The privacy of our users is important to us and we take care to safeguard it.
This policy sets out how Ogilvie Group Companies (“we”) handle, store, and use your personal information.
Ogilvie Group, located at Ogilvie House, 200 Glasgow Road, Stirling, FK7 8ES (“we”) will keep your data safe, never sell your personal data and give you the decision about how your information is shared. We are registered with the UK Information Commissioner’s Office as a Data Controller (Registration Number: Z8512030).
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
When you supply any personal information to us we have legal obligations towards you in the way we use that data. We must collect information lawfully and fairly, that is, we must explain why we are collecting it, how we will use it; collect only the information needed and remove it in the event that the purpose has been met; and we will tell you if we want to pass the information on to anyone else.
We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website information is collected using cookies (please see our Cookies Policy. http://www.ogilvie.co.uk/cookie-policy/).
We may receive information about you from associate third parties, who you have given consent to, for example, Finance companies, Dealership groups, and your employer.
The information we collect may include names, addresses, telephone numbers, email addresses, financial details, employment details and educational details, family details, visual images and behaviour (e.g. how you use our websites).
We may also process your special categories of data in accordance with article 9 and 10 of the GDPR. Processing is carried out in the course of legitimate activities, the categories include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
- political opinions, sexual life
- trade union membership
- offences (including alleged offences)
- criminal and legal proceedings, outcomes and sentences
- Genetic information
HOW WILL WE USE THE INFORMATION ABOUT YOU?
We collect information about you to respond to your enquiries, process your order(s), manager your account(s) and, if you agree, to contact you about other products or services we think may be of interest to you.
In general, any information you provide to us will only be used by us. Your information will be disclosed where we are obliged by law.
LAWFUL BASES FOR PROCESSING PERSONAL DATA
We process personal information to enable us to carry out our duties and specifically where:
- An individual has consented to the processing of their data for the specified purpose(s);
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party;
- Processing is necessary for compliance with a legal obligation to which the controller is subject;
HOW WE SHARE YOUR PERSONAL INFORMATION?
The Group may need to share your personal information with other organisations. Where such sharing is necessary, we will comply with the requirements of the GDPR on data sharing. The types of organisations / groups that we may share personal data with are set out below:
- associates and representatives of the person whose personal data we are processing
- employer of individual to enable completion of an order
- professional advisers and consultants
- services providers
- credit reference agencies
- debt collection and tracing agencies
- police forces
- private investigators
- current, past or prospective employers and examining bodies
- government departments
- financial organisations
- persons making an enquiry or complaint
- organisation subject to a complaint or assessment,
- prosecuting authorities, courts
- other ombudsman and regulatory authorities
YOUR RIGHTS AS A DATA SUBJECT
You have the following rights in relation to your personal information which you can exercise by sending an email or writing to the Data Protection Representative (details in Questions & Concerns section below):
- Right to request access to your personal information and information relating to our use and processing of your personal information;
- Right to request that we restrict our use of your personal information;
- Right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller;
- Right to object to the processing of your personal information for certain purposes such as direct marketing and profiling;
- Right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected
- Right to withdraw your consent to the use of your personal information where the processing of your data is based on consent.
We will not make any decision about you using automated means only, and will notify you in writing if this position changes.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION?
We will retain your personal information for no longer than necessary taking into account the following:
- The purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to perform our obligation under a contract;
- Whether we have any legal obligation to continue to process your personal information such as any record keeping obligations imposed by an applicable law;
- Whether we have a business reason to continue to process your personal information;
For more information on how long personal data is retained, please contact the Group’s Data Protection Representative (details in Questions & Concerns section below).
HOW WE SECURE YOUR PERSONAL INFORMATION?
We maintain stringent security measures designed to protect not only your personal information but other information in respect of the operation of Ogilvie Group. Our core information security principles are to protect personal data in terms of:
- Confidentiality, by protecting personal data from breaches, unauthorised disclosures, loss or unauthorised viewing;
- Integrity, by not allowing personal data to be modified without due cause; and
- Availability, by protecting personal data from disruption.
To achieve this, the measures we implement include adhering to various security standards, including holding IASME accreditation in respect of customer-related data, physical and technological protection, data encryption, having in place a suite of policy and procedural documentation in respect of the way in which we handle and keep personal data secure and asking you for proof of identity before we disclose your personal information to you
TRANSFER OF YOUR PERSONAL INFORMATION TO OTHER COUNTRIES
We may need to transfer your personal information to countries outside the European Economic Area (EEA) or to an international organisation from time to time. Where we transfer your personal information outside the EEA, we will ensure that the adequate safeguards are used to secure the data.
QUESTIONS AND CONCERNS
If you have any questions or concerns regarding how we collect, handle, store or secure your personal information, contact our Data Protection Representative using the details below:
Data Protection Representative
200 Glasgow Road
You also have the right to raise a complaint with the Information Commissioner’s Office (ICO). The ICO’s contact details are set out below:
Information Commissioner’s Office
Tel: 0303 123 1113