in 1999. From our first day of trading we have always taken the privacy and
security of private individuals information very seriously and worked to keep
it secure at all times in whatever form.
statement describes the type of information:-
- We collect,
- The way we collect it,
- The way we use it,
- How we keep it secure,
- Some of the decisions we make on
the use and retention of it,
- Who we share your information with
- How you can contact us.
The personal information we hold is yours. We will always
control and manage that information in the way you wish and we will always give
you an option not to receive marketing communication from us. We will never
send unsolicited ‘junk’ email or communications or share your information with
anyone else who might. We will not sell your information to third parties. But
our franchise partners do harvest your information from us under the terms of
our legally binding Franchise Agreements, the sole aim of this is to help us
and them provide you with the information, products and services that you
request from us, at the highest standards. For example registering a new car in
your name or a warranty to protect your purchase or conducting customer
satisfaction surveys etc.
This statement will develop over time as the regulatory
framework and best practice becomes available, for these reasons it may change
from time to time so you may wish to check it occasionally to ensure you are
happy with the way we use your information.
Information do we collect?
In a business model as complex as ours we collect a lot of
personal information, we work hard to get accurate personal data, keep it as up
to date and accurate as possible. There are numerous reasons we have to do this
from legislative requirements, selling, marketing, safety, complaint,
financing, servicing, warranty, safety, financial conduct authority compliance.
A myriad of reasons. All of which are valid and necessary to conduct our
business in a professional and well manged way.
We collect this
information from the following principal channels:-
Website enquiries – This will be from our own website or
enquiries passed on to us by our franchise partners
– These are websites such as Autotrader or franchise partner websites
Twitter, Instagram etc. – We have a
social presence and private data will be available
Systems – This will occur when you enquire about a vehicle either via the web,
telephone or visit one of our physical locations
systems – we collect company, driver and personal information when we engage to
supply vehicles either directly to via agents who supply on our behalf. The
same rules apply to the treatment of this information as it would for a private
sales, vehicle servicing and parts supply – This will occur at the point of
invoice as a customer
for Finance – When a customer purchases a new or used vehicle on finance
details will be collected
Centre – When a customer contacts us via the web, email or telephone to book in
for a service
– sales and service customers will be invoiced for vehicles, service or parts
Events – when we stage external sales events in public areas displaying
The information we collect
through these channels include some or all of the following:
The way we use
Johnsons Cars Ltd will only process the information that is
necessary for the purpose for which it has been collected. You will always have
the option not to receive marketing communications from us and you can withdraw
your consent or object at any time. We have operated under this principle well
ahead of the introduction of GDPR. Operating a robust opt-out process to all
forms of marketing and recognised many years ago we need to respect a person’s
decisions and always offer a choice. For this reason back in 2003 we changed
all our invoices to show on the front that a customer has opted-in (consented
or soft opt-in) to marketing of an electronic form and provided the contact
details straight to our central database team to have the preferences changed
to suit them. We react to un-subscribes from our email platform by reflecting
this in our core database and changing the persons preference, when we get
returned post we amend the record to receive no mail. We have a culture of reacting to customer
There are various ways in which we may use or process your
personal information as either a data controller or processor. We list these
Where you have provided consent, we may use and process your information to:
You can withdraw your consent at any time by contacting us
on the details
here or, in relation
to any marketing messages you receive, by using the unsubscribe option in those
messages. Consent is considered to occur either by responding to a question
about your preferences face to face, over the telephone, ticking a box on an
email or website or by another positive action telling us what you wish.
use and process your personal information where this is necessary to perform a
contract with you and to fulfil and complete your orders, purchases and other
transactions entered in to with us or our franchise partners and selected
use and process your personal information as set out below where it is
necessary for us to carry out activities for which it is in our legitimate
interest as a business to do so.
Processing necessary for us
to support our customers with sales and other enquiries.
Processing necessary for us to respond to understanding
customers and drivers needs
Processing necessary for us to promote our business, the franchises
we represent, the products we sell, the effectiveness of our campaigns etc.
Processing necessary for us to operate the administrative
and technical aspects of our business efficiently and effectively
11 We wish to hold the most up to date and
accurate information about you and to create a better understanding of your as
a customer. Therefore we need to verify from time to time its accuracy.
12. We need to maintain your information and
protect it from loss, theft or unauthorised access, so we may contact you to
verify this is happening.
13 You may contact us for a variety of reasons
and we may have to contact you back in a manner you have not consented to or
asked not to be contacted by. This will be from supressed data we maintain in
the background in order to meet your request.
