We are Intercounty Truck & Van Limited who has made every effort to ensure the accuracy of the information contained in this site.
Intercounty Truck and Van Limited is a Licensed Franchisee of the Mercedes-Benz Dealer Network – Mercedes-Benz (GB) Limited.
Intercounty Truck and Van Limited is a wholly owned subsidiary of Ballyvesey Holdings Limited.
Whilst every effort is made to produce up to date products and specifications, this site should not be regarded as an infallible guide to our vehicles products and services, nor does it constitute an offer for the sale of any particular vehicle.
Intercounty Truck and Van Privacy Statement
Intercounty Truck and Van Privacy Statement
The Controller – Who we are:
We are IntercountyTruck and Van Limited.
Intercounty Truck and Van Limited is a Licensed Franchisee of the Mercedes Dealer Network –
Mercedes (GB) Limited.
Intercounty Truck and Van Limited is a wholly owned subsidiary of Ballyvesey Holdings Limited.
Data Protection in the Ballyvesey Group is administered by the GDPR Steering Group.
- Alan Thomson (Finance)
• James Darragh (Compliance & HR)
• Gordon Willis (ICT)
• David Andrews (Chief Information Officer)
All members of the GDPR Steering Group have received training on data protection and information security relating specifically to their responsibilities. In addition, at least one member of the Steering Group holds a General Data Protection Regulations Practitioner Certificate.
The steering group can be contacted by emailing: firstname.lastname@example.org
Or, alternatively by writing to: Data Protection, Ballyvesey Group, 607 Antrim Road, Newtownabbey, BT36 4RF
Categories of Data Collected:
To provide a service to our customers it is necessary to collect data. The data we collect may include, Public Data, Company Data, Third Party Data and Personal Data. Personal Data is protected in law by the General Data Protection Regulations 2018 and UK Data Protection Act 2018.
Processing of Data:
Client & third party data is collected if required to carry out the reasonable instructions of the client in the performance of the legitimate business interests of Ballyvesey Group. Client and or Third Party data may also be collected to meet any legal obligation place upon the controller by a statutory provision. These purposes may include, but are not limited to, the raising of orders, invoices and accountable record keeping, to produce revenue in the interests of the business, statutory taxation, prevention of fraud and criminal offences and protecting the company assets and revenues.
Who will receive the data:
For accountable record keeping, statutory obligations, and customer contact management, some data may be shared throughout other parts of the Ballyvesey Holdings Group wherein they process parts of the data on behalf of Intercounty Truck and Van. Data will only be provided to a third party where there is a legal obligation to do so, or the client requires us, in order to fulfil their operational requirements. Information may be provided to a Credit Reference Bureau when processing a credit history check.
The Mercedes Dealer Network
From time to time, we may share your Information within the Mercedes Dealer Network, to
maintain service and sales history. This may also be the case if Mercedes is not the manufacturer of your vehicle. Mercedes (GB) Limited have published their own privacy notice.
Ballyvesey Group, on rare occasions may be legally obliged to provide some information to other countries within EEA, such as Republic of Ireland etc. for border / custom controls and inter-state taxation. No data is transferred out of EEA at this time, if we facilitate a client request which requires this, we will discuss those obligations at that time.
In order to comply with the legal obligations of statutory provisions for taxation we will retain
relevant records for a period of seven years. In doing this we will practice data minimisation and only retain the actual data we will need to meet this requirement.
Ballyvesey Group undertakes to protect the rights and freedoms of all individuals whose data we process. We will uphold the principles in Article 5 of the General Data Protection Regulations, as directed by European Court of Justice and when applicable the rights provided under statute by any Act of the United Kingdom’s Parliament having gained Royal Assent from the Data Protection Bill 2018. We respect any individual’s right to:
- Submit a Subject Access Request for their personal data
• Request correction and/or deletion of inaccurate or incorrect personal data
• Object to our processing of their personal data, if our processing is not lawful, fair, nor
• Have us explain to you the impact of failing to provide, withdrawing consent, or objecting to
our processing of your personal data and the effects that may have
If you are still not satisfied that we have dealt with any complaint regarding your personal data, in a comprehensive and professional manner, you have the right to complain to the Information Commissioner’s Office (ICO).
