1. About this policy
1.1 This policy was last updated on the 1st April 2022.
1.3 References to a ‘website’ means any website owned and operated by or on behalf of any Sytner Group entity including websites of our dealerships.
1.4 Full details of Sytner Group Limited and companies within the Sytner Group are set out in this policy under Section 18 (Which Sytner Group Companies are covered by this notice?)
1.6 Our websites/services are not intended for children and we do not knowingly collect personal data relating to children. If you are under 16 please do not provide us with any of your personal data unless you have the permission of your parent or guardian to do so.
1.7 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us using the details in Section 20 (How to contact us or make a complaint).
1.8 We take your privacy seriously and we will only use your personal information in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation both as amended from time to time (together Data Protection Legislation). And other applicable laws and regulations that relate to data protection and privacy.
2. Changes to this notice
The contents of this policy may change from time to time. We will post any updates to this notice on our website www.sytner.co.uk/privacy-policy/. You may wish to check this page to ensure you are still happy to share your personal data with us. Where we make material changes to this policy, we will also contact you directly to notify you of these changes.
3. Processing another person's personal data
If you provide us with personal data on behalf of someone else for example you provide your spouse’s name on a loan car form to allow the vehicle to be insured for them to drive, you confirm to us that you have their permission to pass their personal data to us and that they are aware of the contents of this policy and do not have any objection to our processing their personal data in accordance with this policy.
4. Who is the controller of my personal information?
A ‘controller’ is a person or organisation who decides why and how your personal information is collected, used and shared. They are responsible for ensuring that the processing complies with data protection legislation. This policy covers Sytner Group Limited and companies ‘controllers’ within the Sytner Group see Section 18 (Which Sytner Group Companies are covered by this notice?) for more information.
5. What personal data do we collect about you?
5.1 Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or technical data about a vehicle. We collect and process personal data about you which we have grouped together into different types of data to make it easier for you to understand what we do with your personal data and what our legal basis is for processing the personal data. Details of how we process your personal data and why are set out in Section 10 (How we will use your personal data, and our basis for doing so) and details of the legal bases we rely on to process your personal data, are set out in Section 9 (What is the legal basis for processing your personal data):
5.1.1 Contact Data – details of your name(s), home address, previous home address, home phone number (including mobile), home email, work address, work phone numbers (including mobile) and social media user name/identifier;
5.1.2 Identity Data – details of your passport, drivers licence, date of birth, utility bills, national insurance number and nationality. We will capture metadata (signer’s name, IP address, timestamps and view history, etc.) to validate an eSignature on remote signed documentation;
5.1.3 Financial Data – details of your bank account, bank statements, payment card details, vehicle purchase agreement, your employment history and salary if required as part of your vehicle finance application. If you purchase an extended warranty or service plan your bank details for example, will be required to set up a payment plan by direct debit;
5.1.4 Transaction Data – details about payments to and from you and other details of products and services you have purchased from us;
5.1.6 Location Data – details of your travel history or home address will be collected if a loan car has a vehicle tracker fitted or you have used the satellite navigation system in the loan vehicle provided by the Sytner Group. Location data may also be captured if you check your vehicle in remotely for servicing via our app in order to provide directions to the dealership;
5.1.7 Image Data – photographic images and footage of you may be collected via the operation of CCTV when you come into our showrooms or visit our dealerships. We may take photographs or videos of you at dealership events for marketing purposes or when you collect your vehicle with your consent. We do not record calls made via video apps therefore no image data is retained in this format;
5.1.8 Vehicle Data – details of your number plate are collected through the use of automatic number plate recognition technology (where ANPR is in operation) when you drive into our dealership for a pre-booked service. You will provide details of your vehicle to us to make a service booking although not personal data this will be the registration number, make, model and type of vehicle;
5.1.9 Audio Data – details of telephone voice calls maybe recorded for monitoring, dispute resolution and training purposes when you contact us or we contact you from our dealership landlines and/or our contact centres. Outbound mobile telephone calls or calls made from video calling apps are not recorded. Recorded telephone calls are not held for more than 12 months;
5.1.10 Social Network Data – details of personal data that is part of your public profile on a third party social network may be collected if you like, follow, message, share content, post opinion or comment on any of our Sytner Group social media pages;
5.1.11 Family Data – details of your direct family such as their name for example to purchase a vehicle for them and allow the vehicle to be registered to the correct keeper;
5.1.12 Chat Data – conversations you may have with our digital teams via live chat windows on our websites, text messages or apps. We do not retain chat data on our systems after the conversation is terminated;
5.1.13 Public Authority Data – details about you and your vehicle held with the driving and vehicle licencing agency (DVLA) including any penalties you may have on your driving licence. Should you incur a fixed penalty or fine when driving a loan vehicle we will share your contact details with the respective third party, police or local authority;
5.1.14 Analytics Data – this is personal data on how you interact with us, this may relate to your vehicle choice or current vehicle, how you use and engage with our services, apps or websites or to allow us to predict when your vehicle is due for maintenance or servicing.
