Gravells Renault Kidwelly
Gravells Dacia Kidwelly
Gravells Kia Kidwelly
Gravells Kia Narberth
Gravells Kia Bridgend
Gravells Kia Abergavenny
Gravells Kia Swansea
WHY THIS POLICY EXISTS
This policy ensures Gravells Ltd:
- Complies with data protection law and follows good practice
- Protects the rights of staff, customers and partners
- Is open about how it stores and processes individuals data
- Protects itself from the risks of a data breach
DATA PROTECTION LAW
The Data Protection Act 1998 (DPA), PECR and GDPR describe how organisations – including Gravells Limited – must collect, handle, process and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
GDPR is underpinned by eight important principals. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than is necessary
- Processed in accordance with the rights of the data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area, unless that country or territory also ensures an adequate level of protection.
PEOPLE, RISKS AND RESPONSIBILITIES POLICY SCOPE
This Policy applies to:
- The head office of Gravells Limited
- All branches of Gravells Limited
- All staff and volunteers of Gravells Limited
- All contractors, suppliers and other people working on behalf of Gravells Limited. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the DPA and GDPR. This can include:
- Names of Individuals
- Postal addresses
- Email Addresses
- Telephone numbers
- …plus any other information relating to individuals
DATA PROTECTION RISKS
This policy helps to protect Gravells Limited from data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
- Reputation damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
Everyone who works for or with Gravells Limited has responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. However, these people have key areas of responsibility:
- The Managing Director is ultimately responsible for ensuring that Gravells Limited meets its legal obligations.
- The Data Protection Officer, Charlotte Gravell, is responsible for:
Keeping the MD updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies, in line with an agreed schedule.
Arranging data protection training and advise for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data Gravells Limited holds about them. (Also called ‘subject access requests’).
Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
Ensuring all systems, services, and equipment used for storing data meet acceptable security standards.
Performing regular checks and scans to ensure security hardware and software is functioning properly.
Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.
- The Marketing Manager, Charlotte Gravell, is responsible for:
Approving any data protection statements attached to communications such as emails and letters.
Addressing any data protection queries from journalists or media outlets like newspapers.
Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the Data Protection Officer or data controller. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
- When not required, the paper or files should be kept in a locked drawer or filing cabinet.
- Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
- Data printouts should be shredded and disposed of securely when no longer required. When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
- Data should be Protected by strong passwords that are changed regularly and never shared between employees.
- If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
- Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service.
- Servers containing personal data should be sited in a secure location, away from general office space.
- Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures
- Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
- All servers and computers containing data should be protected by approved security software and a firewall.
We may take personal information from:
- Information that you provide to us when registering interest with our website (including your email address) and will contact you in relation only to handle your query;
- Information that you provide to us when updating your contact details (web form, email, phone call, letter);
- Information relating to any purchases you make of our goods or services (including your address, telephone number and payment details)
- Information gained using a CCTV system to monitor and collect visual images for the purposes of security and the prevention and detection of crime.
Personal data we receive will be used for the purposes it was provided, including:
- To respond to queries from you regarding the possible purchase of goods or services;
- To carry out our obligations arising from any contracts entered into between you and us including purchase of vehicles and provision of services, and to respond to queries from you regarding those contracts;
- To manage and administer the relationships between you and us (or one or more of the members of Gravells Ltd);
- To notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;
- To obtain feedback from you regarding us;
- To provide you with reminders regarding your vehicle including, for example, when your vehicle is due to have a service or MOT undertaken.
In line with PECR Legitimate Interest guidelines, we may also use your personal information to provide you with information about vehicles, services, promotions and invitations that may be of interest to you but only if you have purchased from us before (details of customers who only make inquiries are not kept and used for marketing purposes). You can change whether to receive this information. If you would prefer to opt-out of marketing communications, you can do so by going onto our 'UPDATE YOUR DETAILS' page and ticking the opt-out boxes at the bottom of the page. Please state if you would like to stop phone, email, post (including MOT reminders) and /or texts. If you would like to change any of your contact details please do so on our 'UPDATE YOUR DETAILS' page.
