1. General intro
1.1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:
1.1.1. what data we are processing;
1.1.2. why we are processing it and what we do with it;
1.1.3. whether we will share it with anyone else;
1.1.4. whether we will transfer it outside of the European Economic Area ('EEA');
1.1.5. how we keep your data safe; and
1.1.6. your rights.
2. Who we are and our contact details
2.1. Carl Rosner Automobiles Ltd (Company Registration Number: 08493227) is registered at Station Approach, Sanderstead Road, South Croydon CR2 0PL. In this policy we have referred to Carl Rosner Automobiles Ltd as Carl Rosner Motorcycles, we, us or our.
2.2. For any queries concerning your data please contact the team at the above address or by email at email@example.com
3. Your personal data
3.1. The personal data that we hold and how we manage it varies depending on why we are holding it. The reasons that we hold personal data are broadly when you have expressed an interest in our products or services. Under each section heading in 3.2, we have detailed how we manage and process the personal data. When we understand you are purchasing a vehicle, entering a competition, registering for news updates, purchasing parts or clothing, applying for vehicle finance, enquiring about any of our products or services
3.2. What data do we hold about you?
3.2.1. Contact Details: Name, Address, Phone numbers, Email address.
3.2.2. Interests: Information you provide us about your interests. Including the type of vehicles you are interested in.
3.2.4. Sales and Services Information: Relating to purchases and services in which you have expressed an interest or which you have purchased from us, including copies of any complaints and claims you may have sent us.
3.2.5. Credit and Anti-Fraud Information: Which establishes your identity, such as driving licences, passports and utility bills. Information about transactions, requests for credit and non-payment of debts with us and third parties and credit ratings from credit reference agencies. Fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included.
3.2.6. Vehicle Data: Information about the features and current settings of your vehicle (identified by the Vehicle Identification Number).
3.2.7. CCTV: We use CCTV recording on and around our premises in order to: Prevent, deter and detect crime, apprehend and prosecute offenders, and provide evidence to take civil action in the courts, help provide a safer environment for our staff and customers, protect public safety, help to provide improved customer service, for example by enabling staff to see customers requiring assistance, monitor operational and safety related incidents and assist with the verification of any claims made to us.
3.2.8. Call Recording: We may record calls made into our businesses, to assess customer satisfaction, train and develop staff, review call quality and have access to a verbal record of what is said in the event of a subsequent complaint.
3.3. How do we obtain this data?
3.3.1. If you contact us directly via our websites, social media channels, online chat, telephone, in-dealership, via one of the manufacturers we represent or at external events.
3.3.2. If you buy a product of service from us directly.
3.3.3. If you reply to our direct marketing campaigns.
3.3.6. Please help us to keep your information up to date by informing us of any changes to your contact details or preferences. You may change or review your contact details or preferences at any time by notifying us by email or post, our contact details are in section 2.2.
3.4. What do we do with this data?
3.4.1. Customer Support and Marketing - to respond to enquiries and to bring you news and offers. We use your personal data for customer care and for personalised communication of product and service information. In order to ensure that you receive relevant and personalised communications, we will use your data to create an individual customer profile and we may share your personal data between our group of companies and our business partners/suppliers which is outlined below in section 3.6.1 This may include data you have provided, or which is generated via your online trends, for example contact details, preferences, customer history, vehicle history and online behaviour. 3.4.2. Vehicle Sales & Service – to process your sale, configure and service your vehicle. Our dealerships will obtain Contact Details, Vehicle Configuration Details, Vehicle Technical Information and Sales and Services Information when you purchase, service or repair a vehicle from or with them as part of the sale or service and will use it to provide the services you request and notify you of issues in relation to your vehicle. This information may be accessed by our business partners / suppliers to troubleshoot technical or other issues relating to the delivery of these services.
3.4.3. Vehicle Finance – to assess your eligibility for finance and administer its repayment. When you apply for finance we will share your information with one of our commonly used finance suppliers (which generally include: Black Horse, Motonovo Finance, Close Brothers Finance). These finance providers may share the information with Credit Reference and Fraud Prevention Agencies to help them decide whether to offer you finance. Using information about you in this way is necessary for these finance providers to make this decision and if you do not provide it, they may not be able to offer you finance.