5.2 As a whole we do not collect the following special categories of personal data about you, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health or genetic and biometric data. Nor do we collect any information about criminal convictions and offences unless these are held against your driving licence. In limited circumstances for example if you lease a vehicle via the third party Motability scheme we may collect details about your disability and mobility allowance to administer your application and check your eligibility to join the scheme. For further details about this scheme please visit Motability’s website https://www.motability.co.uk. There may be isolated circumstances where we process special categories of personal data for the purpose of a vehicle sale, specifically if we need to adapt a vehicle.
6. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a vehicle, goods or services). In this case, we may have to cancel your vehicle order, or product or service you have with us but we will notify you if this is the case at the time.
Where do we get your personal data from?
7.1 Personal data you have given to us. We collect personal data when you provide this to us directly in the scenarios listed below:
7.1.1 by entering personal data via our websites, live chat boxes, social media platforms, apps or other digital platforms;
7.1.2 through testimonials and opinions you may have posted publically on our websites, social media platforms or on third party platforms such as Google or Trust pilot;
7.1.3 when you contact our customer service teams, dealerships or our call centres;
7.1.4 on an enquiry form during a showroom, manufacturer or third party event that you have attended;
7.1.5 when you reserve a vehicle or use our buy online service through our websites;
7.1.6 when you register interest in a vehicle in one of our dealerships either face to face, through social media or by phone or filling in forms in our websites;
7.1.7 when you complete customer surveys, provide feedback or participate in competitions we run online, on social media and in our dealerships;
7.1.8 when you place any order for our goods, products or services for example when you purchase a vehicle or book an appointment for your vehicle to be serviced in our dealership. We require your personal data for these specific purposes to fulfil a contract with you;
7.1.9 when you apply for a loan, personal contract purchase, hire purchase or lease agreement from one of our accredited finance providers to fund the purchase your vehicle;
7.1.10 when you part exchange or sell your vehicle to us;
7.1.11 when you provide documents to evidence your vehicle is covered by a valid insurance policy prior to collection;
7.1.12 if you would like a courtesy vehicle or wish to test drive a vehicle, we ask for you to provide a copy of your current driving licence;
7.1.13 if you provide another family members personal details for example in relation to a vehicle purchase or for vehicle collection after servicing;
7.1.14 when you respond to an advertisement or any other promotional communication we may have sent to you, communicated via social media or other digital platform;
7.1.15 to gain an estimate from our body shop for repairs to your vehicle;
7.1.16 if you create an online customer account on one of our websites, save vehicle searches or check out as a guest;
7.1.17 if you make a complaint about our dealership or exercise or rights;
7.1.18 by corresponding with us by phone, email, in person or otherwise (for example via social media) for any other purpose.
