Data Protection Policy
First Vehicle Leasing is committed to compliance under GDPR law, this includes building GDPR into current and future contractual commitments.
Data Protection Principles
The Company is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
a) Processed lawfully, fairly and in a transparent manner in relation to individuals
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
If you feel your data is not being handled correctly, you can complain to the information commissioner’s office.
Their details, should you need them, are:
Information Commissioner’s Office
Tel: 0303 123 1113
a) This policy applies to all personal data processed by the Company.
b) The Responsible Person shall take responsibility for the Company’s ongoing compliance with this policy.
c) This policy shall be reviewed at least annually or where there is a significant change to process
d) The Company shall register with the Information Commissioner’s Office as an organisation that processes personal data.
Lawful, fair and transparent processing
a) Processes shall be reviewed at least annually or where there has been a significant change to process
b) Individuals have the right to access their personal data, and any such requests made to the Company shall be dealt with in a timely manner compliant with GDPR requirements.
a) All data processed by the company must be done on one of the following lawful bases: consent, contract, legal obligation, or legitimate interests (see ICO guidance for more information).
b) Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
c) Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Company’s systems.
The Company shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
a) The Company shall take reasonable steps to ensure personal data is accurate.
b) Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving & removal
a) To ensure that personal data is kept for no longer than necessary, the Company shall put in place an archiving policy for each area in which personal data is processed and review this process annually or when there has been a significant change to the process
b) The archiving policy shall consider what data should/must be retained, for how long, and why.
a) The Company shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
b) Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
c) When personal data is deleted this should be done safely such that the data is irrecoverable.
d) Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the organisation shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO in accordance with GDPR requirements (i.e. within 72 hours of identification of the incident to the ICO and without unreasonable delay to the affected data subject(s)) (more information on the ICO website).
CANCELLATION OF CONSENT
You have the right to withdraw your consent at any time. On receipt of your request we are obliged to delete the data, this is of course subject to us no longer needing the data to complete any obligations we have to you. You will receive notification from us once relevant action has taken place.
Please notify us by your preferred method:
Telephone: 0330 822 4510
Email: [email protected]
Post: First Vehicle Leasing, Enterprise House, Drumpellier Business Park, Glasgow Road, Coatbridge, ML5 1EL
SUBJECT ACCESS REQUEST
You have the right to access and receive a copy of the personal data we hold about you. This is referred to as a Subject Access Request or SAR. You can make a SAR either verbally or in writing and we have one month in which to oblige. If for any reason your request is complicated, we may require additional time, but you will be notified within the original timeframe.
Company: First Vehicle Leasing
GDPR: General Data Protection Regulation
Responsible Person: Duncan Paterson
Information about you
Personal Information is something that identifies you as an individual, such as: Your Name, Postal Address, Telephone Number, Email Address, Credit / Debit Card details.
Non- identifying information may also be held, for data analysis and marketing purposes.
We may receive information about you if you:
· Contact us directly, by telephone, email or via our website – by applying for one of our products or services.
· From our associated third parties, who you have given your consent to, for example, Finance companies, Dealership groups, and occasionally other brokers.
· If your details are passed to us by your friends or family.
What do we do with your information?
The information we receive from you directly, and from third parties may be used for a variety of reasons, including but not limited to:
· Responding to enquiries
· Providing you with relevant products and services, and any improvements thereof.
· Notifying you of important information or changes
· Information relevant to your agreement or proposed agreement.
· To help detect and prevent fraud and money laundering.
· Analysis and customer profiling.
Please note we will only retain your information for the necessary length of time required to manage your account correctly, and provide you the best possible customer service.
Sharing your information
· Updating our records
· Completing a transaction on your behalf
· Managing our relationship
· Data Analysis
· As we deem to be necessary (a) to ensure compliance with legal processing, (b) to enforce our terms and conditions, (c) to protect our rights, and that of any associated third party companies, (d) under any applicable law.
Credit reference agencies hold information on companies and private individuals. This information is used to monitor your credit, and produces a credit score. Credit scoring is used, in part, by finance companies to determine your ability to borrow money. By using this credit scoring facility it enables the finance companies to ensure they are lending responsibly.
Yes, we do record our calls
Our calls are recorded for training and monitoring purposes. We may use the calls for legal and regulatory reasons, Fraud prevention and detection, and in the event that we needed to resolve a query or complaint.
If you decide to email either ourselves, or one of our associate third parties, please remember that emails sent may not be completely secure. We would recommend that you keep personal information on the email to a minimum. If you have any concerns we recommend you contact the relevant company by telephone.
Your rights as a Data Subject
You have the following rights in relation to your personal information which you can exercise by writing to:
First Vehicle Leasing, Enterprise House, Drumpelier Business Park, Glasgow Road, Coatbridge, ML5 1EL
First Vehicle Leasing, 5 Verity Court, Pochin Way, Middlewich, Cheshire, CW10 0GW
- Right to request access to your personal information and information relating to our use and processing of your personal information;
- Right to request that we restrict our use of your personal information;
- Right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller;
- Right to object to the processing of your personal information for certain purposes such as direct marketing and profiling;
- Right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected. Deletion may be limited, as we may require certain information to control your account until its completion, when your vehicle is returned to the finance company.
- Right to withdraw your consent to the use of your personal information where the processing of your data is based on consent.
We will not make any decision about you using automated means only, and will notify you in writing if this position changes.
Personalise the information you receive.
We may use the information you provide to contact you with news regarding our products, services and new developments. We may contact you by telephone, post, email and SMS. You can opt out of receiving our marketing communications by any of the above mentioned means.
The Internet and cookies
We do our best to keep our website secure, however you recognise when you provide information to us through the internet, or when you send us, or ask us to send you confidential information by email, that the internet and email communications may not be secure. Tilsun Vehicle Contracts Ltd cannot be held responsible for loss or unauthorised interception of your information when transmitted via the internet. Unfortunately this is beyond our control.
When you visit our website, our server automatically records your IP address, the website from which you visit us, and the websites you have visited. We may use this information for data analysis.
A cookie is a piece of information that a website transfers to a cookie file in the browser on your computer. This is so the website can remember who you are. Typically a cookie contains the name of the domain from which the cookies has come from, the life of the cookie, a value and a random generated number unique to you.
You can accept or decline cookies by modifying your browsers settings. However you may not be able to use all of the interactive features within a website if your cookies are disabled.