This privacy notice lets you know what happens to any personal data given to us, or that we may collect from or about any individual.
Who are ‘we’?
In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’ it applies to Community Motors CIC, at Unit 22 Red Lion Business Centre, Red Lion Road, Surbiton KT6 7QD. We are a data controller of your personal data and are registered as such with the Information Commissioner’s Office (ico.org.uk), with whom our registration number is ZA324593.
Who is ‘you’?
We may process data about the following categories of individuals (though one person may of course fall into more than one category):
- Customers (including enquiries) for our vehicle maintenance, testing and repair services
- Visitors to our site or parking areas
- Trainees (including enquiries and work experience candidates), who participate in our vocational training activities
- Employees (including apprentices and recruitment candidates), who we do employ or have employed or have applied to do so or have volunteered to work with us.
Some of the following sections only apply to these latter two categories; these are highlighted where appropriate.
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.
What kinds of personal information about someone do we process?
Personal information that we process in connection with all of our products and services includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Records of your contact with us such as if you get in touch with us online or via email
- Products and services you have used or are using from us, or have enquired about, including invoice and payment information for such products or services
- Vehicle information, such as make and model, faults, repairs and repair costs, and in particular MOT and maintenance (e.g. service and timing belt) due dates
- Newsletters and other communications provided to you, including a history of those communications, and in some cases whether you open them or click on links within them
- CCTV and still visual images of employees and visitors to our site or our parking areas
- Technical information about your access to our website and other systems, including your Internet Protocol (IP) address, browser type, version and location
- (Trainees only) Training history, including activities undertaken, work completed, achievements and internal and external moderation comments on your work
- (Employees only) Employment and financial information, including details of your bank account, driving licence, DBS check data, NI number, payroll history, etc.
- (Employees and Trainees only) Personal and demographic information, including in particular physical and mental health sensitive information about you (known as "special categories of data") which might include, for example, details about your racial or ethnic origin, or data relating to your health
What is the source of your personal information?
We primarily collect personal information from you directly. On the rare occasions when we might need to gather data from external sources in order to provide some service to you, we will seek your explicit permission to do so beforehand.
What do we use your personal data for?
We use your personal data for the following purposes:
- Managing and provide the products or services you have with us, including sending estimates, invoices, vehicle health checks and other communications to you
- To provide a reminder to you for due or upcoming test or service items on your vehicle (e.g. MOTs)
- Updating your records with us
- Where you have specifically asked to do so, to send you direct marketing communications about our activities and services
- To manage, improve, account for or audit the operation of our business
- For market research and analysis and developing statistics
- For the safety and security of our employees and trainees and the prevention and detection of crime
- (Trainees only) Subject to your explicit approval, for inclusion in marketing materials
- (Employees only) To allow us to manage your employment with us
- To follow guidance and best practice under rules of governmental and regulatory bodies and to comply with our regulatory obligations
What are the legal grounds for our use of your personal information?
We rely on the following legal bases to use your personal data:
Where it is needed to provide you with our products or services, such as:
- Managing products and services you hold with us
- Informing you of relevant upcoming testing or service items
- Updating your records
With your consent or explicit consent (or for Trainees, potentially the consent of their parent or legal guardian) such as:
- Sending direct marketing communications
- Making use of your image or limited information about you or your quotations in promotional material
Where it is in our legitimate interests to do so, such as:
- Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
- For management, accounting and audit of our business operations
- To follow guidance and recommended best practice of government and regulatory bodies
- For market research and analysis and developing statistics
To comply with our legal obligations, such as:
- Reporting and paying VAT to HMRC
For a public interest, such as:
- Processing of your special categories of personal data such as about your health, criminal records information, or if you are a vulnerable trainee or employee
Do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed above:
- (Trainees only) Training partners (for example accrediting institutions or referring bodies) who are a part of providing your services or operating our business
- Governmental and regulatory bodies such as DVSA, HMRC and the Information Commissioner’s Office
- Other organisations and businesses who provide services to us such as computer server hosting or backup providers, software and maintenance providers, data storage providers and suppliers of other back office functions
Is your personal information transferred outside the UK or the EEA?
What should you do if your personal information changes?
You should tell us so that we can update our records by phone or email. We’ll then update your records if we can.
Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations;
- For as long as we provide goods and/or services to you and then for as long as you or some other body with a legitimate reason might request information from us about these; and/or
- Retention periods in line with legal and regulatory requirements or guidance. For example, we are required to keep billing information for at least 7 years for HMRC purposes.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they apply or not:
The right to be informed about the processing of your personal information
- This Privacy Statement fulfils our obligation to tell you about the ways in which we use your information.
The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- If any of the information that we hold about you is inaccurate, you can contact us (as described below). Any corrections that you request will be made as soon as possible, and certainly no later than 30 days following your notification.
The right to object to processing of your personal information
- You have the right to object to:
- the continued use of your data for any purpose for which consent is the lawful basis of processing (i.e. you have the right to withdraw your consent at any time). This is primarily any marketing communications sent to you by email.
- the continued use of your data for any purpose for which the lawful basis of processing is that it has been deemed legitimate.
- For the ‘consent to marketing communications’, you can exercise your objection by unsubscribing or updating your preferences using the link included in all such emails, or alternatively, and in all other circumstances, you can contact us (as described below) to make your objection known.
The right to restrict processing of your personal information
- If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact us as described below.
The right to have your personal information erased (the “right to be forgotten”)
- You can ask that we erase all personal information that we hold about you. Where it is appropriate to and we are able to comply while meeting our our other ongoing responsibilities (e.g. to HMRC), your request will be fully actioned within 30 days. For further information, please contact us as described below.
The right to request access to your personal information and to obtain information about how we process it
- You have the right to ask us, in writing, for a copy of any personal data that we hold about you. This is known as a "Subject Access Request". Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request. To make a Subject Access Request, please contact us as described below.
The right to move, copy or transfer your personal information (“data portability”)
- If you would like us to move, copy or transfer the data that we hold about you to another organisation, please contact us as described below. Please be advised that this only applies to certain data which has been submitted by you electronically for specific purposes only.
Further, if you are unhappy with our actions or this policy, you have the right to complain to the Information Commissioner’s Office which enforces data protection laws. You may contact them at https://ico.org.uk/
What are your ‘marketing preferences’ and what do they mean?
We may use your home address, phone numbers and email address to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below.
Note on Website Cookies
(This section of this policy only applies to visitors to our website).
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use Google Analytics, social media plugins and session ID cookies to help us:
- Make our website work as you’d expect
- Remember your settings during and between visits
- Improve the speed/security of the site
- Allow you to share pages with social networks like Facebook and Twitter
- Continuously improve our website for you.
- Collect any personally identifiable information (without your express permission)
- Pass data to advertising networks
- Pass data to third parties.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.
If you have any questions about this privacy notice, or if you wish to exercise any of your rights, you can contact us by email at or by phone on 0203 177 0070.