Personal Data Definition
The law defines “personal data” as any information that can be used to identify an individual.
Personal Data Held
The personal data Kwik Fit holds about you relates to your name, your address, your vehicle, your appointments, where your vehicle was seen and by whom, when and why your vehicle was seen, value spent, type of payment method used and relevant related comments.
Personal Data Storage
Kwik Fit holds personal data in a secure cloud in approved data centres within the European Union. Information is stored in a protected repository where data is collected from all sectors of the Organisation and processed in line with the Company policies and current data laws.
Personal Data Usage
Kwik Fit uses personal data whilst applying searches and algorithms to predict future business, identify business opportunities, marketing, assess risk factors etc, and under certain circumstances links that data to other Organisational data.
Personal Data Reporting
Personal data is used to report on the performance of the Organisation including statistical information, customer satisfaction and audits.
Personal Data Legal Compliance
Personal data is collected, processed and stored in accordance with all current Data Regulations.
Where possible and practical, personal data is processed with the consent of the person concerned, however, there are times when there is a legal obligation, public interest or legitimate business interest in collating and processing personal data which overrides an individual’s wishes. Examples include for tax and law enforcement requirements.
|1) Data Controller contact details||Kwik-Fit (GB) Limited ETEL House, Avenue One, Letchworth Garden City, Hertfordshire, SG6 2HU|
|2) Data Protection Officer contact firstname.lastname@example.org|
|3) Purpose of the processing||Computerised searches of some or all of our records to identify vehicles that are due MOTs, warranty and service update, product (and safety) recalls and other bespoke conditions may mean your vehicles records are amongst those searched. This is known as “risk stratification” and sometimes carried out by linking our records with other records. The results of these searches are produced using approved and contracted services to provide the most appropriate advice, investigation opportunities and marketing communications.|
|4) Lawful basis for processing||The legal basis for this processing is: Article 6: “necessary …. In the exercise of official authority vested in the Controller” The Organisation recognises your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”|
|5) Recipient or categories of recipients of the shared data||Appropriate data will be shared for processing only with those who have a legitimate and contracted business reason. Additionally only those who have access to your personal details and your vehicles information will only normally have access to that which they need to fulfil their roles.|
|6) Rights to object||You have the right to object to the processing where it might result in a decision being made about you. That right is based on implied consent under the Common Law of Confidentiality, Article 22 of GDPR (automated individual decision-making, including profiling) You have the right to object to some or all of the information being shared under certain circumstances but the organisation have the overriding responsibility to comply with the law. You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.|
|7) Right to access and correct||You have the right to access the data that is being shared (subject access request) and have any inaccuracies corrected. The subject access request should be in writing (i.e. written word or email) and once the appropriate due diligence identification checks have been verified with the Data Protection Officer, collation of the information requested will be performed, redacted where appropriate and forwarded in a format agreed with the requestor in accordance with data law requirements.|
|8) Retention period||The data will be retained for active use during the processing and thereafter according to the organisations retention policy and data laws.|
|9) Right to Complain||Should you have a complaint relating to the handling of your personal identifiable data, in the first instance please forward your concerns to:
Via Post: Kwik Fit Customer Services, ETEL House, Avenue One, Letchworth Garden City, Hertfordshire, SG6 2HU
Via Email: email@example.com
Via Internet: Via the contact forms on our website at: https://www.kwik-fit.com/contact-us/comments-and-feedback
Thereafter if you believe the Organisation has not addressed your complaint related to the management of your personal data you have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)
Responsible Owner: V Penn
Date: 23rd May 2018