We take your privacy seriously. This Privacy Statement explains what personal information we collect and how we use it.
We know there’s probably other things you’d rather be doing. But we recommend you read this through carefully – and get in touch with us if you have any questions about it.
1. About Carmmunity and how you can contact us
This document includes important information about how we use your personal data. If you want to talk to us more about it, you can get in touch using the details below.
Our registered address is The Old School House, Mill Lane, Mill Lane, Codnor, Derbyshire, DE5 9QF.
Call us on 01773 230 112
Email us at DPO@carmmunity.co.uk
You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: http//www.ico.org.uk
Carmmunity is registered with the Information Commissioner (registration number ZA100715 ).
2. What information we collect and how we use it
We want to give all our customers the best standard of service we can and are serious about protecting your personal information. Please read on to find out what information we’ll need from you, how we use your personal information to make our products and services as effective as possible and how we look after it, including our Cookies policy.
Information we collect directly
Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers. You can find out more about our obligations to potentially vulnerable customers here:
We record calls in and out against customer cases so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes.
Money Laundering and preventing and detecting unlawful acts
We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.
We are also required to disclose personal data where required to do so by law or by the order of a court.
We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.
Cookies on our website, and tracking emails, re-marketing and analytics
When you register on our website we will ask you to input logon and password data to ensure the integrity of your user account. We collect information that helps us to detect if someone is trying to access your account. We also collect data on how you use our website so that we better understand your interests and can match products to your needs.
We use personal data for analytical purposes to understand trends and how the business works but the reports we produce do not identify individuals.
The Cookies Section of the Privacy Notice explains what cookies we use and how you can turn off and control any advertising cookies (subject to your browser functionality).
We use email tracking technology to capture information such as (but not limited to) the time and date our emails are opened, the type of device used and any links within the email clicked on. We may share this information with organisations for the same purposes, but stipulate that they may not use your details for direct marketing unless they have your consent or an existing relationship with you and you have not previously opted out.
As a business we monitor what the public are saying about us on social media such as Facebook and Twitter, so that we can build these comments into improving our products and the ways we interact with customers.
Training and Testing
We do not use customer data for generalised training or system testing separate from case management, and always use dummy data sets for these purposes.
Information that we collect indirectly
When any of our customers use our services, the law requires us to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities.
To confirm that you are who you say you are, we’ll try to verify your name and address by checking your details against databases held by credit reference agencies and the electoral roll. If we can’t verify your name and address in this way, we may ask you to provide us with other documents to confirm these details.
We use the information we have about you to provide all the aspects of our service you would expect such as contacting you to discuss various aspects of our mutual transaction and to help resolve any complaints or investigations.
We may also disclose information where permitted by law in connection with the resolution and pursuit of legal rights and disputes or complaints.
Automated Decision Making
We do not make fully automated decisions.
If you give us a good review we may contact you to ask you if you would like to publicise your review.
3. What are the legal grounds for handling personal information?
We understand that personal information is just that – personal. So when we process your personal data, we make sure we satisfy the conditions prescribed by data protection laws to do so. This section covers what those conditions are.
The law says we must have a legal basis for processing personal data. There are standard data processing grounds or conditions for processing personal data. We rely on the following conditions for the activities indicated.
In most cases, you’ll provide the information covered in section 2 because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the ‘legitimate interests’ ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect, and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.
We rely on this condition for the uses we identify in section 2, except where we indicate below that another condition is more relevant.
Complying with a legal obligation
Money Laundering reports
Public Interests & Substantial Public Interest Tasks
Processing health data in connection with vulnerable customers
Reporting fraud and other suspected crimes to the appropriate authorities.
Suspicion of terrorist financing or money laundering
Protecting the public against dishonesty
Insurance and data concerning the health of relatives of an insured person
Processing personal data in connection with contracts that we hold with contractors, suppliers and staff - we have a separate Privacy Notice for processing employee’s personal data.
4. Who we share your personal information with
To provide our services to you, we’ll sometimes need to share your personal information with relevant organisations – such as lenders, insurers and fraud prevention agencies.
To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:
a. Your nominated Vehicle Broker
b. The Supplying Vehicle Dealership
c. Any 3rd party accessory aftermarket companies, where pertinent and appropriate to your order / vehicle
d. Any 3rd party delivery agent, where pertinent and appropriate to your order / vehicle
e. The Company funding your CH / PCH or other funding contract
f. HMRC in line with our accounting policies, if and when requested to produce such information to them
g. Ford Motor Company
If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time after you have taken delivery of your vehicle or in the case of cancellation of order prior to taking delivery.
The above set of organisations are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.
We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:
i. Simply Shredding to destroy our confidential waste
j. Juno Telecoms who provide our call recording software
k. TSO Hosts to provide our web hosting facilities
l. Mailchimp for marketing campaigns
We may disclose information to either the Financial Service Ombudsman or the Financial Conduct Authority where they request this to resolve complaints, or our auditors in connection with their duties.
5. Where in the world do we send information?
As a UK based company, all the personal information we process is protected by European data protection standards. And, if we ever have to send data overseas, we take care that it’s covered by the same high standards.
6. Your Information Rights
It’s really important that you understand your legal rights in relation to your personal information – as well as how you can contact us if you have any questions or concerns. This section covers just that.
The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances, but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner (see Section 1.)
All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one month period and tell you more about any rules that affect how you can exercise your rights.
INFORMED You have the right to be informed in a concise, transparent, intelligible and easily accessible way about how we use your personal information. We will explain why we need information (in particular any uses that are not obvious) at the time we collect information from you and make sure that all our data collection forms and letters point you to this Privacy Notice.