Your personal information may also be used by us, our employees, contractors or agents, and disclosed to third parties, in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you (including agreements between you and us (or one or more Gravells entity), or to protect our rights, property or safety or those of our customers, employees or other third parties.
- We may disclose your personal information to any of our staff, agents, suppliers or subcontractors where it would be reasonable to do so.
- We may disclose your personal information to any member of our group of companies where it would be reasonable to do so.
- We may be legally obliged to disclose your personal information to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information].
Selected 3rd parties include Kia UK, Renault UK, Dacia UK, Motability (motability scheme), Codeweavers (finance proposals), VGF Print (Renault and Dacia marketing fulfillment), Kia Finance (Hyundai Capital), Renault Finance, Black Horse Finance, Blue Finance, Motonovo, Auto Union Finance, ALD (Kia Contract Hire), Sinclears Leasing, ARVAL (Renault Contract Hire), Tawk To (website Live Chat service), Close it (online telephone, messaging diary service), IHS Mark IT (Renault maintenance, MOT and service reminders), Bamboo (service bookings), Vital Software (Kia maintenance, MOT and service reminders), Cymphony (overflow telephone system), CDK Glabal (customer and accounts management system) and other carefully selected partners we work with. We will not sell your personal information to any third parties.
DISCLOSING DATA FOR OTHERS
In certain circumstances, the DPA and GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Gravells Limited will disclose requested data. However, the Data Protection Officer will ensure the request is legitimate, seeking assistance from the Managing Director and from the company’s legal advisors where necessary.
The law requires Gravells Limited to take reasonable steps to ensure data is kept accurate and up to date. The more important it is that the personal data is accurate, the greater the effort Gravells Limited should put into ensuring its accuracy. It is the responsibility of all employees who work with data to ensure it is kept as accurate and up to date as possible.
- Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
- Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
- Gravells Limited will make it easy for data subjects to update the information we hold about them. For instance, via the ‘Update your information’ section on the company website.
- Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
SUBJECT ACCESS REQUESTS
You may instruct us to provide you with any personal information we hold about you, via a Subject Access Request (SAR)
- Upon receipt of such a request we will, after confirming identity, provide all relevant data we may hold to you in the most practical format unless otherwise stipulated and reasonably possible.
- We may withhold personal information that you request to the extent permitted by law.
- If you instruct us to no longer process your personal data we will do so as quickly as possible.
- If you instruct us to destroy any/all of your personal data we may hold we will do so as quickly as possible.
- If you instruct us to cease all processing for marketing purposes we will do so as quickly as possible. Subject Access Requests will be prepared by the Data Protection Officer within 30 days, free of charge to the customer.
If you have a complaint about the way your personal data has been collected, stored, used, disclosed or shared by Gravells this can be addressed in the following ways:
Email - please write to firstname.lastname@example.org
Post - please address to Charlotte Gravell, Gravells, Pembrey Road, Kidwelly SA17 4TF
Telephone - please call 01554 890436 between 9am and 2pm Monday to Friday.
How we will handle your complaint
We will ensure you are treated fairly and promptly. In the first instance, we will acknowledge your complaint within 5 working days. We will investigate the issues you have raised and aim to provide a response to you within a further 10 working days. We may need to contact you within this time to verify your identity in order to meet our requirements under the GDPR.
What to do if you are still unhappy
If you are unhappy with our response, you have the right to refer the matter to the Information Commissioner’s Office who will investigate your complaint and provide an independent ruling. They can be contacted by email on email@example.com or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
We are registered as a data controller with the Information Commissioner's Office (ICO) and our registration number is: Z8146842
WEBSITE LEGAL INFORMATION
Gravells has made every effort to ensure the accuracy of the information contained in this site.
