Privacy & Legal

Donalds Group has made every effort to ensure the accuracy of the information contained in this site.

Whilst every effort is made to produce up to date products and specifications, this site should not be regarded as an infallible guide to our vehicles products and services, nor does it constitute an offer for the sale of any particular vehicle.

To update your marketing preferences please click here.

PRIVACY POLICY - MAY 2018

The Donalds Group Privacy Policy

Please note that if you purchase a vehicle from a manufacturer franchised dealership that is not part of the Donalds Group which consists of:

Donalds Garage Limited
Donalds Garage (Bury St Edmunds) Limited
Donalds Garage (Ipswich) Limited

or give your information to such a dealership, or direct to a manufacturer then you will have a separate relationship with that organisation in respect of the use of your data and you will need to contact the organisation concerned in relation to any request you may have.

About this privacy policy

This privacy policy applies to personal information that we hold about individuals. It does not apply to information we hold about companies and other organisations.

We take the privacy of your personal information very seriously and we will only use your information in accordance with the current data protection law within the UK and what is set out in this privacy policy, as identified below:

What personal data we process about you, the reason we process that personal data, our legal basis for processing that personal data, and how long we will process it for
Who to contact in the event that you have any queries relating to your personal data
Who we may share personal data with
The extent to which we transfer personal data outside the European Economic Area
The extent to which we use personal data to carry out any automated decision making with a legal or similarly significant effect on you as a data subject
What rights you have in relation to your personal data and how to exercise them

This privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR) and should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Name and Address of the data controller

The Data controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

The Donalds Group, 50-64 Burghley Road, Peterborough, PE1 2QD
Phone: 01733 565787

Data Protection Officer

The contact email address for the Data Protection Officer of the controller is:

Email: dataprotection@donalds-group.co.uk

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Your data and how we use it

We may collect and process the personal data as set out in the below table, which covers off the purpose, lawful basis and the time scale.

Type of data

Purpose

Lawful basis for processing

Length of time we keep it

Your name, contact details, your purchase history and records of communication you have had with us

For administrative

purposes if you are a

current or past customer, including to:

· provide or manage a product or service you have asked for

· help us to identify you when you contact us.

Necessity to perform

our contract with you.

Failure to provide such data where we request it may mean we are unable to supply you with the requested product or service.

Seven years from the

date on which we supply goods or

services to you.

If you do not purchase

from us, 12 months from your last

interaction with us.

To carry out credit

checks where you are

purchasing products

on credit terms.

Our legitimate interest

in preventing default.

Seven years from the

date on which we

supply goods or

services to you.

To help us recover

debts due to us from

you.

Our legitimate interest

of recovering money

due to us.

Seven years from the

date on which we

supply goods or

services to you.

To bring or defend

legal claims.

Our legitimate interest

of bringing or

defending legal claims.

Where you purchased

a product regulated by

the FCA, 10 years

from the date you

bought that product.

Otherwise, seven

years from the date

you last dealt with us.

To contact you about

products and services

offered by us, using

one or more of:

· post;

· phone;

· e-mail; or

· SMS,

dependent on the

permissions you have

given us.

Our current products

and services include

but are not limited to:

· vehicle sales

· motor related products and services, including (amongst other things) vehicle aftersales care, finance, leasing, ancillary insurances, vehicle accessories, vehicle emergency service, vehicle warranties and motor insurance

· personal finance products.

Your consent.

Two years from the

date on which you last

gave your consent to

marketing, although

we may retain limited

records to the extent

required to maintain

suppression lists.

Your purchase history.

History about email or

website content you

have previously

engaged with.

Market research,

which may include

customer analysis and

profiling.

To help us improve our content, products and services, which may include profiling.

Our legitimate interest

of researching what content, products and

services is/are popular, and to help us improve our content, products and services.

We only retain market

research in an

anonymised form.

To identify other

products or services

you might be interested in for the

purpose of direct marketing, which may

include profiling.

Consent

Seven years from the

date on which you last gave your consent to marketing, although

we may retain limited records to the

extent required to maintain suppression

lists.

Your IP address, the web site from which you visit us, the web pages you actually

visit and the date and

length of your visit.

To help us secure and

manage the performance of our websites.

Our legitimate interest

of securing and managing the performance of our websites.

This data is only

stored anonymised.

Your name, contact

details, and personal documents enabling

us to prove your identity, which may

include your passport, driving licence, and/or national insurance number.

To help us detect and

prevent fraud.

Our legitimate interest

of preventing loss.

Seven years from the

date on which we supply goods or

services to you.

All relevant documents demonstrating the provenance of any

values of cash you pay

us in excess of £1,000.

This is likely to include your name, contact details, bank details, and key information and documents in respect of your financial status.

To help us detect and prevent money

laundering.

Necessary for us to comply with a legal obligation.

Failure to supply this

information where we request it may result in us being unable to sell you the requested

product or service.

Seven years from the

date on which we

supply goods or services to you.

Where multiple retention periods apply to one category of data, the retention period will be the longest one (although we will stop using that category of data when the retention period for that purpose expires).

With regards to the items with a green background either: (a) you may have the right to object to processing; or (b) you have the right to withdraw your consent. For details on how to exercise either, please see the section below titled "Withdrawing your consent and/or objecting to our processing".

Withdrawing your consent and/or objecting to our processing

Where we originally relied on consent to process your personal data, you will always have the right to withdraw that consent.

