media networks might be different than those listed above.

The abovementioned social media providers may share your Personal Data with us. With your consent (where required by applicable law), we may also directly collect your Personal Data when you interact with us via social media. The categories of Personal Data we process in the course of such interaction depend on the platform used. This may involve the following categories of Personal Data:

Identification details, such as first name and last name, username;
Contact details, such as email address and phone number;
Message / post details, such as the company you work for/on behalf of which you contact PHINIA via social media, country in which you are located, and the contents of your message / social media posts;
Social media activity data, such as your IP address, your behavior on social media, information about the device you are using, browser language, time and duration of your visit to social media
Location information, such as general location information (e.g., city/state and/or postal code associate with your IP address).

2. How is your data processed (purposes and legal bases)?

2.1 General

We may process your Personal Data for the purposes set forth in the table below. We do not sell your Personal Data to any other company.

For social media users within the EEA/UK, Brazil, or Turkey we rely on the legal bases listed in the table below. Where relevant, the legitimate interest we pursue is included in the table below as well. The relevant legal bases for users within the EEA/UK, Brazil, or Turkey are:

Performance of a contract (including processing necessary to take steps at your request prior to entering into a contract);
Compliance with legal obligations;
Legitimate interests;
Consent; and
For Brazil only: Regular exercise of rights in administrative, judicial or arbitration proceedings.

Purpose of processing	Legal basis (EEA/UK; Brazil; Turkey)	Legitimate interest (where relevant) (EEA/UK; Brazil; Turkey)	Categories of Personal Data
To provide a corporate presence in social media networks	Legitimate interest	We have a legitimate interest in providing and maintaining (legally compliant) presences in social media in order to present the PHINIA group of companies and its services and content on the Internet and to grow engagement by visibility with a variety of audiences globally.	Social media activity data
To contact you and provide you with information you have requested	Performance of a contract or - where this is not appropriate - legitimate interests	We have a legitimate interest in communicating with you upon your request.	Identification details, contact details, message / post details
To improve our services, goods and our corporate presence in social media	Legitimate interests	We a legitimate interest in improving our services, goods and social media presence in order to preserve and grow our business.	Social media activity data
To collect and use statistical information on the use of corporate presences in social media (e.g., to efficiently carrying out marketing campaigns, placing advertisements and providing editorial content)	(i) Consent or (ii) - where your consent was not required for this purpose - legitimate interests	We have legitimate interests in analyzing the usage of the social media presences in order to improve them, in evaluating the use of our corporate presence in social media networks to play out advertising as targeted as possible, and in advertising goods/services.	Social media activity data, location information
To understand how customers and potential customers think about our brand (by analysing what people are saying about us on social media networks)	(i) Consent or (ii) – where your consent is not required – legitimate interests	We have a legitimate interest in understanding how customers and potential customers think about our brand in order to preserve and grow our brand and improve our goods and services.	Message / post details
To provide you with direct marketing communication (such as a newsletter)	(i) Consent or (ii) – where lawful under applicable national direct marketing rules – our legitimate interests	We have a legitimate interest in marketing our products and/or services.	Contact details, identification details
To interact with you via social media networks	Legitimate interests	We have a legitimate interest in interacting with followers of our corporate social media presences and other interested parties via social media in order to present the PHINIA group of companies and its services on the Internet.	The categories of Personal Data depend on the social media network. In particular, the following categories may be concerned: contact details, identification details, other information that you provide to us as part of the interaction via social media.
To enable corporate transactions (including sale of all or part of our asset(s) and/or activity(ies))	Legitimate interests	We may have a legitimate interest in disclosing information to (potential) buyers or acquirers and their external counsels in certain scenarios.	Identification data, contact data, messaging data, social media activity data, location information.
To safeguard our rights	For EEA/UK and Turkey: Legitimate interests For Brazil: Regular exercise of rights in administrative, judicial or arbitration proceedings	We have a legitimate interest in the establishment, exercise and/or defense of legal claims.	Identification data, contact data, messaging data, social media activity data, location information.
To comply with legal obligations (e.g., from tax law)	(i) Compliance with legal obligations or (ii) legitimate interest for compliance with international legal requirements where no legal obligation under applicable data protection law exists	We have a legitimate interest to comply with international legal requirements where no legal obligation under applicable data protection law exists.	Identification data, contact data, communication data, social media activity data, location information.
For any of the above listed purposes it might be necessary to transfer data to our Affiliates	(i) Consent where the relevant processing activity listed above relies on consent or (ii) legitimate interests	We, as part of the PHINIA group of companies, have a legitimate interest in transferring your Personal Data within the group of companies for internal administrative purposes.	The categories of Personal Data correspond to those listed for the respective processing purpose.

