Birchwood Group Privacy Policy

This policy supports our aims that whatever personal data we collect via whatever format, we comply at all times with relevant Data Protection Legislation. You can contact our Data Controller at Birchwood Group, Lottbridge Drove, Eastbourne East Sussex BN23 6PX or via email to digital@birchwoodgroup.co.uk

We obtain personal data in the following ways:

  • Personal data directly provided by you- this could be information you supply during a telephone call or via an application for services or products. It could be in written, digital or verbal format.
  • Personal data provided by you toa third party- this could be a manufacturer, finance company, service provider orpublic authority that you have provided data to.
  • Personal data gathered via online technology- this will generally be via use of our website or social media channels.

How we use your data

Birchwood uses your personal data:

- to provide goods and services to you;

- to make a tailored website available to you;

- to manage any registered account(s) that you hold with us;

- to verify your identity;

- for crime and fraud prevention, detection and related purposes;

- with your agreement, to contact you about promotional offers and products which we think may interest you;

- for market research purposes - to better understand your needs;

- to enable Birchwood to manage customer service interactions with you; and

- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

How we store and protect your data

We take all reasonable steps to protect and store your personal data:

  • All employees are trained on the importance of protecting personal data and this is regularly promoted via team meetings, GDPR workshops, team audits and our in-house newsletter.
  • Digital data is held on secure servers and access is via individual passwords. Access levels are restricted by location and job role to ensure that only relevant data can be accessed by each employee.
  • Paper records are kept to a minimum and whilst not in use, are stored in locked facilities.
  • Printersare operated via an individual PIN access
  • Firewalls and anti virus protection are on live updates to ensure we are always using the most relevant option available
  • All company devices require two stage login access and can be remotely tracked.

In order to make our services available to you we may be required to share your personal data with selected service partners. These may include:

  • Vehicle Manufacturer
  • DVLA
  • Warranty providers
  • Finance providers if you have arranged partial or full funding through a third party
  • Motability suppliers
  • Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -

- to comply with our legal obligations;

- to exercise our legal rights (for example in court cases);

- for the prevention, detection, investigation of crime or prosecution of offenders; and

- for the protection of our employees and customers.

Aside from our service providers, public authority or legal entities we will not disclose your personal data without your express authority to do so. Birchwood will never sell or rent customer data to other organisations.



How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 7 years if there is a legal or audit requirement. Enquiry data that does not lead to the sale of a product and for which further contact is not relevant, will usually be destroyed after 60 days. Employment applications will usually be held for 180 days

Permissions

We try at all times to obtain your permission to utilise your personal data as outlined under this privacy policy. This consent can be given or removed at any time by you or by your legal representatives.

There may be times when there is a legitimate interest to contact you without direct consent. Examples of such occasions could be:

  • Vehicle recalls
  • MOT expiry
  • Scheduled service reminders ( mileage and/or date linked)
  • Warranty expiry
  • Finance expiry
  • Obligations arising out of ourcontract with you

This list is not exhaustive and we do not accept liability if contact does not take place and you subsequently discover an agreement has expired. You can at any time ask us to stop these contacts regardless of there being a legitimate interest.

You have a right at any time to stop us from contacting you for marketing purposes or from sharing your details with partner businesses. If you consent (or have consented) to receive marketing you may opt out at any later date.

You can update your permissions at any time by emailing digital@birchwoodgroup.co.uk or writing to The Data Controller, Birchwood Group, Lottbridge Drove, Eastbourne East Sussex BN23 6PX

Our Marketing database

All personal data that is utilised for marketing purposes is held securely as outlined elsewhere in this policy. We will seek your consent as follows:

  • WHAT marketing contact you are happy to receive such as customer newsletters, invitations to events, customer offers
  • HOW you want to receive this contact such as telephone call, SMS message, email, letter etc.

You can change this consent at any time as outlined in the Permissions section of this policy

Legal rights concerning your personal data

Under the terms of subject access, you have the rights to know what personal data we hold about you. You can obtain this information by writing to the Data Controller at Birchwood Group, Lottbridge Drove, Eastbourne East Sussex BN23 6PX. We will then endeavour to provide you with this information as soon as we can, ideally within 7 days although there may be occasions when system access delays this process.

Our Website

Our website is powered by Automotive Transformation Group Limited (“ATG”), our third party web services provider. ATG is committed to ensuring that data is processed in accordance with applicable data privacy laws, and is kept secure. ATG is certified to the standard of ISO27001 (an international standard for information security). ATG uses Amazon Web Services, Inc. as its cloud platform provider. All data processed by ATG is stored on Amazon’s web servers in the EEA.

If you visit our website

When someone visits our website, ATG collects standard internet log information (your IP address, browser, and type of device) and details of visitor behaviour patterns (where you joined our site from, the path you take through our site and where you leave). These are stored against unique ids (which are strings of numbers). ATG collects this information for the legitimate business purpose of monitoring the number of visitors to the various parts of the site, the general geographic location of visitors and engagement levels, which in turn enables it to make improvements to its websites and services, and provide business intelligence. This information is only processed in a way which does not identify anyone. It is kept indefinitely.

ATG also uses Google Analytics to collect standard internet log information and details of visitor behaviour patterns, which are stored against unique ids (i.e. strings of numbers). We collect this information for the legitimate business purpose of monitoring website traffic and engagement levels, which in turn enables us to make improvements to our website and the way we sell our cars and services. This information is only processed in a way which does not identify anyone. It is kept indefinitely.

If you use our enquiry forms

When you submit information using an online form, ATG processes the data collected and stores it for 31 days for the legitimate business purpose of enabling us to access the information and deal with your request (it is then kept for a further 14 days in ATG's routine back-ups for business continuity purposes).

If you enter your post code, ATG stores the first part of it (e.g. ‘ME14’ or ‘SW1’) and links it to standard internet log information already collected (it is used for the same purposes as that information, as outlined above).

Useful contacts

You can find out more about http://www.ico.org.uk/

Cookie Policy

For information about how our website uses cookies, please see our Cookies Policy.