BMG Autoparts Limited is a company based in the United Kingdom and we are committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR), the Data Protection Act 2018 and any related or subsequent UK legislation covering data protection, we are the data controller of the personal data covered by this policy.
This policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
This policy applies to our customers, potential customers (including pending customers applying for a customer account with us), suppliers, newsletters subscribers, and users of this website. This policy does not however apply to our employees, any job applicants, our workers or sub-contractors.
What type of personal data we collect
The type and amount of information we collect depends on why you are providing it. The information we collect when you contact us includes: First name, Last name, Job title, Gender, Date of birth, Email (for login), Address (including billing address), Postcode and Geo-location data (your geographical location based on your IP address).
How we collect Personal data
We may collect information from you whenever you contact us or have any involvement with us for example when you:
- correspond with us as a supplier or customer in the normal course of business;
- apply for a customer account for us;
- enquire about our goods or services (including making a spares request through our website);
- attend us in person and provide us with information;
- register for and receive our newsletter (including when you update your details);
- sign up for our loyalty card;
- visit our website
Where we collect information from
We collect information:
- from you when you give it to us directly: you may provide your details when you buy from us as a customer or supply goods or services to us as a supplier or otherwise ask us for information or contact us for any other reason;
- when you have given other organisations permission to share it: your information may be provided to us by other organisations if you have given them your permission. This might for example be a business working with us or when you buy goods or services from a third-party organisation. The information we receive from other organisations depends on your settings or the option responses you have given them;
- as part of the registration process for our newsletter, you will provide us with personal data so that we can create a record for you and send you marketing material in accordance with the preferences for which you have provided consent;
How we use your information
We will use your personal information in a number of ways, which reflect the legal basis applying to processing of your data. These may include:
- providing you with goods or services you have asked for;
- sending you communications with your consent that may be of interest, including marketing information about our services and activities;
- when necessary, for carrying out your obligations under any contract between us;
- seeking your views on the services or activities we carry out, so that we can make improvements;
- maintaining our organisational records and ensuring we know how you prefer to be contacted;
- analysing the operation of our website and analysing your website behaviour to improve the website and its usefulness.
Use of Aggregated Data
Where data can be aggregated (and anonymised), we may use this for research purposes without restriction. For example, we may monitor customer traffic patterns, site and services usage and related information in order to optimise users’ usage of the site and services and we may give aggregated statistics to a reputable third-party. We are entitled to do this because the resulting data will not personal identify you and will therefore no longer constitute personal data for the purposes of data protection laws.
Our legal basis for processing your information
The use of your information for the purposes set out above is lawful because one or more of the following applies:
- it is necessary for us to hold and use your information so that we can carry out our obligations to supply goods or services to you or to take steps you ask us to do prior to supplying goods or services to you;
- it is necessary to comply with our legal obligations;
- where the purpose of our processing is the provision of goods, information or services to you, we may also rely on the fact that it is necessary for our legitimate interests in relation to providing the goods, information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request;
- where you have provided information to us for the purposes of requesting information, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at firstname.lastname@example.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned;
How we keep your information safe
We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it. We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information. No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
Who has access to your information?
The following have access to your information;
- third parties who provide services for us, for example collecting or processing data and sending mailings. We select our third-party service providers with care. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do;
- third parties if we run an event or promotion in conjunction with them. We will let you know how your data is used when you register for any event or promotion;
- analytics and search engine providers that help us to improve our website and its use;
- third parties in connection with advising us in connection with operating our business such as accountants, lawyers, bankers, auditors, IT providers etc. In such event, we will take steps to ensure your privacy rights will be protected by the third party.
Owing to matters such as financial or technical considerations, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. (e.g. because it is stored on servers outside the EEA or we use suppliers based outside the EEA]. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a data processing agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
Keeping your information up to date
Please would you let us know if your contact details change. You can do so by contacting us at email@example.com.
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
The law states that we can store cookies on your machine if they are essential to the operation of the website, but that for all others we need your permission to do so.
The list below explains the cookies we use and why:
|Google analytics||Provide web developer with browsing behaviour|
Opting out of cookies
You should also be able to turn cookies off on your web browser if you do not wish to receive cookies from us or any other website. Please follow your browser provider’s instruction in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your PC or its installed web browser as a result of any attempt to turn off cookies.
How long we keep your information for
We will hold your personal information for as long as it is necessary for the relevant activity. When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the goods and services provided;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- any statutory or other legal obligations;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the processing activities that we carry out with your personal information through making a subject access request. Such requests have to be made in writing, and no charge is applicable except in very limited circumstances (which will be explained to you upon request). More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request, please contact us at firstname.lastname@example.org.
You also have the following rights:
- the right to request rectification of information that is inaccurate or out of date;
- the right to erasure of your information (known as the “right to be forgotten”);
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
- rights in relation to automated decision making and profiling including profiling for marketing purposes.
Updates to this policy
This policy will be updated regularly and was last reviewed on 22/11/18