This Policy explains when and why we collect personal information, how we use it, the conditions under with we may disclose it to others and how we keep it secure.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Guest Motors Limited (trading as Guest Truck and Van / Vehicle Lining Services/Partscomm and Guest Tyre and Auto Centre) and Sherwood Truck and Van Ltd (trading as Sherwood Truck and Van and Sentinel), is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 Superseded by the new Data Protection Act 2018 (DPA) and supplemented by the General Data Protection Regulation (GDPR). On the 25th May 2018.
Guest Motors Limited, Kenrick Way, West Bromwich. B70 6BY.
Sherwood Truck and Van Ltd, Kenrick Way, West Bromwich. B70 6BY.
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
Guest Motors Limited and Sherwood Truck and Van Ltd has a Data Protection Officer who can be contacted through firstname.lastname@example.org.
WHAT INFORMATION DO WE COLLECT?
GDPR defines personal data as the following:
‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’
‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The personal information we collect might include the following depending on your relationship with the Company;
- Phone Number
- Email Address
- Date of Birth
- Contact Details
- Marital Status
- National Insurance Number
- Driving Licence Number
- Driving Licence Endorsements
- ‘Unspent’ Convictions
- Eligibility to Work in the UK Documents
- Brief Medical History
- Emergency Contact Details – Name, Relationship, Address, Contact Number.
- Bank Details
- Employment History
- Attendance Records, Sick Leave, Annual Leave
- Return to work form details
- Expression of wishes
- Accident Reports
- Contract of Employment
- Payroll Number
- Pension Details
- Payment Details
- Registration Number
- Personal Images and Movements – CCTV
HOW WILL YOUR INFORMATION BE USED?
We may also use your information for:
- Recruitment purposes
- Contractual obligations
- Sales purposes
- Legal obligations
- Processing and enrolling in pension scheme/s
- Accident recording
- Monitoring equal opportunities
- Carrying out research and statistical analysis
- Providing operational information
- Promoting our goods and services
- Seeking views or comments on the services we provide
- Notification of changes to our services
- Distribution of wage slips
- Budgeting processes
- Security of premises and to protect general public
- Protecting and preventing crime
- Processing financial transactions
- Processing orders
- Processing salaries
- Assessing performance and targets
- Protection of assets
- Historical records and archiving
- Death in service
- Provision of health care cover
- Warranty and Product Services
- Technical Assistance and Market Research.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
For processing to be lawful under GDPR, it is important that Guest Motors Limited and Sherwood Truck and Van Ltd, identify all lawful basis before processing any personal data.
As a business that processes personal data we must satisfy a condition under Article 6 and Article 9 if the data being processed is classified under the special category.
The Lawful Basis we use are:
|Article 6 – Personal Data||Article 9 – Special Categories|
|The data subject has given consent to the processing *||The data subject has given explicit consent to the processing|
|Processing is necessary for the performance of a contract with the data subject||Processing is necessary for the purposes of carrying out the obligations of the controller or of the data subject in the field of employment|
|Processing is necessary for compliance with a legal obligation||Processing is carried out in the course of its legitimate activities by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim.|
|Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.||Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity|
|Processing is necessary for the performance of a task carried out in the public interest.||Processing is necessary for reasons of substantial public interest|
|Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes|
WHO RECEIVES YOUR INFORMATION?
The personal information we hold may be shared with one or more of the following departments/Organisation’s;
- Pension Providers
- Human Resources
- Recruiting Managers
- Guest Group
- Line Managers
- IT Department
- Sales Department
- Fleet Administration
- Health and Safety Committee
- Facilities Manager
- Regional Managers
- Monitoring Stations – CCTV
- Accounts Department
- Customer Facing Staff
- Processor – Vehicle Manufacturers with whom we have a franchise agreement.
- Processor – New Sales Enquiries
- Processor – Social Media
- Processor – Website, E-Shots and E-Newsletters
- Processor – Press releases, editorials
- Processor – Pension
- Processor – Audit
- Processor – Health Care Cover
- Processor – Death in Service Cover
- Processor – Banks
- Approved Contractors
- Government Bodies
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes, unless prior consent is received. Except for vehicle manufacturers with whom we have a franchise agreement.
