Privacy & Cookies
Page Automotive Limited Data Protection Policy
This is a statement of the Data Protection Policy adopted by Page Automotive Limited.
Responsibility for updating and dissemination of this policy rests with Page Automotive Limited owner and senior management. The policy is subject to regular review to reflect changes in legislation. All staff are required to understand, apply and abide by the policy and if in any doubt to seek advice.
All staff, regardless of department, must receive General Data Protection Regulation and Data Protection Act 1998 awareness training as part of a signed induction process. Ignorance of the GDPR and DPA (98) is unacceptable.
Page Automotive Limited collects and uses certain types of personally identifiable information about clients, customers and suppliers in order to operate. This includes current, past and prospective individuals and entities with whom we conduct business. Personal information, or data, must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or other means.
The success of our operation and achievement of our objectives depends upon maintaining confidence of those we do business with. Therefore, we need to ensure we treat personal information lawfully and correctly. In doing so, we fully endorse and adhere to the GDPR and the principles set out in the DPA (98).
The eight principles of the DPA (98) are:
Data shall be processed fairly and lawfully and not processed unless specific conditions are met
- Data shall be obtained for specified and lawful purpose/s, and not further processed in any other manner 3. Data shall be adequate, relevant and not excessive in relation to the purpose processed
- Data shall be accurate and, where necessary, kept up to date
- Data shall not be kept for longer than is necessary for the specified purpose
- Data shall be processed in accordance with the rights of the data subjects under the Act
- Data should be subject to technical and organisational measures to prevent damage, destruction or loss 8. Data shall not be transferred outside the EEA unless the country has an adequate level of data protection
(These will be replaced by the GDPR in May 2018)
In relation to the GDPR, there are 7 Principles and 8 Rights that have to be observed:
- Legality, Transparency and Fairness
- Purpose Limitation
- Storage Limitation
- Integrity and Confidentiality
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
(These come into force in May 2018)
We ensure that:
- We complete and regularly update a personal data risk register
- We attend and review a personal data training and awareness programme
- We appoint a senior manager with overall accountability and responsibility for personal data
- We review and update our data protection policy as new legislation emerges
- We understand what personal data we hold, where it’s held and where it goes
- We have a legal basis for our data processing activities
- We understand and properly define our processing activities
- We have enforceable written personal data handling agreements with all third party suppliers
- We carry out appropriate due diligence on all third party suppliers
- We complete and regularly review our data privacy impact assessment
- We update and regularly test our incident management policy
- We attend to any subject access requests (SAR) in a timely manner (less than one month)
- We rectify, restrict and allow portability of data via safe means
- We review and update our information security policy on a regular basis
- We update our annual registration with the ICO
- We align ourselves, as much as possible, with the objectives and requirements of ISO 27001
- We meet the requirement of the Cyber Essentials accreditation
- We check that all the above is kept in order via an appropriate compliance programme
01 – Data Protection Policy 18052018 – initial document approved by Tony Aquilina
Page Automotive GDPR Privacy Notice
Page Automotive takes its obligations concerning data protection seriously. We are providing this notice so you have information about how we collect and process your personal information. We ask you to please read this Privacy Notice as it has important information you need to know.
What does our company do?
Page Automotive is an approved and accredited vehicle body repairer that manages the repair of accident damaged vehicles for individuals, motor insurance companies, accident management companies and fleets. We work with contracted specialists, vehicle manufacturers that supply parts, paint, materials, and services to enable the repair of your vehicle.
How do we use your personal information?
This privacy notice is to let you know how Page Automotive, the companies within the Page Automotive Group and specialist supply chain promise to look after your personal information. This includes what has been passed on to us via your insurer, what you tell us about yourself, what we learn by having you as a client or customer, and the choices you give us about what you want us to send to you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
- To keep your data safe and private
- To manage your data based on your rights
- Not to sell your data
How the law protects you
As well as our privacy promise, your privacy is protected by law. Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing outside Page Automotive. The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is in our legitimate interest, or
- When it is our legal duty, or
- When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what it is. In most cases it will be to repair your vehicle.
What information do we collect and process?
In order for us to repair your vehicle it is legitimate and necessary to receive from your insurer, fleet manager, company, or from yourself necessary personal data. “Personal Data” is information about you which, either on its own or when connected with other data, allows us to identify you as an individual customer to provide you with our services. The personal data we hold may include the following:
- Your full name and contact information (address, town, postcode, email and phone number)
- Your credit card details and/or bank account details (if paying by cheque or bank transfer)
- Your purchase details (including time, date and cost, and VAT status and insurance excess)
- Your insurance company (if our work is part of an insurance claim)
- Your vehicle information (make, model, registration number)
- Your proof of identity (valid driving licence and/or passport)
- Your image on security CCTV around our repairer sites
- Your work address and contact information
- Your calls and correspondence with us
- Your feedback
Personal data will be collected from you or passed to us by your insurance company/fleet manager/vehicle recovery agent. However, some personal data may, where lawful to do so, or with your consent, be collected by us from third parties (e.g. DVLA to check speeding offences for use of courtesy vehicles).
