Frank Dale & Stepsons Ltd (incorporated and registered under company number 05140545), and Gordon Dale Enterprises Ltd (incorporated and registered under company number 01042742), also referred to as “we”, “us” or “our” are committed to protecting and respecting your privacy.
For the purposes of applicable data protection legislation, Frank Dale & Stepsons Ltd is the data controller. We will treat your personal data in accordance with our obligations under data protection law, and implement adequate security measures.
INFORMATION WE MAY COLLECT FROM YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different types of personal data about you, which we have grouped together as follows:
· Identity data: first and last name, marital status, title, date of birth and gender;
· Contact information: postal address, e-mail address, phone number(s);
· Financial Information: bank account details;
· Transaction data: includes details about car enquiries, consignments, cars you have purchased from us or through us, sold to and/or through us, payments to/from you and other details of cars and services you have contacted us about;
· Profile Data: your car interests, preferences, feedback and offer responses, information publicly available such as published articles or news;
· Marketing and Communications Data: includes your preferences in receiving newsletters and updates from us and your communication preferences;
· Social Media Information: You might give us permission to access some information about you when using some social media sites such as Twitter, Google, Instagram and Facebook depending on the privacy settings you have and the privacy policies of such companies. We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Website or by means of our services;
· Technical Data: includes internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website, as well as your journey through our digital platform (such as the links you click on and searches you make), which videos you have watched and for how long, what content you like and share, your subscription status, which pop up or push messages you might have seen and responded to and information collected in any forms you complete;
· Usage Data: includes information about how you use our website, products and services.
You may choose to not provide us with your personal data. However, where we need to collect your personal data by law, or under a contract we have with you, and you fail to provide us with your data, we may not be able to perform the contract we have or are trying to enter into with you.
· Direct Interactions:
· when you call us;
· by e-mail, or through our Website;
· by giving us your business card;
· when you request our services;
· by filling in forms and submitting them to us;
· Information publicly available:
· Identity Data and Contact Data: We may check some of the information that you provide to confirm that it is accurate using third party databases such as Companies House and the Electoral Register based inside the EU or from data brokers or aggregators such as Mint based inside or outside the EU;
· Profile Data: We may obtain Profile Data from public sources such as car registrars, newspapers, magazines, attendance to events, word of mouth, etc;
· Technical Data: We may obtain technical data from analytics providers such as Talent or Google; advertising networks and search information providers all based inside or outside the EU.
We will only use your personal information where the law allows us to. Most commonly, we will use your personal data in the following circumstances, each known as a “lawful basis”:
· Where we need to perform a contract with you, for example selling you a car;
· Where it is necessary for our legitimate business interests, provided that your fundamental rights are not overridden by our interests;
· Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on your consent to process data, other than in relation to sending certain direct marketing messages. Where we rely upon your consent, you have the right to withdraw your consent at any time by contacting us at email@example.com.
We will only use your personal information in line with the purposes for which you provided it to us or for compatible purposes.
· We will only contact you by e-mail with information about classic cars and related events. You will be entitled to opt out from this by contacting us or by clicking “unsubscribe” in the electronic communication you receive (lawful basis: legitimate interests).
· We may contact you by phone when you send us a written enquiry by any other means (e.g. by e-mail) (lawful basis: performance of a contract, legitimate interests).
· We may contact you by phone in connection with classic cars and car related activities we promote (i.e. this would typically consist of a very small number of calls to you per year and follow up calls only if the first call yields positive interest) (lawful basis: performance of a contract, legitimate interests).
· We may contact you by postal mail when you have expressed that this is your preferred means of communication (lawful basis: performance of a contract, legitimate interests);
· We may send you printed material in connection with classic cars offered and sold and car related activities we promote (lawful basis: legitimate interests).
DISCLOSURE OF YOUR INFORMATION
Information about our customers and prospective customers is an important part of our business and we do not sell it to others. Any parties we share your data with will only process your personal data on our instructions (unless otherwise required by law), and are subject to a duty of confidentiality.
We only share your personal data with the following parties and in the specified circumstances:
Related Parties: All these related parties that have or may have access to, and/or are associated with, the processing of your personal information are obliged to respect the confidentiality of your personal information:
· Any member of our group of companies and our employees;
· Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us;
· Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes or processes;
· Third Party Service Providers: We may share some of your data with our trusted service providers and suppliers for the purpose of providing you with the information, cars or services you request:
· If such service providers or suppliers are acting on our behalf: they cannot use your data for any other purpose than that, which is prescribed by us, and we only use those service providers and suppliers who undertake to protect your details with the same degree of care as we do; or
· To Protect our Rights: We may share personal data with third parties if doing so is necessary:
· To protect the rights, property or safety of Frank Dale & Stepsons, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction;
· To enforce or apply our Terms, and/or other agreements;
· To protect the rights, property, or safety of our group of companies, our customers, or others;
· As Required By Law:
· We will share personal data with government bodies and law enforcement agencies and in response to other legal and regulatory requests, if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
Some of our third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
· We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
· Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
· Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
· Please be aware that communications over the Internet, such as e-mails/webmails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.
· We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
· We have appropriate security policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
· We have procedures in place to deal with any suspected data breach, and will notify you and any regulator of a breach when legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For instance, by law we have to keep basic information about our customers (including contact, identity, financial and transaction data) typically for six years after they cease being customers for tax purposes.
YOUR RIGHTS IN RELATION TO YOUR INFORMATION
· Request access to your personal data: You can write to us at any time to obtain a copy of the personal information that we hold.
· Request correction of your personal data: You can write to us to have your personal information erased, restricted, rectified, amended or completed.
· Request erasure of your personal data: You can write to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
· Object to processing of your personal data: Where appropriate, you may write to object to our processing your personal data under certain circumstances. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which do not override your rights and freedoms.
· Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data under certain circumstances.
· Request transfer of your personal data: You may ask your personal data to be sent to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
· Right to withdraw consent: Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org. To protect your information, we will require proof of your identity. We will try to respond to all legitimate requests within one month.
You will not have to pay a fee to access your personal data, or to exercise any other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
· You have the right to contact the Information Commissioner's Office if you have a complaint regarding your personal data. Their website address is https://ico.org.ukWe would, however, appreciate the chance to resolve your concerns before you approach the ICO, so please contact us in the first instance.