Privacy and Data Protection
1. ABOUT US
Griffin Tax Free Limited (“we”, “us”), trading as DDS Cars, is a company registered in England and Wales (Company Registration Number 04578278).
For the purpose of this Privacy Notice and current UK data protection legislation (the Legislation), the Data Controller is Griffin Tax Free Limited, Griffin House, Henfield Business Park, Henfield, BN5 9SL. For contact details please see; “12. How To Contact Us” below.
2. TYPE OF DATA BEING COLLECTED
Information you give us
You may provide us with information about you or your vehicle through a number of sources: the Griffin website, use of other Griffin products or services, use of Griffin digital properties (including social media sites), product and related events, test drives, surveys, social media platforms, promotion entries, motor shows and our customer call centres. We may receive information about you and your vehicle through vehicle maintenance records, accessory and parts sales and service records, and other records, provided to us directly by your Griffin network partner (hereafter, “Griffin Partner”), or our third-party service providers. If you register for and receive services through a Griffin account, we also receive information about your preferred Griffin Partner, any interests you elect to share, and your account preferences and settings.
Information we collect about you
The types of information that Griffin collects about you include:
• Contact information (such as name, address, telephone number, email).
• Information you provide directly to us such as personal interests and photographs.
• Vehicle information (such as VIN, make, model, year, retailer, date of purchase or lease, purchase/lease price, equipment, and service history).
• Vehicle data (such as general status data – warning lights, upcoming service schedule, fuel level, battery level, tire pressure, service history and fault or trouble codes; performance data; and other data about the identification, condition, equipment, or collision information).
• Photographs and other user generated content such as materials that you may submit for competitions, or personal interests that you may add to social network platforms.
• Data gathered by technology when you visit our website.
If you use a digital device to activate or access Griffin services, we may collect information about your specific device. With regard to each of your visits to our sites we may automatically collect the following information:
• Location information. When you use our services, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, and other sensors.
• Technical information. This includes the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone, browser plug-in types and versions, operating system and platform.
• Information about your visit. This includes the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, form fills and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We may use the personal data we hold about you, combined with publicly available data about your opinions/sentiment on particular topics and your demographic data to better understand our customers and to improve the products and services we deliver. Your personal data will be grouped together with others to provide statistical information only and would not be used to send you information on an individual basis. No automated decision making using your personal data takes place.
• Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, social media platforms and search information providers) and may receive information about you from them.
3. OUR COMMITMENT TO CHILDREN’S PRIVACY
Griffin does not knowingly collect information from visitors under the age of 16 and does not offer Information Society Services (ISS) (online services) directly to children. In the event that we learn that we have collected information from a child under age 16 without verification of parental consent, we will delete that information. For questions or additional information, see “How To Contact Us” section below.
4. USAGE OF INFORMATION
Sometimes we process the information on the basis that we have a legitimate interest or in administering a contract between you and us. Where your personal data is required for contractual purposes we are unable to perform our obligations to you under the contract without that personal data. We’ll only hold data for as long as is necessary to provide our services and protect our business. We generally store and process your personal information for no longer than 6 years, or for as long as you are a vehicle owner if that is longer than 6 years. We may use the information that we collect in a number of ways:
• to provide the products and services you have purchased or requested;
• to support your vehicle, products and services;
• to communicate with you about your vehicle, products or services;
• to diagnose, repair and track service and quality issues;
• to install and configure changes and updates to your services;
• to authenticate users of our products and services;
• to evaluate the performance and safety of our vehicles, products and services;
• to improve the quality of our vehicles, products and services;
• to operate the Griffin website and digital properties and customise the content;
• to verify your eligibility for certain programs or benefits;
• to comply with legal requirements;
• to protect the safety, property or rights of Griffin, vehicle owners, registered users, drivers, passengers or others;
• to prevent and detect fraud or misuse of vehicles, products or services;
• to maintain internal records;
• for marketing purposes to inform you about relevant products and services;
• in order to discover trends and segments within our audience and strategically assess their preferences, in order to innovate new products and services;
• to learn about public and customer perception of our brand, products and services, in order to optimise them for specific audience segments.
We also use or share your information in an anonymised or aggregate manner for purposes including research, analysis, modelling, product or service improvement, and aggregated information services such as traffic reporting.
We use the information provided in association with a Griffin service request to evaluate your service needs and remind you to schedule a service appointment as indicated in your contact preferences. A Griffin service representative may contact you via phone, email, text message, social media, direct messaging or letter to schedule a service appointment. Your preferred Griffin Partner can also access this data for the purpose of preparing for a service appointment, contact initiation and execution of the individual services.
How to Opt Out of Marketing
You have a choice as to whether to agree to receive marketing information and services and you will be asked for your consent to receive such information. If you no longer wish to receive marketing information or you wish to update your preferences then please contact us by using the details below.
5. DISCLOSURE OF YOUR INFORMATION
We will not disclose this information to anyone outside of Griffin Group, our affiliated or associated companies, and our Partners, agencies and licensees, service providers and any other companies with which Griffin Tax Free Limited has established services for your benefit unless required to do so by law. We may disclose your information for the following reasons:
• To our authorised Partner and repairer network – to provide you with information on the service requirements of your vehicle, product recall and safety information, warranty information, new product launches and events.
• To our approved roadside assistance partner.
