Document updated: 11/01/2019
All Car Leasing and the Eurocar Group Limited take personal data and ; how we acquire it, how we store it and the security of that data very seriously. As such we have put numerous steps in place to treat it with care and have provided this document to provide transparency on how we work towards this goal with your data.
From the onset, we train every single member of staff on the importance of data consent and security so that it’s a core part of how we run our business. As part of that training we educate and hold regular refresher courses on data and our requirements to be GDPR compliant. We have broken this document down to make it easier to read.
We will never share your data with anyone other than with selected GDPR compliant finance companies and dealerships to facilitate an order. Your details will not be shared with any unauthorised third parties for marketing purposes, ever. We will also seek your consent on more than one occasion at various stages of an order to ensure you are aware of what we need, why we need it and for you to give or refuse consent if you choose to.
If you have any questions in regards how we handle your data then you can contact our data protection officer at:
dp [at] allcarleasing.co.uk
01565 880 880
GDPR stands for General Data Protection Regulation and it is a law introduced on the 25th of May 2018 which helps to protect people and businesses’ personal data offline and online by regulating the businesses and peoples that use and hold that data. The GDPR aims primarily to give guidance to citizens and residents over their personal data and how organisations handle and collect it. It will simplify the regulatory environment for international businesses by unifying the regulation within the EU.
The GDPR is EU legislation and has been adopted in the UK under the Data Protection Act of 2018.
Personal data refers to information which could be used to identify an individual. For example, a name or an address can be used to identify.
Do you need this data? – How/why we share it
Your personal data is essential for us to provide a service. Without it we simply can not do our job.
The finance partners will be unable to form a finance decision without a proposal.
We will only share your information when:
• You have given your consent
• It is essential for us to provide the service
• In order to seek professional advice (i.e legal)
• To help investigate potential criminal behaviour
• The law requires us to share it
• Regulators and/or a government body requires the information
• Duty bound as a public service to share it
Consent is a legal basis and should not be relied upon as part of financial decisions.
From time to time, we may need to share your information with third parties which falls in the same realm as “it is essential for us to provide the service”. An example of such a situation is disclosing your address to the delivery company who are transporting your vehicle. These third parties may not necessarily be data controllers or data protection officers but will work for a company bound by the GDPR.
A list of data controllers your information may be shared with are:
• Credit reference agencies
• The finance provider
• The supplying dealer
• Claims handling and fraud agencies
• Insurance companies
• Your personal data may be used to progress the enquiry further and to process your order. It will never be used for any other reason. Your personal data may be passed on to the finance company only when consent is given (which can in the future at any time be withdrawn) and only when if you agree to proceed with a finance company.
• If you have consented and have ordered a vehicle then your data may be used for in-life contract services such as service reminders, extension reminders, and end of contract notifications, etc.
• Your data may be used for marketing purposes if you have opted in or receive them and given explicit consent.
• It is a legal requirement for All Car Leasing to maintain the accuracy of the data stored and as such you may be contacted to confirm your details after a reasonable amount of time.
What personal data does All Car Leasing gather?
If a customer is making an enquiry we will collect basic information to process the enquiry such as name and contact details.
From time to time, we may use Facebook to create adverts. As it's not our own platform under our control we do not divulge any personal information nor we do we facilitate financial proposals on the network. Instead we instruct customers to leave details for us to process the enquiry.
Facebook is a third party platform and any questions regarding Facebook itself or how they treat your data please get in touch with Facebook themselves. We do not control any aspect of Facebook nor the places where our advert may or may not appear. Use of Facebook is at the user's risk.
The sharing of details is optional and voluntary. Any shared details will be kept secure and follow the same data protection policies listed in the rest of the document, your data is safely transferred to our internal CRM system. We will assume consent as a legal basis is given from the actual act of the customer sharing details.
If a customer wishes to proceed with an order then All Car Leasing may collect personal information to aid with a financial application which may include full name, address history, some basic financial information for a credit check.
The finance proposal form will once again ask for consent and we will never assume consent to progress from one stage to another.
