- Quote forms, telephone calls, e-mails and other communications with us, as well as other third parties involved in our business dealings with you collectively referred to as the “Services”.
1.1 WHO TO CONTACT ABOUT YOUR PERSONAL DATA
If you have any questions about our use of your Personal Data you can contact our Data Protection Officer by email here: firstname.lastname@example.org
2.0 PERSONAL DATA WE COLLECT & PROCESS
Personal Data collected about you may include:
General identification and contact information
- Your name, address, email and telephone details, gender, date and place of birth, vehicle registration number, make and model
Financial information and account details
- Bank account number and account details.
- Recordings of telephone calls to and from our staff and offices.
Information enabling us to provide our services
- Location and identification of property (for example, property address, vehicle license plate or identification number)
- Travel arrangements including reservation numbers, destination and hotel details
- Marketing preferences and customer feedback
- You may let us know how you want to be contacted (e.g. by email, phone or post)
Marketing preferences and customer feedback
- You may let us know how you want to be contacted (e.g. by email, phone or post)
2.1 HOW WE USE YOUR PERSONAL DATA
We use this Personal Data to:
- Communicate with you and other interested parties to manage our services.
- Send you important information regarding our services and other administrative information.
- Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
- Carry out market research and analysis, including satisfaction surveys.
- Manage our business operations to comply with internal policies and procedures, including those relating to auditing finance, accounting and billing, IT systems, data and website hosting, business continuity, document and print management.
- Resolve complaints, and handle requests for data access or correction.
- Comply with applicable laws and regulatory obligations (including laws outside your country of residence),
- Protect our business operations, our rights, privacy, safety of employees and property
We will only process Personal Data for the specific purposes set out above or for any other purposes specifically permitted by the data protection legislation. We will notify you of those purposes when we first collect the data or as soon as possible thereafter.
We may, as a matter of law, and without requiring notice or consent, use your information for crime and fraud prevention, or systems administration within Vint-tro and to monitor and/or enforce Vint-tro’s compliance with any regulatory rules and codes.
For Personal Data to be processed lawfully, they must be processed on the basis of one of the lawful bases set out in the Regulation. These include, among other things, the data subject’s consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for compliance with a legal obligation to which the data controller is subject, or for the legitimate interests of the data controller or the party to whom the data is disclosed. When sensitive Personal Data is being processed, additional conditions must be met. When processing Personal Data as data controllers in the course of our business, we will ensure that those requirements are met.
2.2 NOTIFYING DATA SUBJECTS
If we collect Personal Data directly from you as the data subjects, we will inform you about:
- The purpose or purposes for which we intend to process that Personal Data.
- The types of third parties, if any, with which we will share or to which we will disclose that Personal Data.
- The means, if any, with which data subjects can limit our use and disclosure of their Personal Data.
- If we receive Personal Data about a data subject from other sources, we will provide the data subject with this information as soon as possible thereafter.
Where we are the data controller with regard to that data we will inform data subjects who our Data Protection Officer is, and how you can exercise your rights as a data subject, including the right to object to the processing of your Personal Data when it is processed based on legitimate interests.
2.3 SHARING OF PERSONAL DATA
Vint-tro may make Personal Data available to the following parties for the purposes of supplying our services or as required by law:
- Insurer, other insurance and distribution parties
- We may make Personal Data available to third parties such as appointed services providers, distributors, financial institutions and other business partners
- Our service providers
- External third-party service providers, and other outside professionals
- IT systems, support and hosting service providers, document and records management providers and outsourced service providers that assist us in carrying out business activities.
- Other Third Parties
- We may share Personal Data with retailers and providers; travel carriers; and other people involved as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business.
We may also anonymise, aggregate or combine any of the information we collect to analyse trends and provide statistical data to assist with forward planning of business operations.
2.4 SECURITY OF PERSONAL DATA
We will take all appropriate, technical, legal and organisational measures, which are consistent with applicable privacy and data security laws to safeguard your Personal Data. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us.
Where we provide Personal Data to a vendor, the vendor will be selected carefully and required to use appropriate measures to protect the confidentiality and security of your Personal Data.
2.5 ACCURACY OF DATA
2.6 RETENTION OF PERSONAL DATA
2.7 PERSONAL DATA OF OTHER INDIVIDUALS
If you provide Personal Data to us regarding other individuals, you agree:
2.8 OTHER INFORMATION WE COLLECT
“Other Information” is information that does not reveal your specific identity, such as:
- Information collected through cookies, tags and other technologies
We and our third party service providers may collect “Other Information” in a variety of ways, including:
- Using cookies: cookies are pieces of information stored directly on the computer you are using and you can find further details in our cookies policy that is available on our website.
2.9 THIRD PARTY WEBSITES
3.0 CONSENT TO USE OF PERSONAL DATA
3.1 WHAT WE DO
The use of your Personal Data depends on the type of service we are providing and your relationship with our organisation. It may also be governed by the contract we have with the party for whom we are acting.
Our principal business activity is introducing car/vehicle related services and products including Insurance. In the majority of arranging our services and activities, we need to process Personal Data.
3.2 PERSONAL DATA
Personal Data means information relating to an individual.
Processing Personal Data means operations (automatic or otherwise) such as collection, recording, adapting, altering, consulting, using, disseminating, transmitting, making available, storing, erasing or destroying the data.
3.4 DATA CONTROLLER
A data controller is the organisation that alone or jointly with others determines the purposes, conditions and means of processing your Personal Data. Depending on our relationship with you or the relationship we have with your service provider, Vint-tro can be the controller of your data and sometimes the processor.
3.6 REQUIREMENTS FOR YOU TO PROVIDE DATA
If you do not provide us with your Personal Data we will not be able to provide you with our services.
