TODO:

1. Who we are

Inchcape operates in over 40 country markets and geographies across Asia, Australasia and the Pacific; Central and South America; the Caribbean; Africa; Europe and the UK.

We are dedicated to ensuring that all personal data that we process is done so in a fair, lawful and transparent manner. We take the security of your data very seriously and adhere to all relevant data protection legislation including the Data Protection Act 2018, the UK General Data Protection Regulation and The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”).

2. How to contact us or make a complaint

If you have any questions relating to this notice, your rights under data protection legislation or the processing of your personal data then you can contact us by:

  • Email: [email protected]
  • Post: Group Legal Counsel, Inchcape plc, 22a St James’s Square, London, SW1Y 5LP

You are important to us, and so is protecting your personal information. We have high standards when it comes to collecting and using personal information. For this reason, we take any complaints we receive from you about our use of your personal information very seriously and request that you bring any issues to our attention.

Where you are communicating with us for the purpose of making a complaint, we will only use your personal information to handle, investigate and respond to the complaint and to check on the level of service we provide. Where the complaint is about a member of our team, we may have to disclose your identity to whomever the complaint is about. You may let us know if you don’t want information that identifies you to be disclosed and we will try to respect your request; however, it may not be always possible to handle a complaint on an anonymous basis.

If you are unhappy with our use of your personal data or our response to the exercise by you of any of your rights, then you have the right to complain the UK’s data protection authority the Information Commissioner’s Office (ICO) (www.ico.org.uk).

3. What is personal data?

Personal data includes any information about an individual from which that individual can be identified. Examples include your name, email or home address, photograph and bank account details, factors specific to an individual (such as your physical, physiological, mental, economic, cultural or social identity) and any data that would allow you to be identified when combined with other data.

It is our intention to provide you with as much information as possible about what we do with that personal data, so that when you provide your personal data to us, you do so with an awareness of how it will be used.

If you provide us with personal data on behalf of someone else, for example, if you provide your spouse’s details, you should confirm to us that you have their permission to do so. The exercise of any further rights in connection with such personal data will need to be done by the relevant individual.

4. How we collect your personal information and why

We will need to collect personal information about you in order for us to be able to carry out the service you have requested or accessed. We will only collect the information that we need.

We collect your personal information in a number of different ways which we have explained in this section.

Information that you share with us

We collect personal information that you share with us when you contact or interact with us. For example, where you provide it to us:

  • by entering personal data via our website, www.inchcape.co.uk, live chat boxes or social media platforms and testimonials and opinions you may have posted publicly
  • by providing goods and/or services to us or receiving goods and/or services from us
  • by corresponding with us by phone, email, in person or any other means for any reason

Information you provide to us via our website will be processed by us for sending news alerts as well as tracking of website usage data. In some cases, we may collect information about you that is not personally identifiable. Examples of this type of information are:

  • type of internet browser you are using
  • type of computer operating system you are using
  • the domain name of the website from which you linked to our site

5. How we may process your personal information and why

We will only process your data where the law allows. Your personal data will, most commonly, be processed in the following circumstances:

Where required to perform a contract with you. Where it is necessary to process your personal data for the performance of a contract with you or in order to take steps at your request before entering into a contract with you.

Where there is a legal or regulatory obligation. Where we need to process your personal data to comply with our legal obligations such as assisting the ICO, FCA, HMRC, the police or any other public authority or criminal investigation body. We may also need to process your personal data to identify you when you contact us or to verify the accuracy of the data that we hold about you.

Legitimate interest. We may process your personal data where it is in our legitimate interests (or that of a third party) and those interests do not override your rights and freedoms.

Vital interests. Where it is necessary to process your personal data to protect your vital interests or those of another person.

Consent. We may rely on your consent to send you direct marketing communications. Details on how you can change the way we contact you are set out in section 10.

We will only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please contact us using the details set out in section 2 if you need details about the specific legal ground on which we are relying to process your personal data.

6. Your data and third parties

We may share your personal data with third parties in order to make certain services available to you. We only share the minimum amount of data required and our third party suppliers only have rights to use your personal data for the purpose of fulfilling the service required from them.

