General Data Protection Regulation (GDPR) Kenway Tyres Limited Statement
Definitions and Interpretation
The following terms shall have the following meanings:
“Cookie” - means a small text file placed on your computer or device by our site when you visit certain parts of the site and/or when you use certain features of the site. Details of the Cookies used by our site are set out below.
“Cookie Law” - means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulation 2003.
“DPA 2018” - Data Protection Act 2018
“GDPR” - General Data Protection Regulation
“Identifiable Natural Person” - GDPR defines as “one who can be identified, directly or indirectly, by reference to an identifier such as a name, or to one or more factors specific to that natural person.”
“IP Address” - a number that is automatically assigned to the computer that you are using by your Internet Service Provider.
“Personal Data” - GDPR defines as “any information relating to an identified or identifiable natural person’’
1. Who is the Registered Data Controller?
Kenway Tyres – hereafter referred to as the “Company”.
2. The Data Controller’s Representative
The Company’s Data Protection Officer acts as the Data Controller’s Representative.
3. The Business of the Company
The Company excels in the sale of vehicle tyres, accessories and related services.
4. Sources of Personal Data Collection and Relevance of Policy
This Policy relates to Personal Data collected from you via:
The Company asks for your consent as a way of ensuring that your Personal Data is collected and processed on your behalf lawfully and you are marketed to appropriately. You have the right to withdraw consent at any time.
6. Legitimate Business Interest
The Company may also use Personal Data where it falls within the definition of Legitimate Business Interest under the GDPR. Your right to withdraw consent will override the right of Legitimate Business Interest.
7. Personal Data Collected & Held
Information about the services that you use and how you use them is collected. The Company may also collect device-specific data (such as your location and mobile telephone number) and log-in frequency information. Categories of Personal Data that are collected include:
An “IP Address” may be identified and logged automatically in the Company’s server log files whenever you access the services, along with the time of the visit and the page(s) that were visited.
8. Personal Data Storage
The Personal Data you give is stored with your account.
This data is located on servers within the European Union and contractual safeguards are in place. No third parties have access to your Personal Data unless there is a lawful basis to do so.
9. Company Use of Personal Data
The Company is committed to protecting your Personal Data. When you share your Personal Data with the Company there is a legal obligation for it to only use it in line with data regulations.
All your Personal Data is processed by our staff in the UK.
The Company processes your Personal Data:
10. Anonymous and Aggregated Data
May aggregate personal data so it does not personally identify you ("pseudonymised data"); For example, it may aggregate Personal Data to analyse the percentage of customers which have particular post code.
May remove Personal Data to create anonymous data;
Uses anonymous and aggregated information for historical, statistical, or business planning purposes.
11. Use of Personal Data to Contact You
Transactional: The Company will communicate with you in order to complete any transactional commitments.
Marketing Purposes: The Company will only contact you for marketing purposes where you have given consent to do so. The Company may personalise the message content based upon information you have previously provided and your use of any linked websites.
Social Media: Social Media communications such as: Facebook, Google, Instagram, Snapchat, Twitter etc. will be responded to based upon the data you have previously provided.
12. Circumstances when the Company may Release Your Personal Data to Others
The Company does not share your Personal Data with organisations outside contractual requirements unless one of the following applies:
13. Duration for which the Company will keep your Personal Data
The Company holds your Personal Data on its systems for as long as is necessary relevant to the transactional, tax and legal obligations and marketing interests consented by you. Specific details of the Company’s Data Retention Policy can be obtained from the Company Data Protection Officer.
14. Data Security
The Company protects your Personal Data from unauthorised access, disclosure or amendments by using:
Access to your Personal Data is restricted to employees on a need to know basis, suppliers and authorised representatives who are subject to contractual responsibilities.
Unfortunately, the transmission of data via the internet is not completely secure. Although the Company does its best to protect your Personal Data, it cannot guarantee the security whilst it is transmitted to its site; any transmission is at your own risk. Once in receipt of your Personal Data, the Company will use procedures and security measures to prevent unauthorised access.
15. Call Recording
Telephone calls to the Company may be recorded for training and monitoring purposes.
16. Links to other Websites
Company-related websites contain hyperlinks to websites operated by third parties who have their own privacy policies and related cookies. The Company does not accept liability for the privacy practices of these third parties.
17. Social Media
When you make contact with the Company via social media channels certain Personal Data may be shared with the Company about your online activities such as gender, interests and marital status depending on your profile settings. The Company is not responsible for the Personal Data you share on your social media profiles and you are encouraged to familiarise yourself with the privacy settings of these sites.
18. Maintenance of Website
The Company uses a third party service to help maintain the security and performance of its websites. To do this it processes the IP addresses of website visitors.
19. Online Reporting – Google Analytics
20. Online Advertising – Google Adwords
The Company uses Google Adwords, an online advertising/remarketing tool from Google Inc. to place ads in Google search results and other websites which you may find of interest. To help the Company track sales and other conversions from our advertisements, the Company uses the conversion tracking feature provided by Google Adwords which places a cookie on your device when you click on one of the advertisements. The Company is not responsible for the placement of these cookies. Google uses the information obtained from conversion cookies to compile statistics including the number of users who clicked on the ad and the pages then accessed by each user. Conversion cookies are only active for 30 days and cannot be used to identify any Personal Data.
