- What is personal data?
- What is our legal basis for processing your data?
- Examples of how your personal data may be processed and its legal basis
- How do we use your data?
- How do we protect and Store your information?
- How may we disclose your data to third parties?
- What are your rights?
- More about Hexon Cars Cookies
- Turning Cookies Off
Hexon Cars LTD (“Hexon Cars”) is committed to protecting your privacy.
For the purpose of the General Data Protection Regulations 2018, the Data Controller is Hexon Cars LTD company registered in England and Wales under company registration number 09937928 whose registered office address is at Hexon Cars LTD, Unit 5 Seven Acre Farm Business Centre Aylesbury Road, Aston Clinton, Aylesbury, England, HP22 5AH to the Notice will be updated here so you will always be aware of what information we collect and the legal basis for our processing.
The Privacy Notice was last updated on 24/05/2018.
2. What is personal data?
Personal data is data which relates to a living individual who can be identified directly or indirectly either:
- From that data; or
- From that data and other information which is in our possession, or is likely to come into our possession.
3. What is our legal basis for processing your data?
The normal legal basis for us processing your data is that it is necessary for the legitimate interests of Hexon Cars. We have carefully assessed these interests and balanced them with the interests of our customers to ensure fair processing e.g. processing data to facilitate the car buying journey and aftersales customer care as efficiently as possible.
If you are making a finance application another legal basis is relied upon; that it is necessary for the entering into and the performance of a contract.
Upon purchasing a vehicle your personal data will be stored for up to 7 years, the legal basis being that it is a necessary for compliance with a legal obligation, as the HMRC require this for accounting purposes.
For more examples of how your personal data may be processed and the legal basis for doing so please see the separate headed section below.
4. Examples of how your personal data may be processed and the legal basis for doing so
The below are some of the reasons for processing customer data in-line with the legitimate interests of Hexon Cars:
- Supplying goods and services to our customers;
- Improving existing products and services and developing new products and services;
- Handling customer contacts, queries, complaints or disputes;
- Understanding our customers’ behaviour, activities, preferences, and needs in order to provide a tailored service;
- Considering job applications;
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; and
- Allowing our advisers to follow up our service, either by email, telephone, SMS or mail, as part of our customer care procedures;
- Promoting, marketing and advertising our products and services; and
- Sharing your data with selected third-party partners whose products and services support and describe our sales, customers, traffic patterns and other site information to prospective partners, advertisers, investors and other reputable third parties and for other lawful purposes. These statistics will include no personally identifying information.
- For the purpose of detecting fraudulent activity: data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.
In particular circumstances we will also process and share your personal data in order to comply with a legal obligation, for example:
- Preventing, investigating and detecting crime, fraud or anti-social behaviour including but not limited to prosecuting offenders, including working with law enforcement agencies;
- Effectively handling legal claims or regulatory enforcement actions taken against Hexon Cars;
- Protecting Hexon Cars, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations;
- Protecting customers, employees and other individuals and maintaining their health and safety;and
- Complying with any other legal and regulatory obligations that may arise.
Lastly, we will process and share your data in the following ways on the condition that your consent has been given:
- Sending promotional, offers and news related communications which are relevant and tailored to you; and
- Sharing your data with third parties so that they can communicate related products and services which may be of interest to you.
5. How do we use your personal data?
A. Collected on Hexon Cars.co.uk
Call Back, Test Drive
If you would like to request a call back, book a test drive, you will be placed into our website contact form database.
If you would like to apply online for a free valuation of your car you will be required to supply: your vehicle registration number, approximate mileage, postcode, name, mobile number (we need this to send you a validation code to reveal your valuation) and email address.Your details will be used to provide an estimated online valuation which is based on our assumptions and the limited details about your car that you have shared with us. We always carry out a full inspection on-site before we offer to either part exchange a vehicle or to buy it. If we think that anything in the car’s history or condition will affect its value, including damage, unusual features or customisation, the price that we offer for it will be different to the valuation we gave you online.
If you would like to apply for finance online you will be required to fill out our online form application and supply your name, email address, telephone number, date of birth, marital status, driving license type, residential status, monthly income, employment type and duration. If you make an application, your details will be held and used in a credit scoring or other automated decision-making process when assessing your application, multiple finance companies on our lending panel may receive this information in order to consider it. Their Privacy Notices are listed below and can be viewed on the website link provided, alternatively you may wish to call them for more information. If your finance application is incomplete or incorrect we will contact you to offer assistance.
Close Brothers Finance – 0333 321 6060 – https://www.closemotorfinance.co.uk/privacy-policy
If you use our recruitment platform and decide to apply for a role at Hexon Cars you will be asked to give some personal information (e.g your name, email, telephone number, address and employment history and salary expectations). You will also be asked to upload your CV. This information is collected to enable us to contact you directly and consider your application for the role you applied for, or in respect of other roles. We will also request information regarding your eligibility to work in the UK, Equal Opportunities Monitoring information and depending on the role; your driving licence and experience. The recruitment platform offers a self-service tool, where you can access and amend your profile and set up job alerts. Your personal information will be securely retained for a period of 2 years.
Live Chat and Online Form
If you use the chat service to communicate with our customer service team, you may disclose personal information in the course of using the service. All conversations and email exchanges are recorded. Any personal information that you disclose during a live chat or via an online form will be accessible to and processed by and made available to Hexon Cars.
