1 ABOUT THIS POLICY
a) Personal information you give to us: This is information about you that you give to us by entering information via our websites or social media pages or by corresponding with us by telephone including call recordings, email or otherwise and is provided entirely voluntarily. The information you give to us may include all or some of the following but is not limited to:
1.1 Eastern BMW & Grassicks BMW, part of Eastern Western Motor Group Ltd (“we/us”) appreciates how important your privacy is and are committed to protecting and respecting any personal information you share with us.
1.2 This policy describes what type of information we collect from you, how we use it, how we share it with others, how you can manage the information we hold, your legal rights in respect of your personal information, and how you can contact us.
1.3 We will only send you marketing communications where you have purchased a similar product from us, and we will always give you the opportunity to opt out of receiving such marketing communications. We will never send you “junk” email or communications or share your data with anyone else who might. We do not sell any information to third parties but we do work closely with selected partners who help us to provide you with information on the products and services that you request from us. We will always ask for your explicit consent before we send you marketing communications from other companies in our group, or relevant third parties.
1.4 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes. If we make any material changes to the manner in which we progress and use your personal information, we will contact you to let you know about the change.
1.5 This policy was last updated on 09/10/19.
2 WHO WE ARE
2.1 Eastern BMW & Grassicks BMW are part of Eastern Western Motor Group Ltd. Whenever you deal with us, we are what is known as the ‘controller’ of your personal information; a ‘controller’ is a company that decides why and how your personal information is processed. We are registered with the Information Commissioner's Office ("ICO") under registration number Z596878X. Our contact details are set out in Section 13 of this policy.
2.2 Where this policy refers to “we”, “our” or “us”, it is referring to Eastern BMW & Grassicks BMW.
3 HOW AND WHAT PERSONAL INFORMATION WE COLLECT
3.1 We may collect and process the following personal information about you
Name (including Title);
Vehicle information (including registration number, Vehicle Identification Number (VIN), mileage and warranty information); and
We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
b) Personal information automatically collected: We may automatically collect the following personal information:
details of your browser and operating system;
the website from which you visit our website;
the pages that you visit on our website;
the date of your visit; and
the Internet protocol (IP) address assigned to you by your internet service.
We also collect some of this information using cookies – please see Cookies here
for further information.
c) Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include BMW or other third party companies; the personal information received will only include personal information as described in this Section 3.1.
3.2 Please see Section 4 (How we use your personal information) for details of the purposes for which we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.
4 HOW WE USE YOUR PERSONAL INFORMATION
4.1 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the purpose of:
a) sharing your personal information with a third party to allow said third party to send you marketing communications, as more fully set out in Section 8 (Marketing); and/or
b) to contact you for the purpose of conducting market research to allow us to continually improve the products and services that we deliver to you.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Section 10.3 for further information on withdrawing your consent.
4.2 Where required to perform a CONTRACT with you
We may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes:
to fulfil and complete your orders, purchases and other transactions entered into with us;
to allow us to provide you with breakdown services; and
to administer your warranty and aftersales services.
Where you do not provide us with your personal information, we may not be able to provide you with some or all of the above services.
4.3 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations, for example, where it is necessary to process your personal data: (i) to assist HMRC, the Police, the Driver and Vehicle Licensing Agency ("DVLA") or any other public authority or criminal investigation body; and (ii) to comply with any regulatory and/or legal obligations which we are subject to (for example, anti-money laundering regulations).
4.4 Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
• to send you marketing communications where you have purchased, or entered into negotiations to purchase, a product or service from us, and such communications relate to a similar product or service;
• to respond to correspondence you send to us and fulfil the requests you make to us (for example, brochure request, test drive request, service requests etc.);
• to inform you of any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you;
• for analysis purposes, the results of which are used to inform our marketing strategy;
• to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes;
• to correspond with you via email, text message, post or telephone with information about your vehicle in relation to service/mot reminders;
• for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms;
• to undertake credit checks, as set out in more detail in Section 9;
• to enhance and personalise your customer or visitor experience;
• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
• for the purposes of corporate restructure or reorganisation or sale of our business or assets;
• for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
• to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
• to monitor, record, store and use communications and correspondence we have with you in order to help us improve the quality of our service, confirm any instructions or information you give to us and/or assist in the training and development of our employees; and
• for general administration purposes including managing your queries, complaints, or claims, and to send service messages to you.
Where you do not provide us with your personal information, we may not be able to provide you with some or all of the services which you have requested.
5 OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
5.1 Group companies
We may share your information with other companies within Eastern Western Motor Group Ltd. They may use your personal information in the ways set out in Section 4 (How we use your personal information) in Section 4.
Our Group companies will only process your personal information for the purposes of providing you with services on our behalf, or, with your consent, to provide you with marketing communications relating to products and services that complement our own range of products and services, for example finance/insurance products or accident repair management.
Group companies shall only send you marketing communications where you have provided your express consent to receive communications from our group companies. Where you have provided your consent you are entitled to withdraw it at any time. Please see Section 10.3 below for more information.
5.2 Our suppliers and service providers
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we shall enter into a contract with all such third parties which requires them to keep your information secure, act in a manner compliant with relevant data protection legislation, and not use your personal information for any purpose other than in accordance with our specific instructions.
5.3 Third parties who provide products and services
We work closely with various third parties to bring you a range of products and services which are complimentary to ours.