To protect the legitimate business interests of the Ballyvesey Group, the results of a credit history check may be determined by automated decision making processes provided by the Credit Reference Bureau. If you disagree with the result, you can request that we humanly review that decision. Price comparison and limited customer profiling processes may be used to determine the best value for our customers and to maintain competitiveness in the market. We will endeavour to inform you as and when any further automated processes, other than those already stated, are used within the operation parameters of our business.
- The Controller – Who we are:
Ballyvesey Holdings Limited. Please consult document "Trading Companies" for individual entities.
- Data Protection:
Data Protection in the Ballyvesey Group is administered by the GDPR Steering Group.
- James Darragh (Compliance & HR)
- Gordon Willis (ICT)
- David Andrews (Chief Information Officer)
All members of the GDPR Steering Committee have received training on data protection and information security relating specifically to their responsibilities. In addition, at least one member of the Steering Committee holds a General Data Protection Regulations Practitioner Certificate.
The Steering Committee can be contacted by emailing: email@example.com
Or by writing to:
Data Protection, Ballyvesey Holdings Limited, 607 Antrim Road, Newtownabbey, BT36 4RF
- Lawfulness and Compliance:
Ballyvesey Holdings Limited undertakes to protect the rights and freedoms of all individuals whose data we process. We will uphold the principles in Article 5 of the General Data Protection Regulations 2016, as directed by the European Court of Justice and when applicable, the rights provided under statute by any Act of Parliament having gained Royal Assent including the Data Protection Act 2018, and any Amendment Bills or future Bills thereof. We recognise the authority of the Information Commissioner’s Office, the Surveillance Commissioner’s Office, the Police Authorities of the United Kingdom and Northern Ireland, the Criminal Records Bureau, The Health and Safety Executive, HM Tax Inspector’s Office and any other competent authority where they have relevance in these matters.
We acknowledge that the only law repealed by the General Data Protection Regulation 2018 is the Data Protection Act (UK) 1998 and that any other law introduced, or not repealed alongside this Regulation must also be recognised with equal authority, insofar as it has not been read down by any court of law to provide protection of the rights and freedoms conferred by the Regulation.
- How we gather personal data:
Throughout the Group information is gathered in the normal course of business. The information we collect may include Public Data, Company Data, Third Party Data and Personal Data. Personal Data is protected in law by the General Data Protection Regulations EC 2016/679 and the Data Protection Act (UK) 2018. Where personal data is collected or provided to us a relevant privacy notice will be available summarising the following:
- • who we are
- • who deals with our data protection
- • our purposes and legal basis for processing the personal data
- • our legitimate business interests in processing the personal data
- • who we may provide the personal data to
- • whether we transfer the personal data to another member state, or international country
- • the length of time we will keep the personal data
- • a summary of your rights and freedoms to the processing of your personal data
- • what may happen if you fail to provide / withdraw / object to the processing of the personal data, whether or not we process any personal data by automated means, including profiling individuals, or the existence of any monitoring of individuals.
Sources of personal data can come from individuals themselves, be provided to us by a third party where you have previously agreed the legitimate interest to do so, be obtained from public records, or a competent authority.
- Why we need personal data:
Most often personal data will be needed along with other information to allow the group to operate according to its legitimate business interests. Other times we are required to process personal data to comply with a legal obligation, or to fulfil the requirements of a legally binding contract already in place, or that we may intend to enter into. Our business model has no intended processing in the public interest, unless a situation may occur which would morally require us to do so, for example to comply with the Whistle Blowing Policy, or the Modern Day Slavery Act. In an individual’s vital interests, we may make a disclosure in an emergency where we believe they may be in threat of life or serious harm. Where processing is based on consent, we will obtain that consent and keep a record of doing so; you will have the right to withdraw your consent at any time, but this will not affect the legal standing of the processing that occurred prior to you exercising this right.
- Fairness and Transparency:
We will process personal data fairly and with transparency to the individual who owns the personal data. We acknowledge the right of an individual to submit a Subject Access Request for any personal data which we hold about them. We will advise individuals if we transfer their personal data to a previously un-notified organisation to process in the business interests. We will notify any affected individuals of a breach if we have suffered a theft, destruction or other loss of their personal data as soon as the facts are fully known and co-operate with ICO, whilst complying with the Regulation.
