Privacy Policy

The data controller for Toomey Motor Group is Laindon Holdings Limited, our parent company.

This Privacy Policy sets out how the Toomey Motor Group Limited collects, uses and protects your personal data when you visit or make a purchase from our Online Parts and Accessories Shop: https://shop.toomeymotorgroup.co.uk/ 

Personal data is any information relating to an identified or identifiable living person. We process personal data as a data controller pursuant to the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Toomey Motor Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Privacy Policy.

Our policy is to be transparent about why and how we process personal data.

What data do we collect?

We may collect the following information:

  • First name, last name, form of address, job title
  • Home address
  • Phone number
  • Date of birth
  • Email address
  • Vehicle information (incl. VRN, VIN, service reminders, mileage, and warranty information)
  • Details of any transactions between you and us
  • The date and time you used our services
  • other information relevant to customer surveys and/or offers
  • credit/debit card information provided to us other than online
  • Voice recordings of calls you make to our customer service centre
  • "Live chat" records

How do we use your information?

General

We use your information for various purposes including accounting, billing and audit, credit or other payment card verification, fraud screening, event organisation, customer satisfaction reviews. safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and website development. We also collect your personal data for the detection and prevention of crime purposes, when you visit our premises, and we capture your image on our CCTV systems.

We process your personal data, in accordance with our obligations under applicable data protection laws and regulations. Accordingly, we will not sell, distribute, or lease your personal data to any third parties unless it is necessary for us to fulfil our obligation to you, we have your permission to do so, or we are required to disclose your information by law with competent authorities e.g. the police, or regulatory bodies e.g. the ICO.

We process your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons:

  • to provide you with the services you have requested
  • to comply with applicable laws and regulations
  • for administrative purposes
  • to provide you with information about us and our services
  • internal record keeping
  • for statutory or contractual requirements
  • improvement of our products and services
  • advertising our products and services (subject to your marketing preferences)

Specific

We use the information you provide to fulfil any orders placed through the Online Parts and Accessories Shop. This will include the following:

  • processing of payment information
  • communicating with you regarding your order
  • screening orders for potential risk or fraud
  • providing you with a confirmation invoice/ order confirmation
  • delivery of our products and services
  • arranging for shipping
  • providing information regarding the despatch of your goods

Administrative purposes

Occasionally, we may need to contact you by mail, email and/or telephone for administrative or operational reasons – for example, to send you confirmation of your purchase(s). These communications are not made for marketing purposes and as such, you will continue to receive them even if you opt out of receiving marketing communications from us.

How do we collect your information?

Online forms

You may choose to submit your personal information to us by filling in an online form on the websites that are used by our Online Parts and Accessories Shop to deliver its services.

Whenever you provide your personal information to us via an online form, we will ensure that your personal data is only used in accordance with this Privacy Policy.

We will only ever use your personal data for marketing purposes if we have your consent to do so.

emails

We use a third-party provider to deliver our marketing emails. If you have opted-in to receiving marketing communications from us, we will collect the following information on your email consumption:

  • how you interacted with each email: e.g. whether you opened, deleted, or forwarded the email, and details of any links you clicked.
  • the type of device you used to open the email.
  • your browser type and operating system.
  • your geographic location.

What is our legal basis for processing your data?

We rely on the following lawful bases to process your personal data:

  • consent (for example to send you direct marketing by email)
  • contractual relationship (for example to provide you with goods or services that you have bought from us, or when you agree to participate in user experience research)
  • legal obligation (for example carrying out due diligence on agreements).
  • legitimate interests (see below)

Our legitimate interests

Personal data may be legally processed if the processing is in the legitimate interest of the organisation using the data, provided such use is fair and does not adversely impact the rights and freedoms of the individual concerned.  The data can also be processed in the legitimate interests of the data subject.

We always assess if our processing of your personal data is fair and balanced and if, in our opinion, it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways that are not unduly intrusive or unfair.

Who do we share your information with?

We cannot do everything ourselves, so often we need to share your personal information with trusted third parties who have the skill, experience, and expertise to deliver the goods or services you need or to provide you with the services or information you have requested.

We share your personal information with the third parties listed below for the reasons stated:

  • Shopify. We use retail systems provided by Shopify in our Online Parts and Accessories Shop. You can view Shopify’s privacy policy here:
  • DHL. We use DHL as our delivery agent. You can view DHL’s privacy policy here:

We may also share your personal data with other parts of Toomey Motor Group Limited.

