Privacy and Fair Processing Notice
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this Notice, we will explain how Autosmart collect, use and protect your personal data.
We will also outline what rights you have with regards to your personal data and how you can exercise those rights.
Who we are
Autosmart International Ltd is a data controller and processor.
Our registered office address is:
Autosmart International Ltd,
Lichfield WS14 0DH
Why does Autosmart need to collect and store personal data?
In order for us to provide you with a service we need to collect personal data for correspondence purposes and/or service provision.
We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
In the course of dealing with you, we may pass your personal data on to our service providers who are contracted to Autosmart. Our contractors are obliged to keep your details securely, and use them only to fulfil the service they provide you on our behalf. Once your service need has been satisfied, they will dispose of the details in line with Autosmart’s procedures.
Categories of information
The categories of information we collect may include, but are not limited to, those set out below:
- Your contact information;
- Information about your visit to our website stored on your device using cookies;
- Information necessary for us to provide you with a service;
- Information about your business;
- Any other information that you choose to send us
Uses of Your Information
Autosmart will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We will endeavour to keep your information accurate and up to date. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Our aim is not to be intrusive or ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
We may use your information in the following ways:
- To carry out any steps required before entering into a contract with you or with a third party;
- To provide a service to you;
- When you provide services to us;
- To comply with our legal responsibilities;
- To respond to requests you put to us;
- To provide you with information regarding services and products we provide;
- As part of our recruitment process;
- To ensure that content from our website is presented in the most effective manner on your device.
Purpose and legal basis for processing
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
For contractual purposes.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a lawful basis for processing your personal data, other than in relation to:
- Sending direct marketing communications to you (in circumstances in which we are not relying upon legitimate interests); or
- Processing special categories of personal data which you choose to provide to us as part of the employee or franchisee recruitment process.
Who has access to your data?
Autosmart will have access to your data for the purposes listed above. Where third parties are involved in the process they will be bound by terms of confidentiality and this Notice.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
In the event that we need to transfer your personal data out of the EEA, we will do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Your data rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
- Your right of access
- Your right to rectification
- Your right to erasure
- Your right to restriction of processing
- Your right to object to processing
- Your right to data portability
- Your right to withdraw consent
You can read more about these rights here https://ico.org.uk/your-data-matters/
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How long will Autosmart keep your data?
Personal data will only be kept in line with our normal business requirements and according to our data retention policy and procedures.
How will we secure your data?
We recognise our responsibility to protect the information you provide to us. Autosmart takes appropriate technical, organisational and legal steps to protect personal information, including secure servers, firewalls, and encryption of personal data.
Changes to this Notice
This Notice may be adjusted from time to time. Autosmart reserves the right to modify or amend this Notice at any time. The effective date of this Notice is displayed at the beginning of this Notice. Please check back periodically, and especially before you provide any personally identifiable information.
Autosmart controls and is responsible for your personal data. If you have any questions or concerns about this Notice or the use of your personal data, please feel free to contact us and we will make every reasonable effort to address your concerns:
Autosmart Information Compliance Officer
Autosmart International Ltd,
Lichfield WS14 0DH
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/
Third party sites