in 1999. From our first day of trading we have always taken the privacy and
security of private individuals information very seriously and worked to keep
it secure at all times in whatever form.
This statement describes the type of information:-
- We collect,
- The way we collect it,
- The way we use it,
- How we keep it secure,
- Some of the decisions we make on the use and retention of it,
- Who we share your information with and
- How you can contact us.
The personal information we hold is yours. We will always control and manage that information in the way you wish and we will always give you an option not to receive marketing communication from us. We will never send unsolicited ‘junk’ email or communications or share your information with anyone else who might. We will not sell your information to third parties. But our franchise partners do harvest your information from us under the terms of our legally binding Franchise Agreements, the sole aim of this is to help us and them provide you with the information, products and services that you request from us, at the highest standards. For example registering a new car in your name or a warranty to protect your purchase or conducting customer satisfaction surveys etc.
This statement will develop over time as the regulatory framework and best practice becomes available, for these reasons it may change from time to time so you may wish to check it occasionally to ensure you are happy with the way we use your information.
What Personal Information do we collect?
In a business model as complex as ours we collect a lot of personal information, we work hard to get accurate personal data, keep it as up to date and accurate as possible. There are numerous reasons we have to do this from legislative requirements, selling, marketing, safety, complaint, financing, servicing, warranty, safety, financial conduct authority compliance. A myriad of reasons. All of which are valid and necessary to conduct our business in a professional and well manged way.
We collect this information from the following principal channels:-
Website enquiries – This will be from our own website or enquiries passed on to us by our franchise partners
Portals – These are websites such as Autotrader or franchise partner websites
Facebook, Twitter, Instagram etc. – We have a social presence and private data will be available
Showroom Systems – This will occur when you enquire about a vehicle either via the web, email, live
Chat, telephone or visit one of our physical locations
Fleet systems – we collect company, driver and personal information when we engage to supply vehicles either directly to via agents who supply on our behalf. The same rules apply to the treatment of this information as it would for a private person.
Vehicle sales, vehicle servicing and parts supply – This will occur at the point of invoice as a customer
Applying for Finance – When a customer purchases a new or used vehicle on finance details will be collected
Call Centre – When a customer contacts us via the web, email or telephone to book in for a service
Invoicing – sales and service customers will be invoiced for vehicles, service or parts
External Events – when we stage external sales events in public areas displaying vehicles:
The information we collect through these channels include some or all of the following:
The way we use this information
Johnsons Cars Ltd will only process the information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us and you can withdraw your consent or object at any time. We have operated under this principle well ahead of the introduction of GDPR. Operating a robust opt-out process to all forms of marketing and recognised many years ago we need to respect a person’s decisions and always offer a choice. For this reason back in 2003 we changed all our invoices to show on the front that a customer has opted-in (consented or soft opt-in) to marketing of an electronic form and provided the contact details straight to our central database team to have the preferences changed to suit them. We react to un-subscribes from our email platform by reflecting this in our core database and changing the persons preference, when we get returned post we amend the record to receive no mail. We have a culture of reacting to customer cues.
There are various ways in which we may use or process your personal information as either a data controller or processor. We list these below.
Where you have provided consent, we may use and process your information to:
You can withdraw your consent at any time by contacting us on the details here or, in relation to any marketing messages you receive, by using the unsubscribe option in those messages. Consent is considered to occur either by responding to a question about your preferences face to face, over the telephone, ticking a box on an email or website or by another positive action telling us what you wish.
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered in to with us or our franchise partners and selected partners
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interest as a business to do so.
Processing necessary for us to support our customers with sales and other enquiries.
Processing necessary for us to respond to understanding customers and drivers needs
Processing necessary for us to promote our business, the franchises we represent, the products we sell, the effectiveness of our campaigns etc.
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
11 We wish to hold the most up to date and accurate information about you and to create a better understanding of your as a customer. Therefore we need to verify from time to time its accuracy.
12. We need to maintain your information and protect it from loss, theft or unauthorised access, so we may contact you to verify this is happening.
13 You may contact us for a variety of reasons and we may have to contact you back in a manner you have not consented to or asked not to be contacted by. This will be from supressed data we maintain in the background in order to meet your request.
