Queensmead Auto Services Ltd

PRIVACY NOTICE

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Data Controller:

Queensmead Auto Services Ltd collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as Data Controller of that personal information for the purposes of those laws. Queensmead has appointed Claire Hayward Doyle as the data privacy manager. We can be contacted concerning data protection matters at claireh@maq1.com

Who we collect information about:

In order to deal with your affairs, we may store and process information comprising personal data. This personal data will concern you as our client, supplier and where applicable you as an individual. Where you are not an individual, this personal data may concern your representatives e.g. your employees/journalist/clients who we deal with.

What information we collect, how we obtain it and how we store it:

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). In the course of dealing with you we will collect the following information when you give it to us:

• Name, email address, address and telephone numbers
• Financial information where we are required to prepare documents such as invoices
• If we need to verify your identity, we may request sight of your passport or driving licence. This will be used for identity verification purposes only

You may give us the information above by filling in forms or by corresponding with us by post, phone, email, website or otherwise. This includes personal data you provide when you make an enquiry, use our services, request marketing or information to be sent to you or give us feedback. We may also collect data about you (name/contact details/role) via third parties or publicly available sources such as trade/publications, the internet, contacts in the field, press releases, and company websites.
We do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

The personal data will be entered into our database software and, where appropriate, within written records held concerning your affairs. Data will also be held in communication systems and software. 


Why we process personal data and the legal basis for doing so:

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in circumstances such as:
• Where we need to perform the contract we are about to enter in to or have entered in to with you
• Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation

Where we process your personal data, it is under the legal basis that it is necessary for the performance of our contract with you e.g. the delivery/collection of a vehicle and the associated logistical/financial/management administration of the arrangement.

We also have a legitimate interest to use the information we hold about you to contact you, from time to time, to advise you of information such as developments in our company set up and services, law and regulations or other news, feedback/performance surveys. You have the right to object to direct mailing in this way and can unsubscribe at any time.

Who has access to this data and the third parties we share it with:

The personal data will be entered into our database and/or written records and the details will then be accessible by our staff. Queensmead’s database and Outlook account maintains a record of all categories of processing activities. Data is transmitted to company logistical staff and third parties to enable delivery/collection of the Clients’ vehicles and the general fulfilment of the contract/arrangement. In addition, there is a hard copy kept of all communication received from you.

We may also pass your personal information to:

• Queensmead approved suppliers (operating under a written contract) and any necessary legal authorities
• Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services
• HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances: and
• Third parties to whom we may choose to sell, lease transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice

We require all third parties to respect the security of our personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

International transfers:

Microsoft is our current cloud provider, hosted in the UK. Our servers are also UK based. Should it become necessary to transfer personal data outside of the European Economic Area, we will not do this without the explicit informed consent of the individual involved.

How we keep the data secure:

We take the security of personal data seriously. We have internal policies and controls in place to try to ensure that such data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised personnel. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

To minimise the potential for a breach, Queensmead has put appropriate security controls in place, such as:
• A robust internal shredding policy to include outsourcing to a reputable company (certificate provided)
• Password protected computers/database and phone/tablets
• The office is locked out of hours and if it were to be left unattended


Data Breach:


In the event of a data breach, Queensmead has a comprehensive policy in place to manage its detection, investigation, reporting and management. An internal breach register is in place to demonstrate the handling of a breach and effectiveness of the implemented security measures regarding the handling of a data breach. Queensmead will notify you and any regulator on becoming aware of a personal data breach or suspected breach where we are legally required to do so.
How long we store the data:
Queensmead will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Whilst we act for you, we will retain the data we have collected within our systems.
Should we cease acting for you, we will retain data for up to seven years after we cease to act in order to be able to deal with any queries or issues that arise during that period concerning our previous work.

This is subject to any specific alternative agreement concerning data retention that we have with you. 


The rights of a data subject:

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
• access and obtain a copy of your data on request
• request correction of the personal data that we hold about you
• request us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
• object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing
• request restriction of processing of your personal data
• request the transfer of your personal data to you or to a third party: and
• withdraw consent at any time where we are relying on consent to process your personal data

If you wish to exercise any of the rights set out above, please contact us at claireh@maq1.com

If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner’s Office at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Where you do not provide us with the personal data:

An individual is not obliged to provide personal data to us. However, it is possible that we will be unable properly to perform the services we are engaged to provide without this information.

Automated decision-making:

Queensmead does not process personal data based on automated decision-making.

Your responsibilities:

By engaging us to provide services, you are accepting responsibility for bringing the information in this notice to the attention of any individual whose personal data may be stored, processed, supplied and published in the manner set out in this notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

May 2020