Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Collison Motoring Services Ltd
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on the user’s computer or device.
Processing of your personal data
We are exempt from registration in the ICO Data Protection Register because we only process personal data for the core business purposes relevant to the service, maintenance and repair of vehicles.
However, under the GDPR (General Data Protection Regulation) we control and process any personal information about you electronically using either of the following two lawful basis.
- Lawful basis: Consent
The reason we use this basis: You offer your personal information to allow us to contact you concerning booked procedures with your vehicles and to keep you informed about the progress of that booking. Our Data Management System (Techman) automatically records when you gave your consent, for what, and how.
We process your information in the following ways: By contacting you in your requested mode (telephone/email/customer portal) to confirm your booking and the progress in our work, or to gain your consent for variation to this work. We also use your data to record work carried out on your vehicle/s whilst in your ownership. We may also use your address to collect or deliver your vehicle, or to verify card payment details. We will repeatedly check with you that you are content with your choices about how and why we contact you, and our data management system (Techman) allows us to record your data preferences in the following separated questions/permissions: Data retention period: We will continue to process your information under this basis until you withdraw consent, or it is determined your consent no longer exists. Sharing your information: We do not share your information with third parties.
- Lawful basis: Contract
The reason we use this basis: You are another business relying on us to provide pre-agreed services to your own customers or staff.
We process your information in the following ways: By contacting you in your requested mode (telephone/email/specific supplier portal) and using it to record work carried out to your own or third-party vehicles with you as the named and contracted contact.
Data retention period: We shall continue to process your information until the contract between us ends or is terminated under any contract terms.
Sharing your information: We do not share your information with third parties.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows.
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR, and will supply to you our entire records about you in a timely fashion at your request.
You can read more about your rights in detail here; ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Some cookies are required to enjoy and use the full functionality of this website.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information.
Where your data is entered into systems and servers provided by other companies for our use, such as Techman, they undertake initial online security of your data, and we undertake to safeguard your information where it is physically present or visible. We will never be reckless with your information as we know how important it is to you, and that you are trusting us with it. Our methods meet the GDPR compliance requirements, and are under constant review.
Sponsored links, affiliate tracking & commissions
Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. Your actions are usually recorded as a referral from our website by this cookie. There may be cases where we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not. However, this is not the case at the time of writing (May 2018).
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, an Email Marketing Service provider. At the time of writing these EMS are MailChimp and Techman. An EMS is any third-party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. Any marketing messages we send will always contain information on how to unsubscribe or manage your preferences, and if you have already indicated that you do not want to be ‘marketed’ to, we will not contact you in this way.
We care about you and are grateful for the information you share with us. We promise to do everything we can to take care of your information and to stop it from being available to anyone who is not authorised to see or use it.
However, please do contact us immediately if:
- You no longer want us to store any of your data
- You would like to see all the data and history we hold about you or your vehicles
- You would like to change or remove your consent for any of the ways we might want to contact you
- You have any questions or doubts about our processes and how safe your data is.
Some of these decisions have a permanent consequence, but all are your rights under the GDPR legislation of May 2018. At Collison Motoring Services Ltd, Becky Collison is the nominated data controller, and would be delighted to speak with you about anything concerning your information and how we use it.