Car Connectivity Consortium®
Privacy Policy

This policy was last updated 13 December 2018 and is effective from 25 May 2018.

The Car Connectivity Consortium, LLC, (“CCC”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains the way in which we collect, manage, use and protect any Personal Data we obtain through your engagement with us, as well as your legal rights in respect of your data. By “Personal Data” we mean any information, alone or jointly with other similar information, that could be used to identify you.

 This Policy covers any Personal Data we collect in connection with your use of and (the “Websites”), where you can:

  • Learn more and request for information and content about the CCC’s benefits and MirrorLink technology
  • Apply to be a CCC member or developer
  • Find our technical standards
  • Access our developer portal, tools and process documents for developing and testing devices, developing and testing applications, reporting test results, reporting bugs, and requesting support, including Bugzilla and our Application Certification Management System (“ACMS”), where you can configure Developer Certificates and request Application Certificates (“Other Tools”)
  • Register for CCC-run events (e.g. webinars).


You can navigate to the relevant sections of the policy by clicking the links below:



Some of these provisions here, particularly your rights in respect of your data, will only apply if you are an individual based in the EU or the state of California. We have highlighted these sections as relevant.

By using our Websites or the other services provided by or on behalf of the CCC, including the ACMS and Other Tools (the “CCC Services”), you consent to policies and practices described in this Privacy Policy and in any other agreement that we might have with you, including but not limited to the CCC Limited Liability Agreement, the CCC Antitrust and Competition Guidelines and CCC IP Rights Policy (as may be amended from time to time).


About us

For the purposes of applicable data protection laws, Car Connectivity Consortium, LLC, a company incorporated in Oregon, USA with its registered address at 3855 SW 153rd Drive, Beaverton, OR 97003 USA is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.


What data do we collect about you?

When you access or receive the CCC Services, we may collect a variety of Personal Data about you, including: 

Personal Data that you provide to us directly

The CCC primarily collects Personal Data provided by you directly when you receive or request the CCC Services. For example, we may receive your name, address, telephone number, company name, job title, e-mail address and any other information that you voluntarily submit to us (e.g. special access or dietary requirements for events) when you register for an account on our Websites or to access the Bugzilla tool, sign up to or attend our events, or raise an enquiry/correspond with us face to face, through phone, email or our online contact form.

We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide to you.   

Personal Data received from other sources

We may also receive information about you from:

  • publicly available sources (e.g. LinkedIn or your profile on your company website, if you provide this information in your member/developer profile)
  • our third party service providers providing the CCC Services on our behalf (see “Who do we share your personal data with?” below)
  • Automatically collected technical information regarding your visits to the Website including, but not limited to, IP addresses, traffic data, location data, weblogs and other communication data.


The Application Certification Management System is run by Comarch on our behalf, and collects the following types of information when you visit or use the ACMS:

  • Personally identifying personal data (Email address, name and company name (when known) and your Developer ID) (“Account Data”)
  • Server Device IDs (a unique identification number associated with MirrorLink servers used in development)
  • Certificate access history, including time of request, country of origin, and the certificate being accessed (“Metric Data”)
  • Change histories of Application and Developer Certificates (“Activity Data”)


How do we use your personal data and on what grounds?

We will only use your personal data if we have a permitted lawful basis to do so. The primary purpose for which we collect information about you is to provide members and developers with services to support the technologies developed by the CCC (e.g. what you need to develop MirrorLink and Digital Key devices and applications). We also collect information about you for the following purposes:

To perform our contract with you (i.e. to provide you with our services and resources if you sign up to be a CCC member or developer)

  • To process membership applications
  • To provide members with their membership benefits, e.g. enable participation in CCC work groups, online collaboration with other members and signing up to related email lists
  • For continuity of service, (e.g. to restore your membership if you are coming back after a long break). This will be in accordance with our data retention practices (see “How long do you keep my data?” below)
  • To provide you with information, products or services that you request from us
  • For handling contacts, queries, complaints or disputes.

For our legitimate interests

  • For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles
  • To ensure network and information security in the CCC Services and your Personal Data
  • For improving existing services and developing new products and services
  • For promoting, marketing and advertising our services
  • Protecting the CCC and our members/users by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations tothe CCC
  • To effectively handle any legal claims or regulatory enforcement actions taken againstthe CCC
  • To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable service
  • Making important communications about your membership
  • For keeping you informed of CCC events and activities (only in certain circumstances, see “Marketing communications” below)
  • Maintaining our membership database.

To comply with our legal obligations

  • To help prevent fraudulent activity, including on your account (for example, if we collect your card details we will check these details with credit agencies and reserve the right to refuse to make available the CCC Services if, for example, the card details provided are reported to be fraudulent or credit agencies report the activities as being fraudulent)
  • To monitor and record telephone calls for training purposes and to improve the Service to you
  • To comply with our legal and regulatory obligations (including under applicable data protection laws)
  • For preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies
  • To fulfil our duties to our members, colleagues and other stakeholders.

We may also (where required by law) use your Personal Data for marketing purposes with your consent (see “Marketing communications” below).


Marketing communications

Where you are a CCC member, we may also use your Personal Datato keep you updated about CCC events and activities through marketing communications.  

This means we may use your contact information to contact you by email with announcements and newsletters regarding information that we think may be of interest to you.  

If you are based in the EU, we will only make marketing communications if you have given your consent to do so if you are a developer using your individual, sole trader or partnership (rather than company employee) email address. You have the right to withdraw your consent to these activities at any time, which will mean (unless we have another lawful basis to continue using your data) that we will cease to use your Personal Data for these marketing purposes.

