This Privacy and Cookie Notice explains how Kwik-Fit (GB) Ltd collects, holds, transfers, processes and discloses your Personal Data. This Privacy Notice also explains your rights under UK data related legislation focusing on Personal Information.
Definitions and Interpretation
is the Registered Data Controller?
- The Data Controller’s Representative
- The Business of the Company
- Sources of Personal Data Collection and Relevance of the Privacy Notice
- Legitimate Business Interest
- Personal Data Collected and Held
- Personal Data Storage
- Company Use of Personal Data
- Anonymous and Aggregated Data
- Use of Personal Data to Contact You
- Circumstances when the Company may Release Your Personal Data to Others
- Duration for which the Company will keep your Personal Data
- Data Security
- Call Recording
- Customer Relationship Management
- Links to other Websites
- Social Media
- Maintenance of Website
- Online Reporting
- Online Advertising
- Blog Management
- Your Rights under UK & EU GDPR and the UK DPA 2018
- Privacy Notice Changes
- Queries regarding this Privacy Notice
Appendix One - list of Third Party Processors
Definitions and Interpretation
The following terms shall have the following meanings:
“Cookie” - means a small text file placed on your computer or device by our site when you visit certain parts of the site and/or when you use certain features of the site. Details of the Cookies used by our site are set out below.
“Cookie Law” - means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulation 2003
"CRM" - Customer Relationship Management
“DPA 2018” - Data Protection Act 2018
“GDPR” - General Data Protection Regulation (EU and UK)
“Identifiable Natural Person” - GDPR defines as “one who can be identified, directly or indirectly, by reference to an identifier such as a name, or to one or more factors specific to that natural person.”
“IP Address” - a number that is automatically assigned to the computer that you are using by your Internet Service Provider.
“Personal Data” - GDPR defines as “any information relating to an identified or identifiable natural person’’
“Privacy Notice” – an externally facing notification informing customers, regulators, and other stakeholders what the organisation does with personal data.
“Privacy Summary” – is a condensed version of the organisations full Privacy Notice created primarily for customers.
1. Who is the Registered Data Controller?
Kwik-Fit (GB) Limited, ETEL House, Avenue One, Letchworth Garden City, Hertfordshire, SG6 2HU hereafter referred to as the “Company”.
2. The Data Controller’s Representative
The Company’s Group Data Protection Officer acts as the Data Controller’s Representative.
3. The Business of the Company
The Company excels in the sale of vehicle tyres, accessories and related services.
4. Sources of Personal Data Collection and Relevance of Privacy Notice
This Privacy Notice relates to Personal Data collected from you via:
- Company-related websites;
- Social media;
- Mobile devices;
- Wi–fi access points.
The content of this Privacy Notice applies to you when you interact with the Company in centre, online, via social media, telephone, text, websites and any other form of correspondence.
The Company asks for your consent as a way of ensuring that your Personal Data is collected and processed on your behalf lawfully and you are marketed to appropriately. You have the right to withdraw consent at any time.
6. Legitimate Business Interest
The Company may use Personal Data where it falls within the definition of Legitimate Business Interest under the GDPR/UK DPA 2018. Normally your right to withdraw consent will override the right of Legitimate Business Interest.
7. Personal Data Collected and Held
Information about the services that you use and how you use them is collected. The Company may also collect device-specific data (such as your location and mobile telephone number) and log-in frequency information. Categories of Personal Data that are collected include:
- Personal details - e.g. name, address, email, telephone number;
- Financial details, where applicable;
- Goods and services;
- Enquiries, compliments and complaints.
Your web browser may provide the Company with information about the device you are using such as an IP address and details about the browser you use.
An “IP Address” may be identified and logged automatically in the Company’s server log files whenever you access the services, along with the time of the visit and the page(s) that were visited.
8. Personal Data Storage
The Personal Data you give is stored with your account.
This data is located on servers within the European Union and contractual safeguards are in place. No third parties have access to your Personal Data unless there is a lawful basis to do so.
9. Company Use of Personal Data
The Company is committed to protecting your Personal Data. When you share your Personal Data with the Company there is a legal obligation for it to only use it in line with data regulations.
All your Personal Data is processed by our staff in the UK.
The Company processes your Personal Data:
- To provide a better service to you including customised search results, spam and malware detection.
- For service administration purposes, carrying out its obligations arising from any contracts entered by you and it and provide you with the information, products and services that you request from it;
- To provide you with information about other goods and services it offers that are similar to those that you have already purposed or enquired about;
- To notify you about changes to its services;
- To assist in the completion of website orders;
- To ensure that content of its site is presented in the most effective manner for you;
- To administer its site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To measure and understand the effectiveness of advertising it serves to you and others.
