Definitions and Interpretation
- Who is the Registered Data Controller?
- The Data Controller’s Representative
- The Business of the Company
- Sources of Personal Data Collection and Relevance of Policy
- Legitimate Business Interest
- Personal Data Collected & Held
- Personal Data Storage
- Company Use of Personal Data
- Anonymous and Aggregated Data
- Use of Personal Data to Contact You
- Circumstances when the Company may Release Your Personal Data to Others
- Duration for which the Company will keep your Personal Data
- Data Security
- Call Recording
- Links to other Websites
- Social Media
- Maintenance of Website
- Online Reporting – Google Analytics
- Online Advertising – Google Adwords
- Blog Management
- Your Rights under GDPR and DPA 2018
- Policy Changes
- Queries regarding this Policy
Definitions and Interpretation
The following terms shall have the following meanings:
“Cookie” – means a small text file placed on your computer or device by our site when you visit certain parts of the site and/or when you use certain features of the site. Details of the Cookies used by our site are set out below.
“Cookie Law” – means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulation 2003
“DPA 2018” – Data Protection Act 2018
“GDPR” – General Data Protection Regulation
“Identifiable Natural Person” – GDPR defines as “one who can be identified, directly or indirectly, by reference to an identifier such as a name, or to one or more factors specific to that natural person.”
“IP Address” – a number that is automatically assigned to the computer that you are using by your Internet Service Provider.
“Personal Data” – GDPR defines as “any information relating to an identified or identifiable natural person’’
1. Who is the Registered Data Controller?
Kwik-Fit (GB) Limited, ETEL House, Avenue One, Letchworth Garden City, Hertfordshire, SG6 2HU hereafter referred to as the “Company”.
2. The Data Controller’s Representative
The Company’s Data Protection Officer acts as the Data Controller’s Representative.
3. The Business of the Company
The Company excels in the sale of vehicle tyres, accessories and related services.
4. Sources of Personal Data Collection and Relevance of Policy
This Policy relates to Personal Data collected from you via:
- Company-related websites;
- Social media;
- Mobile devices;
- Wi–fi access points.
The content of this Policy applies to you when you interact with the Company in centre, online, via social media, telephone, text, websites and any other form of correspondence.
The Company asks for your consent as a way of ensuring that your Personal Data is collected and processed on your behalf lawfully and you are marketed to appropriately. You have the right to withdraw consent at any time.
6. Legitimate Business Interest
The Company may also use Personal Data where it falls within the definition of Legitimate Business Interest under the GDPR. Your right to withdraw consent will override the right of Legitimate Business Interest.
7. Personal Data Collected & Held
Information about the services that you use and how you use them is collected. The Company may also collect device-specific data (such as your location and mobile telephone number) and log-in frequency information.Categories of Personal Data that are collected include:
- Personal details – e.g. name, address, email, telephone number;
- Financial details, where applicable;
- Goods and services;
- Enquiries, compliments and complaints.
Your web browser may provide the Company with information about the device you are using such as an IP address and details about the browser you use.
An “IP Address” may be identified and logged automatically in the Company’s server log files whenever you access the services, along with the time of the visit and the page(s) that were visited.
8. Personal Data Storage
The Personal Data you give is stored with your account.
This data is located on servers within the European Union and contractual safeguards are in place. No third parties have access to your Personal Data unless there is a lawful basis to do so.
9. Company Use of Personal Data
The Company is committed to protecting your Personal Data. When you share your Personal Data with the Company there is a legal obligation for it to only use it in line with data regulations.
All your Personal Data is processed by our staff in the UK.
The Company processes your Personal Data:
- To provide a better service to you including customised search results, spam and malware detection.
- For service administration purposes, carrying out its obligations arising from any contracts entered into by you and it and provide you with the information, products and services that you request from it;
- To provide you with information about other goods and services it offers that are similar to those that you have already purposed or enquired about;
- To notify you about changes to its services;
- To ensure that content of its site is presented in the most effective manner for you;
- To administer its site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To measure and understand the effectiveness of advertising it serves to you and others.
The Company uses IP Addresses for purposes such as calculating usage levels of the services, helping diagnose server problems and administrating its services.
The Company will ask for your consent before using your Personal Data for a purpose other than that it was provided for or authorised to use.
10. Anonymous and Aggregated Data
- may aggregate personal data so it does not personally identify you (“pseudonymised data”); For example, it may aggregate Personal Data to analyse the percentage of customers which have a particular post code.
- may remove Personal Data to create anonymous data;
- uses anonymous and aggregated information for historical, statistical, or business planning purposes.
11. Use of Personal Data to Contact You
Transactional: The Company will communicate with you in order to complete any transactional commitments.
Marketing Purposes: The Company will only contact you for marketing purposes where you have given consent to do so. The Company may personalise the message content based upon information you have previously provided and your use of any linked websites.
Social Media: Social Media communications such as: Facebook, Google, Instagram, Snapchat, Twitter etc. will be responded to based upon the data you have previously provided.
