Johnsons Cars Privacy Statement Issued: April 2018
Johnsons Cars Ltd is a privately owned business, established in 1999. From our first day of trading we have always taken the privacy and security of private individuals information very seriously and worked to keep it secure at all times in whatever form.
This statement describes the type of information:-
- We collect,
- The way we collect it,
- The way we use it,
- How we keep it secure,
- Some of the decisions we make on the use and retention of it,
- Who we share your information with and
- How you can contact us.
The personal information we hold is yours. We will always control and manage that information in the way you wish and we will always give you an option not to receive marketing communication from us. We will never send unsolicited ‘junk’ email or communications or share your information with anyone else who might. We will not sell your information to third parties. But our franchise partners do harvest your information from us under the terms of our legally binding Franchise Agreements, the sole aim of this is to help us and them provide you with the information, products and services that you request from us, at the highest standards. For example registering a new car in your name or a warranty to protect your purchase or conducting customer satisfaction surveys etc.
This statement will develop over time as the regulatory framework and best practice becomes available, for these reasons it may change from time to time so you may wish to check it occasionally to ensure you are happy with the way we use your information.What Personal Information do we collect?
In a business model as complex as ours we collect a lot of personal information, we work hard to get accurate personal data, keep it as up to date and accurate as possible. There are numerous reasons we have to do this from legislative requirements, selling, marketing, safety, complaint, financing, servicing, warranty, safety, financial conduct authority compliance. A myriad of reasons. All of which are valid and necessary to conduct our business in a professional and well manged way. We collect this information from the following principal channels:-
Website enquiries – This will be from our own website or enquiries passed on to us by our franchise partners
Portals – These are websites such as Autotrader or franchise partner websites
Facebook, Twitter, Instagram etc. – We have a social presence and private data will be available
Showroom Systems – This will occur when you enquire about a vehicle either via the web, email, live
Chat, telephone or visit one of our physical locations
Fleet systems – we collect company, driver and personal information when we engage to supply vehicles either directly to via agents who supply on our behalf. The same rules apply to the treatment of this information as it would for a private person.
Vehicle sales, vehicle servicing and parts supply – This will occur at the point of invoice as a customer
Applying for Finance – When a customer purchases a new or used vehicle on finance details will be collected
Call Centre – When a customer contacts us via the web, email or telephone to book in for a service
Invoicing – sales and service customers will be invoiced for vehicles, service or parts
External Events – when we stage external sales events in public areas displaying vehicles:
The information we collect through these channels include some or all of the following:
3. Phone number
4. Date of Birth
5. Email address
6. Vehicle information (including registration, VIN, service reminders, mileage and warranty repair information
7. The date and time you used our services
8. The pages you visited on our website and how long you visited us for
9. Your IP address
10. The internet browser and devices you are using
11. Cookies and any other data cookies may track
12. The website address from which you accessed our website
13. Details of any transactions between you and us
14. Where you engage with us in a business context, we may collect your job title, company contact details (including email address), fleet size, and company details.
15. Voice recordings of calls you make to us at all our businesses addresses
16. Live chat records and
17. Any information within correspondence you send usThe way we use this information
Johnsons Cars Ltd will only process the information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us and you can withdraw your consent or object at any time. We have operated under this principle well ahead of the introduction of GDPR. Operating a robust opt-out process to all forms of marketing and recognised many years ago we need to respect a person’s decisions and always offer a choice. For this reason back in 2003 we changed all our invoices to show on the front that a customer has opted-in (consented or soft opt-in) to marketing of an electronic form and provided the contact details straight to our central database team to have the preferences changed to suit them. We react to un-subscribes from our email platform by reflecting this in our core database and changing the persons preference, when we get returned post we amend the record to receive no mail. We have a culture of reacting to customer cues.
There are various ways in which we may use or process your personal information as either a data controller or processor. We list these below.Consent:
Where you have provided consent, we may use and process your information to:
1. Contact you from time to time about, promotions, events, products, services or information which we think may be of interest to you. We will never use this to bombard you with material, but will always consider relevancy and are you of the right profile to find this of use or interest.