The Company uses IP Addresses for purposes such as calculating usage levels of the services, helping diagnose server problems and administrating its services.
The Company will ask for your consent before using your Personal Data for a purpose other than that it was provided for or authorised to use.
10. Anonymous and Aggregated Data
- may aggregate personal data so it does not personally identify you (“pseudonymised data”); For example, it may aggregate Personal Data to analyse the percentage of customers which have a particular post code.
- may remove Personal Data to create anonymous data;
- uses anonymous and aggregated information for historical, statistical, or business planning purposes.
11. Use of Personal Data to Contact You
Transactional: The Company will communicate with you to complete any transactional commitments.
Marketing Purposes: The Company will only contact you for marketing purposes where you have given consent to do so (unless a legitimate interest applies).
The company (via a contracted third party) may contact you via telephone to help in the completion of any online orders.
Social Media: Social Media communications such as: Facebook, Google, Instagram, Snapchat, Twitter etc. will be responded to based upon the data you have previously provided.
12. Circumstances when the Company may Release Your Personal Data to Others
The Company does not share your Personal Data with organisations outside Contractual and legitimate interest requirements unless one of the following applies:
- It is necessary to comply with data protection laws;
- Your consent has been obtained and can be evidenced;
- A legal requirement exists e.g. to meet a legal obligation or enforceable government request, detect and prevent or address fraud;
- The Company is responding to matters of personal or public safety.
The types of organisations which the Company may share applicable only Personal Data it processes are:
- Any member of the Group, which means its subsidiaries as defined in section 1159 of the UK Companies Act 2006;
- Analytics and search engine providers that assist the Company with the improvement and optimisation of the website;
- Credit reference agencies for the purpose of assessing your credit score where this is a requirement for the Company prior to entering into a contract;
- Debit collection and tracing agencies;
- Central Government;
- Police forces and security organisations.
To offer potential discounts to customers, i.e. where applicable when you request a car insurance quotation your details will be shared with Aioi Nissay Dowa Insurance UK.
13. Duration for which the Company will keep your Personal Date
The Company holds your Personal Data on its systems for as long as is necessary relevant to the transactional, tax and legal obligations and marketing interests consented by you. Specific details of the Company’s Data and Document Retention Policy can be obtained by contacting the Group Data Protection Officer.
14. Data Security
The Company protects your Personal Data from unauthorised access, disclosure or amendments by using:
- Two factor authentication;
- Secure storage locations;
- Regular audit and review of data storage and processing practices including physical safety procedures to guard against unlawful access;
Access to your Personal Data is restricted to employees on a need-to-know basis. This includes suppliers and authorised representatives who are subject V:to contractual responsibilities.
Unfortunately, the transmission of data via the internet is not completely secure. Although the Company does its best to protect your Personal Data, it cannot guarantee the security whilst it is transmitted to its site; any transmission is at your own risk. Once in receipt of your Personal Data, the Company will use procedures and security measures to prevent unauthorised access.
15. Call Recording
Telephone calls to the Company may be recorded for training and monitoring purposes
16. Customer Relationship Management (CRM)
The organisation aims to provide customers with relevant communications tailored to their preferences and needs. This includes but not exhaustive to appointment reminders, MOT reminders, awareness of products and services the organisation consider fundamental to the safe and legal operation of their vehicle. (Legitimate Interest)
The organisation lets customers know of products, services and promotions (with consent where applicable which may be of interest to them to provide hassle-free safe motoring.
Confirmation Emails and SMS are sent from the organisation’s website at the end of any booking / transaction process.
When customers book an appointment for any product or service, a reminder email / SMS will be sent out by the CRM system 3 days before a booking via email and the day before via SMS.
MOT Related Communications
The organisation endeavour to remind customers of their vehicle’s upcoming MOT due date if the organisation has dealt with this vehicle previously. They will contact customers via email, letter, SMS (text) or via a telephone call depending on what contact details are currently held. The organisation will only do this when there is no sign of an MOT being performed or booked, implying an MOT may have been overlooked. (Legitimate Interest)
Customers can request to receive Reminder Notifications themselves.
Tyre Tread Depth
Where applicable, using the information already held by the organisation, records could indicate a customer’s tyres are near their legal tread depth limit of 1.6mm, dependent on the time passed since the customers last visit to a centre. The organisation will remind customers via email or SMS to check the tyre tread depths. (Legitimate Interest)
Newsletter (opting in and out of receiving newsletters)
The newsletter subscription service is available at https://www.kwik-fit.com/contact-us/mailing-list. This covers products and services, store events, promotions, and other stories it believes customers may find interesting. The service is free; however, customers must opt in to use this service. Customers can opt out at any time at https://www.kwik-fit.com/contact-us/mailing-list/unsubscribe.