Data minimisation is a principle that states that data collected or processed should not be held or further used unless for essential reasons clearly stated in advance. This is defined as information that is adequate, relevant and limited to what is necessary for the purposes for which its processed. This approach represents best practice for reducing the risk of unauthorised access and maintaining customer trust.
When processing and collecting data from our clients and customers we ask ourselves the following questions:
- How are we planning to use the data?
- Is there a way of achieving the purpose without having to collect the data?
- Does the individual know we are processing or collecting the data?
- Does the individual know why we are processing or collecting the data?
- How long will we need the data for to achieve the purpose?
If you choose not to give personal information
Please note that you are under no obligation to provide us with your personal information, but not providing certain data could prevent us from serving you, which could lead to cancellation of the service.
Why do we need your personal data?
Page Automotive processes personal data about you for a number of purposes, including:
- To organise specialist repair functions such as system recalibration with contracted third parties
- To follow up with you shortly after the repair to your vehicle to check everything is satisfactory
- For internal record keeping (to be able to respond to customer enquiry and invoicing)
- To make an appointment with you to assess the accident damage on your vehicle
- For number plate recognition as part of our customer service and site security
- To process payments by credit/debit card or bank account details
- To remind or update you of progress or completion date
- To provide our services to you as requested or agreed
- To help us improve the services we offer
This list is not exhaustive and may be updated from time to time. We do not ‘trade’ in your personal data and
will not sell or rent your details.
Who will your personal data be shared with?
Page Automotive works with vehicle manufacturers, insurance companies and accident management companies. We may share your basic personal data, such as name, contact details, claim number and vehicle details with the relevant company you are connected with to provide the service you have requested.
Limited personal information may also be made available to third parties providing relevant services under contract to Page Automotive, such as vehicle specialists, engineers, auditors, compliance managers, insurance companies, IT hosting, and maintenance providers. These companies may use information about you to perform their functions in accordance with the services we have requested and contract terms agreed as part of our service to you.
We may also disclose specific information upon lawful request by government authorities, law enforcement and regulatory authorities where required or permitted by law. Also in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store all the personal information you provide on our secure servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet. You are responsible for keeping your password and user details confidential and we will never ask you for your password.
In the event that we sell our business, we may share your details with the buyer to enable them to fulfil the service we have agreed with you.
Your personal information will not be transferred to, stored or otherwise processed outside the EU. Our data minimisation policy limits information to what is necessary for the purposes for which they are processed. International transfers of data between any of the countries we operate in is limited to operational and financial information. Personal information is not transferred.
Do we get involved in direct marketing?
Page Automotive does not take part in any direct marketing activities apart from requests for optional customer service feedback. We hope that the quality of our service and people will be enough for you to recommend us to others and view our website.
What rights do you have to amend personal information?
You have the right to review the personal data held by us and have inaccurate information about you corrected. To understand more about our data processing activities or to request access to your personal information, please contact our customer support team or email email@example.com.
What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or to stop using your personal information if there is no need for us to keep it. This is known and the ‘right of erasure’ or the ‘right to be forgotten’. There may be legal, warranty related or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.
How long do we keep your personal information?
Page Automotive will keep your details on record for as long as it is necessary to meet record keeping requirements. We hold booking, invoice and email details for seven years. They are then deleted in accordance with data protection and other applicable legislation. Should you wish to make a warranty claim after this period, you will need to provide a copy of our invoice or our completed guarantee.
Website and Cookies
We do not collect, store or use the following kinds of personal information on our website:
- Information about your computer and about your visits to and use of our website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views.
- Information relating to any transactions carried out between you and us on or in relation to our website, including information relating to any purchases you make of our goods and services.
- Information that you provide to us for the purpose of registering with us.
- Information that you provide to us for the purpose of subscribing to our website services, email notifications
and / or newsletters.
- Any other information that you choose to send us
Personal information cannot be submitted on this website.
Our website contains links to other websites (e.g. our Parent Company website). We are not responsible for the privacy notices, policies or practices of third party websites. Please visit your insurer website if you wish to view their privacy notice / policy.
If you have any questions about this privacy notice or our treatment of your personal information, please write to us by email at firstname.lastname@example.org or by post to The Data Protection Officer, Page Automotive, Victor Works, Wellington Crescent, New Malden, Surrey, KT3 3NE.
Changes to this Privacy Notice
The Data Privacy laws will change on 25 May 2018. Page Automotive may change this Privacy Notice from time to time in order to reflect changes in the law. This version was updated in May 2018.
01 – Privacy Notice 18052018 – initial document approved by Tony Aquilina
02 – Privacy Notice 25052018 – Cookies and Website updated and approved by Tony Aquilina