14. To update you on our terms and conditions and policies.
In the event of a sale of a business unit or as a whole
15. Johnsons Cars Limited may choose to buy or sell assets (including the whole or part of its company or business operations). If our company or all of its assets are purchased by another company, customer data (including your personal data) would be one of the assets transferred as part of that acquisition. When you give consent to Johnsons Cars Limited for the use of your personal data (including for marketing purposes), this consent applies to our company and any subsequent purchasers of our company or business. After the sale has completed the purchaser will let you have its own privacy notice, and any marketing communications you receive from them will include the option to unsubscribe’.
As mentioned above as a business we have to comply with a number of statutes and Laws and in order to do this we will on occasion need to provide your personal information to certain bodies to meet this legal obligation. Such an event would be to tax a vehicle in your name with the DVLA who need information including date of birth
This is where it is in every ones interest to communicate about an event or condition about you or your vehicle. There could be a number of scenarios but the most obvious is a product recall or urgent safety notice has been issued on the vehicle you drive every day or something went wrong at one of our businesses and we need to contact you about it.
The General Data Protection Regulation (GDPR) which comes in to law 25 th May 2018 concentrates on the Personal information held on private individuals. As a Company/Business is not a person, it is not regulated in the same way.
We see little difference between the private information held on a person or a Company/Business. For this reason we will treat Business information in the same way as a private person as we realise that when we trade with companies it is made up of people who have personal information.
How we keep your information secure
The security of your information goes hand in hand with the security of our business information. Above a number of methods of collection are mentioned on different systems and they all have different security/protection put in place to ensure the information cannot be accessed without our knowledge. This is achieved in the following ways
Data does though have to move around in certain situations and this is done by authorised personnel only. It is always sent under password control through a secure network at all times.
We do not allow personal data to be left unattended in customer accessible areas or left visible on computer screens. In areas where customers are not expected to be present we have a tidy desk policy.
Our database function and businesses shred personal information and related documents when no longer needed or required.
How long do we keep your information for?
We will not hold your personnel information for longer than is necessary. As a business routine, we are always “cleansing” the information, keeping it as accurate as possible, reducing errors and only communicating with customers who wanted to be communicated to.
In the how we collect your information above, we have principle channels and our retention periods are as follows:
Website enquiries – 24 months – prospective relationship
Website portal providers – 24 months – prospective relationship
Facebook and Twitter – 24 months – prospective relationship
Showroom systems – 24 months – prospective relationship
External events – 12 months – prospective relationship
Invoicing systems – 6 years – customer relationship
Vehicle and Service Finance Applications – 6 years – customer relationship
Call Centre Contacts – 6 years – customer relationship
If we have a relationship with you we have to keep records for a minimum of 6 years.
Where we have prospective relationships we will keep the personal information for 24 months. This allows for the possibility of us to form a relationship with you as a customer.
The only exceptions to the periods mentioned are where:
Who do we share your personal information with:
There are two situations where we would share your personal information.
The first occasion is where we supply the information to a very limited number of commercial partners and this has been detailed above along with the scenarios where we would do his.
The second occasion is where the information is harvested by our Franchise Partners per the terms of what is known as a Franchise Agreement. In this situation we cannot transfer the consent you have given us solely. Consent for this data to be used by the Franchise Partner will have been sourced via their own methods which we are obliged to ask/assist you with, you can of course refuse to provide your consent and they cannot use your consent to us to allow them to contact you for marketing purposes. We would remind you that it is your personal information and you can decline or remove this consent at any time, the only issue with this are the mechanisms that they deploy to do this may not be clear to you and we will assist you to do this.
How can you manage the information we hold about you
The information we hold is yours, it can be accessed, checked, changed or deleted at your request within the constraints detailed above. We will though need to confirm that it is you who has made the requests as best we can to ensure your information is not manipulated by persons unknown.
You have the right to change your consents to use this information at any time and we must respond to any such request as long as it is received from you within a reasonable period of time. We consider a reasonable period of time to be
In the situations of unsubscribe and STOP made through emails and SMS etc. will be actioned immediately as the systems we use record such events and prevent any future communication via that channel. We will then amend the central databases to record no future contact on our various systems.
You have the right to
You can contact us via the following methods
Write to: The Database Manager, Johnsons Cars Ltd, Empire Court, Albert Street, Redditch, Worcestershire B97 5SX
Phone us on: 01527 583083
Email us: firstname.lastname@example.org
If you have any specific data protection concerns or a compliant, you can address it to our Data protection Office at email@example.com
If you wish to contact the data protection regulator for the United Kingdom, their details are below:
Information Commission’s Office
Phone number: 0303 123 1113