7.2 Personal data we may receive from within the Sytner Group. We collect the personal data from the Sytner Group of companies in the scenarios listed below:
7.2.1 for accounting, financial or intragroup reporting purposes;
7.2.2 to handle complaints or to provide information you have requested;
7.2.3 when we acquire or dispose of a business, we may share your personal data with another dealership in our group who trade under the same brand;
7.2.4 for marketing analysis or to improve our customer facing services or digital platforms;
7.2.5 for customer feedback and support;
7.2.6 for IT to support, maintain and secure our internal systems;
7.2.7 for fraud prevention, tax, audit, regulated or legal purposes.
7.3 Personal data we may receive from vehicle manufacturers. We collect the personal data from vehicle manufactures in the scenarios listed below:
7.3.1 if you have requested a brochure, test drive, specific detail about a vehicle or registered an interest in a vehicle the manufacturer will share your personal information with our dealership;
7.3.2 if you have clicked on vehicle adverts or offers on the vehicle manufacturers or other third party websites controlled by the vehicle manufacturer and then completed an enquiry form your personal details will be shared with Sytner Group to follow up your enquiry;
7.3.3 if you have ordered a vehicle online with the vehicle manufacturer via their website, your vehicle order details will be shared with our respective dealership to fulfil the order;
7.3.4 to provide vehicle support services for repairs, servicing, warranty or in the event of safety recall;
7.3.5 in the event of vehicle break down, the manufacturer may provide your personal details to us to recover and/or repair the vehicle;
7.3.6 if you book your vehicle in for servicing online via the vehicle manufacturers website, your personal details will be automatically shared with us to complete the required works at our dealership;
7.3.7 if you exercise your rights to access, to erasure, etc... as detailed in section 11 (What rights do you have under data protection legislation), you provide feedback about our dealership or you make a complaint about our dealership we will receive notification from the vehicle manufacturer;
7.3.8 for dispute resolution or legal matters.
7.4 Personal data we may receive from finance providers and brokers. We collect the personal data from finance providers in the scenarios listed below:
7.4.1 if you have engaged a third party broker to act on your behalf to administer the purchase of a vehicle;
7.4.2 vehicle settlement details with your consent;
7.4.3 our approved finance providers have a legitimate interest to provide your details to Sytner Group to allow us to contact you to discuss your options during the term of the loan contract. For example if you have a Personal Contract Purchase (PCP) contract which is about to end in 6 months we will discuss all your options with you such as how to pay the balloon payment, changing your vehicle or returning your vehicle to allow you to make an informed decision before the contract ends;
7.4.4 if you have leased a vehicle through a finance partner, we may handle your vehicle collection or delivery;
7.4.5 for compliance and legal purposes.
7.5 Personal data we may receive from insurance providers. We collect the personal data from insurance providers in the scenarios listed below:
7.5.1 when we are required to carry our repairs on your vehicle as part of a claim you have made through your insurance company for the purposes of carrying out those repairs and providing you with a loan car.
7.6 Personal data we may receive from regulatory bodies. We collect personal data from regulatory bodies in the scenarios listed below:
7.6.1 from the Driver and Vehicle Licencing Agency (DVLA) to confirm if you hold a valid driving licence to allow the provision of a loan car or a test drive;
7.6.2 Ombudsman or other UK regulators if you have made a complaint about our dealership.
7.7 Personal data we may receive from other public sources. We collect the personal data from the following public sources in the scenarios listed below:
7.7.1 to assist the police or other public authorities with their enquiries and/or investigations.