14. To update you on our terms and conditions and
In the event of a sale of a business unit or as a whole
15. Johnsons Cars
Limited may choose to buy or sell assets (including the whole or part of its
company or business operations). If our company or all of its assets are
purchased by another company, customer data (including your personal data)
would be one of the assets transferred as part of that acquisition. When you
give consent to Johnsons Cars Limited for the use of your personal data
(including for marketing purposes), this consent applies to our company and any
subsequent purchasers of our company or business. After the sale has completed
the purchaser will let you have its own privacy notice, and any marketing
communications you receive from them will include the option to unsubscribe’.
mentioned above as a business we have to comply with a number of statutes and
Laws and in order to do this we will on occasion need to provide your personal
information to certain bodies to meet this legal obligation. Such an event
would be to tax a vehicle in your name with the DVLA who need information
including date of birth
where it is in every ones interest to communicate about an event or condition
about you or your vehicle. There could be a number of scenarios but the most
obvious is a product recall or urgent safety notice has been issued on the
vehicle you drive every day or something went wrong at one of our businesses
and we need to contact you about it.
General Data Protection Regulation (GDPR) which comes in to law 25
May 2018 concentrates on the Personal information held on private individuals.
As a Company/Business is not a person, it is not regulated in the same way.
little difference between the private information held on a person or a
Company/Business. For this reason we will treat Business information in the
same way as a private person as we realise that when we trade with companies it
is made up of people who have personal information.
How we keep your information secure
The security of your information goes hand in hand with the
security of our business information. Above a number of methods of collection
are mentioned on different systems and they all have different security/protection
put in place to ensure the information cannot be accessed without our
knowledge. This is achieved in the following ways
Data does though have to move around in certain situations
and this is done by authorised personnel only. It is always sent under password
control through a secure network at all times.
We do not allow personal data to be left unattended in
customer accessible areas or left visible on computer screens. In areas where
customers are not expected to be present we have a tidy desk policy.
Our database function and businesses shred personal
information and related documents when no longer needed or required.
How long do we keep your information
not hold your personnel information for longer than is necessary. As a business
routine, we are always “cleansing” the information, keeping it as accurate as
possible, reducing errors and only communicating with customers who wanted to
be communicated to.
how we collect your information above, we have principle channels and our
retention periods are as follows:
enquiries – 24 months –
portal providers – 24 months
– prospective relationship
systems – 24 months –
events – 12 months –
systems – 6 years –
and Service Finance Applications – 6 years –
Contacts – 6 years –
have a relationship with you we have to keep records for a minimum of 6 years.
have prospective relationships we will keep the personal information for 24
months. This allows for the possibility of us to form a relationship with you
as a customer.
The only exceptions to the periods mentioned are where:
Who do we share
your personal information with:
There are two situations where we would share your personal
The first occasion is where we supply the information to a
very limited number of commercial partners and this has been detailed above along
with the scenarios where we would do his.
The second occasion is where the information is harvested by our Franchise Partners per the terms of what is known as a Franchise Agreement. In this situation we cannot transfer the consent you have given us solely. Consent for this data to be used by the Franchise Partner will have been sourced via their own methods which we are obliged to ask/assist you with, you can of course refuse to provide your consent and they cannot use your consent to us to allow them to contact you for marketing purposes. We would remind you that it is your personal information and you can decline or remove this consent at any time, the only issue with this are the mechanisms that they deploy to do this may not be clear to you and we will assist you to do this.
How can you manage
the information we hold about you
The information we hold is yours, it can be accessed,
checked, changed or deleted at your request within the constraints detailed
above. We will though need to confirm that it is you who has made the requests
as best we can to ensure your information is not manipulated by persons
You have the right to change your consents to use this
information at any time and we must respond to any such request as long as it
is received from you within a reasonable period of time. We consider a
reasonable period of time to be
In the situations of unsubscribe and STOP made through emails and SMS etc. will be actioned immediately as the systems we use record such events and prevent any future communication via that channel. We will then amend the central databases to record no future contact on our various systems.
You have the right to
You can contact us via the following methods
Write to: The Database Manager, Johnsons
Cars Ltd, Empire Court, Albert Street, Redditch, Worcestershire B97 5SX
Phone us on: 01527 583083
Email us: email@example.com
If you have any specific data protection concerns or a
compliant, you can address it to our Data protection Office at
If you wish
to contact the data protection regulator for the United Kingdom, their details
Phone number: 0303 123 1113