ACCESS You can make what is called a subject access request for a copy of the information we hold about you. We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from if we didn’t collect it from you directly; the details of any automatic decision taking and about your rights of complaint to the Information Commissioner.
PORTABILITY You have the right in some circumstances to have the data you have provided to us sent to you or provided to another person or business in an electronic machine readable format. Where this applies we will download the information and send it as a CSV file.
CORRECTION You have the right to have inaccurate information corrected and incomplete information completed. If the information we need to deliver our services to you changes please tell us about this as soon as possible.
OBJECT You will normally have the right to object to how we intend to use your information based on your individual circumstances. You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.
RESTRICTION If you have objected or complained about how we have used your information or its accuracy you may not want it to be deleted until your complaint has been resolved. In certain circumstances you can ask for your data to be restricted or not used until these issues are resolved.
ERASURE You have a right to have some or all of the information we hold about you erased in some circumstances. This is known as the right to be forgotten. This right only applies where a decision which has a legal or similar effect is DECISION MAKING taken about a person by automated means without any human intervention.
CONSENT If we are processing you personal information on the basis of your consent you have the right to withdraw that consent at any time.
COMPLAINT You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of Carmmunity’s use of your personal information infringes the law. Section 1 provides the contact details.
However, Carmmunity will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer as set out in Section 1.
If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.
To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them. We’ll also send details of your complaint to them, to get them up to speed.
7. How we keep your personal information secure
We’re committed to keeping your personal information safe and sound. In this section, you’ll read about the security measures we take to protect our customers’ data.
At Carmmunity, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.
All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organisations online we use HTTPS.
As covered in section 4, we have to share your information with third parties to carry out some of our services. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.
8. How long do we keep your personal information for
We only keep your personal information for as long as we need to. This section explains how long the different types of records will be kept.
To ensure that we are able to meet our legal, regulatory and customer obligations, Carmmunity will retain client information for the following time periods:
a. If you become a client of a Vehicle Brokerage as a result of the advice we provide to them, we will keep a full record of your interactions with us for 6 years to enable us to meet our regulatory obligations, and as required under UK Money Laundering regulations, and to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice.
b. Before you become a client, If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry (either directly to us, or a 3rd party ) we will use our best endeavors to contact you as soon as possible. If we are unable to make contact with you, we will retain this information for a period of 180-days from the time we de-activate your lead in our database, to ensure we can fulfil our contractual obligations to our lead partners.
A cookie is a very small text file that a website saves to your computer's hard disk. Its purpose is to store any information that you give about yourself, or to save your preferences.
So when you log into the Carmmunity Portal, your unique ID number, and the time you signed in, is stored in an encrypted cookie on your hard disk. This then allows you to move from page to page on our website without constantly having to log in again. We use session cookies to store data on our server that are individual to you. When you log out, these session cookies will be deleted from your computer.
At a basic level, cookies will:
a. allow our website to work properly, and help keep it secure
b. help us understand how people use the website
c. make the site easier to use by remembering information that you've entered
d. Improve your experience by showing you information that's relevant to you.
Cookies at a glance
The cookies we use let our websites store certain types of information, and not others.
Our websites will
remember your username if you tell it you want it to
remember information you've entered to save you entering it again
store your results when using our tools and calculators
allow you to share pages with social networks
make sure your logged in session is secure
Our websites will not
store your password, to keep your account secure
The types of cookies we use
There’s lots of different cookies with different purposes. The ones we use fall into four categories:
These cookies let you move around our websites and use all the features. Without them, you wouldn't be able to do things like use online banking, or use forms to apply for products. These cookies also help keep your banking session secure.
These simply help us improve the way our website works. They tell us how people use each page, which ones are viewed most often, or whether any errors occurred.
These cookies store your personal settings (such as font sizes and volume level), or remember basic information that you've entered – so that next time you visit our website, it's all there for you. For example, if you enter a value to complete one of our calculators, we’ll enter this value in other tools and calculators throughout the site.
By using our website, you're consenting to us using cookies in the ways described above. But if you change your mind, you can alter your cookie settings at any time through your browser settings.
Changing your cookie settings
We recommend that you don't change your cookie settings, as blocking some or all of them may affect how well our website performs for you.
But if you do decide to change them, you can do this through your browser. Each browser works in a different way, so a good place to start is by searching ‘cookie settings’ in your browser’s help section.
Necessary cookies are only placed on your hard disk by our websites, and not by any third parties.
Our necessary cookies will:
enable our web applications to work
help keep your browsing and account sessions secure
Our necessary cookies won't:
store information on how you use our website
send any information to third parties
To make you aware, it’s a condition of using our portal websites to accept these cookies. If you block them, we can’t guarantee or predict how our portal websites will perform when you use them. Blocking them also means you won’t be able to use secure parts of the websites.
The majority of our customisation cookies are placed on your hard disk by our websites. Some will be placed by third parties who provide specialist information to us.
Our customisation cookies will:
store preferences that you choose, such as font size or volume level
make it easier for you to use the websites by remembering information that you've entered or choices that you've made so you don't have to enter everything again
Our customisation cookies won't:
store any secure information about you
10. Changes to this Privacy Notice
We will continuously refine this Privacy Notice to make sure we are complying with our obligations to be transparent about how we use your personal information and that it is as concise, transparent, intelligible and as easily accessible as it can be. However, if we make any changes to how we process your personal information in ways that you would not reasonably expect, we will contact you and bring these changes to your attention.