12. Circumstances when the Company may Release Your Personal Data to Others
The Company does not share your Personal Data with organisations outside contractual requirements unless one of the following applies:
- It is necessary to comply with data protection laws;• Your consent has been obtained and can be evidenced;
- A legal requirement exists e.g. to meet a legal obligation or enforceable government request, detect and prevent or address fraud;
- The Company is responding to matters of personal or public safety.
The types of organisation with which the Company may share some of your Personal Data it processes are:
- Any member of the Group, which means its subsidiaries as defined in section 1159 of the UK Companies Act 2006;
- Analytics and search engine providers that assist the Company with the improvement and optimisation of the website;
- Credit reference agencies for the purpose of assessing your credit score where this is a requirement for the Company prior to entering into a contract;
- Debit collection and tracing agencies;
- Central government;
- Police forces and security organisations.
13. Duration for which the Company will keep your Personal Data
The Company holds your Personal Data on its systems for as long as is necessary relevant to the transactional, tax and legal obligations and marketing interests consented by you.Specific details of the Company’s Data Retention Policy can be obtained from the Company Data Protection Officer.
14. Data Security
The Company protects your Personal Data from unauthorised access, disclosure or amendments by using:
- Two factor authentication;
- Secure storage locations;
- Regular audit and review of data storage and processing practices including physical safety procedures to guard against unlawful access;
Access to your Personal Data is restricted to employees on a need to know basis, suppliers and authorised representatives who are subject to contractual responsibilities.
Unfortunately, the transmission of data via the internet is not completely secure. Although the Company does its best to protect your Personal Data, it cannot guarantee the security whilst it is transmitted to its site; any transmission is at your own risk. Once in receipt of your Personal Data, the Company will use procedures and security measures to prevent unauthorised access.
15. Call Recording
Telephone calls to the Company may be recorded for training and monitoring purposes
16. Links to other Websites
Company-related websites contain hyperlinks to websites operated by third parties who have their own privacy policies and related cookies. The Company does not accept liability for the privacy practices of these third parties.
17. Social Media
When you make contact with the Company via social media channels certain Personal Data may be shared with the Company about your online activities such as gender, interests and marital status depending on your profile settings. The Company is not responsible for the Personal Data you share on your social media profiles and you are encouraged to familiarise yourself with the privacy settings of these sites.
18. Maintenance of Website
The Company uses a third party service to help maintain the security and performance of its websites. To do this it processes the IP addresses of website visitors.
19. Online Reporting – Google Analytics
20. Online Advertising – Google Adwords
The Company uses Google Adwords, an online advertising/remarketing tool from Google Inc. to place ads in Google search results and other websites which you may find of interest. To help the Company track sales and other conversions from our advertisements, the Company uses the conversion tracking feature provided by Google Adwords which places a cookie on your device when you click on one of the advertisements. The Company is not responsible for the placement of these cookies. Google uses the information obtained from conversion cookies to compile statistics including the number of users who clicked on the ad and the pages then accessed by each user. Conversion cookies are only active for 30 days and cannot be used to identify any Personal Data.
21. Blog Management
All blog content is written by the Company and its selected partners. Republishing of content on our blog and other parts of the website is not authorised without express permission. Information collected about user visits to the blog is used for the sole purpose of analysing content performance.
Internet Log File Information
When you visit our websites we collect standard internet log information. We do this to find out things such as the number of visitors to various parts of our site. Information we gather in our standard internet log information does not identify anyone and is only used to statistical purposes including the establishment of visitor numbers, most popular pages and features, and most popular browser types.
Where a cookie can identify an individual via their device, even if identification can only be made via combining the data in question with other data, it will fall within the definition of data laws.
Cookies are small text files that are placed on your computer by websites when you visit. They are widely used in order to make websites work, or work more efficiently, as well as provide information to the owners of the site.Several of the cookies we use are essential for parts of the site to operate, in particular our booking systems. You may delete and block all cookies from our sites, but parts of the site will not function correctly.
All our cookies have a life that spans only the length of your session with our website, sometimes shorter, in particular if you are using one of our booking engines. The one exception is the cookie named “YourCookieSettings” which has a life span of 365 days and necessary to store your cookie settings for this site.The cookies used on this website have been categorised using best practice. A list of all the cookies used on this website by category is set out in the table below.
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
Strictly necessary cookies are always enabled.
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Persistent cookies are those which remain active on the user’s computer or device for a predetermined period of time and are activated when that user visits a website.
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve how a website works.
Session cookies are temporary and only remain on a user’s computer or device from the point at which they visit your website until the web browser is closed, at which point they are removed.
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
Additional Cookie Categories
- First-Party Cookies – These cookies are placed directly by a website. Most, if not all, of your strictly necessary and functionality cookies will likely be first-party cookies.
- Third-Party – When you visit a site you may notice some cookies that aren’t related to that site. If you go on to a web page that contains embedded content, for example from Google Maps, you may be sent cookies from these websites. The original site does not control the setting of these cookies, so it is suggested you check the third-party websites for more information about their cookies and how to manage them.
