How is Data collected?
Data may be collected in several different ways:
i. Data, such as contact details, may be provided by customers when they request a specific service;
ii. browsing data, such as IP addresses, pages visited within the website, amount of time spent on the website, and clickstream analysis may be collected when Users visit our websites. While we do not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected);
Why is this Data processed?
We will process the Data collected to provide the User with the service they have requested. We process Data in our legitimate interests for service and recall campaigns and to perform surveys on customer satisfaction related to the quality of our goods and services. If a User consents to us doing so, we will send them relevant marketing information and carry out market research about our products and services so that they don’t miss out on current offers. If Users tell us that they want to receive communication that is specific to them, then we will analyse their personal preferences, interests or behaviours so that we can send them customised communication that we think they might like. If Users tell us that they are interested in receiving relevant offers from others companies that might interest them, then we will share their Data with companies in our group and selected partners in the automotive, financial, insurance and telecommunication sectors with whom we work closely. As we are always looking to make the User’s experience better, we also use the Data to improve our websites. We normally process the Data by automated or electronic means through our websites and mobile apps. We also process data through electronic means, including e-mails and by phone (e.g. SMS, MMS and fax).
Who processes the data?
The Data may be processed by natural persons and/or legal entities (“processors”), acting on our behalf under our specific instruction or contractual obligations. We may send the Data to third parties to comply with legal obligations, or for security purposes.
What about Links to Third Party websites?
Our websites often contain links to third party websites. Those websites are the responsibility of the relevant third party and we cannot accept responsibility for any information or Data inputted into those websites.
Who is the data controller?
The data controller is ARNOLD CLARK LEEDS, with registered office in CARBERRY ROAD MITCHELSTON IND ESTATE, KIRKCALDY, FIFE KY1_3NQ.
Where will my data be processed?
Processors are usually based in EU Member States but we may transfer the Data in countries outside of the European Economic Area (EEA), for example, to store them in databases managed by entities acting on our behalf. These processors of the Data are bound by the instructions we give them to process the Data and must do so in accordance with applicable data protection laws. In the event the Data is transferred outside of the EEA, we will use appropriate measures to guarantee adequate protection of the Data, usually in the form of standard contractual clauses approved by the EU Commission for the transfer of personal data outside of the EEA.
How long will my data be kept?
In providing services requested, we may store your Data for as long as is necessary to protect our interests relating to potential liability related to that service. We will only keep the Data for as long as is deemed strictly necessary to fulfil the purpose for which it was collected. Consent to marketing and other activities unrelated to the performance of the specific service requested may be withdrawn at any time, following which the Data will no longer be used for that purpose. Although the User will not be contacted for that purpose any longer, we may still store it to protect our interests.
What rights do Users have?
Users have the right to:
1. know if any Data is being processed by us and, where applicable, have access to it;
2. rectify any inaccurate information we have or to have it erased when the request is legitimate;
3. restrict the processing of the Data when the request is legitimate;
4. portability, where applicable so that the Data can be obtained in a structured,, ordinarily used and readable format, as well as the right to transfer the Data to other controllers;
5. object to the processing of the Data when the request is legitimate; and
6. lodge a complaint with a supervisory authority in case of unlawful processing of Data.
You can exercise these rights by writing to the data controller at the above address.
The relevant supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can contact the ICO via their website: www.ico.org.uk