To be clear, the data we may need for the purposes of processing an order and details we may keep are:
• Titles and Salutations
• Names - First name(s), middle name(s), surname(s), company name(s) and former name(s)
• Address – Current and previous address in full
• Email address(es)
• Date of birth
• Contact number(s)
• Employment details – Current employment and previous employment of at least 3 years
• Monthly income and expenditure (applicant and applicant’s partner)
• Bank details (account number, account holder, sort code, name of bank)
• VAT ID (VAT registered businesses and individuals)
Refusal to consent or provide required personal information will result in the termination of the application, this does not include the deletion of your details for previously given consent unless specified at the point of termination.
If you have chosen to opt in for our marketing communications, you may from time to time receive marketing communications such as email newsletters or telephone calls.
Every visitor and customer is automatically opted OUT as a default and opting in is optional. If you have opted in the past or you can not remember if you opted in and no longer want to receive any marketing communications, then you may do so at any time.
To opt out, you can click the unsubscribe button on the bottom of our marketing emails, you can email dp[at]allcarleasing.co.uk to be opted out or you can call 01565 880 880 to be opted out.
Please note that opting out of marketing emails does not mean all of your personal information is removed as marketing details and customer details are treated separately within one primary account – to remove all of your details please refer to our ‘You have my data and I want you to remove it’ section.
For marketing communications we may gather basic information such as:
• Titles and Salutations
• Names - First name(s), middle name(s), surname(s), company name(s).
• Email address(es)
• Telephone numbers
How is your data stored
Our digital information is stored locally and in data centres around the globe with multiple factor security through encrypted connections at each centre.
Any access to our data is always through an SSL/TSL (Secure sockets layer/transport layer security) and access to data is only given to authorised members of staff under the supervision and always behind a user name and password which is changed every month. (This also implies that salesforce and MailChimp etc, change their password monthly too.)
Access is reviewed once a month by a data controller. This review includes checking for any redundant and unused users and a check for any unusual activity.
We store personal data of customers who have ordered vehicle(s) and entered into a contract with us and a finance company. We keep this data for in-life contract purposes and to fulfil our legal obligations to help prevent crimes such as fraud.
All of our records are deleted automatically after 6 years from the date of contract termination including when applicable extensions providing the information being given to us and the information is no longer needed. This data is deleted via a secure computer for digital and shredded on site at the same time.
If the information is still needed the information will continue to be kept until they become unnecessary for 6 years. You will be notified via the email we have on record when this is the case.
Our physical records are kept in a secured room behind a lock and key which is only openable accessible by a senior member of staff (a data controller) under supervision.
All Car Leasing may gather two types of personal data:
• Personal data for marketing purposes;
• Personal data in order to process an enquiry through to an order.
All of our personal data will be gathered directly from you and will never be acquired any other way.
At every stage the customer can review and decide on whether to give consent for us to use this information.
All Car Leasing will never use your data without consent and will never use the data for any other reason than to process the request.
If you do not want to share your personal data then please do not give your consent on any of the forms or over the phone or over any other communication medium. However, we must note that we will be unable to help you without it.
However, cookies do not hold personal information and can not be used to identify any individuals.
You may turn off cookies on your browser if you wish to not be tracked whatsoever. Please refer to your browser’s guide to find out more, we are unable to control your cookies or cached files and images for you.
You have my data and I want you to remove it
We are duty bound to offer a ‘right to be forgotten’ service. If we have had your data in the past and now you want it removing, please call 01565 880 880 to speak with our data controller and also send an email to dp[at]allcarleasing.co.uk. Your details will then be removed permanently after a reasonable amount of time.
Please note, we are only able to delete your data from the database we control and have access to ourselves. We are unable to remove your data from the third parties including funders and dealers and they who will need to be contacted separately.
Third party contact details and their data controller details will be provided upon request.
If, however, you are a customer of ours with a contractor have had a contract with us in the last 6 years we must keep a hold of the data to fulfil our legal obligations in relation to that contracts for reasons such as fraud prevention and in-life services. However, this data will be held and only used for those purposes and not for marketing or any other reasons.
We are duty-bound to notify all of our customers in the event of a breach as well as the ICO.
You have a legal right to request access to a copy of the personal information we hold about you. This request and the information sent is free of charge. However, we have the right to refuse or charge a fee of £10 inc VAT if the request is unfounded, excessive or repetitive.
The information provided will be in a structured and machine-readable form which is typically universally openable by most modern devices.
To make a request please send it in writing, verbally or via email to:
All Car Leasing
Mobberley Station House
T: 01565 880 880