- Flash Cookies – Adobe Flash Player used for videos uses Flash cookies (also known as Local Shared Objects) to help improve your experience as a user. Flash cookies are stored on your device in much the same way as usual cookies, but they’re managed differently by your browser.If you wish to disable or delete a Flash cookie, see Adobe Flashplayer Security Settings (opens in a new window). Please note that if you disable Flash cookies for a site you will be unable to access certain types of content on the site, such as videos.
Cookies used on this website as at July 2018 could include:
|ASPSESSIONID||Strictly Necessary||Allows the server to maintain a link with the user (should be Strictly Necessary)|
|CookieSettings||Strictly Necessary||This cookie stores your browser settings for this website.|
|Strictly Necessary||These cookies are used throughout our site and are essential to use our booking systems, Centre locator and other features.|
|BookingEngine||Strictly Necessary||adds extra information when booking on the website|
|BookingEngineNextStep||Strictly Necessary||adds extra information when booking on the website and being transferred out to sagepay/paypal for payment so the user is returned to the correct point in the process|
|BrowserOutOfDate||Strictly Necessary||If a user’s browser is out of date, and they continue to use the site, we set this to stop displaying the “out of date” message|
|MyAccount||Strictly Necessary||Used in MyAccount to store logged in user information|
|PPCID||Performance||Used to track users when coming via the welcome.asp page|
|InteractAPI||Performance||Helps enhance customer experience by delivering relevant and personalized homepage content based on internal pages visited.|
|Ads/ga-audience||Third Party||Used by Google Adwords to re-engage customer that are likely to convert based on the visitor’s online behaviour across websites. – marketing- session https://www.cookiebot.com/en/cookie-declaration/|
|Ads/user-lists/#||Third Party||Used by Google when a user visits a page on a website containing a remarketing tag. Google puts a cookie on the user’s device and adds the cookie to a ‘user list’. This is simply a collection of visitor cookies generated by one (or more) remarketing tags. Marketing-session https://www.relate.org.uk/cookies|
|Fr||Third Party||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. Marketing- 3 months https://www.cookiebot.com/en/cookie-declaration/|
|IDE||Third Party||Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. marketing- 2 years https://www.cookiebot.com/en/cookie-declaration/|
|Test_cookie||Third Party||Used by Google DoubleClick to check if the user’s browser supports cookies.|
|Tr||Third Party||The Facebook pixel tracker is used for tracking conversions from Facebook ads.|
|IR_gbd||Third Party||Used to track traffic and sales from affiliate users|
|IR_PI||Third Party||Affiliate tracking cookie helps to count visitors from websites participating in Impact Radius affiliate marketplace. https://www.belightsoft.com/privacy-policy/cookie-policy|
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org.
It is the visitors responsibility to review any third party Cookie related Terms and Conditions.
Requests for additional information on our privacy and data protection policies can be made to:
Kwik-Fit (GB) Limited
Letchworth Garden City
24. Your Rights under GDPR and DPA 2018
The Right to your Personal Data (Access)
You have the right to obtain a copy of your Personal Data that is processed by the Company and know the reasons why it processes your data. Upon receipt of a written request made to the Company Data Protection Officer you can normally expect a response within one month of the request. (Should there be a requirement for an extension of the original one month limit you will be written to with the reasons for any delay). Please note confirmation of a requester’s identity will be essential prior to any release of Personal Data.
If the Company holds Personal Data about you, it will:
- Provide a description of the data held;
- Inform you why the data is being held;
- Inform you who the data is disclosed to;
- Provide a copy of the data in a machine readable format (or hard copy).
Depending upon the nature of the request the Company will try to manage the search informally in the first instance e.g. if you are seeking specific data, this may be resolved via a telephone call.
The Right to Rectification
You have the right to have any inaccuracies in your Personal Data which is stored and processed by the Company to be rectified.
The Right to be Forgotten
Under certain circumstances you may request that Personal Data is erased.
The Right to Restriction of Processing
Under certain specific circumstances you may have the right to prevent the processing of some Personal Data.
The Right to Notification
Under certain circumstances, the Company has a duty to ensure you are notified of how any intended change of processing of your Personal Data may take place which differs to that which you consented for.
The Right to Data Portability
Under certain circumstance you have the right to see and have transferred your Personal Data in a commonly used and machine-readable format to another Data Controller.
The Right to Appropriate Decision Making
You have the right not to have decisions made solely from automated processing. In the event that automated processing is used, please contact the Company Data Protection Officer to obtain an explanation from for the outcome of any automated processing.
You have the right to lodge a complaint regarding the use of your Personal Data. In the initial instance please email the Company Data Protection Officer who will investigate the matter and keep you informed of the investigation progress.
If you are not satisfied with the outcome of the internal investigation you have the right to lodge a complaint with the Information Commissioner’s Office.
26. Policy Changes