• To our approved agencies – in the event that you have subscribed to receive Griffin marketing material, for the purpose of notifying you of new Griffin products, events, and news that may be of interest to you.
We may also share your information with selected third parties such as analytic and search engines providers that assist us in the improvement and optimisation of our site, advertisers and advertising networks and marketing agencies in order that they may select and provide you with adverts or information that may be of interest to you about Griffin. Our suppliers listed in the categories above may change from time to time, and as a result, and in order to comply with the confidentiality provisions of our commercial contracts, we do not publish a list of our individual suppliers by name.
In the event that you receive services from our partners listed above, you may receive requests from those organisations to market their products or services directly to you. We cannot accept any responsibility where you agree to these requests – your rights as a data subject must be enforced directly with those organisations. If in doubt, please contact us for further details.
6. WHERE WE STORE YOUR PERSONAL DATA
We will securely store your data until you instruct us otherwise or in accordance with current UK Data Protection Law unless otherwise stated.
7. INFORMATION SECURITY
We use a range of appropriate technical and organisational measures to safeguard access to and use of, your personal information and to ensure it retains its integrity and availability. These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training. We also consider anonymising or pseudonymising personal data where practical.
8. DATA PROTECTION LEGISLATION
9. THIRD PARTY LINKS
This website may contain links to other websites or links to download software from other websites. We have no control over and are not responsible for the content of, privacy policies or security of such sites. We recommend that you check the privacy and security policies of each website or social media service that you visit and/or sign up to.
10. ACCESS TO PERSONAL DATA AND YOUR RIGHTS
You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay, and within 30 days at the latest.
For any of the following requests you can contact us by email or post, at:
The Data Protection Officer, Griffin Tax Free Limited, Griffin House, Henfield Business Park, Henfield, BN5 9SL.
Access to your personal data
You have the right to request a copy of the personal information that we, or our partners, hold about you. This is formally known as a “Subject Access request”. We will not charge you for handling this request, but we reserve the right to refuse clearly unfounded or repetitive requests. Where we refuse your request we will confirm your right to complain to the Information Commissioner’s Office (ICO), and to a judicial remedy, as quickly as we can – but at the latest within one month.
When submitting your request, it would assist us if you could specify the information or processing activities which you’d specifically like to see. You will also need to provide proof of your identity. We will respond to your request as quickly as we can, but at the latest within one month of receipt (unless the request is complex – in which case it might take a further two months).
Erase, restrict or object to our processing of your personal data
In certain circumstances you are entitled to restrict or ‘block’ the processing of your personal data, or to object to the processing of your personal data. From 25 May 2018 you will also have the right to have your personal data erased (also known as a ‘the right to be forgotten’). However we are permitted to refuse your request if there is a legitimate reason for us to keep the data. Where you have entered into a contract with us you cannot exercise your right to be forgotten as we have a legitimate interest to continue processing your personal data. This includes the personal data that we hold on you and also the data that we disclose to our partners (see “DISCLOSURE OF YOUR INFORMATION”).
These circumstances include:
• Where you consented to us processing the personal data, and want to withdraw that consent;
NB Please note that we only obtain your consent for our marketing activities, and you can easily change your preferences at any time.
• Where your personal data is no longer needed for the reason it was collected – for example, when the contract between us has expired;
• Where you contest the accuracy of the personal data that we hold on you, and require us to restrict any further processing until the accuracy of the personal data has been verified;
• Where you object to us processing your personal data and there is no overriding legitimate interest for us to continue processing your personal data;
• Where your personal data is being unlawfully processed and you require us to restrict or erase your data;
• If you need us to restrict the personal data in order to establish, exercise or defend a legal claim.
• Where your personal data needs to be deleted in order to comply with a legal obligation;
• Where the personal data being processed relates to a child;
Correct your personal data
You have the right to have your personal data corrected if it is inaccurate or incomplete. This will include the data that we and our partners hold on you. In many instances you can simply call or email our customer team on +44 (0)1273 or [email protected], however you can also direct your request to our Data Protection Officer, whose contact details are listed above. We will respond to your request as quickly as we can, but at the latest within one month of receipt (unless the request is complex – in which case it might take a further two months).
Export your personal data
From 25 May 2018, you will have the right to receive your personal data in a format that can be easily transferred to, and used by, an alternative service provider. This is formally known as “data portability”. We will not charge you for this request.
We will supply you with the relevant personal data in a format which is readily accessible by most IT systems (usually CSV format). We can also send this data directly to an alternative service provider, where this is technically possible. We will respond to your request as quickly as we can, but at the latest within one month of receipt (unless the request is complex – in which case it might take a further two months).
Complain to the Information Commissioner’s Office
The Information Commissioner’s Office (ICO) regulates the processing of personal data. We are registered with ICO as a data controller and our registration number is ZA010175.
Please direct any queries or complaints directly to us in the first instance (contact details provided above). If you do not agree with the way we have processed your data, or responded to your concerns, you can submit a complaint to ICO or the supervisory authority in the place of your habitual residence. However, as the UK supervisory authority, the ICO will be the lead supervisory authority in the event of any complaint:
ICO website: https://ico.org.uk/
ICO contact details: https://ico.org.uk/global/contact-us/
12. HOW TO CONTACT US
If you require further information or have any comments or questions about this website or any aspect of our services please contact us:
+44 (0)1273 574000
Griffin House, Henfield Business Park, Henfield, BN5 9SL