5.4 Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
6. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
6.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
6.2 We do not retain personal information in an identifiable format for longer than is necessary for the purposes for which we need to use it for.
6.3 Unless one of the situations described in Section 6.4 below applies, we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in Section 4 (How we use your personal information).
6.4 The only exceptions to the data retention period set out in Section 6.3 above is where:
• we have been using your personal information to provide you with marketing emails, we will retain this information until you ask to be removed from our marketing email list;
• we have call recordings of any telephone correspondence with you, we will retain this information for a maximum of 60 days;
• the law requires us to hold your personal information for a longer period, or delete it sooner;
• it is necessary to do so for the management of any active or potential legal proceedings, to resolve or defend claims, and for the purposes of making any necessary remediation payments; and
• you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this Section 6, or because we are required under the law.
7 TRANSFERS OUTSIDE OF THE UK
7.1 We may need to transfer your information outside the UK to service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area ("EEA"), such as the USA.
7.2 We will only transfer your personal information outside of the EEA where either:
(a) the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or
(b) we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses. Some US providers may also be certified under the EU-US Privacy Shield which confirms they have appropriate measures in place to ensure the protection of your personal information.
8.1 Where you have purchased, or entered into negotiations to purchase, a vehicle or other product or service from us, we may send you marketing communications using the contact details which you have provided to us, which may include relevant news, information about our services, and details of similar products which we think may be of interest to you. Such marketing communications are send by email, post and SMS.
8.2 We will always give you the option to opt out of such marketing communications at the time you provide us with your information, and in each marketing communication which you receive from us.
Where you have given us consent to send marketing communications, you may withdraw such consent at any time by clicking the "unsubscribe" link in any marketing email which you receive, or by updating your preferences by contacting us using the details provided in Section 13 below.
8.3 We may contact you with targeted advertising delivered online through social media and platforms (operated by other companies). Such targeted advertising may use your personal information to tailor advertisements to you, and to improve the relevance of advertisements which are made available to you.
8.4 Where you have given us permission, we will share your personal information with group companies and named third parties who will send you marketing communications about their products and services which we think may be of interest to you.
A full list of third parties is provided via a link provided to you at the time which we request your consent. This list may be updated from time to time, and we will send you an email informing you of any updates before sharing your personal data with a third party which has been added to the list after you have given us your consent to share your personal information.
If you would like to opt-out of receiving marketing from any of our group companies or any third party after providing your consent, you can do so at any time by contacting the relevant third party directly or by clicking the "unsubscribe" link in any marketing email which you receive.
8.5 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
9 CREDIT REFERENCE AGENCIES
9.1 It may be necessary to conduct a credit check against you in advance of providing you with a product or service. Where this is necessary, we will inform you of this in advance and we will supply your personal information to credit reference agencies ("CRAs") which will give us information about you, such as about your financial history. We do this to confirm your identity, to assess whether we are able to supply you with the requested product or service, and for the purposes of checking your eligibility to make purchases on finance.
9.2 The CRA we use is Experian. CRAs act as separate data controllers when using the information we pass to them. The identities of the CRAs, and the way in which they use and share personal information, are explained in more detail at http://experian.co.uk/crain/index.html
10 YOUR PRIVACY RIGHTS
As a data subject, you have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
10.1 Accessing your personal information
You have the right to ask for a copy of the information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
You can make a request for access free of charge by emailing or writing to us at the address set out in Section 13 of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
10.2 Correcting and updating your personal information
The accuracy of your information is important to us and we will endeavour to make it easy and simple for you to review and correct the information that we hold about you. If you change your name or address/email address/contact numbers, or you find out that any of the other information we hold is inaccurate, incomplete or out of date, please let us know by contacting us using any of the methods detailed in Section 13 of this policy.
10.3 Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out in Section 4 (How we use your personal information), you may withdraw your consent at any time by contacting us using the details at the end of this policy or by clicking the "unsubscribe" link in any marketing emails which you receive.
If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
10.4 Objecting to our use of your personal information
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out in Section 4 (How we use your personal information), you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request.
10.5 Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address set out in Section 13 of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information in the following situations:
where you believe it is unlawful for us to do so,
you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
10.6 Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in Section 4 (How we use your personal information), you may ask us to provide you with a copy of that information in a structured data file.
We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
10.7 Make a complaint
You can make a complaint about how we have used your personal information to us by contacting us as noted in Section 13 below, or to a supervisory authority – for the UK this is the Information Commissioner's Office click here
11 SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
11.1 Security measures we put in place to protect your personal information
All companies within Eastern Western Motor Group Ltd use appropriate technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk.
11.2 Use of 'cookies'
'Cookies' are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit.
Information on the cookies that we use and their features can be found in under Cookies here
11.3 Links to other websites
Our website may contain links to other websites run by other organisations which we do not control.
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
11.4 Social plugins
We use so-called social plugins (buttons) of social networks such as Facebook, Google+, YouTube, Twitter and Instagram.
When you visit our websites, these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you are able to use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies. Please see Cookies here
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless and until you activate the respective button there as well.
If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The privacy policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
12 CHANGES TO THIS POLICY
The content of this policy may change from time to time and you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where we make a material change to the manner in which we use your personal information, we will send you an email informing you of this.
13 HOW TO CONTACT US
If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your marketing preferences with us please contact our Customer Relations team.
Eastern Holdings Ltd
8 Westerton Road
Telephone: 01506 600000