8. Sharing your personal data with third parties
8.1 We share your personal data with the Sytner Group of companies as set out in Section 18 (Which Sytner Group companies are covered by this notice?) for the following purposes:
8.1.1 for sending communications or direct marketing to customers by brand;
8.1.2 for accounting purposes your personal data is included on invoices;
8.1.3 to allow us to verify your identity to handle complaints, provide customer support or to access information you have requested;
8.1.4 for intragroup sales, operations and/or reporting, financial, tax or auditing our business operations;
8.1.5 when we restructure or sell our business or its assets or have a merger or re-organisation;
8.1.6 to monitor emails, calls or other communications for compliance and training purposes;
8.1.7 for establishment and defence of legal claims;
8.1.8 for marketing analysis and to improve our websites and digital platforms;
8.1.9 for feedback and market research purposes;
8.1.10 to combat fraud and protect our business, we will use your personal data to implement security measures such as multi-factor-authentication, and to investigate and prevent any suspected fraudulent activity across Sytner Group
8.2 We share your personal data with the respective vehicle manufacturer listed in Section 19 (List of manufacturers with whom we share your personal data) because the Sytner Group is an authorised retailer for these manufacturers. A link to each manufacturer’s privacy notice can be found next to their name in this policy. The personal data is shared for the following purposes:
8.2.1 to fulfil your order for a vehicle;
8.2.2 for warranty purposes relating to your vehicle and to set up in car systems;
8.2.3 to diagnose and fix problems with your vehicle; and
8.2.4 where you have provided your consent, for marketing communications. Please see Section 13 (Using your personal data for marketing and how to opt-out) for details about how you withdraw your consent to marketing.
8.3 We share your personal data with our accredited finance providers for the following purposes:
8.3.1 to allow our finance lender’s to conduct credit history checks with your consent;
8.3.2 to administer your vehicle finance application on your behalf with our accredited finance providers. Sytner Group is a credit broker and not a finance lender;
8.3.3 for the finance lender to decide if they wish to offer you a credit facility in order to purchase a vehicle and/or vehicle related services from us;
8.3.4 if you make a vehicle finance application directly via our websites, your personal data will be automatically shared with the respective finance lenders when you submit your application online for consideration;
8.3.5 for fraud prevention, detection and investigation of financial crime, including fraud , money laundering, complaint resolution and to establish or defend legal claims.
We process information relating to your finance application on behalf of Sytner Group’s approved finance providers who are acting as data controller.
8.4 We share your personal data with our insurance providers for the following purposes:
8.4.1 should you use our complimentary Sytnerdrive service, Auxillis the third party who provide this service on our behalf will require your personal data to handle your claim directly with your insurance provider and to provide a replacement vehicle while your vehicle is repaired in our workshop;
8.4.2 if you decide to purchase additional regulated or non-regulated products or services during the sale or after the sale of your vehicle we may pass your personal data to the relevant provider to fulfil your request. For example if you purchase a Guaranteed Asset Protection (GAP) insurance policy for your vehicle we will pass your personal data to the insurance provider Global / AXA;
8.4.3 if you have been offered a complimentary drive away insurance policy with your vehicle purchase, the respective insurance provider will require your personal data in order to set up the temporary policy prior to vehicle collection;
8.4.4 to insure a courtesy or loan vehicle for the duration of the signed agreement;
8.4.5 for your insurance provider to accept the costs to repair your vehicle in our body shop;
8.4.6 for health and safety, crime prevention or legal matters.
8.5 We do not sell your personal data to third parties. However, we may from time to time disclose your personal data to the following categories of companies or organisations to which we pass the responsibility to handle services on our behalf: roadside assistance service providers, vehicle collection & delivery, external third party body shops, direct marketing communications agencies, card payment providers and consultants with whom we have an agreement, market research and market analytics service providers, external auditors, our legal and other professional advisors.
8.6 We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our employees, visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
8.7 We take steps to ensure that any third-party partners who handle your personal data comply with data protection legislation and protect your personal data just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your personal data or use aggregated none specific data sets where ever possible.
9. What is the legal basis for processing your personal data?
9.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
9.1.1 Contractual performance – where we need to process your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
9.1.2 Legal or regulatory obligation – when we have to process your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
9.1.3 Legitimate interest – when it is in our legitimate interest (or that of a third party) and those interests do not override your rights and freedoms, for example when it is in the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us using the contact details set out in Section 20 (How to contact us or make a complaint).