How long do we keep your information?

We retain your personal data in a live environment for as long as necessary to fulfil the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 7+ years). We may keep your data for longer to establish, exercise, or defend our legal rights and yours.

We are required to keep details of financial transactions, for 7 years to meet accountancy and HMRC requirements. We will anonymise or delete personal data if, after a period of seven years, we have not had any contact or communication from you (this will be measured on a rolling seven-year period).

We maintain data retention criteria to help implement this. This takes account of our legal and accounting obligations, balancing this with what would be considered reasonable.

Where there is a need to retain your personal data, it is securely archived, and appropriate safeguards are applied e.g. restricted access

International data transfers

Your personal data is primarily processed on our servers located in the UK. However, some of our service provision, such as online reservations, payments, customer reviews and marketing, requires your personal data to be transferred outside of the European Economic Area (EEA). In such circumstances, if your information needs to be sent to a country that has not been granted a finding of adequacy by EC, we will only transfer your data using ‘appropriate safeguards’ i.e. Binding Corporate Rules (BCR) or Standard Contract Clauses (SCC) (also known as Model Contract Clauses) etc., or we will seek your consent, on a case-by -case basis, where appropriate to do so.

If you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you – e.g. if you make an order through the Store, or otherwise to pursue our legitimate business interests listed above.

Security of your personal data

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Once we have received your information, we will use appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Additionally, we have put in place appropriate security procedures and access controls to ensure the confidentiality of the special categories of personal data that we process. For instance, information relating to your health or a disability.

The personal data we collect through our website(s) is transmitted across the Internet securely using high-grade encryption. We only use service providers who specialise in the secure capture and processing of online payments. If you pay for your goods by credit or debit card, we will not retain your card details after processing your payment.

Links to other websites

Our website may contain links to other websites of interest. Any third-party websites are not covered by this Privacy Policy, and we encourage our users to refer to the privacy policies published on the any third-party website they may visit.

What at are my data subject rights?

We support your data subject rights in relation to the processing of your information under the Data Protection Act 2018 and the UK GDPR, including your:

  • right to be informed (chiefly via this policy)
  • right of access
  • right to rectification
  • right to erasure
  • right to restrict processing
  • right to data portability
  • right to object
  • rights related to automated decision-making including profiling.

You can exercise any of these rights by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.

You can request a copy of the information we hold about you by using any of the methods shown below in the ‘How do I contact you’ section.

We will respond to any request you make as quickly as possible. Usually, this will be within one month of receiving your request.

Controlling your personal information

Withdrawing my consent

Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us at any time by writing to us at the address shown below in the ‘How do I contact you?’ section or by emailing us at: data@toomey.uk.com

Marketing

We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us at the address shown below in the ‘How do I contact you?’ section or emailing us at: data@toomey.uk.com 

Updating my information

You may request us to correct, update, or delete your personal data, by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.

If you have opted-in to receiving communications form us, your preferences will remain in effect until you tell us that you want to opt-out of receiving any further communications. Normally, you can do this by clicking the link at the footer of the email you have received.

You can change your preferences at any time by clicking the relevant link in the emails we send you or by contacting using any of the methods shown below in the ‘How do I contact you?’ section.

Making a complaint to us

We hope you will never have the need, but if you do want to complain about our use of your personal data, or our facilitation of your data subject rights, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.

Our Data Protection Officer will investigate your complaint and provide you with an appropriate response as quickly as possible.

Making a complaint to the Information Commissioner

You can lodge a complaint with the Information Commissioner at any time. For instance, if you are unhappy with the way in which we are processing your information, or we have failed to facilitate your data subject rights. The Information Commissioner can be contacted as follows:

By post:   Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

By phone: 0844 496 4636 (local rate)

Further information about your data subject rights and how to complain to the ICO can be found here: ICO Make a Complaint

How do I contact you?

You may contact us using any of the following methods:

By post:  Data Protection Lead                 

Toomey Motor Group

Automotive Retail Park,

Cherry Orchard Way

Rochford,

Essex,

SS4 1GP

By email: data@toomey.uk.com

Changes to this Privacy Policy

We continuously review the content of our Privacy Policy to ensure it accurately reflects what we do with your information. This Privacy Policy was last updated in June 2021.