Similarly, where we originally relied on our legitimate interests to process your personal data, you always have a right to object to our processing of that personal data. However, we do not have to stop processing that personal data following your objection where we are able to demonstrate either:

we have compelling legitimate grounds to process that personal data which override your interests, rights and freedoms
we require data for the establishment, exercise or defence of legal claims.

Your right to object to legitimate interests processing is however absolute if it relates to processing for marketing purposes.

We highlight where these rights apply in the table of data processing activities above, and below we set out the easiest way to withdraw your consent to, or opt-out from, marketing communications.

If we are not yet processing your personal data (i.e. because this is your first contact with us):

You can opt out of receiving marketing communications from us by ticking the appropriate box on the form which you complete (whether on our website or via a paper form), or by contacting us at any time using the details set out within this document.

If you previously opted-in to marketing or did not opt-out at the time you gave us your details (as the case may be):

You can withdraw your consent or opt-out by clicking the unsubscribe link which we include on all of our electronic marketing communications, or by contacting us at any time using the details set out within this document.

Objecting to non-marketing legitimate interests processing

To object to any of our non-marketing processing based upon our legitimate interests (as highlighted in the processing activities table above), please contact us using the contact details at the top of this policy.

Where we obtain your personal data from

We obtain personal data from the following sources:

you, for instance where you contact us about, or purchase, one of our products or services
ourselves, for instance where we generate data about you (for instance a credit decision based on other personal data, or a data relating to the products or services we think you might be interested in)
our other trading divisions, subsidiaries or parent companies
occasionally from other third parties who may lawfully pass to us information about you, but never for marketing purposes
If you apply for a position with us
If we purchase a business where you work or have purchased a product from.

Persons with whom we may share your data

In general, access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example, our customer service teams and finance teams).

However, we will also share your personal data with the following external third parties in some circumstances:

our other trading divisions, subsidiaries or parent companies
regulators and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable
fraud prevention agencies or other third parties that assist us in preventing fraud or loss
our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending actual or potential claims or complaints
a potential purchaser of one of our businesses;
a third party to whom we transfer our customer agreement with you
third party organisations where you have agreed that we may do so, typically for purchasing a product offered by that third party (e.g. a personal finance product)
organisations that process your data on our behalf which are not allowed to use your data for any other purpose (which include, for instance, marketing agencies or data management firms).

Transfers outside of the European Economic Area

In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same.

We only do that if there is a good reason to do it and where adequate safeguards (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country) are in place.

Your rights (with effect from 25 May 2018)

The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:

You have the right to obtain your personal data from us except in limited circumstances. Where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests.
You have the right to require us to rectify any inaccurate personal data we hold concerning you.
Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise.
You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where you withdraw your consent and there is no other legal ground for the processing).
Where we process personal data either on the basis of consent or contractual necessity, you provided the personal data to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format.
You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, although we do not always have to honour your objection. For more information see the section above titled "Withdrawing your consent and/or objecting to our processing".
You have the right to require us to restrict the processing of your personal data on certain

grounds, including where:

you contest the accuracy of the personal data and want us to restrict processing

of your personal data while we verify its accuracy

the processing is unlawful, but you request a restriction of the processing rather than erasure
- we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims
- you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.

If you would like to exercise any of these rights, please contact us using the details set out at the top of this policy.

What to do if we cannot resolve your issue

Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk).

The Donalds Group internet sites

We try to keep our websites secure. However, you recognise when providing your information to us through our websites, or when you send us or ask us to send you any of your confidential information by e-mail, that the internet and e-mail communications over the internet may not be secure. We cannot be responsible for any loss or unauthorised interception of information transmitted via the internet, which is beyond our control.

Our internet sites may contain links to other websites outside of our group. Our privacy policy only applies to our websites. We are not responsible for the content, privacy or security of other websites. When you visit our web sites, our web server automatically records your IP address, the web site from which you visit us, the web pages you actually visit and the date and length of your visit.

Cookies

Our Internet pages use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.

Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimised with the user in mind. Cookies allow us, as previously mentioned, to recognise our website users. The purpose of this recognition is to make it easier for users to utilise our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system.

You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Force24 Cookies & Tracking

Our organisation utilises Force24’s marketing automation platform.

Force24 cookies are first party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:

• F24_autoID
• F24_personID

They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.

f24_autoId – This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.

f24_personId – This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.

The information stored by Force24 cookies remains anonymous until:

• Our website is visited via clicking from an email or SMS message, sent via the Force24 platform and cookies are accepted on the website.
• A user of the website completes a form containing email address from either our website or our Force24 landing pages.

The Force24 cookies will remain on a device for 10 years unless they are deleted.

Other Tracking

We also use similar technologies including tracking pixels and link tracking to monitor your viewing activities

Device & browser type and open statistics
All emails have a tracking pixel ( a tiny invisible image ) with a query string in the URL. Within the URL we have user details to identify who opened an email for statistical purposes.

Link Tracking
All links within emails and SMS messages sent from the Force24 platform contain a unique tracking reference, this reference help us identify who clicked an email for statistical purposes.

Subscription to our newsletters

On our website and within the dealership, you are given the opportunity to subscribe to our organisation's newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

We will inform our customers and business partners regularly by means of a newsletter about various offers and upcoming events. The newsletter may only be received by the you if (1) you have a valid e-mail address and (2) you register for the newsletter. A confirmation e-mail will be sent to the e-mail address registered by you for legal reasons as part of the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address is authorised to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by you at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary to understand the (possible) misuse of the e-mail address at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

Newsletter-Tracking

The newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, the personal data will be deleted by the controller. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.

COVID-19 Policy:

Our safe working practices policy can be downloaded here

The Legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.