In some cases, for example for social media users within the PRC, your Personal Data may be collected, used, disclosed, and processed for the abovementioned purposes based on your consent. Where we process your Personal Data for purposes not mentioned in this Notice, we will obtain your consent for such processing (as may be required by applicable law).

2.2 Analysis of usage behavior in social media networks

The social media network providers process information about how you interact with our corporate presence in the respective social media network and data that you provide in your respective profile. The providers aggregate this data and provide it to us as statistics ("Social Media Statistics"); you are not identifiable from this aggregated data. These statistics help us better understand trends and demographics of the groups of people who interact with our corporate presences in social media networks. Details about our corporate presences in social media networks and the respective providers can be found in section III.1.

2.3 Social media networks

In connection with our corporate presences on social media networks, we ask you to consult the privacy notices of the respective platform if you would like to learn more about the processing and sharing of your personal data on/by these platforms.

3. Who has access to your information (recipients)?

Social media channel management platform provider (to manage our corporate presences on social media networks) (US)
Newsletter service provider (handling and dispatch of newsletter) (EEA)

3.3 With your consent (where required by applicable law), we may share your Personal Data with the following third parties:

Affiliates: We may share your Personal Data of the categories listed in section III.1 above with Affiliates for the purposes listed in section III.2 above. For social media users within Japan, PHINIA Inc. is responsible for management of your Personal Data jointly used within PHINIA. The name of the representative persons of PHINIA Inc. is available at https://www.phinia.com/company/executive-management.
Other third parties (data controllers):

Social media network providers for the purpose of interacting with you via our corporate presence on such social media network
State authorities (including tax authorities and law enforcement agencies) for the purpose of compliance with laws and regulations applicable to us
Consultants (lawyers and auditors) for the purpose of compliance with legal obligations, corporate transactions and safeguarding our rights
Courts for the purpose of safeguarding our rights
Potential buyer or acquirer of all or part of our asset(s) and/or activity(ies) for the purpose of corporate transactions

For social media users within the EEA/UK, Brazil, or Turkey the legal bases relevant for the transfer of Personal Data to third parties can be found in section III.2 above.

For social media users within the PRC, you may contact us at [email protected] for further information about our sharing of Personal Data with third party data controllers.

4. Do we transfer your data internationally (third country transfers)?

Some recipients of Personal Data may be located outside the EEA/UK and/or outside of the countries which you reside in (e.g. outside of Japan or PRC) and these countries may not offer a level of protection equivalent to the one granted in your jurisdiction.

Where Personal Data of social media users from the EEA/UK is transferred to locations outside the EEA/UK, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 45 GDPR) or the transfer is subject to appropriate safeguards provided by entering into standard data protection clauses of the European Union or the UK equivalent with the recipient (Art. 46 GDPR) unless GDPR provides for an exception or you have given explicit consent (Art. 49 GDPR). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

Where Personal Data of social media users from Japan is transferred to locations outside Japan, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 28.1 APPI) or the transfer is subject to appropriate safeguards provided by entering into an appropriate data processing agreement (Art. 28.1 APPI) APPI provides for an exception or you have given explicit consent (Art. 28.1 APPI). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

For social media users from PRC, with your consent and where your Personal Data is being transferred or shared outside of your country of residence, we will, as required by applicable law, put in place contractual and other measures to ensure your Personal Data is provided with protection that is at least comparable to that required under applicable law in your jurisdiction. If you require more details about our transfer activities, please contact us at [email protected].

Where Personal Data of social media users from Turkey is transferred to locations outside Turkey, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which Personal Data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. (9) (1) DPL) or the transfer is subject to appropriate safeguards (Art. (9) (4) DPL) or conditions for derogations for specific situations have been met (Art. (9) (6) DPL).