Internet Log File Information
When you visit our websites we collect standard internet log information. We do this to find out things such as the number of visitors to various parts of our site. Information we gather in our standard internet log information does not identify anyone and is only used to statistical purposes including the establishment of visitor numbers, most popular pages and features, and most popular browser types.
Where a cookie can identify an individual via their device, even if identification can only be made via combining the data in question with other data, it will fall within the definition of data laws.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org.
It is the visitors responsibility to review any third party Cookie related Terms and Conditions.
Requests for additional information on our privacy and data protection policies can be made to:
22. Your Rights under GDPR and DPA 2018
The Right to your Personal Data (Access)
You have the right to obtain a copy of your Personal Data that is processed by the Company and know the reasons why it processes your data. Upon receipt of a written request made to the Company Data Protection Officer you can normally expect a response within one month of the request. (Should there be a requirement for an extension of the original one month limit you will be written to with the reasons for any delay). Please note confirmation of a requester’s identity will be essential prior to any release of Personal Data.
If the Company holds Personal Data about you, it will:
The Right to Rectification
You have the right to have any inaccuracies in your Personal Data which is stored and processed by the Company to be rectified.
The Right to be Forgotten
Under certain circumstances you may request that Personal Data is erased.
The Right to Restriction of Processing
Under certain specific circumstances you may have the right to prevent the processing of some Personal Data.
The Right to Notification
Under certain circumstances, the Company has a duty to ensure you are notified of how any intended change of processing of your Personal Data may take place which differs to that which you consented for.
The Right to Data Portability
Under certain circumstance you have the right to see and have transferred your Personal Data in a commonly used and machine-readable format to another Data Controller.
The Right to Appropriate Decision Making
You have the right not to have decisions made solely from automated processing. In the event that automated processing is used, please contact the Company Data Protection Officer to obtain an explanation from for the outcome of any automated processing.
You have the right to lodge a complaint regarding the use of your Personal Data. In the initial instance please email the Company Data Protection Officer who will investigate the matter and keep you informed of the investigation progress.
If you are not satisfied with the outcome of the internal investigation you have the right to lodge a complaint with the Information Commissioner’s Office.
24. Policy Changes
25. Queries regarding this Policy
For an overview of how we process Personal Data, view our privacy summary.
Personal Data Definition
The law defines “personal data” as any information that can be used to identify an individual.
Personal Data Held
The personal data Kenway Tyres holds about you relates to your name, your address, your vehicle, your appointments, where your vehicle was seen and by whom, when and why your vehicle was seen, value spent, type of payment method used and relevant related comments.
Personal Data Storage
Kenway Tyres holds personal data in a secure cloud in approved data centres within the European Union. Information is stored in a protected repository where data is collected from all sectors of the Organisation and processed in line with the Company policies and current data laws.
Personal Data Usage
Kenway Tyres uses personal data whilst applying searches and algorithms to predict future business, identify business opportunities, marketing, assess risk factors etc, and under certain circumstances links that data to other Organisational data.
Personal Data Reporting
Personal data is used to report on the performance of the Organisation including statistical information, customer satisfaction and audits.
Personal Data Legal Compliance
Personal data is collected, processed and stored in accordance with all current Data Regulations.
Where possible and practical, personal data is processed with the consent of the person concerned, however, there are times when there is a legal obligation, public interest or legitimate business interest in collating and processing personal data which overrides an individual’s wishes. Examples include for tax and law enforcement requirements.
1) Data Controller contact details
Kenway Tyres, Aberdeen
2) Data Protection Officer contact details
3) Purpose of the processing
Computerised searches of some or all of our records to identify vehicles that are due MOTs, warranty and service update, product (and safety) recalls and other bespoke conditions may mean your vehicles records are amongst those searched. This is known as “risk stratification” and sometimes carried out by linking our records with other records. The results of these searches are produced using approved and contracted services to provide the most appropriate advice, investigation opportunities and marketing communications.
4) Lawful basis for processing
The legal basis for this processing is: Article 6: “necessary …. In the exercise of official authority vested in the Controller” The Organisation recognises your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”
5) Recipient or categories of recipients of the shared data
Appropriate data will be shared for processing only with those who have a legitimate and contracted business reason. Additionally only those who have access to your personal details and your vehicles information will only normally have access to that which they need to fulfill their roles.
6) Rights to object
You have the right to object to the processing where it might result in a decision being made about you. That right is based on implied consent under the Common Law of Confidentiality, Article 22 of GDPR (automated individual decision-making, including profiling) You have the right to object to some or all of the information being shared under certain circumstances but the organisation have the overriding responsibility to comply with the law. You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.
7) Right to access and correct
You have the right to access the data that is being shared (subject access request) and have any inaccuracies corrected. The subject access request should be in writing (i.e. written word or email) and once the appropriate due diligence identification checks have been verified with the Data Protection Officer, collation of the information requested will be performed, redacted where appropriate and forwarded in a format agreed with the requestor in accordance with data law requirements.
8) Retention period
The data will be retained for active use during the processing and thereafter according to the organisations retention policy and data laws.
9) Right to Complain
Should you have a complaint relating to the handling of your personal identifiable data, in the first instance please forward your concerns to:
Via Post: Kenway Tyres Customer Services, St Machar Road, Aberdeen, AB24 2UU
Via Email: firstname.lastname@example.org
Thereafter if you believe the Organisation has not addressed your complaint related to the management of your personal data you have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)
Responsible Owner: H Buchan
Version: 1 Date: 24 May 2018
Version: 2 Date: 17 Jun 2019
whatever your budget