Data controller: Hardtops UK Limited
At Hardtops UK Limited we understand that your privacy is important and we will treat any personal information you provide us as confidential and this will only be used and recorded in accordance with Data Protection laws. We are committed to being transparent about how we collect and use data and promise to not sell any information about you to any other party.
This Privacy Notice explains how your Personal Information is handled in connection with all services we provide.
Any reference here to “the Organisation” includes Hardtops UK Limited.
What information do we collect?
Hardtops UK Limited may collect and process data online, face to face, over the phone, in writing and through email communications. We may collect and process the following:
- your contact details such as your name, address, email address, telephone number, date of birth in order to be able to respond to you or reach you through alterative means;
- business contact information such as your job title, business location and type of services being offered as well as other employees in the business;
- information you provide to us when enquiring about one of our services;
- information you provide to us for a vacancy by way of submitting a CV or job application;
- identification details such as your driving licence details or other forms of ID, to process an application or to provide you with a service you have requested. We may also process this information for verification purposes when a data subject right is exercised;
- certificates, qualifications or professional membership numbers where we require evidence or proof of something you have requested;
- your personal or family details along with details of your representatives where there is an insurance related claim and where we have a legal obligation to do so;
- we take credit and debit card payments when payment is required for works or a service we have provided to you;
- we respond to our supporters on social media platforms and communicate good work and compliments through our website and social media platforms.
Hardtops UK Limited may collect this information in a variety of ways. Information is usually collected directly from you or from a third party. For example,
- information relating to your health or medical records, with your agreement;
- information from publicly available sources.
Unless required by law, the organisation seeks information from third parties with your consent only.
Where we collect special categories of data, we will ensure we satisfy one of 10 conditions under article 9 of the GDPR to process this type of data. We do not collect sensitive data that is not required to fulfill the purpose of the processing undertaken.
Special categories of data include:
- ethnic origin;
- political views;
- religious beliefs;
- trade union membership;
- biometrics (where used for ID purposes);
- philosophical beliefs
- sex life; or
- sexual orientation.
How we use your information and our legal basis?
We’ll only use your information where we have your consent or we have another lawful reason for using it. We only use the data that is collected to fulfil the purpose it was collected for. These reasons include where we:
- need to process the information to carry out an agreement we have with you or where you have requested a service from us (Contractual / Pre-contractual);
- need to process the information to comply with a legal obligation;
- believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime;
- need to establish, exercise or defend our legal rights;
- need to pursue our legitimate interests;
- need to use your information for insurance purposes.
We use your information to provide a service to you that you have requested or where we are contractually required to do so; to send marketing communications to you (where you have agreed or where there is a legitimate interest for you to receive an update) and/or for administrative purposes.
Who has access to data?
Your information may be shared internally in order to process or fulfil a request or provide a service. The organisation shares your data with third parties where it is required to do so by law or there is an identified legitimate reason to do so. We may also use a number of software and applications which are provided by third party processors, however, we ensure that these are vetted and provide adequate protection to your personal data and that there is a written contract in place for safeguarding.
The organisation will not routinely transfer your data to countries outside the European Economic Area. Should there be a specific need to do this, data will be transferred outside the EEA based on that data going only to countries with adequate data security, and where there is a specific business reason for sharing that data.
Recipients of data:
- the authorities, local authorities, councils, law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- government agencies and bodies such as the DVLA (Driver and Vehicle Standards Agency)
- insurers, solicitors, lawyers, or any other representative, brokers or accident management companies to administer any claims related to our business;
- on-line payment providers to fulfil a payment request or banks.
How does the organisation protect data?
The organisation takes the security of your data very seriously and has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by anyone other than by its employees, in the performance of their duties. Access to company systems is restricted to those who need the access to carry out their role.
Where the organisation engages third parties to process personal data on its behalf, they do so based on written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
We’ll normally keep your information for as long as is necessary for the purpose it was collected for, unless there is a legal obligation or a legitimate interest to retain that data further. This enables us to comply with legal and regulatory requirements, or use it where necessary for our legitimate purposes, such as dealing with any disputes or concerns that may arise.
e.g. to help us respond to queries or complaints, detecting and preventing crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
You have a number of rights in relation to the information that we hold about you. These rights include:
- the right to access information we hold about you and to obtain information on how we process it (free of charge);
- in some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so;
- in some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
- the right to request that we rectify your information if it’s inaccurate or incomplete;
- in some circumstances, the right to request that we erase your information. We may continue to retain your information if we’re entitled or required to retain it;
- the right to object and request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict our processing of your information but we’re entitled to continue processing your information and/or to refuse your request;
- You can exercise your rights by contacting us using the details set out at the bottom of this Privacy Notice. You also have a right to complain to the UK Information Commissioner’s Office by visiting ico.org.uk or to the data protection regulator in the country where you live or work.
What we need from you
You’re responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible. If you provide information for another person, you’ll need to direct them to this notice.
How we keep your information secure
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Hardtops UK Limited does not use any form of automated decision making, such as profiling. We may undertake a simple credit check using a third party processor, however we would inform you of this prior to doing so.
Leaving our website
We may, from time to time place external links on our website. If you click on a link to an external site, you will be subject to that organisations privacy policies and not ours.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent.
Resources & Further Information
Overview of the GDPR - General Data Protection Regulation
Privacy and Electronic Communications Regulations 2003