5. How long do we store your personal data and how we protect your personal data?

5.1 General

Your Personal Data will generally only be stored until the Personal Data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed).

5.2 Newsletter

5.3 Analysis of usage behavior on social media networks

Social Media Statistics are collected and stored by us exclusively in a non-personal manner.

5.4 Data security

6. No automated decision-making

In the context of interaction with us via social media networks no automated decision-making takes place.

IV. Changes to this Notice

We reserve the right to amend or modify this Notice at any time to ensure compliance with applicable laws. Please check regularly whether this Notice has been updated. We will obtain your consent to any material changes to this Notice, as required by applicable law.

This Notice has been updated last in May 2025.

V. Additional Information for California Residents

In this section of the Notice, we provide additional information for California residents about how we collect, use, disclose, and otherwise process their personal information, including the rights and choices they may have, as required by applicable California privacy laws. This section describes our information practices pursuant to the California Consumer Privacy Act (as amended, including by the California Privacy Rights Act of 2020) and its implementing regulations (as amended) (collectively, the “CCPA”). This section does not address or apply to our handling of personal information that is exempt under the CCPA.

Categories of Personal Information Collected and Disclosed. Our collection, use, and disclosure of personal information may vary depending upon the circumstances and nature of our interactions or relationship with such California resident. The table below generally sets out the categories of personal information we may have collected about California residents in the prior twelve (12) months, as well as the categories of third parties and other recipients to whom we may disclose this information for a business or commercial purpose.

Categories of Personal Information Collected	Categories of Third Party Disclosures
Identifiers. Includes direct identifiers, such as name, alias, title; email address, phone number, address, and other contact information; IP address, unique personal identifier, and other online identifiers.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Advertising networks · Data analytics providers · Social networks · Internet service providers, operating systems, and platforms · Others as required by law
Customer Records. Includes personal information, such as name, account name, user ID, contact information, professional or employment -related information, account number, and financial or payment information that individuals provide us in order to obtain our Services.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Internet service providers, operating systems, and platforms · Others as required by law
Commercial Information. Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. For example, this may include demographic information that we receive from third parties in order to better understand and reach customers.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Data Analytics Providers · Internet service providers, operating systems, and platforms · Others as required by law
Internet and Electronic Network Activity Information. Includes, but is not limited to, browsing history, clickstream data, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Advertising networks · Data analytics providers · Social networks · Internet service providers, operating systems, and platforms · Others as required by law
Geolocation Data. Such as location information about a particular individual or device.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Internet service providers, operating systems, and platforms · Others as required by law
Audio, Visual, and Other Electronic Data. Includes information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, photograph and images, and CCTV footage to secure our offices and premises.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Internet service providers, operating systems, and platforms · Others as required by law
Professional Information. Includes professional and employment-related information such as current and former employer(s), position(s), job title(s) and job role(s), business contact information, and professional memberships, qualifications, and licensing.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Internet service providers, operating systems, and platforms · Others as required by law
Profiles and Inferences. Including inferences drawn from any of the information identified above to create a profile reflecting a California resident’s preferences, characteristics, behavior, or attitudes.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Others as required by law
Protected Classifications. In limited circumstances, such as when you provide this information voluntarily, we may collect certain information that is considered a protected classification under California/federal law, such as your gender and date of birth.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Others as required by law
Biometric Information. Includes physiological, biological, or behavioral characteristics that can be used alone or in combination with each other to establish individual identity. For example, we may collect and process voiceprints for fraud detection and authentication purposes when you contact us by phone, or facial recognition or fingerprint scans for security purposes.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Internet service providers, operating systems, and platforms · Others as required by law
Sensitive Personal Information. In limited circumstances, we may collect social security number, driver’s license number, state identification card number, passport number, biometric information, and precise geolocation data.	· Advisors and agents · Regulators, government entities, and law enforcement · Affiliates and subsidiaries · Others as required by law

Sales and Sharing of Personal Information. California privacy laws define a “sale” as disclosing (or otherwise making available) personal information to a third party in exchange for monetary or other valuable consideration. “Sharing” broadly includes disclosing (or otherwise making available) personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA) identifiers and Internet and electronic network activity information to third-party ad companies and analytics providers to improve and evaluate our advertising campaigns, monitor and measure Website performance, and better reach customers and prospective customers with more relevant ads and content. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal Information. In general, we may collect the categories of personal information identified above from the following categories of sources:

Directly from you;
Our affiliates and subsidiaries;
Our business partners;
Customers and clients;
Advertising networks;
Data analytics providers;
Social networks;
Internet service providers;
Operating systems and platforms;
Government entities;
Public databases; and
Our vendors and service providers.