If you wish to stop receiving marketing emails from the CCC, you can do so by contacting the CCC at contact information below or changing your communications preferences in your member portal (under “User Settings” and “Manage Your Email Subscriptions”).


Who do we share your personal data with?

We may disclose the Personal Data that we collect with the following third parties:

  • Our third party providers of our business and operational services. These parties are authorized to process your Personal Data on our behalf and pursuant to our instructions, and only as necessary to provide the CCC Services. These include:
  • Providers of payment processing and accounting, as necessary to process payment (such as Paypal)
  • Providers of the support tools and systems available on our Websites, like the ACMS and Bugzilla (in particular Comarch, Inc (“Comarch”) and DevZing, LLC)
  • Providers of Association Management services (in particular Vital Technical Marketing, Inc., “VTM”, who operate our member/developer portals on the Websites)

Please note that the ACMS and member/developer portal systems on the Websites use a shared sign-on system. This means that your name, email address and company name will be shared between Comarch and VTM as our external providers of these systems (regardless of whether you actually use the ACMS features), as this enables you to use one set of log-in details to access all member/developer features of the CCC Services.    

  • Any potential or actual third party buyer of our business and/or assets in the event that we sell, trade or license ownership of any part of the CCC business or assets (including management of the Websites)
  • Third parties we may be required to disclose such personal data to in order to comply with our legal obligations, to enforce our legal rights or to protect our members, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies or emergency services.

Additionally, Metric Data and Activity Data collected through the ACMS (see “What data do you collect about me?” above) can be viewed by many users of the ACMS, including other developers, members of the CCC, and system administrators. The Developer ID, Server Device ID and Application ID can all be determined by examining the files of a MirrorLink application.


Will my personal data be sent abroad?

Our main database is located in the U.S. and we collect, store and process the information from our Websites, the ACMS and Other Tools in both the U.S. and the EU. This means that if you are outside the U.S., then your Personal Data may be transferred abroad to a country with different data protection laws.  By providing your Personal Data in connection with the CCC Services, you agree to this potential international transfer of your Personal Data.

If you are based in the EU, we will ensure that such transfers are made subject to appropriate safeguards as required by applicable data protection laws to ensure that a similar degree of protection is afforded to your personal data, including by ensuring that overseas recipients of your data have been self-certified under the Privacy Shield framework  or through the use of EU Commission approved standard contractual clauses .  You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us (see “Contact Us” below) and the Privacy Shield scheme at


Your rights over your personal data

You can exercise all the rights applicable to you by contacting us (see details in the “Contact Us” section below) or submitting an online enquiry form on our Websites.


If you are based in the EU

You may, in circumstances, have the following rights in relation to the Personal Data we hold about you. You can request to:

·       access a copy of the information held about you

·       rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected. You can also update any incorrect contact information yourself by updating your profile information in the member’s portal or by emailing

·       delete, restrict or remove the data we hold about you

·       transfer the data we hold about you to another party

·       object to any further processing of your data, if we are processing your Personal Data on the basis of our legitimate interests (see “How do we use your personal data and for what grounds” above), or for direct marketing.


We will endeavor to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:

·       refuse your request based on the exemptions set out in the applicable data protection laws. 

·       request for proof of your ID to process the request or request further information

·       charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests. 

If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If we have shared your data with others, we will tell them about your request to rectify, erase, restrict or object to the processing where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.

If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence.




If you are based in California 

In addition to the information provided in this Privacy Policy, under California’s “Shine the Light” law, California residents who provide “personal information” (as defined in the statute) in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year. To obtain this information, please contact us by sending a letter or calling us at the contact information below. You may also submit a contact form electronically through the Websites.


If you are based anywhere else

The CCC acknowledges that you have the right to access your Personal Data. In case you request us to remove data, we will respond within a reasonable timeframe.

Upon request, the CCC will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.


How long do you keep my data?

We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.


How do you keep my personal data secure? 

We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security procedures to help protect against unauthorized access to or alteration, disclosure, or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and service providers (described in “Who we share your data with” above) who need to know the information to operate, develop, or improve the CCC Services.

Unfortunately, no transmission of Personal Data over the Internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, the CCC cannot guarantee or warrant the security of any information you transmit to us, or to or from our online services. The CCC has no responsibility or liability for the security of information transmitted via the Internet. If you have questions about this Privacy Policy or the security of your Personal Data, please contact us as indicated under the “Contact Us” section below.

We retain your Personal Data for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. We retain Personal Data collected through the Platforms we process for as long as needed.


Third party websites

This Privacy Policy only addresses the CCC’s use and disclosure of your Personal Data. The Websites, the ACMS and Other Tools may contain links to other websites, including those of our business partners, suppliers, social media pages and affiliates. If you follow a link to any of these websites, please note that websites have their own privacy policies and we are not responsible for these policies or for their misuse of any Personal Data. We encourage you to carefully read the privacy policy of any external websites before you submit any personal information through them.



The CCC Services are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13.  Children under 13 should not use the Websites, the ACMS or Other Tools.


Changes to this privacy policy

As the CCC and the CCC Services change from time to time, we may need to update this Privacy Policy to reflect changes to our information practices, technology and legal requirements. We will post any changes to this Privacy Policy on the Websites from time to time and, where appropriate, notify you by e-mail. Please periodically review this Privacy Policy before using the CCC Services as continued use of the CCC Services shall indicate your acceptance of any changes. All personal information held by us will be governed by the most recent Privacy Policy posted on the Websites.


Contact us

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please contact as at:

Address: Car Connectivity Consortium, 3855 SW 153rd Drive, Beaverton, OR 97003  USA

Phone: +1.503.619.1163