For more detailed information on the sharing of personal information please contact the Data Protection Officer on email@example.com.
ANY TRANSFERS TO THIRD COUNTRIES AND THE SAFEGUARDS IN PLACE
Guest Motors Limited and Sherwood Truck and Van Ltd, does not transfer any personal data to any countries outside of the EU.
HOW LONG WILL YOUR INFORMATION BE HELD?
Please refer to Guest Motors Limited and Sherwood Truck and Van Ltd, Retention and Erasure Policy which can be requested from the Data Protection Officer by email at firstname.lastname@example.org.
WHAT ARE YOUR RIGHTS/SUBJECT ACCESS REQUESTS
You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information, depending on the purpose of processing.
|The right of access||· Everyone has a right to access their personal data.
|The right to rectification||· Everyone has a right to rectify their incomplete or inaccurate personal data.
|The right to erasure||The right to erasure does not provide an absolute ‘right to be forgotten’.
Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
· Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
· When the individual withdraws consent.
· When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
· The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
· The personal data has to be erased in order to comply with a legal obligation.
· The personal data is processed in relation to the offer of information society services to a child.
· Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.
· There are some specific circumstances where the right to erasure does not apply and you can refuse to deal with a request.
The Company can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
· to exercise the right of freedom of expression and information;
· to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
· for public health purposes in the public interest;
· archiving purposes in the public interest, scientific research historical research or statistical purposes; or
· the exercise or defence of legal claims.
|The right to restrict processing||The Company will be required to restrict the processing of personal data in the following circumstances:
· Where an individual contests the accuracy of the personal data, you should restrict the processing until you have verified the accuracy of the personal data.
· Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and you are considering whether your organisation’s legitimate grounds override those of the individual.
· When processing is unlawful and the individual opposes erasure and requests restriction instead.
· If the Company no longer needs the personal data but the individual requires the data to establish, exercise or defend a legal claim.
|The right to data portability
|This right allows individuals to obtain and reuse their personal data for their own purposes across different services.
The right to data portability only applies:
· to personal data an individual has provided to a controller;
· where the processing is based on the individual’s consent or for the performance of a contract; and
· when processing is carried out by automated means.
|The right to object||Individuals have the right to object to;
· processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
· direct marketing (including profiling); and
· processing for purposes of scientific/historical research and statistics.
|Rights in relation to automated decision making and profiling.||· Automated individual decision-making (making a decision solely by automated means without any human involvement);and
· profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
· You can only carry out this type of decision-making where the decision is:
· necessary for the entry into or performance of a contract; or
· authorised by Union or Member state law applicable to the controller; or based on the individual’s explicit consent.
Under the General Data Protection Regulation guidelines anyone connected to the Company may request details of their personal information which we hold. This can be requested free of charge by emailing Guest Motors Limited and Sherwood Truck and Van Limited, Data Protection Officer by email; email@example.com.
However, a ‘reasonable fee’ may be applied if the information requested is manifestly unfounded or excessive, particularly if application is repetitive.
Requests for access to personal data held will be acknowledged within one month of the request or two months if it is deemed to be excessive. All Subject Access Requests will require proof of identity before any applications are granted.
Any other requests should be made in writing to the Data Protection Officer:-
Data Protection Officer
Guest Truck and Van
If your personal data is requested for an alternative use, from that already stated, further consent will be sought with use of a Consent to Release Information Form.
HOW DO WE KEEP YOUR INFORMATION SECURE?
Guest Motors Limited and Sherwood Truck and Van Ltd, keeps personal information in one or more of the following places:
Secure Database, Secure Access Folder, Password protected dealer management system and locked filing cabinets.
USE OF ‘COOKIES’
HANDLING OF COMPLIANTS
Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days. If you are not satisfied with the response you should refer your complaint to the ICO https://ico.org.uk/concerns
CONSENT (SALES AND MARKETING ONLY)
☐ I have read the Privacy Notice and give my consent for the purposes and processes as detailed below:
☐ I agree ☐ I do not agree
☐ I agree ☐ I do not agree
REVIEW OF THIS POLICY
We keep this Policy under regular review. This Policy was last updated May 2018.