Customer data is very important to all organisations, and it should be treated with the care and respect that it demands. EU, GDPR regulations formulate this and propose seven main principles with which we will endeavour to adhere to during our business activities:
1. The right to be informed – we will supply concise transparent and easily accessible information about the way we process personal data.
2. The right to access – individuals have the right to obtain access to their personal data.
3. The right to rectification (where data is inaccurate or incomplete, individuals are entitled to have their personal data rectified.
4. The right to be forgotten (this part of the regulations does not provide and absolute right to be forgotten, but introduces a right for individuals to have personal data erased in specific circumstances, such as where there is no longer a legitimate interest in the data being used.
5. The right to restrict processing (companies will be required to restrict the processing of personal data when an individual has objected to that processing on the grounds of it being inaccurate or gained through illegitimate means).
6. The right to data portability (companies must make personal data available for individuals in a way that makes it easy for them to move, copy or transfer their data from one platform to another. An example of a format that this data could take is a CSV file).
7. The right to object (individuals have the right to object to direct marketing and processing for purposes or research and statistics gathering).
Our DMS servers are maintained in house and backed up daily to tape which is locked in a secure environment with restricted access. Prohire, which powers our Vehicle rental system has Legitimate Interests protection and is hosted again on secure servers in two remote locations.
Other interested parties with whom data may be shared include:
DVLA – License checks Various Finance companies – Provision of funding for vehicle purchases
BCMS – Debt collection where contractual payments have NOT been made Santander
Corporate and Commercial Bank – From where payments are made by us
This list is not exhaustive however a Legitimate Interests Assessment has also been completed in order to identify areas where data processing and sharing is appropriate.( App. 1 )
Data will ordinarily be retained for seven years in order to comply with HMRC (Inland Revenue) requirements, after which time any paper records will be disposed of in an appropriate environmentally friendly manner and electronic data records deleted.
Should you not wish to be contacted by us then please respond to firstname.lastname@example.org with the phrase OPT OUT in the subject line.
Legitimate Interests Assessment (LIA)
This LIA relates to the electronic and hard copy documentation known as DMS data relating to owners or perspective owners of vehicles supplied by James & Jenkins Garages Ltd (JJGL). Such data may have been transferred to Subaru UK or other franchises that we hold to enable those distributors or Manufacturers to carry out their duties as distributor or manufacturer and other legitimate commercial functions and responsibilities.
A) Identifies a Legitimate Interest
Question: What is the purpose of the processing operation where processing includes any of the following: Collection, recording,storeage,use, disclosure by Transmission or destruction or ‘any operation which is performed on personal data’ ?
Answer: The purpose of the processing is two stage. Firstly, to identify a single instance of the Data Subject and their associated enquiries, vehicles, service, warranty and parts business with JJGL. Secondly, to have the ability to communicate with the Data Subject (DS) relevant marketing communications in some instance via a distributor or Manufacturer.
Question: Is such processing required to achieve a lawful business objective?
Answer: Yes. The lawful business objective being to ensure that we fulfil our responsibilities as Dealer to our Customers and perspective customers.
B) The Necessity Test
Question: State briefly why the processing activity is important to the business?
It is important to the business to reduce duplicate and to the business erroneous messaging from JJGL and our franchise partners. It is important that the DS (Customer or Prospective) is put in control of their PII using the Preference Centre, and that The DS rights and preferences are respected by all channels.
Question: Is the personal data held likely to be disclosed to anyone outside of JJGL? If so who will It be disclosed to and why ?
Answer: The PII will be disclosed to a very limited number of third party processors including our Distibutor & Manufacturer partners to enable them to support our mutual customers and prospective customers needs.
Question: Is there another way of achieving the objective?
C) The Balancing Test
Question: Would the individual whose personal data is subject to the proessing expect the processing activity to take place?
Questions: Does the processing add value to a product or service that the individual uses ?
Answer: Yes. It gives the DS a choice of preferred dealership across the network and puts them in control of how the PII is used in all communication channels, both from JJGL and from IML.
Question: Is processing likely to negatively impact on the individual’s rights?
Question: Is processing likely to result in unwarranted harm or distress to the individual?
Question: Would there be a prejudice to JJGL or IM if processing does not happen?
Question: Would there be a prejudice to any Third Party if processing does not happen?
Answer: Yes. A number of third parties provide critical services that benefit the DS, such as break down and recovery and extended product warranties.
Question: Is the processing in the interests of the individual whose personal data it relates to?
Answer: Yes, both in terms of third party arrangements and the privacy by design elements of the Preference Centre.
Question: Are the legitimate interests of the individual aligned with JJGL & IM ?
Answer: Yes, it is in the interests of JJGL & IML that the trust of the DS is fundamental to the success of our vehicle sales process
Question:What is the connection between the DS and IM?
* Existing customer
• Lapsed/cancelled customer
• Business Client
• Prospect (never purchased goods or services
• Competition entrants
Question: What is the nature of the data to be processed ?
Answer: The nature of the data to be processed is governed By the attached ‘ CT DMS Integration Specification – UK – 2018.pdf document (see attached)
Question: Is there a two way relationship in place between JJGL/IM and the individual whose personal information is going to be processed ? If so how close is that relationship ?.
Answer: Ongoing and the DS is put in control of their data and its’ use. Communication is regular and each instance allows a DS to reference back to their preferences opting in/out by channel and to take temporary holidays.
Question: Would the processing by JJGL limit or undermine the rights of individuals ?
Question: Has the personal information been obtained directly from the individual, or obtained indirectly from a third party ?
Answer: PII is obtained from data transferred from IM & Dealership DMS.
Question: Is there an imbalance in who holds the power between the IM and the individual DS?
Answer: No.The Preference centre puts control firmly in hands of the DS
Question: Is it likely that the individual may expect their information to be used for this purpose ?
Question: Could the processing be considered intrusive or inappropriate? In particular, could it be perceived as such by the individual or in the context of the relationship?
Answer: NO. The processing is deemed necessary to identify a single contact from a number of sources. The balance of processing is deemed to be in favour of the DS as it reduces repetition and erroneous conclusions being derived from the data. e..g. assuming a customer is still driving a vehicle when it has in fact been sold by another dealership.
Question: Is a fair processing notice provided to the individual, if so how ? Are they sufficiently clear and up front regarding the purpose of the processing ?
Question: Can the individual, whose data is being processed control the processing activity or object to it easily ?
Answer: Yes, the preference Centre allows the DS to not only object and opt out of communication using Any of the available channels (mobile,email,etc) But also to opt in/out of dealer and National Marketing as well as temporarily to opt out for a Period of time.
Question: Can the scope of the processing be modified to reduce or mitigate any underlying privacy risks or harms ?
Answer: Potentially as developments in the automotive sector and in particular the introduction of connected vehicle telematics. Questions regarding Ownership and service history may be tested in the future, along with the need to pseudonymise the Data where necessary.
Explore our constantly changing exclusive offers to find the car and the deal for you, now.
Click on the offers below to view more information
"Just a little thank you for the friendly & kind service you have shown us.
We will most definitely be coming back to you for your next car."
Service & Parts
James & Jenkins can arrange your MOT, service your car by appointment, recharge your Air Conditioning and much more.
We look forward to welcoming you soon.