- Purpose Limitation:
We will process personal data for the purposes which we have stated. If we need to process personal data for a new lawful purpose we will be transparent and fair about this process.
- Data Minimisation:
We will restrict collection of personal data to that which we really need. We will not ask for any information which is unnecessary. Once personal data is no longer necessary we will responsibly destroy it, or return it to the individual who owns it. Where retention of data is required without the need to retain the personal data alongside it, we will use personal data anonymization and pseudonymisation to remove or disguise the personal element of the data.
We will take every reasonable step possible in the good practice of due diligence to ensure the accuracy of any personal data which we hold or process. Compliance checks, system auditing and staff training are carried out in order to minimise the risk and / or impact of inaccuracy in data generally. Where the personal data we hold is found to be incorrect an individual owning the personal data can request that we correct, rectify, erase or withhold it.
- Storage Limitations:
Personal data will only be retained for as long as it is necessary and where we have a legitimate business purpose, or a legal obligation to do so. If we are found to hold personal data unjustifiably the individual who owns the personal data can ask us to return, erase, or destroy it. A retention policy forms part of any privacy notice available when personal data is collected.
- Integrity and Confidentiality:
We will store and process personal data with the appropriate security and protect it from unauthorised or unlawful processing, accidental loss, destruction, or damage, as far as we possibly can, using appropriate and technical measures.
We train our employees with different levels of data protection and information security protocols appropriate to their job roles. The group use robust usage policies as part of the terms and conditions of employment and use investigative and disciplinary procedures to enforce compliance with these policies throughout all levels of the workforce. Background checks and references are sought from new employees, in addition to a requirement for them to prove their identity. Wherever possible we try and obtain a copy of a passport of new employees to prove their identity, or otherwise another document to ensure their right to work within the UK and reduce the risk of modern slavery by requiring the employee to be in possession of their own passport in a safe environment. Records will be kept of identity documents, references and qualifications to demonstrate compliance with the regulation.
Employees are required to practice a clear desk policy and lock screens when away from their computer. Group policy controls and login permissions are used to restrict access to relevant areas of software. Password enforcement is used to ensure complexity and frequent changing of passwords. Employees’ requirements to remotely access systems with a work laptop from home or another location are subject to risk assessment based on needs, training and risks. If granted, remote access is through a Virtual Private Network (VPN) encrypted end to end using 256 bit technology. Employee permissions can be restricted or revoked if abused and access to systems removed completely when an employee leaves the group.
Electronic systems throughout the Group use our own servers located in premises owned by the Group. Backup systems shadow and mirror the live service in alternative locations and can be switched over with minimal effort as part of our disaster recovery plan (DRP). A DRP is in place for all electronic systems and its deployment is under the control of the GDPR Steering Committee, at least one Member of which has direct authority over our IT systems. Electronic Systems are supported by our internal ICT division which forms an integral part of the Group. Support is provided by a team of professionals both within a dedicated ICT control room and field operatives in situ at locations throughout the Group.
In addition to physical security present at hosting and support locations, access to premises is controlled by coded doors and / or swipe systems including biometrics at selected points. All server rooms are secured with appropriate locking mechanisms. Systems are monitored by multi-layer firewall protection, anti-virus systems, access control systems, and Group Policy settings. Incoming and outgoing mail is monitored and filtered, access to USB ports restricted, redundant hardware including drives are stored securely until dismantled and destroyed.
Portable devices such as laptops, tablets and smartphones are encrypted, secured with pins and passwords and anti-loss technology.
Physical files containing personal data are kept in locked areas, in fire resistant cabinets with restricted access. Any confidential waste records containing personal data are placed in locked letterbox bins until they can be shredded. Shredding is regularly carried out on site by a security cleared contractor under strict conditions.
- Controllers and Processors:
Any division within the Group processing personal data at the point of contact is a "Data Controller"
Any division within the Group sharing personal data, or accessing shared personal data within the group is a "Controller in Common"
Any division within the Group processing personal data on behalf of another division within the group is a "Data Processor"
Any party processing personal data on behalf of any division within the group, if in itself it is not part of the group, then they are a "Third Party Processor"
Where a third party processor is used, individuals to whom the personal data belongs will be informed that their information has been provided to the third party. If this action is underpinned by a legal obligation or a legitimate business interest, then consent is not required, providing that adequate safeguards are in place to ensure the processors meet the required compliance of the GDPR. As part of the adequate safeguards, the group requires all third party processors to enter a legally binding contract to ensure compliance with GDPR and protection of the rights and freedoms of the individuals, to whom the original personal data belongs. Any Controller – Processor contract is in addition to any other Service Level Agreement in place (SLA).