3.4.4. Compliance with legal requests for your information – to comply with our legal obligations to law enforcement, regulators and the court service. We may be legally required to provide your information to law enforcement agencies, regulators and courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where we are permitted to do so, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
3.5. What's our lawful basis for the processing of this data?
3.5.1. The use of your information set out above is permitted under EU data protection law on the basis of these principal legal grounds:
3.5.2. where you have consented to the use (you will have been presented with a consent form in relation to any such use and may withdraw your consent at any time by contacting our team
3.5.3. where necessary to enter into or perform our contract with you
3.5.4. where we need to use it to comply with our legal obligations
3.5.5. where we use it to achieve a legitimate interest including promoting the dealerships [and social groups] of Carl Rosner Motorcycles along with the brands we represent including Triumph, and to provide you with news and offers tailored to your profile, and to undertake research and development of vehicle related products and services
3.5.6. where there is a vital interest we may use your information to notify you about safety and product recall notices
3.6. Will we share your data with any third parties?
3.6.1. Your data may be shared with the relevant brand partners including Triumph Motorcycles Ltd. The brand partner shall at that point become a data controller.
3.6.2. If we sell all or part of our business, or are otherwise involved in a merger or business transfer, or in the unlikely event of bankruptcy, we may transfer your personal information to one or more third parties as part of that transaction.
3.6.3. There may be instances where the law requires we disclose your personal information to respond to subpoenas, court orders, or other legal process, to respond to a request of cooperation from a law enforcement or another government agency.
3.6.4. We may transfer your personal information to a third party if we're under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA, Warranty Companies,)
3.6.5. We will never sell, rent lease or give away your personal data to any third party.
3.6.6. We may disclose your personal information to our third party service providers for the purposes of providing you services to us or directly to you on our behalf e.g. Event Management companies, advertising and marketing agencies, lead management providers or administrative service providers
3.7. How long do we keep this data?
3.7.1. We retain your information only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes. If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely. 3.7.2. Use for marketing: We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. You retain the right to remove this consent at any point.
3.7.3. Use to perform a contract: In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus six years to deal with any queries or claims thereafter.
3.7.4. Where claims are contemplated: In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
3.8. Transferring your data outside of the European Economic Area ('EEA')
3.8.1. We will ensure that any of your information that is accessible outside the EEA is handled subject to appropriate safeguards. Certain countries outside the EEA, such as Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required. In countries which have not had such approval, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
4.2. You can find out more about the Cookies we use below:
For more information about Google Analytics and the cookies it sets, please take a look at this breakdown of their cookies.
Session cookies only last for the duration of a user's visit to a website. Session cookies help improve the functionality of website by passing information on from one page to another. For example, if you log in to our website, session cookies are used to keep you logged in. This cookie is deleted when you close your browser.
AddThis is used to give visitors the option to recommend our website content on social networks such as Facebook and Twitter. You will see icons on the top and bottom of each of our web pages.
Where can I find more information about cookies, and how do I turn cookies off or delete cookies?
Find out more about cookies including how to disable/enable and delete them at the following website www.aboutcookies.org.
You can opt-out of receiving cookies from a range of ad servers (including, among others, Doubleclick, Videology, AudienceScience, Flashtalking and Microsoft) by visiting www.youronlinechoices.com and following the instructions provided.
Generally you can't delete Flash cookies (also known as local shared objects) with browser controls, but Adobe's website at www.adobe.com provides information on how to delete or disable Flash cookies. Click here for details. Please note that if you disable Flash cookies, you will not be able to play content on the ITV Player.
If you want to delete cookies from the browser on your mobile phone, you will need to refer to your handset manual.
4.3. You can set your browser not to accept cookies, however some of our website features may not function as a result.
4.4. For more information about cookies generally and how to disable them you can visit: www.allaboutcookies.org.
5. Links to other websites
6. Social Plugins
6.1. We use so-called social plugins (buttons) of social networks such as Facebook, Google+ and Twitter.
6.3. After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
6.4. After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account.
6.5. If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
6.6. We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
7. Data security
7.1. We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
7.2. We use Secure Sockets Layer (SSL) software to protect your online transactions. SSL encrypts the personal information you provide to us before travelling over the internet; however we are unable to guarantee the security of the data transmitted to our website as unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
7.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
8. Your rights
8.1. Your right to access data: We always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a 'subject access request' to us and we will provide you with:
8.1.1. a description of it;
8.1.2. an explanation of why we are holding it;
8.1.3. information about who it could be disclosed to; and
8.1.4. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.
8.1.5. If you would like to make a 'subject access request' please make it in writing to our contact email address noted in section 2 and mark it clearly as 'Subject Access Request'.
8.1.6. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone
8.1.7. Unless you agree a different time, we will complete your subject access request within one month.
8.2. Right to be forgotten: If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.
8.3. Right to restrict data: If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.
8.4. Right to complain: You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.
8.5. Right to stop marketing messages: You always have the right to stop marketing messages and telephone calls. We will usually include an unsubscribe option in any marketing emails and in texts. If you do wish to unsubscribe, please just click the unsubscribe button in the email or send a STOP text to the number indicated and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time. Our contact details are shown in section 2.
9. Policy updates
9.2. This policy was last updated on Thursday 24th May 2018