1. DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING OUR WEBSITES

1.1. WHO WE ARE AND WHICH WEBSITES ARE COVERED BY THIS PRIVACY POLICY

Who We Are: When we refer to ‘Jaguar Land Rover’, ‘JLR’ ‘we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: Jaguar Land Rover Automotive PLC, whose registered office is at: Abbey Road, Whitley, Coventry CV3 4LF, and whose registered number is: 1672070.

What this Privacy Policy covers: This Privacy Policy covers the current website, which may be managed by third parties as described below. To be transparent, when you visit a JLR website not covered by this Privacy Policy, it may be controlled by other JLR group entities or by a third party acting on our group’s behalf. We encourage you to check the Privacy Policy link at the bottom of the website you are visiting to review its privacy policy terms.

About the Jaguar Land Rover Group...

Jaguar Land Rover is part of a group of companies whose parent company is Jaguar Land Rover Automotive PLC. You can find out more corporate information about Jaguar Land Rover on our website at: https://www.jaguarlandrover.com/

Jaguar Land Rover is part of the Tata group. More information about the Tata group and the Tata companies can be found here:

http://www.tata.com/aboutus/sub_index/Leadership-with-trust http://www.tata.com/company/index/Tata-companies

1.2. WHAT INFORMATION WE COLLECT FROM OUR WEBSITE

Our websites serve primarily as information portals for the JLR Supply Chain Challenge 2025. We will process the personal data for the purpose described in heading 1.3 below, always in accordance with the provisions of current legislation, respecting their rights and providing information with total transparency. In consideration of the above, this data protection policy applies to European citizens, taking into consideration that this policy complies with the GDPR. This is without prejudice to any applicable local data protection regulations.

1.3. HOW WE USE YOUR PERSONAL DATA

We use personal data to manage your participation in the JLR Supply Chain Challenge 2025. This may include processing identifying information as well as data related to meeting the eligibility criteria for the competition. To ensure proper management of the competition, we may verify your eligibility and compliance with the rules. This verification process may require evidence or confirmation from participants before awarding any prizes.

The main uses of your personal data and the legal grounds we rely on for these are:

Maintaining and supporting website use and managing the JLR Supply Chain Challenge 2025

Applicable legal grounds: Legitimate interests in running effective website services.

Where you use an online service governed by our provided online Terms and Conditions, we and our permitted third parties will process data in a number of ways that support our website services. For example, this may include the following activities: identity confirmation, any fraud and authentication checks, service delivery, administration of prize draws, competitions, membership offers, surveys and other promotional activities, any applicable payment processes and collections activities, customer support and any ongoing service communications.

Managing your requests

Applicable legal grounds: Legitimate interests in running effective website services.

We will process data in managing your requests made on or via our websites (e.g. where you request a brochure, sign up to ‘keep me informed’ or add your details into any other website data form or data field). We will also process data in providing and maintaining personalised website experiences.

Enhancing website experience

Applicable legal grounds: Legitimate interests in enhancing, simplifying and streamlining website experiences.

Where we pre-fill website data fields to enhance and streamline your online experience.

Records maintenance and general administration

Applicable legal grounds: Legitimate interests in maintaining appropriate websites, records and service administration.

To maintain, cleanse and update our records, administer and maintain our websites, support your queries and any other internal operations and administrative purposes (for example, this will include troubleshooting, testing, supporting our audit requirements and in responding to any enquiries you may make, including any data protection rights you raise).

Network and information security

Applicable legal grounds: Legitimate interests as appropriate for ensuring network and information security.

To maintain our network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorized access. And to maintain appropriate server locations (for example, we may work with third parties to support appropriate use of cloud services).

Management of legal and regulatory requirements

Applicable legal grounds: Legitimate interests in complying with law and regulation, including responding to regulators and Legal obligation.

To manage legal and regulatory requests and requirements, meet or defend legal rights or for the prevention/detection of crime, (including where required to assist HMRC, law enforcement agencies such as the Police, the Driver and Vehicle Licensing Agency (DVLA) or any other public authority or criminal investigation body, or for the safeguarding of national security).

1.4. WHO WE SHARE PERSONAL DATA WITH

We may share your personal data with:

• Those third parties who need to process it so we can provide to you the products, services you have signed up to or requested or to further our research and development initiatives, for example, to provide or offer finance or credit, insurance, to provide marketing and advertising support services and for optimised website services and products.
• Jaguar Land Rover group companies in line with the data uses set out in this Privacy Policy.
• Third parties in the event we sell or buy any business or assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.

We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.

More about Jaguar Land Rover's network of Independent Third Parties...

We work with a number of independent third parties to provide services, such as our Retail Network, credit product providers, contract hire products. Personal data may be sent directly to these entities by you (for example if you contact them by phone or email or via their website pages), or we may share personal data with them where appropriate to support with your queries or other service requirements.

Where you use the UK websites to find or make contact with our Retail Network, a credit provider, or a contract hire product provider, these are (unless otherwise stated), independent businesses and not Jaguar Land Rover Group companies. Any contact you make to them (for example, to call or send an email) and any data you provide to them in use of their websites, will be controlled by them, not by Jaguar Land Rover. If you have questions regarding a third party’s (such as a retailer, importer, credit provider, contract hire product provider or repairer's) use of your personal data, we recommend you contact those parties directly.

More about Suppliers...

We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example payment processors, information technology such as hosting service providers, marketing and digital advertising support services, customer services and relationship handling, service and system specialists, website analytics support, online store shipping, delivery and support for events and experiences.

More about Jaguar Land Rover Group companies, and how they may provide service support...

As a member of the Tata Group of companies, we can benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us may be accessed by members of our group of companies only as necessary for service and system maintenance and support, aggregate analytics, business continuity, IT and administrative purposes. For example where necessary to support particular website enquiries, or to provide technical support that maintains website functionality.

1.5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS

The Jaguar Land Rover UK websites use servers which are hosted in the EU. However we may share website personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.

1.6. HOW LONG WE HOLD PERSONAL DATA FOR

We will keep your personal data for as long as we need it to provide the products and services you have signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests, including for our ongoing research and development initiatives, and to enforce our rights. The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.

1.7. YOUR DATA PROTECTION RIGHTS

You have rights in connection with your personal data, including: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.

We try to ensure that we deliver the best levels of customer service. If you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using either of the links below and add into the subject header that it relates to your data protection rights. These Customer Experience Centre email addresses are the appropriate contact details for our Data Protection Officer where queries are data protection related: https://www.landrover.com/ownership/contact-us/index.html https://www.jaguar.com/contact-us/index.html

If you are not happy and have a data protection related complaint, please contact us direct at this email address: DPOffice@jaguarlandrover.com. If you are not satisfied, you also have the right to complain to the Information Commissioner’s Office.

More about my data subject rights...

If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.

You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.

In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.

More about how I can get in touch with the Information Commissioner’s Office (ICO)…

The Information Commissioner’s Office (the ICO) is the supervisory authority that regulates personal data in the UK. You can get in touch with the ICO in any of the following ways:

• By going to their website: www.ico.org.uk
• By giving them a call on 0303 123 1113
• or by writing to them. Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.

1.8 LINKS TO OTHER WEBSITES

Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.

1.9 KEEPING YOUR INFORMATION SECURE

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We require all of our services providers to have appropriate measures in place to maintain the security of your information.

Where we have given you (or where you have chosen) a password that enables you to access any personalised area in a JLR website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.

1.10 UPDATES TO THIS PRIVACY POLICY

We may periodically review this Privacy Policy. Any changes to it will be reflected on this page. We recommend that You review this policy regularly for changes.