DATA PRIVACY NOTICE

This privacy policy sets out how Peter Norris (Clapham) Ltd collects, uses and protects the information you give us.  This policy applies to the processing of personal data in manual and electronic records kept by us.  We fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).

Peter Norris (Clapham) Ltd may update this policy from time to time, for example to reflect emerging best practice or new legal requirements.  Please visit this page regularly to view our current policy to ensure that you are happy with any changes. This policy is effective from 25th May 2018.

Data controller

Peter Norris (Clapham) Ltd is the Data Controller for any personal data that you supply to us, for example to request a quote, or engage our services.  As our client you are our data subject.  We take your privacy seriously and will only use your personal information in the administration of the services you require.  You are encouraged to read this policy carefully and contact us if you have any questions.

Our address is     Peter Norris (Clapham) Ltd,         Unit 1 Ellerslie Sq. Industrial Estate,         11 Lyham Road,         Clapham,         London,         SW2 5DZ

Telephone    020 7733 6520
Email        info@peternorris.co.uk

Security

We are committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.  

What information we collect and how we collect it

We may collect the following information:

•    title and name
•    other information including address, telephone number, email address and IP address
•    vehicle make, model and registration number
•    other information relevant to the vehicle such as mileage, MOT renewal date, service and repair history  

Most of the information we hold is given to us directly by you when you contact us in person or through our website to request our services, however in some situations, we may update your data through other agencies; for example to check that we have a valid postal address, or to check your MOT expiry date. 

If you use a credit or debit card to make a payment to us, your card details are processed through our payment-processing partner, Barclaycard, as part of the payment process. We do this in accordance with the Payment Card Industry Security Standards.
Our legal basis for handling your personal data

GDPR and the UK’s data protection laws allow us to use your personal data provided we have a lawful basis to do so.  This includes sharing it in certain circumstances, as described below.

We consider we have the following reasons (legal bases) to use your personal data:

•    Your consent – GDPR Article 6 (1)(a): we may use your personal data when you consent to it.  You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out below.  
•    Performance of a Contract – GDPR Article 6 (1)(b): we may use your personal data in the performance of a contract to which you are a party or in order to take steps prior to entering a contract at your request. 
•    Legal obligation – GDPR Article 6 (1)(c): we many use your personal data where it is necessary for compliance with a legal obligation to which we, as data controller are subject.
•    Legitimate interests – GDPR Article 6 (1)(f): these are our business and commercial reasons for using your data, which we have balanced against your interests.  We have certain legitimate interests in using your personal data which are not outweighed by your interests, fundamental rights or freedoms. These legitimate interests are to conduct business and help further develop our services, prevent and detect financial crime and to assist our compliance with the legal and regulatory requirements placed upon us.

What we do with the information we gather

We gather information to understand your needs and enable us to provide the services you require.  The following table sets out how we handle your personal data and our legal basis for doing so under GDPR 

  • What we do    Our legal basis under GDPR
  • We may periodically send MOT reminders, special offers, promotional emails, or other information using the email address which you have provided    Article 6(1)(a) – consent
  • You can withdraw your consent at any time by contacting us.
  • Use the personal data that you provide, either verbally or using our web contact form, for instance to obtain a quote for our services    Article 6(1)(b) – performance of a contract
  • This is a necessary step to take at the request of the data subject prior to entering into a contract
  • Use your personal data to enable us to provide our core services of vehicle repair, maintenance, servicing and MOT     Article 6(1)(b) – performance of a contract
  • This is necessary for the performance of a contract with you, our data subject
  • Process, for example, health and safety information which may include your personal data     Article 6(1)(c) – legal obligation
  • This is necessary to comply with a legal obligation
  • Contact you regarding the services we provide    Article 6(1)(f) – legitimate interests
  • We need to contact you for our legitimate interests so that we can gather information for the provision of our services, or to improve those services
  • Retain your data under our data retention policy after your contract has been fulfilled     Article 6(1)(f) – legitimate interests
  • We need to retain your personal data for only as long as necessary under the law to protect our legitimate interests

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information is located on servers within the UK.

Sharing of data with other data controllers

We take your privacy seriously and the information we hold about you is confidential.  Personal data will only be disclosed on a confidential basis to GDPR compliant external service providers so that they can provide services such as IT, financial or administrative services in connection with the operation of our business; and to any person (where necessary) in connection with their services, such as law enforcement, regulatory authorities, partners or advisors.  We will only disclose personal data outside Peter Norris (Clapham) Ltd when:

•    you have given us your consent to do so
•    it is necessary for the performance of an agreement of which you will be made aware
•    in order to obtain professional advice (e.g. legal advice)
•    we or others need to investigate or prevent crime (e.g. to fraud prevention agencies)
•    the law permits or requires it
•    regulatory or governmental body requests or requires it, even without your consent
•    there is a duty to the public to reveal the information

We will not sell, distribute or lease your personal data to third parties for direct marketing purposes.  We will not use your personal data to send you promotional information about third parties.

How long we keep your personal data

Personal data from our data subjects is retained in line with our data retention policy.  Peter Norris (Clapham) Ltd keeps most client data for 7 years, because we are required by law to keep certain information for a minimum of 6 years plus the current year.  Personal data that is no longer necessary to be kept under our data retention policy will be deleted. 


Your rights

You have the following rights in relation to personal data held on you by Peter Norris (Clapham) Ltd:

•    The right to be informed about how personal data is used – (this notice)
•    The right to access a copy of personal data that we hold about you
•    The right to rectification of any errors in personal data held by us
•    The right to erasure of any personal data
•    The right to restrict processing
•    The right to data portability
•    The right to object
•    Rights in relation to automated decision making

To learn more about these rights and how they operate, please look at the Information Commissioner’s Office (ICO) website https://ico.org.uk/for-the-public/.

Peter Norris (Clapham) Ltd does not operate any automated decision making systems

You have a right to request a copy of the personal data that we hold about you.  If you would like a copy of some or all of your personal data please email info@peternorris.co.uk or write to us at Peter Norris (Claphm) Ltd, Unit 1 Ellerslie Sq. Industrial Estate, 11 Lyham Road, Clapham, London, SW2 5DZ.  Proof of your identity will be required for security purposes.  We will comply with your request within one calendar month.  

There may be reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.

If you are unhappy with the response that you receive from us when you exercise your GDPR rights or Data Protection Act 2018 rights, you have the right to lodge a complaint to the ICO. 

More guidance about raising a complaint with us is available on the ICO’s website https://ico.org.uk/for-the-public/raising-concerns/ and for raising a complaint with the ICO, more information is available on https://ico.org.uk/concerns/.


Controlling your personal information

You may choose to restrict the collection or use of your personal information.  If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us using our contact details above. 


How we use cookies

Cookies are small files which ask permission to be placed on your computer's hard drive to collect standard internet log information and visitor behaviour information.  This information can be used to track visitor use of the website and to compile statistical reports on website activity.  

We use cookies to identify which pages are being used.  The cookies enable us to track how a visitor moves around our website which in turn, then helps us to refine and improve our website. 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer, however please be aware that this may prevent you from taking full advantage of some sites.  If you disable cookies in your browser, you are still able to use our website.  


Links to other websites

Our website may contain links to other websites of interest.  This privacy policy only applies to our website www.peternorris.co.uk so when you link to other websites you should read their own privacy policy.  We are not responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.