9.1.4 Vital interests – where it is necessary to process your personal data to protect your vital interests or another person.
9.1.5 Consent – generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by us using the contact details set out in Section 20 (How to contact us or make a complaint).
10. How we will use your personal data, and our basis for doing so
10.1 We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
10.2 Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us using the contact details set out in Section 20 (How to contact us or make a complaint) if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
10.3 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please us using the contact details set out in Section 20 (How to contact us or make a complaint). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
10.4 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
When you are making an enquiry or negotiating to buy a vehicle
Purchasing a vehicle
Purchasing a vehicle with finance
The processing activity detailed in the table below is in addition to ‘purchasing a vehicle’ if you would like Sytner Group to arrange finance for you.
Vehicle maintenance, repairs and servicing
Processing necessary for us to promote our business and engage with our customers
Processing necessary for our business to operate on a daily basis and fulfil data protection laws
11. What rights do you have under data protection legislation
11.1 Under certain circumstances, you have rights under data protection laws. These are set out below:
11.1.1 The right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
11.1.2 The right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
11.1.3 The right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
11.1.4 The right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which over ride your rights and freedoms.
11.1.5 The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
11.1.6 The right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
11.1.7 The right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
11.2 If you wish to exercise any of the rights set out above, please contact us using the details set out in Section 20 (How to contact us or make a complaint) or click on this link to complete the respective online web form.
11.3 You will not have to pay a fee to initially access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
11.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. The timeline for response will be paused until receipt of the additional information from you. If we do not receive this additional information from you within the specified period, we have the right to refuse your request.
11.5 We try to respond to all legitimate requests within one calendar month of receipt, in accordance with legislation. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated via our secure privacy portal.
12. How do we keep your personal information secure
12.1 We use a variety of security measures, including encryption and authentication tools, to help protect and maintain the security, integrity and availability of your personal data.
12.2 Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your personal data in accordance with applicable data protection requirements. Our main security measures are:
12.2.1 restricted personal access to your data on a 'need to know' basis and for the communicated purpose only;
12.2.2 highly confidential data stored in encrypted form;
12.2.3 firewalled IT systems to prohibit unauthorised access e.g. from hackers;
12.2.4 we require all of our service providers to have appropriate measures in place to maintain the security of your personal data; and
12.2.5 permanently monitored access to IT systems to detect, prevent and stop misuse of personal data.
Where we have given you (or where you have chosen) a password that enables you to access any personalised area in a Sytner Group website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
It is your responsibility to ensure that your desktop or mobile device is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from our websites or from within communications we send to you.
13. Using your personal data for direct marketing and how to opt-out
13.1 If you are wondering why you have received a marketing communication from us, this is because we collected your personal data when we were negotiating a vehicle sale for example you may have asked us for a quotation, reserved a vehicle or you booked your vehicle into our workshop for maintenance works.
13.2 You have the right at any time to opt out or update your preferences in terms of the marketing you receive from us and the manner in which we communicate with you. You can change your marketing preferences, or withdraw your consent in relation to how Sytner Group use your personal information in one of the following ways:
13.2.1 if you receive marketing emails and don’t want to in the future, please use the ‘marketing preferences’ link within the email and we will remove you automatically from future dealership campaigns; or
13.2.2 by clicking here to access our online web form to object to the processing for marketing purposes; or
13.2.3 by sending an email firstname.lastname@example.org; or
13.2.4 by writing to us at Data Privacy & Compliance Team, Sytner Group, 2 Penman Way, Grove Park, Leicester, LE19 1ST.
13.3 Please be aware that if you opt out of marketing communications received from one legal entity within the Sytner Group, your personal data may also be held by another legal entity within the Group, you will continue to receive information from that legal entity until such time as you opt out of marketing activity from that legal entity specifically. For example if you opt out of marketing communications from Sytner Limited you may continue to receive communications from Cruikshank Motors Limited if you also have previous relationship with that particular dealership.
