Maintaining your privacy is really important to us here at Grays Garage Ltd. You entrust us with your information, and we take that responsibility seriously.
This policy was last updated on 21st May 2018 in line with GDPR requirements. It may be updated in the future and we will post the new version here on our website. We will never deviate from our overall philosophy of maintaining your privacy, though.
2. What information we collect about you Your personal data. When we say your “personal data”, we mean any information that identifies any person that you provide to us. Your “personal data” may also be contained in information that we collect about you in connection with your order or otherwise interact with us for example by electronic mail. When it comes to your personal data, we comply with our obligations under the General Data Protection Regulation and any other applicable data protection legislation from time to time. Your personal data includes the information you provide, on our websites (including any forms you complete), or during an electronic mail enquiry, during a personal visit, by phone etc. Examples of this personal data include your name, your email address, postal address including postcode, telephone numbers; and any correspondence when you contact us. We do not knowingly collect or solicit any personal data from anyone under the age of sixteen or knowingly allow such persons to purchase goods from us online. In the event that we learn that we have collected personal data from a child under age sixteen without verification of parental consent, we will delete that information as quickly as possible. Information we collect:
• We collect information about your website usage, to improve our service and to understand trends to enhance and customise our website. Some of this data may be “personal data”, where it identifies a person. Here’s the information that we collect and how we use it:
• We monitor patterns of usage, such as abandoned cart data, so we can understand how that people are interested in buying from www.graysparts.co.uk to develop and improve our products and understand customer behaviour.
• We monitor traffic information, including things like page visits, email clicks, referring sites. We use this information to improve our website, advertising, promotions, and to understand customer purchasing behaviour.
• We do not store any credit card data. When payments are processed via credit card, www.graysparts.co.uk uses third-party vendors that are PCI-DSS compliant. At no point do we have access to your credit card information.
3. How we use the information we collect We use your personal data for legitimate business reasons, for example, email you when your order has been received. It will also enable us to contact you by email, fax, post, SMS, social media or telephone where necessary (or an order you have placed / enquiry made) to record your personal preferences; to personalise our services to you (such as by pre-populating fields to make it easier for you to provide information when you return to websites (e.g. www.graysparts.co.uk). It will also enable us to produce reports you request as part of the services we provide.
Contacting you for Marketing Purposes We may use your personal data to contact you by email, fax, post, SMS, social media and/or telephone to let you know about our other services and products and/or third-party services, content offers or product ranges which may be of interest to you. We will only use your data in this way where you have provided consent, we have legitimate business reasons for doing so, or where we are otherwise entitled by law to do so. If you would like us to stop providing you with such notifications, just contact us using the details at the end of this policy. Please note, this may take up to one week to take effect. To stop receiving emails from Grays Garage Ltd please email email@example.com or firstname.lastname@example.org
We may use your personal data to comply with any legal obligations to which we are subject.
4. Why do we use your personal data?
We collect and use your personal data for a variety of reasons. We need some data to enter into and perform our contract with you. The lawful basis for processing your personal data is consent as you have consented to provide your personal details to us to allow us to provide a service to you. If you fail to provide such data we will be unable to provide our service to you. Other information we collect because we have legitimate business interests, for example, in:
• Fulfilling your order and providing updates on the order
• Understanding how our customers use our products, services and websites
• Understanding and responding to customer feedback;
• Researching and analysing the services our customers want
• Improving our product and better understanding how our customers use it
5. How we share information we collect Except as described in this policy, Grays Garage Ltd does not divulge any personal information gathered via its services to third parties. We may share your personal data with third parties in certain circumstances:
• We may disclose your data to any member of our group (which means our subsidiaries or our ultimate holding company);
• We may disclose your data to the Manufacturer (Fiat Chrysler Automobiles) they then may send out follow up surveys and/or marketing communications to our customers.
• We may disclose your data to (ISB Ltd) to enable a timely vehicle MOT and service reminder service (maintenance reminders, booking service and marketing) a service that provides communications to be advised to our customers.
• In the event that we, our business or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets)
• if we are under a duty to disclose or share your personal in order to comply with any legal obligation; to cooperate with law enforcement officials in the investigation of unlawful activities in order to enforce or apply any contract with you; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection or unlawful activity.
