Group Privacy Statement

Last edited          28/02/2020

Privacy Notice

This privacy notice describes how Motus Group (UK) Ltd (“we”, “us”, “our”) collects, stores, and processes personal data of our website users, customers, prospective customers and those making and enquiry (“you”, “your”). We are committed to protecting your privacy and personal data, and are therefore transparent regarding the data we collect, how the data is collected, where the data is stored, and how the data is processed. The following notice details all of the above, setting out our obligations under both the General Data Protection Regulations 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”).

We will always give you the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications, or share your data with anyone else who might. We do not sell your information to third parties, but we do work closely with selected partners who help us to provide you with the information, products and services that you request from us. For example, our manufacture parent who provide documentation relating your vehicle.

The contents of this statement may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we will also contact you directly to notify you of these changes.

What information we may collect from you?

We collect information about you and your vehicle when you engage with our website, applications or manufacture partners who ask us to contact you when you make a request. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.

The information we collect includes some or all of the following:

 

In line with our overall data protection policy we do not collect unauthorised data, we will not allow any recording devices from vehicles to compromise the security of our workshop equipment or any other individual vehicle information. All recording equipment inside a customer vehicle if not turned off, will be switched off by an appropriate member of staff.

 

 

 

 

How the data is collected and how we use this information?

Personal data may come from a combination of any of the following sources:

 

We will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited ‘junk’ email or communications, or share your personal information with anyone else that might.

Information we may generate about you includes

 

Purposes and lawful basis of processing

We use information held about you in a number of ways, including but not limited to:

 

Legal Obligation

We may process your personal information to comply with our legal requirements (for example to register your car with the DVLA).

We will share information upon request with third parties including civil and public authorities in regards to motor related enforcement notices including parking and speeding fines.

Vital Interest

Sometimes we will need to process your personal information to contact you if there is an urgent safety or product recall notice and we need to tell you about it.

How do we share this information?

We will not sell your information to third parties. However, we may from time to time disclose your information to the following categories of companies or organisations to which we pass the responsibility to handle services on our behalf: our manufacturer partners, roadside assistance service providers, licence checking agents and short term insurance providers, customer contact centres, mobility and car hire providers, direct marketing communications agencies and consultants, market research and market analytics service providers, our legal and other professional advisors.

We take steps to ensure that any third party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated none specific data sets where ever possible.

How the data is stored

All personal data provided, collected, generated, or obtained will be stored on our secure systems.

We take appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. Within Motus Group (UK) Ltd, we limit access to your personal data to only those who have a genuine need to access it. Those with access to your personal data will do so only in an authorised manner, and are subject to a duty of confidentiality. All of our staff complete regular data protection training and adhere to our data protection policy. As a company we audit our systems and processes to ensure your data is managed in accordance with data protection legislation.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of electronically transmitted data by you to us. Any transmission therefore remains at your own risk.

How long we keep your personal data

We will not hold your personal information in an identifiable format for any longer than is necessary. If you are a customer or otherwise have a relationship with us we will hold personal information about you for a longer period than if we have obtained your details in connection with a prospective relationship.

We do not retain personal information in an identifiable format for longer than is necessary.

If we have a relationship with you (e.g. you are a customer or the registered driver of a leased or other vehicle purchased from us), we hold your personal information for 6 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend legal claims. Our relationship may end for a number of reasons including where the vehicle warranty or lease expires, or we have been made aware that you no longer own or drive that vehicle.

Where we have obtained your personal information following a request for information, test drive, brochure, quotation or any other information on any of our products or services, we hold your personal information for 1 year and 6 months from the date we collect that information, unless during that period we form a relationship with you e.g. you purchase or lease a vehicle. We will continue to process your data in line with your initial enquiry for 6 months to allow us an opportunity to form a relationship with you. After this your data will remain dormant for 1 year before being removed, unless a relationship is formed within this time.

In addition, so that we are able to continue to comply with GDPR regulations, your data may be held in a cloud based SFTP server, where it will be held for a maximum of 30 days before being removed.