14. How long do we keep your personald data
14.1 We retain your personal data only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes. If personal data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. Our retention periods are based on business needs and your personal data that is no longer needed is either irreversibly anonymised or destroyed securely.
14.2 Details of retention periods for different aspects of your personal data are available throughout this policy. We provide a snapshot below of our group data retention policy for your information:
14.2.1 vehicle sales or service documentation up to 7 years all formats;
14.2.2 electronic communications by email up to 3 years;
14.2.3 CCTV if retained for up to 30 days;
14.2.4 recorded telephone calls up to 12 months.
Your personal data will be securely deleted/destroyed after the time periods specified above have passed from all our internal systems and cannot be retrieved for any purpose.
If you would like further information about our data retention policy please contact us using the details set out in Section 20 (How to contact us or make a complaint).
15. Third-Party links & social plug-ins contained on our websites
Our websites may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices and statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Social plug-ins are integrated into our websites from social networks such as Facebook and Twitter. When you visit our websites, the social plug-in is deactivated, therefore no personal data is transmitted to the operators of the respective plug-in. If you want to use one of the social networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.
If you have a user account on the social network and are logged in when you activate the social plug-in, the network can associate your visit to our website with your user account. If you want to avoid this, please log out of the social network before activating the social plug-in. A social network cannot associate a visit to other Sytner Group websites until you have activated an existing social plug-in.
When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that social network.
A social plug-in will remain active until you deactivate it or delete your cookies (see section 16).
If you activate a social plug-in you do so at your own risk, personal data may reach providers in countries outside the UK/European Union that may not guarantee an "adequate level of protection" for the processing of personal data in accordance with UK/EU standards. Please remember this fact before activating a social plug-in and thereby triggering a transfer of your personal data.
16. Cookies and how we use these to process your personal data
Cookies may be used when you are visiting our websites. Technically, these are so-called HTML cookies and similar software tools such as Web/DOM Storage or Local Shared Objects (so-called "Flash cookies"), which we collectively refer to as cookies.
Cookies are small files that are stored on your desktop, notebook or mobile device while you visit a website. Cookies make it possible, for example, to determine whether there has already been a connection between the device and the website; take into account your preferred settings, offer you certain functions (e.g. to save vehicle search history) or recognize your usage-based interests. Cookies may also contain personal data.
You will be asked to set cookie preferences when you access one of our websites for the first time via the Cookie banner on the front screen. When you re-visit our websites we may ask you to update your cookie preferences periodically.
Cookies are tied to the device and also to the respective web browser you use. If you use multiple devices or web browsers, you can make decisions or settings differently.
17. International transfers
Where we put in place appropriate safeguards to protect the personal data we transfer, the safeguards may include securing additional legal agreements to protect your information. If you would like further information about these agreements, you can contact us using the details in section 20 (How to contact us or make a complaint).
18. Which Sytner Group companies are covered by his notice?
Sytner Group Limited is registered in England & Wales under Company number: 2883766 and headquartered in Leicester. The Sytner Group is wholly owned by Penske Automotive Group based in the United States of America and listed on the NYSE as a part owned division of the Penske Corporation.
Sytner Group Limited is authorised and regulated by the Financial Conduct Authority (FCA) for insurance and mediation activities under FRN 310540.