2. Use automatic number recognition when you visit one of our properties which has this facility to alert them to your arrival.
3. To share personal information with our Franchise Partners. We will of course give you details about what the Franchise Partners wish to use the information for and you can decline your consent to this any anytime for marketing purposes.
4. To share your personal information with a very limited number of recommended third party partners, so that they can contact you with marketing information about products and services (we will, of course give you details about these third parties before you give your permission for us to send information to them)
You can withdraw your consent at any time by contacting us on the details here
or, in relation to any marketing messages you receive, by using the unsubscribe option in those messages. Consent is considered to occur either by responding to a question about your preferences face to face, over the telephone, ticking a box on an email or website or by another positive action telling us what you wish. Contractual performance
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered in to with us or our franchise partners and selected partnersLegitimate Interest
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interest as a business to do so.Processing necessary for us to support our customers with sales and other enquiries.
1. To respond to correspondence you send us and fulfil the requests you make to us (for example: test drives, service requests, brochure requests or information about specific vehicles )
2. To provide vehicle support and services, such as processing warranty claims, taxing a vehicle etc.Processing necessary for us to respond to understanding customers and drivers needs
3. To analyse, evaluate and improve our services and standards. This will generally be done by data amalgamation and without sufficient data to identify specific person directly.
4. To undertake market analysis, this will include customer surveys by either ourselves or our franchise partners from time to time. The reasons for this are to ensure we are providing the best possible services to our customers.Processing necessary for us to promote our business, the franchises we represent, the products we sell, the effectiveness of our campaigns etc.
5. To send marketing information from time to time after you have:
Enquired about a product or service
Purchased a product or service
Started but not completed on our website: - request a test drive, request a brochure, started an online service booking, failed to complete an online used car valuation etc.
We will only contact you about the products and services we sell. You have the right to object and be withdrawn from such marketing at any time.
6. A major part of our business is to keep the motorist and the pedestrian safe. You could consider it to be a duty of care. We will from time to time contact you by either email, SMS or telephone to advise you that in order to maintain your vehicle to the highest and safest standard you are due for a Service or an MOT and advise you about your options. At any stage you can ask to be withdrawn from such communications.
7. To contact you from time to time with marketing information if you are acting on behalf of a company and are considered a business
8. To contact you with targeted advertising delivered online through social media and other platforms operated by other companies unless you object.
10.To administer competitions and promotions that you enter with us from time to time and distribute prizes.Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
11. We wish to hold the most up to date and accurate information about you and to create a better understanding of your as a customer. Therefore we need to verify from time to time its accuracy.
12. We need to maintain your information and protect it from loss, theft or unauthorised access, so we may contact you to verify this is happening.
13. You may contact us for a variety of reasons and we may have to contact you back in a manner you have not consented to or asked not to be contacted by. This will be from supressed data we maintain in the background in order to meet your request.
14. To update you on our terms and conditions and policies.Legal Obligation
As mentioned above as a business we have to comply with a number of statutes and Laws and in order to do this we will on occasion need to provide your personal information to certain bodies to meet this legal obligation. Such an event would be to tax a vehicle in your name with the DVLA who need information including date of birthVital Interest
This is where it is in every ones interest to communicate about an event or condition about you or your vehicle. There could be a number of scenarios but the most obvious is a product recall or urgent safety notice has been issued on the vehicle you drive every day or something went wrong at one of our businesses and we need to contact you about it.Businesses
The General Data Protection Regulation (GDPR) which comes in to law 25th May 2018 concentrates on the Personal information held on private individuals. As a Company/Business is not a person, it is not regulated in the same way.
We see little difference between the private information held on a person or a Company/Business. For this reason we will treat Business information in the same way as a private person as we realise that when we trade with companies it is made up of people who have personal information.How we keep your information secure
The security of your information goes hand in hand with the security of our business information. Above a number of methods of collection are mentioned on different systems and they all have different security/protection put in place to ensure the information cannot be accessed without our knowledge. This is achieved in the following ways
1. All our severs are protected by Firewalls
2. All our servers are password protected
3. Our servers can only be accessed from our property or businesses addresses
4. Passwords are changed regularly
5. Personnel who leave the business are removed from systems promptly
6. Access to areas of our systems are driven by priority levels and access to customer data is very limited.
7. Some systems are web based and provided by third parties. We insist on the same levels of security and access limited to those authorised to such information.