The organisation contacts customers inviting them to take part in customer satisfaction surveys, if customers respond they collect their feedback and use this information to develop the services offered with the aim to improve the customer experience. (Legitimate Interest).
Customers are invited to review recently purchased products, if they respond, the feedback information is used to build sentiment for the product bought.
Centre closure announcements will be emailed to customers who have previously used that specific centre due for closure and those who live nearby. The announcement will provide details of the next nearest centre.
The organisation process customer information if there is a lawful basis to do so. These include;
Consent – Where explicit permission to process customer data has been given for a particular purpose.
Legitimate Interests - Where we endeavour to provide the best products and services, but not where your interests are overridden by ours.
The organisation utilise data selected from verified and approved third parties under legitimate interest, to provide customers with the best products and services. This also helps ensure the organisations data is up to date and accurate as can be reasonably expected.
Working with information providers that specialise in consumer profiling, such as Experian and Mosaic helps provide demographic or other data to better understand customer’s demographics, lifestyles, shopping behaviours and usually linked to the areas where people live (Legitimate Interest).
Segmentation of data allows the ability to provide more relevant offerings of product and services, deliver a more personalised experience and avoid unwanted messages. (Major Third Party Processors can be found as an appendix at the end of this Privacy Notice).
Customers can opt out of all marketing contacts, including reminders, by contacting the Group Data Protection department at Group-Data-Protection@etelimited.co.uk or Customer Care through the Contact Us page at www.kwik-fit.com/contact-us/comments-and-feedback or calling 0800 75 76 77.
Data in the Marketing CRM system specifically is held for four years. Other data is held in line with the company retention schedule and any legal and tax obligations.
Where applicable incorrect data can be rectified by informing the company via: the website www.kwik-fit.com/contact-us/comments-and-feedback, Customer Care on 0800 75 76 77 or emailing Group-Data-Protection@etelimited.co.uk.
17. Links to other Websites
Company-related websites contain hyperlinks to websites operated by third parties who have their own privacy policies and related cookies. The Company does not accept liability for the privacy practices of these third parties.
18. Social Media
The Company’s websites contain links and sharing buttons to third party social media websites. These third parties may in turn serve you cookies. The Company is not responsible for the placement of these cookies. Please check the data Privacy Notices for the respective third-party social media website for more information.
When you contact the Company via social media channels certain Personal Data may be shared with the Company about your online activities such as gender, interests and marital status depending on your profile settings. The Company is not responsible for the Personal Data you share on your social media profiles, and you are encouraged to familiarise yourself with the privacy settings of these sites.
Details of social media websites that we use can be found as an appendix at the end of this Privacy Notice listing Major Third-Party Processors.
19. Maintenance of Website
The Company uses a third party service to help maintain the security and performance of its websites. To do this it processes the IP addresses of website visitors.
20. Online Reporting
Details of web analysis services that we use can be found as an appendix at the end of this Privacy Notice listing Major Third-Party Processors.
21. Online Advertising
The Company uses online advertising/remarketing tools to place ads in search results and other websites which you may find of interest. To help the Company track sales and other conversions from our advertisements, the Company uses the conversion tracking feature provided by online advertising providers which places a cookie on your device when you click on one of the advertisements. The Company is not responsible for the placement of these cookies. Online advertisers use the information obtained from conversion cookies to compile statistics including the number of users who clicked on the ad and the pages then accessed by each user. Conversion cookies are only active for a limited time and cannot be used to identify any Personal Data.
Details of online advertising/remarketing tools that we use can be found as an appendix at the end of this Privacy Notice listing Major Third-Party Processors.
22. Blog Management
All blog content is written by the Company and its selected partners. Republishing of content on our blog and other parts of the website is not authorised without express permission. Information collected about user visits to the blog is used for the sole purpose of analysing content performance.
Details of livechat services that we use can be found as an appendix at the end of this Privacy Notice listing Major Third-Party Processors.
25. Your Rights under UK & EU GDPR and the UK DPA 2018
The Right to your Personal Data (Subject Access Request)
You have the right to obtain a copy of your Personal Data that is processed by the Company and know the reasons why it processes your data. Upon receipt of a request made into the Company and received by the Group Data Protection Department, once identification has been verified a requester can expect a response within 28 days whereby copies of applicable personal identifiable information will be made available to them. (Should there be a requirement for an extension to the 28 days from the date of request the requester will be written to with the reasons for any delay).
If the Company holds Personal Data about you, it will:
- Provide a description of the data held;
- Inform you why the data is being held;
- Inform you who the data is disclosed to;
- Provide a copy of the data in a machine-readable format (or hard copy).
Depending upon the nature of the request the Company will try to manage the search informally in the first instance e.g. if you are seeking specific data, this may be resolved via a telephone call.
