Legal
Privacy Policy
Last updated: May 2025
1. Introduction & Data Controller
Chery Caribbean (“we”, “us”, “our”) is the official Chery vehicle dealer serving Sint Maarten, St. Lucia, and the wider Caribbean region. This Privacy Policy explains how we collect, use, disclose, and protect personal information obtained through this website and our related online services.
Data Controller: Chery Caribbean
Contact: [email protected]
We do not have a designated Data Protection Officer (DPO) as we are a small dealership without large-scale systematic processing of personal data. All privacy-related inquiries should be directed to the email address above.
This policy applies to all visitors and users of our website. We comply with applicable Caribbean/Netherlands Antilles data protection law. For EU visitors we additionally adhere to the GDPR and ePrivacy Directive. For California residents we adhere to the CCPA.
2. What Data We Collect
Information you provide to us
- Name, email address, and phone number (contact and service request forms)
- Message content submitted via inquiry forms
- Financial details where a financing inquiry is made
- Vehicle details (model, year) when booking a service request
Information collected automatically
- IP address (anonymised in Google Analytics)
- Browser type, device type, and operating system
- Pages visited, time on page, referrer URL, and session duration
- Clickstream data and interactions with site elements
Cookies and tracking data
We use cookies and similar technologies as described in Section 4.
3. How & Why We Use It (Legal Bases)
| Purpose | Legal Basis (GDPR) |
|---|---|
| Respond to contact / service form submissions | Performance of pre-contract steps — Art. 6(1)(b) |
| Website analytics via Google Analytics | Consent — Art. 6(1)(a) (only when cookie consent is given) |
| Security and fraud prevention | Legitimate interest — Art. 6(1)(f) |
| Compliance with legal obligations | Legal obligation — Art. 6(1)(c) |
| Marketing communications | Consent — Art. 6(1)(a) |
CCPA note: We do not sell personal information to third parties.
4. Cookies & Tracking Technologies
We use the following cookie categories:
- Strictly Necessary — Essential for the site to function. Cannot be disabled.
- Functional / Preferences — Remember your choices and settings.
- Analytics & Performance — Help us understand how you use the site. Requires your consent.
- Marketing / Advertising — Used for targeted advertising. Requires your consent.
| Cookie Name | Category | Purpose | Provider | Duration |
|---|---|---|---|---|
| chery-cookie-consent | Strictly Necessary | Stores your cookie consent preferences | Chery Caribbean | 1 year |
| chery-consent-given | Strictly Necessary | Records that consent has been provided | Chery Caribbean | 1 year |
| iron-session | Strictly Necessary | Encrypted session cookie for admin authentication | Chery Caribbean | Session |
| _ga | Analytics | Google Analytics — distinguishes users | 2 years | |
| _ga_* | Analytics | Google Analytics — session state | 2 years | |
| _gid | Analytics | Google Analytics — distinguishes users (short-term) | 24 hours |
You can update your cookie preferences at any time using the link in our footer, or by contacting us at [email protected].
5. Data Sharing & Third Parties
We share personal data only with service providers necessary to operate our website and services. All processors are bound by data processing agreements and may only use your data for the specified purpose.
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Google LLC | Website analytics (Google Analytics) | USA | Standard Contractual Clauses |
| Resend Inc. / Mailgun Technologies | Transactional email delivery | USA | Standard Contractual Clauses |
| Auth0 / Okta Inc. | User authentication | USA | Standard Contractual Clauses |
| Sanity.io AS | Headless CMS content hosting | Norway / EU | GDPR-compliant (EEA) |
We do not sell personal information. California residents may exercise their “Do Not Sell or Share My Personal Information” rights — see Section 7. There is nothing to opt out of as we do not sell data.
6. Data Retention
- Contact & service form inquiries: Retained for up to 2 years, then deleted or anonymised.
- Analytics data: Per Google Analytics default retention (26 months), or as configured in our GA4 account.
- Admin session cookies: Session duration only — deleted when you close your browser.
- Cookie consent records: Stored for 1 year, after which you will be re-prompted for consent.
When data is no longer required, it is securely deleted or anonymised.
7. Your Rights
GDPR rights (EU/EEA residents)
- Right of access — obtain a copy of your personal data
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restriction of processing
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time, without affecting prior lawful processing
- Right to lodge a complaint with a supervisory authority
CCPA rights (California residents)
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information (subject to certain exceptions)
- Right to opt out of sale of personal information — we do not sell your data
- Right to non-discrimination for exercising your privacy rights
How to exercise your rights
Email us at [email protected] with “Privacy Request” in the subject line, including your full name and the nature of your request. We will respond within 30 days.
You can update cookie preferences at any time by clicking in our footer.
EU/EEA residents may also lodge a complaint with the relevant national data protection authority in their country of residence.
8. Children's Privacy
This website is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete it.
9. Security Measures
We implement appropriate technical and organisational measures to protect your personal data:
- HTTPS encryption for all data in transit
- Encrypted, signed session cookies (iron-session)
- Auth0 authentication with role-based access control for admin areas
- Sanity CMS with role-based permissions for content management
- Restricted access to production systems and databases
- Periodic security reviews of our technology stack
No method of internet transmission is 100% secure. Please contact us immediately if you suspect unauthorised access to your data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes we will update the “Last updated” date at the top of this page.
Material changes will be communicated via a notice banner on our website.
Version: 1.0 — May 2025
11. Contact Us
If you have questions or requests regarding this Privacy Policy, please reach out:
Chery Caribbean[email protected]Subject line: Privacy RequestWe aim to respond within 30 days.