We also utilise a number of carefully selected third parties to help provide our services to you. Examples of these functions include website creation and hosting, email, providing marketing assistance and data analysis, data management, handling credit card transactions and providing customer service. In choosing to work with any such third parties, we will always ensure that the security policies and confidentiality arrangements of those third parties adhere to the same requirements we ourselves impose and expect, as a minimum. No ownership rights to the data will be transferred to any third party.
Sub-processors we use:
Name: Fiat Chrysler Automobiles (FCA Automotive)
Service provided: Vehicle manufacturer, warranty policy cover, customer surveys
Name: Black Horse
Service provided: Finance company
Service provided: Registration of new vehicles
Name: Evolution Finance Ltd
Service provided: Finance Broker
Name: FCA Capital Ltd
Service provided: Finance company
Name: Post Office Ltd
Service provided: Vehicle registration intermediary
Name: Auto Protect (MBI) Limited
Service provided: GAP Insurance company
Name: Gemini Systems
Service provided: DMS provider
Name: ISB Ltd
Service provided: Timely vehicle MOT and service reminders (maintenance reminder service, booking service and marketing) a service that provides communications to be advised to our customers.
Service Provided: eCommerce provider for website design, hosting and data storage.https://freewebstore.com/privacy.html
6. How long do we store your data for? We only store your data for as long as necessary for the purposes of the processing as set out in this policy.
Data Retention Policy What personal information is kept? How long is it kept for?
Order Data Name, email, postal address (including postcode), telephone numbers, fax numbers, (personal information is only generally kept for as long as is needed for the intention it was provided)
Invoices Name, email, address (including postcode) – personal information is generally only kept for as long as is needed for the intention it was provided.
Customer database (DMS) Name, email address, postal address (including postcode), telephone numbers, fax numbers, (files attached to vehicle records; sales and maintenance history for each vehicle supplied or maintained). Although these records (this type of information) is generally kept for many years personal information is only generally kept for as long as is needed for the intention it was provided.
My Account (www.graysparts.co.uk) Name, email, address (active until user unsubscribes or makes an individual request)
Newsletter subscriptions Email address (Active until user unsubscribes)
7. How to access and control your information You are free to change your personal details in the ‘My Account’ (www.graysparts.co.uk) section of your account at any time if you have set up an account with us. You can also ask us for a copy of your personal data that we hold.
We may ask for proof of your identity before providing any information and reserve the right to refuse to provide information requested if identity is not established. Please see “Your Individual Rights” below. Generally, we will retain your personal data for a reasonable period, or for as long as the law requires.
Your individual rights 1. Access to your personal data: You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting us. See Section “How to Contact Us” at the end of this policy.
2. Right to change or withdraw your consent: Where you have given us consent to make use of your personal data for any of the purposes outlined in this policy, you may withdraw that consent at any time by contacting us using the details located at Section “How to Contact Us” at the end of this policy. If you wish to change your contact preferences or no longer wish to be contacted for marketing purposes, use the Unsubscribe link in the email or get in touch. See Section “How to Contact Us” at the end of this policy.
3. Right to Rectification: You may ask us to update out of date or inaccurate information we hold about you. To do so, please log on to your account and update your information or get in touch using the details at Section “How to Contact Us” at the end of this policy.
4. Right to Erasure: In certain circumstances, you may ask us to erase your Personal Data. If you would like us to erase the personal data we hold about you, please get in touch using the details at Section “How to Contact Us” at the end of this policy
5. Right to Data Portability: In certain circumstances, you may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine-readable form, or ask for us to send such personal data to another data controller.
6. Right to object: In certain circumstances, you may object to our processing of your personal data. Please get in touch using the details at Section “How to Contact Us” at the end of this policy.
7. Right to restrict processing: You can ask us to restrict the processing of personal data we hold about you in certain circumstances. Please get in touch using the details at Section “How to Contact Us” at the end of this policy.
8. Make a complaint: You may make a complaint about our data processing activities, please contact us. See Section “How to Contact Us” at the end of this policy.
10. Data security. We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal data secure once it has been transferred to our systems. We adopt appropriate, industry standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction.
11. Getting in touch (‘How to Contact Us’).