- Review Policy:
The GDPR Steering Committee meets at regular intervals of at least once per calendar month, or more often if needed. Any current business is dealt with at that time. Reviews of policies and procedures are part of the normal business of the Steering Committee’s activities and they continue to make improvements as required to maintain compliance with all regular laws.
- Rights and Freedoms:
Individuals have the right of subject access to, and to be provided with a copy of, any personal data we hold. This request can be made using contact information provided at point 2 above, however the request must be in writing. It must provide enough information to identify the data subject and satisfy the Controller (us) of the applicant’s identity. Sufficient information to the specific nature of the request, and if known, the location of the information, should be made clear in the content to avoid any unnecessary, disproportionate effort in providing the personal data. We will then be required to respond within one month.
If the subject believes that the personal data we hold is incorrect, they can ask us to rectify it. Proof may be required to enable us to do this, otherwise a note may only be added to state that the information is in dispute.
If the subject believes that we should not have the personal data, because it is unnecessary, beyond the agreed retention period, or that the data has been unlawfully processed or obtained, then they can ask us to erase or return the personal data.
Where any personal data is processed based on the reliance of consent and no other legitimate purpose can be justified, then the subject can withdraw their consent for any future use of the personal data.
If an individual is unhappy about the way the GDPR Steering Comittee deal with their rights and freedoms they can complain in writing to:
Chief Executive Officer
Ballyvesey Holdings Limited
607 Antrim Road
The Chief Executive Officer or his nominated deputy will carry out an investigation and review of the circumstances and advise them of the findings along with any recommended actions within one month.
If the individual is still unsatisfied with the response of the Company Secretary, or in fact at any other prior stage of the process, they can submit a report to the Information Commissioner’s Office.
1 ABOUT THIS POLICY
1.1 We appreciate your interest in our products and services and your visit to this website. Your privacy is important to us and we want you to feel comfortable with how we use and share your personal information.
1.2 This policy sets out how the ultimate parent company of the Daimler group Daimler AG and the companies within the Daimler Group that are based in the UK handle your personal information, including when and why it is collected, used and disclosed and how it is kept secure.
1.3 You will find our contact details at the end of this policy which you can use if you have any questions, including how to update or access your personal information or to make a complaint.
1.4 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes. Please see further Changes to this policy in Section 11.
1.5 This policy was last updated on 18 December 2017.
2 WHO WE ARE
2.1 Daimler Group in the UK is made up of numerous individual companies. For further details, including a full list of these companies, please visit About Daimler Group in Section 13. Whenever you deal with one of these companies, the ‘controller’ of your personal information will be the company in our group that you are interacting with or with whom your information has been shared. A ‘controller’ is a company that decides why and how your personal information is processed.
2.2 Where this policy refers to "we", "our" or "us" below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal information.
3 HOW AND WHAT PERSONAL INFORMATION WE COLLECT
3.1 We may collect and process the following personal information about you
Personal information you give to us: This is information about you that you give to us by entering information via our websites or our social media pages or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give to us includes your name, contact details (such as phone number, email address and address), enquiry details and your opinion of our products.
Personal information we collect about you: We may automatically collect the following personal information: our web servers store as standard details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and, for security reasons, e.g. to identify attacks on our website, the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies in Section 9.2 for further information. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include Daimler group companies (Section 13) or other third party companies; the personal information received is as described in the two paragraphs above.
information in any of these ways at any time. Please see Withdrawing your consent in Section 8.4 for further details.
3.2 Please see further How we use your personal information in Section 4 for details of the purposes for which we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.
