GDPR Policy

David Hendry Cars Data Policy

 

Your personal information is yours and you control what we do with it.

 

At David Hendry Cars, we respect your privacy and the confidentiality of any information we hold about you. We regard this as part of our responsibilities to you as our customer, but it is also covered by the new General Data Protection Regulation (GDPR). We believe that we already comply with the GDPR and we ensure that any of the data we hold about you is safe and secure, but we keep our procedures under constant review, to check we always meet or exceed any legal requirements. To find out more about how we use and protect your data, please contact us.

 

What do you mean by ‘data’?

In this context, ‘data’ refers to any personal data that we have about you. It can include:

 

Any means of identifying you, such as your name, any identification number, any online means of identifying you, such as your IP address

Your contact details, such as your address, phone numbers and email address

Economic data – this could include details of your income, for example, that you may give us when entering into a finance agreement

How do we use your data?

 

We'll inform you about our use of your data and your rights the first time you have any contact with David Hendry Cars. We’ll only use any personal information you give us to deliver the products and services that you ask us for and to administer your account. For example, we’ll use your contact details to keep you advised of any issues with regards to the ongoing safety and care of your vehicle, as well as to ensure any insurance policies are maintained and finance agreements are fulfilled. Where your consent has been provided, we’ll also contact you to advise on the replacement of your vehicle and to make you aware of our aftersales products and services.

 

In addition, when we email you, we track data to ensure that our communications have reached you – especially important for servicing and MOT reminders. To help us contact you at the right times, we'll process your data to assess how you use your vehicle and to be aware of information such as mileage, vehicle age and the type of work your vehicle will require. To ensure that we can deliver as personal and beneficial service to you as possible, we combine data about you from various sources.

 

Sharing your data

To make sure that all our communications with you are timely and accurate, we check the data we hold on you with the DVLA. We will, of course, also share your data with companies such as vehicle manufacturers and finance companies, where this is relevant to the services we are providing for you. Whenever we work with other businesses and we need to pass any of your data on to them to meet our obligations to you as a customer, we check that they have security protocols and policies in place to manage your data privacy and to record and act on your data preferences correctly, as well as the means to store your data securely.

 

Why is there a new data regulation?

In 1995, the EU issued a Data Protection Directive which became part of UK law in 1998 as a result of the data Protection Act. Since then, the abundance of personal digital information, its storage, processing, and onward transmission and, most importantly, its security have all undergone a major step change. That’s why the EU has issued the new General Data Protection Regulation, which will complete its two-year preparation period and become law on 25th May 2018. Brexit won’t affect the implementation of the GDPR, although a draft UK data protection bill was published in September 2017. This new bill will implement most of the GDPR as it currently stands.

 

What are my rights under the GDPR?

You are put in control of your data. Practically, this means that you must give your consent before we can hold any data about you – it’s no longer a matter of having to proactively opt out, you have to choose to opt in, before we’re allowed to hold or process your data. Under the General Data Protection Regulation, you have a number of rights, including the right to:

 

request copies of your data;

rectify any errors in your data;

require us to erase your data;

object to us processing your data;

restrict how we process your data; and

require us to give you electronic access to copies of your data in a digital format, where our systems allow.

To make a data request, please send us a data enquiry to datasecurity@groveburycars.com.

 

Who is my data shared with?

To enable us to fulfil your enquiry we may need to share your data with our suppliers, if you require a full list of our affiliates please email datasecurity@groveburycars.com.

 

What should I do now?

To continue to receive the full range of our services, we may have asked you to opt in to continue to receive information and you need to return this consent to us.

If you no longer wish to receive emails from us, please contact us to opt out.

You have the right to ask to be completely forgotten by us and to require us to destroy any data we hold on you. Please note that this could be problematical if we are providing you with any ongoing services. Please contact us about this.

To request to be forgotten completely, please send us a data enquiry.

 

Documentation about your data can be supplied on request to Mrs Heather Manners.

 

May 2018