Please Wait
This won't take a moment...
James Haugh (Dumfries) Limited (SC206493) (“James Haugh”, “we” and “us”) is the Data Controller of any personal data that you provide to us or that third parties share with us to provide you with our services.
The privacy of your personal information is important to us at James Haugh (Dumfries) Limited. We are committed to processing personal information about our customers in ways that comply with our legal obligations as well as being clear with our customers about what we do with their personal information.
Under the General Data Protection Regulation EU 2016/679 (“GDPR”) and any implementing legislation enacted in the UK to give effect to the derogations permitted under the GDPR (“data protection legislation”)you are entitled to be informed of what information we collect, why we collect it and the lawful conditions we consider appropriate for the processing of your personal information.
? We don’t sell your data to third parties
✔ We do make it easy for you to manage your information, you can change your communication preferences at any time
✔ We do use data to help us provide great customer service, which includes tailoring the information we share with you to help ensure that it’s relevant, useful and timely
INFORMATION | WHY WE COLLECT IT | LEGAL BASIS | SPECIAL CATEGORY DATA CONDITION | EFFECT OF NOT PROVIDING THE INFORMATION IF IT IS A LEGAL REQUIREMENT OR CONTRACTUAL REQUIREMENT |
Contact details such as your name, email address, telephone number, postal address (including business address), vehicle details (including MOT and service date) |
To contact you in relation to your purchase, enquiry, or the services we are providing to you. |
On the basis of our and your legitimate interests. Our interests being that we would like to update you on the progress of your purchase and delivery dates. | ||
To provide you with updates we consider to be in your legitimate interests. We may contact you via e-mail, post, SMS text message or telephone. | Based on your legitimate interests.We consider these legitimate interests to be to contact you in order to progress your enquiries, progress any purchase that you may make and to deal with your servicing & MOT requirements (including contacting you to remind you when your car is due for its service and or MOT); gain feedback on the services which we have provided to you so that we can continue to improve our services; and provide you with information in relation to recalls or other safety notices about your vehicle. | |||
To provide you with our direct marketing materials by post, email, telephone or SMS. | With your prior consent only. | |||
Your bank details and/or credit card details | To process your payment to purchase the goods/services you have requested from us. | This is necessary for the purposes of the contract we have with you as a customer. | We cannot process the payment without these details. We cannot provide the goods / services you have requested to you without payment | |
IP Address | To ensure that we know who has accessed our website. | Our legitimate interests in ensuring our website is fit for purpose and provides the services we require. | ||
Photographic Identification (such as passport or driving licence) | To ensure that we know who is purchasing our goods/services and to identify you and can propose and secure a finance agreement for you, if required | Legal obligation to comply with money laundering regulations | We may not be able to continue with the provision of goods/services to you without this information. | |
To provide such information to third parties when you test drive a vehicle. | Our legal obligation. | We may not be able to continue with the provision of goods/services to you without this information. | ||
Date of birth, marital and housing status, number of dependents, previous address and proof of address (utility bill or council tax statement), bank statement or pay slips | To allow us to identify you and enter into the contract with you and can propose and secure a finance agreement for you, if required. | Contractual obligation | We may not be able to continue with the provision of goods/services to you without this information. | |
Employment Details | To allow us to identify you and enter into the contract with you and can propose and secure a finance agreement for you, if required | Contractual obligation | We may not be able to continue with the provision of goods/services to you without this information. | |
CCTV Images | To ensure safety on our premises. | Our legitimate interests in ensuring our premises are safe. |
We may share the information we collect about you and your vehicle with selected third party organisations. Where necessary or required, we will share information with:
However, we will not share your personal data with other organisations for marketing purposes unless we have your express written consent to do so.
There may be circumstances when we are legally obliged to share your personal data, including the following:
The data that we collect from you will usually be stored inside the European Economic Area (EEA).
However, if you live or work outside of the EEA, we may need to transfer your personal information outside of the EEA to correspond with you.Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
We also may transfer data outside the EEA where our service providers host, process, or store data outside the EEA. Where we do this, we will ensure that the transfer is to a country covered by a decision of the Commission of the European Union or is otherwise made in circumstances where we have put appropriate safeguards are in place to protect your data in accordance with the data protection law.
We have carried out stringent checks throughout the organisation to ensure that your data is handled in a secure manner.
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. The James Haugh (Dumfries) Limited website uses a security system that protects your information from unauthorised use.?
We will not hold your personal information for any longer than is necessary for the uses outlined above, unless we are required to keep your personal data longer to comply with the law and or any regulatory requirements.