4 HOW WE USE YOUR PERSONAL INFORMATION
4.1 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
- to share your personal information with our authorised dealers to arrange test drives or where you have requested a call back;
- to supply brochures and other material you have specifically requested from us;
- to contact you via email, text message, post or telephone with marketing information about Mercedes-Benz and Smart vehicles and other products and services (see Marketing section below for further details);
- to share your personal information with our authorised dealers or our recommended third party partners for them to contact you with marketing information about their products and services. Please see the Marketing section below in this policy to find out more about these third parties; and
4.2 You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 8.4 for further details.
4.3 Where required to perform a CONTRACT with you
We may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes:
- To exchange information for warranty/aftersales;
- To allow for the provision of third party breakdown services by our breakdown provider;
- If you take a finance or lease agreement with Mercedes-Benz Financial Services UK Ltd – see also section 14;
- If you take insurance cover or premium financing via Daimler Insurance Services UK Ltd – see also section 15;
4.4 Where it is in your VITAL INTEREST
We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.
4.5 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations including: (i) to assist HMRC, the Police, the Driver and Vehicle Licensing Agency (DVLA) or any other public authority or criminal investigation body; (ii) to identify you when you contact us; and (iii) to verify the accuracy of data that we hold about you.
4.6 Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- for analysis, and profiling to inform our marketing strategy, and to enhance and personalise your customer or visitor experience;
- for market research in order to continually improve the products and services that we and our authorised dealers deliver to you;
- to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes;
- for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms;
- for the prevention of fraud and other criminal activities;
- to undertake credit checks for finance;
- to correspond and communicate with you;
- to create a better understanding of you as a customer or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- for general administration including managing your queries, complaints, or claims, and to send service messages to you.
5 OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
5.1 Group companies
We may share your information with other companies within the Daimler Group. They may use your personal information in the ways set out in How we use your personal information in Section 4, in connection with products and services that complement our own range of products and services, for example finance or insurance products.
Please visit About Daimler Group in Section 13 for the details of our group companies with whom we may share your personal information.
5.2 Our suppliers and service providers
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
5.3 Authorised dealers in our network
We may share your information with other companies within our Authorised Dealer Network. They may use your personal information in the ways set out in How we use your personal information in Section 4 or in connection with products and services that complement our own range of products and services, for example finance or insurance products.
5.4 Third parties who provide products and services
We work closely with various third parties to bring you a range of products and services which are complimentary to ours.
When you enquire about or purchase one or more of these products or services through us (e.g. via our websites), the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them.
5.5 Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers.
However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
6 WHERE WE STORE YOUR PERSONAL INFORMATION OUTSIDE THE EEA
6.1 All information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our group companies are incorporated in a country outside of the EEA or if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK.
6.2 If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
6.3 If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
7 HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
7.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
7.2 We do not retain personal information in an identifiable format for longer than is necessary.
7.3 We may need your personal information to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in How we use your personal information in Section 4.
7.4 The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this section 7, or because we are required under the law (see further Erasing your personal information or restricting its processing in Section 8.6);
- and in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
8 YOUR RIGHTS
8.1 Your ‘data subject’ rights:
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
8.2 Accessing your personal information
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
8.3 Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
8.4 Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information in Section 4, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
8.5 Objecting to our use of your personal information and automated decisions made about you.
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information in Section 4, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
You may also contest a decision made about you based on automated processing by contacting the data protection department.
8.6 Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information in the following situations:
- where you believe it is unlawful for us to do so,
- you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
8.7 Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under Section 4 How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
8.8 Complaining to the UK data protection regulator
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
9 SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
9.1 Security measures we put in place to protect your personal information
All companies within the Daimler Group use technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
9.2 Use of ‘cookies’
‘Cookies’ are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit. Information on the cookies that we use and their features can be found in the cookies section.
9.3 Links to other websites
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
9.4 Social plugins
We use so-called social plugins (buttons) of social networks such as Facebook, Google+ and Twitter.
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless and until you activate the respective button there as well.
If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
10.1 We may collect your preferences to send you marketing information directly from us by email/SMS (where applicable) including:
- if you register an account with us online; or
- if you book a test drive or request a call back.
We will only do so if you have consented to receiving such marketing information directly from us.
10.2 We may contact you with targeted advertising delivered online through social media and platforms (operated by other companies) by using your personal information, or use your personal information to tailor marketing to improve its relevance to you, unless you object.
10.4 If you opt-in to receiving marketing from our recommended third parties, you will receive marketing from the third parties listed in the table below via your preferred communication methods indicated by you:
10.5 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.