GDPR will apply to all EU states from the 25th May 2018.
GDPR is an EU regulation which has two main drivers:
Flexigo Cars UK Ltd has always adhered to the current Data Protection laws and regulations set out for the use of personal data. GDPR means that we are having to change a number of our process, policies and contracts. This page/document outlines what we have put in place at Flexigo Cars UK Ltd to ensure that we are fully compliant with the new GDPR regulation from the 25th May 2018.
In summary, two things:
A Data Controller states how and why personal data is processed. Flexigo Cars UK Ltd has two Data Controllers and we will be more than happy to provide names should you have a valid request. Please email email@example.com asking for the name of your Data Controller. We have different Data Controllers for different office locations.
A Data Processor is the individual at Flexigo Cars UK Ltd who is processing the data. All of our team who are in a sales, operations, finance and marketing roles can process data at Car Leasing.
The duty of our Data Controller is to ensure that our processors abide by the law and our processors must abide by these rules and maintain records of their processing activates.
Our Data Controller must ensure that data is processed lawfully (see below “What is Lawful?”), is transparent and used for a set purpose.
Once this purpose has been fulfilled and the data is no longer required, it then needs to be deleted from our systems.
All our company details on our website, https://flexigocars.uk. At the footer of the home page, we list all of our corporate information including our parent company.
Firstly, a person has consented for us to have their personal data and to process it.
Secondly, collecting the data is in our legitimate interest, such as preventing fraud.
We ask you to submit your name and email address when requesting a quotation. Once you receive the quotation you are then asked for our consent to retain your name and email address for a reasonable time. This then records the data and time your consent was given.
The date you have clicked and submitted to the Flexigo opt-in box.
Flexigo Cars UK Ltd Ltd works with finance companies and dealerships in the UK. You may be a prospect that is looking for finance, an end user customer of ours where we have arranged a finance facility for a vehicle.
You are giving us consent to market to you no more than once per month and also to communicate about business opportunities we may be working on.
We require consent for our own “Know Your Customer” (KYC) requirements, to reduce fraud and malpractice in our sector. We also need to maintain a commercial relationship over time with all our stakeholders to ensure that we can supply appropriate services and products to you.
Via an opt-in box either on this website or via an email we have sent you.
You have the right to withdraw your consent for us to hold your data at any time. You do not have to offer a reason for this.
Once we have received notice from you to withdraw consent to hold your data, your details will be removed from our system and marketing lists within seven working days.
To remove your consent for us to hold your data, please email firstname.lastname@example.org
Yes, our records will provide history by the individual, not the company or organisation they represent.
We expire consent seven years after it has been given. This period of time is due to companies undertaking lease contracts that can be five years in duration. We have allocated a year prior to a contract potentially being completed and one year after the agreement end.
Personal data could relate to economic, cultural and mental health information on yourself. We do not hold any of this data.
Profiling means any form of automated process of personal data to evaluate certain aspects relating to a person to analyse and predict their interest, behaviour, health and location. At Flexigo Cars UK Ltd, at time we collect information on:
Flexigo Cars UK Ltd will not sell your personal data to any third parties without your written consent.
Finance companies that offer leasing and finance facilities. Even then, this will only be done at a time when we are looking at a specific business opportunity or when we have been requested this information due to a dispute, default or problem in general.
Motor dealership When arranging a vehicle delivery we will need to provide a name, address and contact number
Holding of “Special Personal Data” also known as “Sensitive personal Data.”
This relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and health or sex life.
Flexigo Cars UK Ltd does not hold or collect any of this data.
Passports, driving Licences or utility bills do not form part of sensitive data.
Where information on the data subject/customer is obtained from a source other than the data subject/customer, what that source is.
There will be instances where we obtain data from a third party. Often, this is where a supplier we deal with passes up information on a prospect they are working with. We will data load and keep this information to help in obtaining a credit acceptance as long as the information is appropriate to our needs. Should you request it, we will be more than happy to disclose what information we hold and the third party we received it from.
Soft opt-in is a term used to allow us to communicate with an individual even though they have not actually opted in as from the 25th May 2018. An individual could be a prospect, customer or supplier with whom we have spoken to about leasing. Under the soft opt-in rules, we are allowed to communicate with this individual via email as long as the subject matter is related to leasing and asset finance.
The soft opt-in ruling can be deemed to be ambiguous. We have interpreted this section under the new GDPR rules that we can communicate with individuals via their personal email account or mobile phone if we can clearly demonstrate we have communicated with them in the past about a relevant subject matter.
Board of Directors – The directors have been fully briefed on GDPR and have appointed Data Controllers internally.
Training – All our existing staff will go through a one-day GDPR training course as a minimum, there being a refresher course on a yearly basis.
Company mobile phones/Tablets – All company mobile phones are password protected and can be remotely wiped.
Company laptops – All laptops are password protected. They are hidden when in a vehicle and locked away if ever stored overnight at an office. All laptops and internal desktop computers can be remotely wiped.
Personal Data – Our Customer Relationship Management (CRM) system, Word, Excel, Outlook are all stored in the cloud via a Microsoft Office 365 storage facility as opposed to the computer drive.
Downloading of data – The bulk downloading of data from our CRM system has been changed so that only Data Controllers can undertake this process. Excel spreadsheets are then deleted when not needed.
Printed material – We are a paperless office where required. Once printed matierial has been dealt with it is scanned into our systems and securely shredded or destroyed. All documentation that can hold personal data is stored on our CRM system
CRM system – This is security protected (https://) The data is help offsite in a data centre and backed up every day. All employees have an individual login and a passcode that changes on a daily basis. Only current employees of our company have access to this system.
Personal data – We have historically been storing personal information on a small number of individuals. For example, home address, partners details (wife, husband etc) children’s names and personal interests (rugby, football, cricket etc.) All this information has been deleted from our CRM system.
The GDPR includes the following rights for individuals:
You can remove consent, for any reason at any time by emailing email@example.com
Should you have any questions regarding GDPR and your data at Flexigo Cars UK Ltd, again, please email firstname.lastname@example.org and a Flexigo Cars UK Ltd Data Controller will get back to you within two working days.
We take data security very seriously and use best endeavours to ensure the systems and procedures we follow provide us with a high level of data security. Should a data breach occur, we will analyse the situation and report it to the necessary authorities and communicate with any individuals that may have been affected.
Car Leasing look to report this information to the Information Commissioner’s Office with 48 business hours and communicate with any individual affected within 72 hours.
We hope that you will not find it necessary to file a complaint against our company with reference to Data Protection. Should you feel it appropriate, you will need to contact:
Organisation Information Commissioner’s Officer
Website address www.ico.org.uk
Telephone You can call their helpline on 0303 123 1113
Who are the ICO? The ICO are the UK’s independent authority set up to uphold information rights in the public interest promoting openness by public bodies and data privacy for individuals.