By personal data we mean identifiable information about you. Generally, this is likely to include information such as your name, email address, correspondence address and your IP address if you access our websites.
We may collect, use, store and transfer different kinds of personal data about you:
Information you provide to us
From time to time you may provide to us personal data. This may be because you:
You may provide personal data to us directly, or to us through our social media platforms.
If you provide to us personal data about any other individual, you must have their consent to do so.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this to the appropriate authorities.
At our request, you shall promptly provide evidence of your identity.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Information we automatically collect about you
When you use our website, we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy for the website in question.
Information we receive from others
We may receive personal data about you from our INEOS Automotive Limited (“INEOS”), IT security service partners, and our payment providers if they choose to provide it to us for any reason.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may seek and receive further personal data relating to you from third parties, confirming or otherwise, your identity.
If you wish to purchase services or goods from us, we shall use your personal data to provide those services and/or goods in accordance with our applicable terms and conditions.
We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety.
We may also use your personal data for our legitimate interests to ensure the proper and continued function of our business including:
For our legitimate interests, we may share your personal data with INEOS (and its affiliates), our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, delivery companies, fulfilment houses, payment providers, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third-party authorities and regulatory organisations and agencies.
Some or all of your personal data may be stored or transferred outside of the United Kingdom for any reason, including for example, if our email server is located in a country outside the United Kingdom or if any of our service providers are based outside of the United Kingdom.
Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about us and our products and services and/or we may send to you marketing email message for our legitimate business interests. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary about any services or goods that you have purchased from us or may purchase in the future.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
We may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise. To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
Last updated: September 2021