The only exceptions to the periods mentioned above are where:

 

 

Supplier and Consultant Data

When you enter a relationship with us as a supplier or consultant we will hold onto your data for the length of our relationship. When our relationship ends we will only hold onto your data long enough to fulfil any contractual or legal obligations.

Cookies
We use cookies to record the preferences of visitors, to enable us to optimise the design of our web site. Cookies are small files which are stored on your hard drive. They ease navigation, and increase the user-friendliness of a web site. Cookies also help us to identify the most popular sections of our web site. This enables us to provide content that is more accurately suited to your needs, and in so doing improve our service. Cookies can be used to determine whether there has been any contact between us and your computer in the past. Only the cookie on your computer is identified.

Most browsers automatically accept cookies. You can prevent cookies from being stored on your hard drive by setting your browser to not accept cookies. The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your hard drive at any time. If you choose not to accept cookies, you can still visit our website, however this may result in a reduced availability of the services provided by our web site.

Analytics Cookies

These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site, using a service provided by Google Analytics.

Third Party Cookies

We may use a number of social media tools to enhance visitor interaction on our site. If you already use these platforms their cookies may be set through our website. Data may then be collected by these companies that enables them to serve up adverts on other sites that they think are relevant to your interests. If you do not use such platforms, then our site will not place these cookies on your device.

Functional (or ‘Necessary’) Cookies

These cookies are used to enable core site functionality. They do not contain any personal information and are automatically deleted when you close your browser.

 

Rights of Access, Correction, and Erasure

Under the GDPR, you have a number of important rights, including the right to access the personal data we hold about you, and to request corrections or partial/full erasure.

In order to correct any inaccuracies in your personal data held by Motus Group (UK) Ltd, you must make an explicit request to us, clearly indicating which information is in need of amendment, along with the correct information to take its place. We will act on personal data correction requests within 5 working days of receipt, and send a confirmation email to you upon resolution of the issue/s.

In order to request partial or full erasure of your personal data, you must make an explicit request to us. In the event you desire a partial erasure, you must clearly indicate which data points you would like to be erased. If you do not clearly indicate which data points you would like to have erased in a partial erasure, we reserve the right to delete all personal data we hold about/on you. Motus Group (UK) Ltd reserves the right to escalate any partial erasure request into a full erasure at our discretion; you will be notified of this outcome via email immediately before the erasure if we opt for the escalation. In the event you desire a full erasure, you must clearly indicate this in your request. We will act on partial and full erasure requests within 21 working days of receipt, however, no confirmation email will be sent following the completion of the request.

Please note that your right to have your personal data erased is not an absolute right, and we reserve the right to refuse such a request, where there is an appropriate legal justification for doing so. For example, we must retain courtesy car driver data for a period of twelve months. You will be notified accordingly in the event we are unable to process your data erasure request.

Your rights under the GDPR are:

 

If, at any point, you would like to make a request for access, correction, or erasure of your personal data we hold, you should email at data@motusuk.com  providing enough information for us to be able to identify you in our system and carry out your request.

We value your privacy, and as such we implement a clear desk policy, all workstation screens are locked and any information is stored away in a secure environment.

You can exercise the above rights and/or manage your information by contacting us using the details below:

Post:      Database Team, Motus Group (UK) Ltd, Oakingham House, Ground Floor, West Wing, London Rd, Loudwater, High Wycombe, HP11 1JU

If you have any specific data protection concerns or a complaint, you can address it to our Data Protection Team at data@motusuk.com, or at the above postal address.

 

 

 

How to Complain

We hope that we can resolve any query or concern you raise about our use of your personal data, however, if you are not satisfied with our processes or approach, the GDPR gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or on 0303 123 1113.

Motus Group (UK) Ltd’s Data Protection Registration number with the ICO is Z6033829.

 

By Post

Information Commissioner's Office

Wycliffe House

Water Lane Wilmslow

Cheshire SK9 5AF

 

Contacting Motus Group (UK) Ltd

If you have any questions, queries, or issues relating to our policies and processes, or how they relate to our adherence to both the GDPR and DPA, then please contact:

The Database Team, Motus Group (UK) Ltd, Oakingham House, Ground Floor, West Wing, London Rd, Loudwater, High Wycombe, HP11 1JU

data@motusuk.com