3.7 PURPOSE OF PROCESSING
The intended purpose of processing your Personal Data is to be determined by what service or product you are interested in Vint-tro supplying.
The processing is generally needed to validate:
- Details of you, your address and contact number
- Details of your vehicle
- Details where payment is subject, such as your bank account or payment cards
- Any matters that may be relevant to purchase a service or product. I.e you body size and gender
The manner in which we process data is generally governed by the contract under which we are appointed. We will not process your data for other purposes without obtaining your prior permission unless permitted or required by law.
3.8 SOURCES OF PERSONAL DATA
At the outset of a requested service or purchase, we usually receive basic information about you from you, depending on the type of service or purchase you have made.
3.9 TYPES OF PERSONAL DATA
The data we gather about you largely depends on the type and nature of the service or product you wish to have or have already purchased. These include:
Name, address, age, occupation, lifestyle, internet profile, social media, credit status.
4.0 RECIPIENTS OF YOUR PERSONAL DATA
When acting for another party, we will only pass your Personal Data to them or their agents. However, we might also need to share Personal Data or at least some of it, with other parties involved with the service.
We might also disclose certain data where this is needed to assist other parties involved with supplying the services.
4.1 AUTOMATED PROFILING AND DECISION MAKING
As part of the services we provide, we may need to analyse or process your Personal Data automatically to indicate the best way of delivering the service or product. However, any such profiling that concerns you or similarly affects you, will not be relied on exclusively without human intervention or taking other factors into consideration.
4.2 YOUR RIGHT TO RECTIFICATION
You have the right at any time to correct any inaccurate Personal Data we hold about you. We also want our records to be as accurate as possible so please advise us of any errors. However, please note that a difference of opinion or view is not necessarily inaccurate data and changes might not be possible. However, should you wish to express your own views, please provide details or a statement and we will add them to our records. Where this is required, please communicate the corrections or supplements.
4.3 ERASURE AND YOUR “RIGHT TO BE FORGOTTEN”
You have the right to have your data deleted when it is no longer needed, which is known as the “Right to be forgotten.” However, we may have an obligation to keep records for audit, regulatory and/or legal purposes.
To meet these obligations, we keep records for specified by those we are acting for. However, in certain circumstances we may be able to “Restrict Processing”. We might also be able to delete specific data or a document, for example where it has been sent to us in error and this will be done without undue delay.
4.4 YOUR RIGHT TO WITHDRAW CONSENT
You have a right to withdraw consent and object to processing your Personal Data in many circumstances. Should you wish to exercise your right, please put this in writing (email is acceptable) to us and we will act under “Erasure and your Right to be Forgotten.”
4.5 YOUR RIGHT TO OBJECT TO PROCESSING
The law gives an individual the right to object according to their particular situation, where we are processing their data:
- Solely on the basis of legitimate interests pursued by us or a third party (Please note that the right to object does not apply if we are processing your data for the performance of a contract).
4.6 RIGHT TO RESTRICT PROCESSING
When requested we will restrict processing where:
- You contest the accuracy of the Personal Data that we are processing. However, please note that:
- a difference of opinion or view is not necessarily inaccurate data.
- the restriction will only apply to the Personal Data in dispute rather than all the information we hold. When a restriction is put in place, we will not process the data in question other than to resolve its accuracy during which time the restriction will be noted on our system.
In each case we will inform you before any restriction is lifted. However, please note the following:
- Even with a restriction in place, we are still allowed to store data and process it for the establishment, exercise or a legal requirement.
- A restriction only applies to Personal Data and we are allowed to continue processing others, for example, we still have to conclude or stop tasks already instigated such as correspondence with our service providers and payments to suppliers which you may then have to complete.
- We will not be responsible for any delay caused by unnecessary restrictions imposed by you
4.7 YOUR RIGHT TO ACCESS DATA
Under the GDPR, you have a right to receive your Personal Data by making what is known as a “Subject access request” or SAR. In most cases, the information you want should be available without the need for making a formal SAR by making a request to us in the first instance. This will avoid possible delay of a formal SAR where the GDPR allows us a month to respond which may be extended by a further two months in complex cases.
Please also note that when responding to a SAR we are not obliged to provide data or a third party who has not given permission for it to be released. In certain circumstances, we might also be bound by confidentiality not to disclose information. Therefore, certain data might be withheld depending on the situation and the nature of the service purchased.
Should you wish to pursue a formal SAR, please inform us by email immediately. Alternatively, the request can be directed to the relevant Data Protection officer at Vint-tro. In certain circumstances, your request may have to be redirected to an organisation we are acting for (where they are the data controller), in which case we will advise you their contact details.
If you submit a SAR, we will advise you of the next steps within one calendar month.
4.8 TELEPHONE CALL RECORDING
Please be aware that our organisation may record telephone calls for training and security purposes.
Call recordings will be retained for limited periods depending on the service being provided, any particular contractual requirements with those we are working for and the technical facilities in place.
4.9 RIGHT TO COMPLAIN
If you have a complaint about how we use your information, then please contact email us at:
email@example.com marked for the attention of the Data Protection Officer.
If you have a complaint about the way in which your data has been processed, you can contact the ICO at: www.ico.org.uk/concerns
5.0 TIMEFRAME FOR RESPONDING TO REQUESTS
We will seek to respond to any request we receive in relation to your rights within one month. However, if this is not possible, we will advise you within one month that the time frame will be extended by up to a further two months and give an explanation as to why the extension is required
Our response to and any actions necessary for us to comply with a request by you in respect of any of your rights will be handled free of any charge to you. The only exception to this will be, if the request is excessive or repetitive. If we do intend making a charge we will inform you before proceeding with any actions we might take.