We apply the following retention periods:
Vehicle Purchase: details will be retained in line with all regulatory laws and will be on our system for no longer than 7 years, unless you choose to contract with us again before the end of the 7 years in line with regulatory standards, tax requirements and audit purposes.
Service, MOT or Repair: personal data will be deleted off of our system in 7 years, in line with regulatory standards, tax requirements and audit purposes. If you do not visit the dealership for more than 26 months, details will be deleted for marketing purposes but retained for contractual obligation.
Dealership/Online enquiry: dealership or an online enquiry we will need your name and contact information so that we can respond to your enquiry accurately and promptly. We will retain this information for 6 months.
Phone Calls: Phone calls may be recorded, and any recorded calls will be retained for a maximum of 3 months and only be used for training and quality purposes and/or to prevent or detect crime.
CCTV: to monitor our premises, therefore your image and potentially your vehicle registration will be captured and stored for up to 30 days?.
As a result of James Haugh (Dumfries) Limited processing your personal data you have a number of individual rights:
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. This is why we’re providing you with the information in this Privacy Statement.
You have the right to obtain a copy of your personal information (if we’re processing it), and other certain information (similar to that provided in this Privacy Statement) about how it is used.
This is so you’re aware and can check that we’re using your personal information in accordance with data protection legislation.
We can refuse to provide information where to do so may reveal personal information about another person or would otherwise negatively impact another person‘s rights.
You can ask us to correct your personal information if it’s inaccurate or incomplete e.g. if we have the wrong date of birth or name for you.
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where we need to use the information in defence of a legal claim. We will consider all requests for erasure in terms of the data protection legislation.
You have rights to ‘block’ or suppress further use of your personal information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal information, but may not use it further. We keep lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future.
You have rights to obtain and reuse certain personal information for your own purposes across different organisations. This enables you to move, copy or transfer your personal information easily between our IT systems and theirs (or directly to yourself) safely and securely, without affecting its usability. This only applies to your personal information that you have provided to us that we are processing with your consent or to perform a contract which you are a party to (such as pay and compensation services), which is being processed by automated means.
You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by James Haugh or by a third party. We will be allowed to continue to process the personal information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims. You also have a right to ask us not to process your personal data for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing (including profiling), which significantly affects you, subject to some exceptions. Where this is the case, you have the right to obtain human intervention, voice your concerns and to have the decision reviewed. You also have the right to ask us not to undergo automated decision making. We do not conduct automatic decision making or profiling.
Where you have provided consent, you have the right to withdraw such consent at any time.
As detailed throughout this statement, we will endeavour to ensure that your personal information is retained in accordance with the data protection legislation. However, if for any reason we discover that your personal information has been breached in anyway, including lost, stolen or hacked, dependant on the level of its severity, we will ensure that the Information Commissioners Officer (ICO) are made aware within 72 hours of us understanding that a breach has been made. In circumstances where a data breach would pose a high risk to your rights and freedoms, we will also inform you of such a breach without undue delay.
James Haugh staff have been trained in being able to understand and appreciate whether personal information has been breached, and have a duty of care to ensure that the Data Protection Officer is informed as soon as a breach has been identified.
Action will then be taken to minimise the risk to your personal data as seen fit in accordance to the incident including following guidance from the Data Protection Officer and the ICO. We will also inform you once we are fully aware that the additional security measures have been put in place to further secure your information. ??
If you would like to update the information James Haugh hold about you, exercise any of the rights described above or have any questions about how James Haugh handle your personal information you can contact our Data Protection Officer by e-mail at: data.protection@jhaugh.co.ukor write to the Data Protection Officer at James Haugh (Dumfries) Limited, 2 St. Marys Street, Dumfries DG1 1HD.
Please provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result we are not in a position to identify you, we may refuse to action your request.
We will respond to your subject access request within one month of receipt of your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted. We will not charge a fee for such a request, unless the request is manifestly unfounded or excessive, in such circumstances we may charge a reasonable fee.
If you are concerned that we are not using your information in accordance with the law, or are not satisfied with our response to a request made above, then you can complain to the Information Commissioner’s Office.
The Information Commissioner in Scotland can be reached by the following means:
The Information Commissioner's Office - Scotland
45 Melville Street
Edinburgh
EH3 7HL
scotland@ico.org.uk
0303 123 1115
Vauxhall: https://www.vauxhall.co.uk/tools/privacy-policy.html
MG: https://www.mg.co.uk/privacy-policy
Dumfries, Dumfries and Galloway, DG1 1HD
Dumfries, Dumfries and Galloway, DG1 1HD
This won't take a moment...
This won't take a moment...