Data does though have to move around in certain situations and this is done by authorised personnel only. It is always sent under password control through a secure network at all times.
We do not allow personal data to be left unattended in customer accessible areas or left visible on computer screens. In areas where customers are not expected to be present we have a tidy desk policy.
Our database function and businesses shred personal information and related documents when no longer needed or required.How long do we keep your information for?
We will not hold your personnel information for longer than is necessary. As a business routine, we are always “cleansing” the information, keeping it as accurate as possible, reducing errors and only communicating with customers who wanted to be communicated to.
In the how we collect your information above, we have principle channels and our retention periods are as follows:
Website enquiries – 24 months– prospective relationship
Website portal providers – 24 months – prospective relationship
Facebook and Twitter – 24 months – prospective relationship
Showroom systems – 24 months – prospective relationship
External events – 12 months – prospective relationship
Invoicing systems – 6 years – customer relationship
Vehicle and Service Finance Applications – 6 years – customer relationship
Call Centre Contacts – 6 years – customer relationship
If we have a relationship with you we have to keep records for a minimum of 6 years.
Where we have prospective relationships we will keep the personal information for 24 months. This allows for the possibility of us to form a relationship with you as a customer.
The only exceptions to the periods mentioned are where:
You ask us to keep you informed of any offers and products
The law requires us to hold your personal information for a longer period or delete it sooner
Where you have raised a complaint or concern regarding a product or service offered and sold by us.
You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.Who do we share your personal information with:
There are two situations where we would share your personal information.
The first occasion is where we supply the information to a very limited number of commercial partners and this has been detailed above along with the scenarios where we would do his.
The second occasion is where the information is harvested by our Franchise Partners per the terms of what is known as a Franchise Agreement. In this situation we cannot transfer the consent you have given us solely. Consent for this data to be used by the Franchise Partner will have been sourced via their own methods which we are obliged to ask/assist you with, you can of course refuse to provide your consent and they cannot use your consent to us to allow them to contact you for marketing purposes. We would remind you that it is your personal information and you can decline or remove this consent at any time, the only issue with this are the mechanisms that they deploy to do this may not be clear to you and we will assist you to do this.How can you manage the information we hold about you
The information we hold is yours, it can be accessed, checked, changed or deleted at your request within the constraints detailed above. We will though need to confirm that it is you who has made the requests as best we can to ensure your information is not manipulated by persons unknown.
You have the right to change your consents to use this information at any time and we must respond to any such request as long as it is received from you within a reasonable period of time. We consider a reasonable period of time to be
1. Your request made by post – 28 days
2. Your request made by email – 28 days
3. Your request made by SMS – 28 days
4. Your request made through our websites – 28 days
In the situations of unsubscribe and STOP made through emails and SMS etc. will be actioned immediately as the systems we use record such events and prevent any future communication via that channel. We will then amend the central databases to record no future contact on our various systems.
You have the right to
1. Discover if we hold any of your personal information
2. Ask for a copy of the information we hold about you.
3. Correct and update information we hold
4. Withdraw your consent
5. Object to our use of information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reasons to continue to use and process such information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object.
6. Erase your information – provided we have no ongoing lawful reason to continue to use and process that information.
7. Transfer your information in an agreed format to another party, where you have given consent to use and process your information for contractual reasons
You can contact us via the following methods
Write to: The Database Manager, Johnsons Cars Ltd, Empire Court, Albert Street, Redditch, Worcestershire B97 5SX
Phone us on: 01527 583083
Email us: firstname.lastname@example.org
If you have any specific data protection concerns or a compliant, you can address it to our Data protection Office at email@example.com
If you wish to contact the data protection regulator for the United Kingdom, their details are below:
Post:Information Commission’s Office
Phone number: 0303 123 1113