The Right to Rectification
You have the right to have any inaccuracies in your Personal Data which is stored and processed by the Company to be rectified.
The Right to be Forgotten
Where applicable The Right to be Forgotten (your personal data erased) can be applied upon request.
The Right to Restriction of Processing
Under certain specific circumstances you may have the right to prevent the processing of some Personal Data. Please contact the Data Protection Dept for details. Group-Data-Protection@etelimited.co.uk.
The Right to Notification
Under certain circumstances, the Company has a duty to ensure you are notified of how any intended change of processing of your Personal Data due to take place may differs to that which you consented for.
The Right to Data Portability
Under certain circumstance you have the right to see and have transferred your Personal Data in a commonly used and machine-readable format to another Data Controller.
The Right to Appropriate Decision Making
You have the right not to have decisions made solely from automated processing. If automated processing is used, please contact the Company Group Data Protection Officer to obtain an explanation from for the outcome of any automated processing.
Consent to this Privacy Notice is implicit in your use of the Company’s products and services.
You have the right to lodge a complaint regarding the use of your Personal Data. In the initial instance please email the Company Data Protection Officer:
Group-Data-Protection@etelimited.co.uk whose team will research the matter and keep you informed of the investigation progress.
If you are not satisfied with the outcome of the internal investigation you have the right to lodge a complaint with the Information Commissioner’s Office.
27. Privacy Notice Changes
- reserves the right to amend this Privacy Notice at any time;
- will post any revised Privacy Notice on its websites;
28. Queries regarding this Privacy Notice
If you have any questions or comments about this Privacy Notice please contact the Group Data Protection Officer via email: Group-Data-Protection@etelimited.co.uk
Or by post: Group Data Protection, Kwik Fit (GB) Limited, ETEL House, Avenue One, Letchworth Garden City, Herts, SG6 2HU.
Third Party Processor list
The Company uses Bold360, a livechat service provided by LogMeIn.Inc to provide live customer support on websites. Bold 360 places cookies on your device which allow the Company to track your activity on the websites to provide an accurate and helpful livechat experience.
The Company uses Google Ads, an online advertising/remarketing tool from Google Inc. to place ads in Google search results and other websites which you may find of interest. Google use the information obtained from conversion cookies to compile statistics including the number of users who clicked on the ad and the pages then accessed by each user. Conversion cookies are active for 30 days and cannot be used to identify personal data.
The Company uses Google Analytics, a web analysis service from Google Inc. to collect information about how visitors use the websites including but not exhaustive to website activity. This enables the Company to make improvement to their websites based on your browsing activity. Anonymised data is generated by cookies and transmitted to Google’s locations in the US where it is stored. This information includes pages visited, frequency of visits and where visits have come to the site from.
The Company use Haynes Pro to help keep our vehicle data up to date and correct. We use Haynes Pro to gain insight into such things as a vehicle’s MOT date, SORN status, ownership change. No customer data is sent to Haynes Pro.
The Company uses Image Logistics to manage their Company Website.
The Company uses LinkedIn, a social media platform which will serve your cookies. When you contact the Company via LinkedIn, certain Personal Data will be shared with the Company about your online activities.
The Company uses MBA Group, a company providing personalised content within printed communications. They also send these printed communications on the Company’s behalf. MBA Group use contact information such as name, address, plus vehicle information such as make and model, registration, and MOT due date.
The Company uses Facebook and Instagram, social media channels operated by Meta Platforms. These platforms serve you cookies. When you contact the Company via Facebook certain Personal Data will be shared with the Company about your online activities.
The Company uses Movable Ink, a software platform that allows the creation of dynamic and personalized content within emails, websites, and other digital channels, as well as analysing the performance of these contacts. Movable Ink use contact information such as name, email, postcode. Also, vehicle information such as make, model, registration, and MOT due date.
The company uses Repuation.com, a company that provide review management and sentiment analysis and search engine optimisation. Reputation.com use contact information such as name, email address and mobile number and transactions data such as products purchased.
The Company use Sagacity, a company providing data cleaning, enhancement, analysis, segmentation, and reporting. Sagacity use contact information such as name, email address, mobile number and postal address, transaction data such as products purchased and vehicle information such as make & model, registration, and MOT due date.
The Company uses TTMC, a company providing verbal (telephone) MOT appointment setting on the Company’s behalf. TTMC use contact information such as name, email, mobile number, and vehicle information such as make, model, registration, and MOT due date.
The Company uses Tik Tok, a social media channel, which will serve you cookies. When you contact the Company via TikTok, Personal Data will be shared with the Company about your online activities.
The company uses Twitter, a social media channel, which will serve you cookies. When you contact the Company via Twitter, certain Personal Data will be shared with the Company about your online activities.
Date of publication: June 2023
Responsible Author: V Penn
Review Date: July 2024