Purposes of Collection, Use, and Disclosure. As described in more detail in section 2.1 above in the “Purposes of Processing” column and section 3, “Who has access to your information (recipients)” above, we may collect, use, disclose, and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you:

To provide the Website and a corporate presence in social media networks
To provide PHINIA Portals (including the Delphi Configurator, online catalogue, diagnostic portals and other portals on our Website)
To provide a protected website area for suppliers, distributors or technicians
To interact with you, including via social media networks, contact you and provide you with information, which you have requested
To improve our services, goods, the Website, and our corporate presence in social media
To collect statistical information about the use of this website (web analytics)
To understand how customers and potential customers think about our brand (by analyzing what people are saying about us on social media networks)
To show personalized advertisement / content to you
To determine disruptions and to ensure the security of the Website and our systems, including the detection and tracing of (the attempt of) unauthorized access to our web servers
To provide you with our training and courses
To provide you with direct marketing communication (such as a newsletter) regarding products and/or services we offer (including via email)
To carry out the Delphi loyalty and rewards program
To plan and manage events, including webinars
To carry out auditing, reporting, and other internal operations
To carry out research and surveys
To enable corporate transactions (including sale of all or part of our asset(s) and/or activity(ies))
To safeguard our rights
To comply with legal obligations to which we are subject (e.g., deriving from tax law, or foreign trade law)
Sanction list screenings
To carry out compliance investigations

For any of the above listed purposes it might be necessary to transfer data to our Affiliates.

Sensitive Personal Information. Notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent, and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes that are not for inferring characteristics about you. We do not use or disclose your sensitive personal information other than as authorized by the CCPA.

Retention. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain certain personal information for as long as necessary to comply with our tax, accounting, and record-keeping obligations, to administer our Services, and for research, development, and safety purposes as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with legal obligations.

Aggregate Data and De-identifiable Data

Where we use, disclose or process deidentified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in deidentified form and not to attempt to reidentify the information, except in order to determine whether our deidentification processes are reasonable and adequate pursuant to applicable privacy laws.

California Residents’ Rights. Under the CCPA, California residents have the following rights (subject to certain limitations):

Opt-Out of Sales and Sharing. The right to opt out of our sale and sharing of their personal information.
Limit Use and Disclosure. The right to limit our use or disclosure of sensitive personal information to those uses authorized by the CCPA. However, we do not use or disclose sensitive personal information in ways triggering this right.
Deletion. The right to the deletion of their personal information that we have collected, subject to certain exceptions.
Know/Access. The right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
Correction. The right to correct inaccurate personal information that we maintain about them.
Non-Discrimination. The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

Exercising Your Privacy Rights. If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

Request to Know/Access, Correct, and Delete. California residents may submit requests to access/know, correct, and delete their personal information by:

Contacting us via the PHINIA Compliance Hotline
Emailing us at [email protected]
Calling us at 1-800-461-9330

We will take steps to verify your request by matching the information provided by you with the information we have in our records. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by contacting us at [email protected]; authorized agents will be required to provide proof of their authorization and we may also require that the relevant California resident directly verify their identity and the authority of the authorized agent.

Requests to Opt Out of Sales/Sharing. California residents may exercise their right to opt out online by submitting an opt-out request via our Contact Us page changing their cookie consent through the PHINIA - Cookie Policy. In addition, our website responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt out of sales and sharing on our website through that particular browser and device. Please note that if you come back to our website from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. More information about GPC is available at https://globalprivacycontrol.org/.

Contact Us

If you have any questions or concerns regarding this section of the Notice or our privacy practices, you may contact us at [email protected].