GENERAL DATA PROTECTION REGULATION (GDPR)
The new General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and S & B Motors (London) Limited would like to take this opportunity to advise our position with reference to your Data, how it is stored and how we use it.
If you are one of our customers we hold your name, address, e-mail address, contact numbers along with your vehicle information, i.e. your registration. As part of our ongoing customer commitment we also hold the MOT & Service history and due dates for the purpose of sending you out reminders. The personal details we hold have been provided by yourselves and is primarily used to enable us to provide our services to you. We use people’s data in ways you would reasonably expect and have a minimal privacy impact. In addition, we may use the information for the following purposes:
· To provide you with information requested from us, relating to our products or services.
· To provide information on other products which we feel may be of interest to you, where you have consented to receive such information.
· To meet our contractual commitments to you.
· To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.
· If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you.
· You have the right to withdraw your consent at any time, it shall be as easy to withdraw as to give consent.
· Right of access - You have the right to access your data at any time.
· Right to rectification – you have the right to have inaccurate You can make this request either verbally or in writing. We will respond to this request as soon as possible and within one calendar month personal data rectified or completed if it is incomplete. You can make this request either verbally or in writing. We will respond to this request as soon as possible and within one calendar month.
· Right to erasure – You have the right to request for your data to be erased. The right to erasure does not apply if processing is necessary for one of the following reasons:
o to exercise the right of freedom of expression and information;
o to comply with a legal obligation;
o for the performance of a task carried out in the public interest or in the exercise of official authority;
o for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
o for the establishment, exercise or defence of legal claims.
· Right to restrict processing – you have the right to request the restriction or suppression of your personal data.
· Right to data portability - The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
· Right to object - you have the right to object to the processing of your personal data in certain circumstances and the absolute right to object to any processing (including profiling) undertaken for the purposes of direct marketing.
· Right not to be subjected to automated decision making - We carry out a DPIA to consider and address the risks before we start any new automated decision-making or profiling.
· We regularly review the information we process and store to identify when we need to take action, e.g. correct inaccurate records. We also conduct regular data quality reviews of systems and manual records which helps us ensure the information we hold continues to be adequate for the purposes we are processing them for.
When a face-to-face payment is made, there are typically two types of receipt generated. One of these is handed to the customer for their own records (known as the “cardholder copy”), whilst the other is kept by the merchant. Whilst the PAN (e.g. full card number) has to be truncated on the cardholder copy, this isn’t the case with the merchant receipt, where displaying the full PAN isn’t strictly prohibited within the Payment Card Industry Data Security Standard (PCI-DSS). Retention of merchant receipts is very important, as it allows us to respond to copy (retrieval) requests and chargebacks – this ability is vital in situations where a customer has raised an issue, for example:
· The amount shown on a customer’s receipt doesn’t match the transaction amount
· The customer doesn’t recognise the transaction or is claiming the transaction never took place
· The cardholder copy of the receipt is illegible
These receipts are retained in line with financial regulations and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS), employing a model framework and best practices for the security of our card holder data environment that includes annual risk assessments.
If you are one of our suppliers we hold your name, address, e-mail address, contact numbers and your bank account details. These details have been provided by yourselves and are necessary to enable us to fulfil our contractual obligations between our companies. We take privacy seriously and will only use this data to administer your account and use your bank account details to arrange payments for your invoices.
We will never share your personal data with a third party unless required by law or in accordance with your specific instruction.
We have procedures and safeguards designed to prevent unauthorised access to your personal data and loss thereof. Our local backups are onto an encrypted memory stick for storage and transportation should the worst happen and the storage medium is lost. Our online backup system creates a password protected ZIP file which is protected using an AES256 encryption algorithm. This file is sent to our secure data centre for storage. The backup is only accessible with correct credentials and is only accessible from a computer with an authorised IP address. Our cloud-based storage provider is one of the biggest providers of secure IT services in the world. Access to our support team’s servers is only available to a few key personnel and are only access when required for support reasons with our permission.
At the conclusion of our engagement, data will be preserved and retained by us in accordance with legal requirements for as long as we consider that it is either in your or our interests to do so. If you have any queries concerning your personal data, please do not hesitate to ask.