The following Sytner Group companies are covered by this policy. All of these companies have their registered office address at 2 Penman Way, Grove Park, Leicester, LE19 1ST:
18.1 Companies trading within the Sytner Group
18.1.1 Sytner Group Limited No: 813696
18.1.2 Maranello Holdings No: 2001186
18.1.3 Maranello Concessionaires Limited No: 655104
18.1.4 Cruickshank Motors Limited No: 1837492
18.1.5 R Stratton & Co Limited No: 2696872
18.1.6 Sytner Cars Limited No: 2832086
18.1.7 Edmond & Milburn Limited: No: 3008457
18.1.8 Graypaul Motors Limited No: 3079284
18.1.9 Goodman Retail Limited (formerly Goodman Leeds Limited) No: 3097514
18.1.10 Sytner Vehicles Limited (formerly Guy Salmon Limited) No: 3574418
18.1.11 Goodman TPS Limited No: 6821483
18.1.12 Car Shops Limited No: 5331512
18.1.13 Leslie H. Trainer and Son Limited No: 1140490
18.1.14 The Car People Limited No: 3743283
18.1.15 Sytner Group Properties Limited No: 3611990
18.1.16 Ryland Group Limited No: 4813103
18.1.17 Trainer (Holdings) Limited No: 8745259
18.1.18 Specialist Cars Tring Limited No: 6572230
18.1.19 Specialist Cars Limited No: 2416408
18.1.20 Ivor Holmes Limited No: 645538
18.1.21 Specialist Cars Holdings Limited No: 6047694
The documents or communications you receive from any Sytner entity will identify the relevant Sytner entity/data controller that you are dealing with in any particular instance.
19. List of manufacturers with whom we share your personal data
We share your personal data with the respective vehicle manufacturer listed in alphabetical order below. For information about how each manufacturer collects, uses and processes your personal data please click on the relevant privacy notice link for further information.
19.1 Alpina Burkard Bovensiepen GmbH http://www.alpinautomobiles.co.uk/en/services/disclaimer
19.2 Aston Martin Lagonda Limited https://global.astonmartin.com/en-gb/legal/privacy
19.4 Automobili Lamborghini S.p.A. https://www.lamborghini.com/en-en/privacy-legal
19.5 Bentley Motors Limited https://www.bentleymotors.com/en/pages/privacy-policy.html
19.6 BMW Group UK https://www.bmw.co.uk/global/privacy-policy
19.7 Bugatti https://www.bugatti.com/data-protection-notice/
19.8 Daimler Group (UK) Limited https://www.mercedes-benz.co.uk/passengercars.html
19.9 Ferrari S.p.A https://auto.ferrari.com/en_EN/legal/
19.10 Jaguar Land Rover https://www.jaguarlandrover.com/terms-and-privacy
19.11 Maserati S.p.A. https://www.maserati.com/maserati/gb/en/others/maserati-others-legal-notes
19.12 McLaren https://www.mclaren.com/technologygroup/privacy/
19.14 Porsche Cars Great Britain Limited https://www.porsche.com/uk/privacy-policy/
19.15 Rolls-Royce Motor Cars Limited https://www.rolls-roycemotorcars.com/en-GB/information/legal-information.html
19.16 Seat UK http://www.seat.co.uk/privacy-statement.html
19.17 Skoda http://www.skoda.co.uk/privacy-statement/
19.18 Smart see Daimler UK privacy notice link under clause 19.8
19.19 Volkswagen UK http://www.volkswagen.co.uk/privacy
19.20 Volkswagen Commercial Vehicles https://www.volkswagen-vans.co.uk/en/tools/navigation/footer/legal/privacy-policy.html
19.21 Volvo Cars UK Limited https://www.volvocars.com/uk/support/article
20. How to contact us or make a complaint
20.1 We have appointed a data protection officer who is responsible for overseeing data protection for the Sytner Group. If you have any questions about this policy, your rights under data protection legislation as set out in Section 11 (What rights you I have under data protection legislation) or the processing of your personal data generally you can contact us free of charge at any time by using the details below:
20.1.1 by completing this web based form
20.1.2 by sending an email to our Data Privacy & Compliance Team email@example.com
20.1.3 by writing to us at Data Privacy & Compliance Team, Sytner Group, 2 Penman Way, Grove Park, Leicester, LE19 1ST.
20.2 If you are dissatisfied with our use of your personal data or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office (ICO) www.ico.org.uk.
20.3 All companies within the Sytner Group are registered with the ICO as data controllers. You can see a list of all Sytner Group trading companies under Section 18 ‘Which Sytner Group companies are covered by this notice?’
End of Policy