We may provide your personal information to our insurance administrators, IT providers, service, maintenance and repair providers, accident and incident management providers, financial organisations, banks and credit brokers, credit reference agencies, the Inchcape group and legal, governmental and regulatory authorities.

Some of our third party suppliers will be data controllers in their own right. If they are in receipt of your personal data or they collect it from you directly they will provide you with a copy of their individual privacy notices.

7. Disclosure of personal information

We will not usually disclose your personal information other than as already explained in Section 6 above. However, there may be circumstances where we need to share personal information other than as anticipated. These include:

  • where we are legally required to disclose the information. This includes sharing the personal information with tax authorities and law enforcement agencies for the purposes of the prevention and detection of crime
  • where we need to disclose the personal information for the purpose of resolving a complaint or in connection with any legal proceedings, or for the purpose of obtaining legal advice, or the disclosure is otherwise necessary for the purposes of establishing, exercising or defending legal rights
  • disclosure is required to protect our interests, or someone else’s interests (for example, to prevent fraud)
  • disclosure is necessary to protect your vital interests (for example if you are unwell at our premises, we may need to seek medical assistance)
  • it is to a third party for the purposes of providing administrative or processing services on our behalf. If such disclosure is required we will take steps to ensure that the third party protects the personal information in the same way that we do and notify you of any changes to this privacy notice
  • to any prospective purchaser of our business assets or organisation

International Transfers of Personal Data

We do not routinely transfer your personal data outside of the UK or European Economic Area (“EEA”) and we use all reasonable endeavours to select suppliers who provide assurances that personal data is stored and processed within the UK or EEA. With any international cloud technology providers however (such as Microsoft and Salesforce) there is a small possibility that personal data that is stored within the UK or EEA is accessed outside of the UK or EEA for technical support or account assistance. We therefore ensure that where we use technology providers or similar suppliers who potentially access personal data from outside of the UK or EEA we ensure that we put in place adequate measures to ensure the protection of such personal data (such as international data transfer agreements).

8. Keeping personal information secure

We know that you provide your personal information in good faith and expect it to be looked after. This is why we take the security of your personal information seriously. This means that we have taken steps internally in order to ensure that our systems adequately protect your personal information.

9. Your rights

You have a number of rights in respect of your personal information, which we have explained in more detail below.

If you would like more information about any of your rights, please contact us on the details set out in section 2 above.

The right to request correction of the personal data we hold about you. You can have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of any new information you provide.

The right to withdraw your consent where we are relying on your consent to process your personal data. If you wish to withdraw consent, please do so by sending your request in writing to our contact details below.

The right to request access to your personal data. You can contact us at any time to ask whether we process any personal data about you and to be provided with a copy of that data. This will be provided free of charge. We may not provide you with a copy of some of this information if it also concerns other individuals or we have another lawful reason to withhold it.

The right to request erasure of your personal data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to request that we delete or remove your personal data where you have successfully exercised your right to object to processing, where we have processed your personal data unlawfully or where we are required to delete your data by operation of law. We may not always be able to completely comply with your request where we have specific legal reasons which will be notified to you.

The right to object to processing of your personal data where we are relying on our legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on the grounds it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your data for direct marketing purposes. In some instances we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

The right to transfer your personal data to you or another party. We will provide you or the third party with your personal data in a structured and commonly used machine-readable format.

Exercising your rights. If you wish to exercise any of your rights then please contact us using the details set out in section 2. You will not normally have to pay a fee to exercise your rights but we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We may also refuse to comply with your request. We endeavour to respond to all legitimate requests within one month. If we will need longer than a month to respond to your request then we will let you know and keep you updated.

10. How long will we keep your personal data?

We will hold your personal data for no longer than is necessary for the purposes for which we are processing it. When it is no longer required we will securely dispose of it. If we have anonymised or pseudonymised your personal data (so you can no longer be identified by it) we may use or hold the information for longer periods without notice.

11. Links to other websites

Our website may contain links to websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

12. Updating this privacy notice

We keep our privacy notice under regular review in order to ensure that it properly reflects our use of personal information. This privacy notice was last reviewed in November 2023.