Whilst every effort is made to produce up to date products and specifications, this site should not be regarded as an infallible guide to our vehicles products and services, nor does it constitute an offer for the sale of any particular vehicle.
All rights, including copyright and database right, in the website and its contents, are owned by or licensed to Gravells, or otherwise used by Gravells as permitted by applicable law or the copyright holder. You may not copy, reproduce, republish, download, post, broadcast or transmit any text, images, graphic, logo, button, icon, image and their selection and arrangement thereof, and any underlying source code and software, for any commercial or public purpose without prior written permission from Gravells or the copyright holder.
You may not adapt, alter or create any of the material or information in this site or use it for any other purpose other than for your personal non-commercial use. You agree to use this site only for lawful purposes.
Gravells reserves the right to use for its own purposes any material submitted to the site, including text and images, either on the site or in any other form, including for publicity purposes. Gravells reserves the right to monitor submissions to the site and to edit or reject any submissions.
We try to ensure that information on our site is accurate, complete and up-to-date. In using this site, however, you agree to be bound by the Terms & Conditions, which take effect on the date when you first use the site.
Without prejudice to your statutory rights, the site and all information, text, names, images, pictures, logos, links and icons and other materials (without limitation) are provided 'AS IS' and on an 'IS AVAILABLE' basis without representation warranty or endorsement, express or implied. In particular, we do not warrant or represent the accuracy or completeness of information provided on this site nor do we guarantee that use of this site will be uninterrupted or error-free, or that the site and its servers are free of computer viruses or bugs.
In no event will Gravells be liable to any person for any damage or loss that may arise from the use of any information contained in our site or products displayed on our site, including, without limitation, indirect or consequential damages, or any damages whatsoever arising from use or loss of use, data, or profits, whether in action of contract, negligence or other tortious action, arising out of or in connection with the use of the site.
Notwithstanding anything else in these Terms & Conditions, we will not be liable for claims relating to the functionality or availability of this site.
All names, images, logos identifying Gravells are proprietary marks of Gravells. All third party brand, product, service and company names contained on this site are the trademarks, service marks and trade names of their respective holders. Gravells does not give permission for their use by any person other than the holders. Any such use may constitute an infringement of the holders' rights.
Gravells does not represent, warrant, endorse or hold esponsibility over any external sites that may be linked to and from this site. Any external site that you visit by clicking through a link on this site is outside the control of Gravells and you visit entirely at your own risk.
The software downloads from this site have been thoroughly scanned and tested at all stages of production, but - as with all new software - we still recommend that you run a virus checker before use. We also recommend that you have an up-to-date backup of your hard disk before using the software. Gravells cannot accept responsibility for any disruption, damage and/or loss of data on your data or computer system that may occur while using the software. Consult your network administrator before installing any software on a networked computer.
Aggregated Site Usage Statistics
Cookies may be placed on your computer, phone or other Internet device to provide us with aggregated data of the usage of this site and the mediums which are driving traffic to the site. The data gathered by these is aggregated and therefore your individual usage of this site cannot be attributed to you.
Essential Site Features
Cookies may be placed upon your computer, phone or other Internet device in order to provide essential site features such as allowing you to compare different cars in stock and complete enquiry forms quickly.
Complimentary Site Features
Managing your cookies
To find out how to allow, block, delete and manage cookies, follow the link below and select the browser you are using. You can also read your browser's built-in or online help for more information. For more information about deleting and controlling cookies, please visit. www.aboutcookies.org
Social networking websites
Social networking websites may place cookies on your computer. Social bookmarks are a way of saving links to web pages that interest you, and sharing those links with other people. You should read their respective privacy policies carefully to find out what happens to any data that these services collect when you use them.
These Terms & Conditions shall be governed by and construed in accordance with the laws of England and Wales. Disputes arising here shall be exclusively subject to the jurisdiction of the courts of England and Wales.
Gravells reserves the right to change any of its terms and conditions at any time by posting changes online.
If you do not accept these Terms in full, you must stop using this website immediately.