DB Auto Repairs & Paint Ltd – Privacy Policy.

Policy background:


In this policy we have set out the personal data that we collect from, and about, our customers and we explain how this data is used and why we need it.  It is important to note that this policy is non-contractual.


We are committed to protecting the personal data that we have access to, and are required to have, to process requests for our services, and have therefore developed privacy policies to protect such data.  This policy relates to all of the personal data held about our customers.


What is personal data?


Personal data is any information relating to an identified, or identifiable, individual that could lead to them being treated differently. This may include your name, address, telephone number and / or email address.  We may also hold any other information that is necessary for our business purposes.


What personal data do we process and where does it come from?


We generally only collect and use personal data from individuals when they make enquiries or require services from us. The data processed includes, but is not limited to, your name, address, telephone number and email address.  This data is collected directly from you.  We do not collect data from third parties.  This data is stored securely in our systems, in emails and in our paper files.


Why do we collect personal data?


Our lawful reason for collecting and processing your data is to carry out our legitimate business interests, because we need to process this data to carry out our obligations under the contract of purchase and supply, or because we need to comply with a legal obligation.


Without your personal data we cannot administer your services request properly and consequently initiate a successful purchase or service supply process.  We may use your personal data without your knowledge or consent, where we are permitted or required by law, or regulatory requirements, to do so – for example, the supply of data to HMRC.


What do we do with personal data?


We use personal data specifically for business purposes including facilitating the supply of our services.  We need to be able to supply your service, maintain accurate business records and undertake any other reasonably related purpose in carrying out our business activities.


Monitoring, disclosing, and sharing personal data:


As part of our customer contract, we monitor compliance with other policies, such as our IT policy, which safeguards our systems and ensures that data is deleted as soon as we are required to do so.  We do not share with or disclose personal data to anyone other than such parties that we are legally required to do so (such as HMRC).


How long will we keep personal data for?


There are existing legal and regulatory requirements which govern how long we should retain your personal data, which may change at any time.  HMRC currently require business records to be kept for 6 years, after which period the GDPR requires that personal data is destroyed.


In general, we will keep sales / services enquiry data for up to 6 months, after this period data will only be kept that ensures that the statutory requirements in force at the time are adhered to.


The rights of individuals whose personal data we process:


If we are processing your personal data you have the following rights:


  1. The right to be informed of what data we are processing, what for, how we obtained the data, and to whom it is being released.
  2. Subject to certain conditions as set out in “Access to your personal data” below, the right to access the data that we are processing on you.
  3. The right to rectification of the data if it is seen to be incorrect or inaccurate.
  4. The right of erasure (in certain circumstances such as where you gave your consent to process).
  5. The right to restrict processing (to request that we do not process data for certain activities in certain circumstances).
  6. The right to data portability (where appropriate).
  7. The right to object.
  8. The right not to be subject to automated decision making.


Access to personal data:


You have the right to see the personal data that we hold about you.  Any such request must be made in writing or by email.  When requesting access to your personal data, please note that we may request specific information from you to enable us to confirm your identity, and the right that you have to access the data, as well as to search for and provide you with the personal data that we hold about you.  We will ensure that your request is responded to within one month of receipt.  Your right to access the personal data that we hold about you is not absolute.  In the event that we cannot provide you with access to your personal data, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.


Updating personal data:


It is important that the data we process about you is accurate and up to date.  Whilst we endeavour to ensure that it is at the time, we first collect it, we need you to ensure that you keep us updated when the personal data that we hold about you changes.


Keeping personal data safe and secure:


We seek to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal data in question.  These safeguards are designed to protect your personal data from loss, unauthorised access, copying, use, modification, or disclosure.  We maintain policies and procedures and design our IT systems that process personal data based on a Privacy by Design principle.  We have policies in place to deal with a suspected data security breach and will notify the Information Commissioner’s Office (ICO), and you, of any suspected breach where we are legally required to do so.


Transferring personal data outside of the European Economic Area (EEA):


We will not transfer your personal data to countries outside the European Economic Area (EEA).


Questions or concerns:


If you have any questions about this privacy policy, or any concerns about how we manage your personal data, please contact us in writing or by email.  We will seek to answer your questions and advise you of any steps taken to address any issues raised.  If you are unsatisfied with our response, or you believe that we have not complied with your data protection rights, you may make a written submission to the Information Commissioner’s Office (ICO).


Changes to our privacy policy:


Any changes we may make to our privacy policy in the future will be posted on this page.  You may be notified of these changes in writing or by email, however, we advise that you check this page regularly to keep up to date with any necessary changes.