By submitting personal information to us, you are deemed to have agreed to the terms set out above regarding the use of your personal information.
B. Collected at Hexon Car’s Call Centre and Showroom
Registering with us and viewing vehicles
We collect the following information by creating or updating your unique Customer Record Form (“CRF”) : name, telephone number, email, postcode, gender, your thoughts on the vehicles you have viewed, proposed method of funding the vehicle purchase, whether you require finance or part exchange and your driver’s licence details.
Due to our belief that customers should be able to view cars by themselves at their own leisure, customer’s contact details and identifying information are required to establish a record and track the possession of keys, what cars are being viewed and when.
In order to facilitate a test drive, your driver’s licence number will also be recorded. If a passport or driver’s licence is scanned to auto-populate the CRF your image will be cropped onto the form. Our system will also automatically flag if your driver’s licence details do not meet our test drive requirements by checking the length the licence has been held by you and also your age.
Information recorded will be primarily used to help support your car buying journey. This includes contacting you following your visit to offer assistance in the event that you have been unsuccessful in finding the right car.
Your CRF will also be relied upon in the event that a Health and Safety or Security matter requires it, where necessary CCTV operated on the Hexon Cars premises will be used in conjunction. This may include contacting you or passing on your details in the event of the emergency services requiring access to them.
Please note that most service related conversions at our service desks and on the phone are recorded for Training and Compliance purposes and are utilised in the event of addressing a complaint and to providing feedback to staff where applicable.
Alongside a physical inspection, information about your current vehicle is required in order to provide a valuation of the vehicle. The information we require includes the car registration plate, make, model, vehicle mileage, price required and whether the vehicle has had paint protection applied to it.
In addition to information collected when registering and updating your CRF, in order to complete a finance proposal, the following information is required: date of birth, nationality, residence status, marital status, number of dependent children, ID type available, address, current employment details, proof of employment and previous employment details. Financial details also required include: bank details, income, expenditure, home valuation, assets valuation, whether this is a replacement loan, whether a change in your circumstances is currently expected and also the purpose of the vehicle under consideration for purchase is recorded. In submitting a finance application, your details are held and used in credit scoring or other automated decision-making processes. Your application may be submitted to multiple finance companies, their Privacy Notices are listed below and can be viewed on their website link or you may wish to call them for more information.
Close Brothers Finance – 0333 321 6060 – https://www.closemotorfinance.co.uk/privacy-policy
We provide a number of specialised communications at your request to assist in the car buying process such as call backs, test drive bookings. These and any similar processes will be saved on your CRF. We may require further information from you to be able to complete and provide the service requested. Please get in touch with a member of our team for more information.
In addition to the data collected initially via your CRF, your address, the registration number of the vehicle purchased along with any additional products or services required is also collected. Your address is used to verify your identity alongside bills and other methods of identification. Any correspondence received in the course of facilitating an after-sale service will also be recorded.
For marketing communications
We will automatically contact you with regard to your services, for example, with updates to your requested alerts, applications or appointments.
Subject to your consent, we will use your personal information to contact you with information about offers, news and promotions.
When you submit your enquiry on HexonCars.co.uk or create a CRF in our showroom, we ask you whether you would like to receive offers, news or promotional marketing communications from Hexon Cars that we feel may be of interest to you and if you would like to receive third party information. In order to receive these communications, you will need to opt in during registration.
If you no longer wish to receive marketing communication from us you can call our team on 0129 663 11 99 or by writing to the Data Controller, Compliance Department, Unit 5 Seven Acre Farm Business Centre Aylesbury Road, Aston Clinton, Aylesbury, England, HP22 5AH.
Remember that if you say you do not wish to receive any promotional material from us, this will preclude you from receiving any of our offers, news or promotions which may be of interest to you.
6. How do we protect and Store your information?
Our team constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
Our security measures include:
- Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- Daily testing of our security and IT systems;
- Security controls which protect the entire Hexon Cars infrastructure from external attack and unauthorised access; and
- Hexon Cars policies outlining our data security approach and training for employees.
It is important for you to protect against unauthorised access to your password and to your personal computer. Be sure to sign off when you finish using a shared computer. We can’t accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
All information (except Payment Card information) you provide to Hexon Cars is stored on Hexon Car’s servers and or on a leading technology providers.
Our security procedures mean that we may request proof of identity before we disclose personal information to you.
Storage of your information
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) by one of our suppliers. It may also be processed by staff operating outside the EEA who work for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent
7. How may we disclose your data to third parties?
In order to deliver a high standard of support we will provide information about you:
- To employees and agents of Hexon Cars to deal with your accounts, products and services related to Hexon Cars;
- With your agreement, to additional service providers whose products and services may be of interest to you, such as mechanical breakdown insurance or exterior and interior car protection products; and
- To third parties using aggregate information and statistics for the purposes of monitoring usage of our services in order to help us develop our services, for example, to additional service partners and advertisers. These statistics do not include information that can be used to identify any individual.
In addition, we will disclose your personal data to third parties if required as follows:
- For the purposes of the prevention or detection of offences, and/or the apprehension or prosecution of offenders, we may share any information that we collect with the police, other public or private sector agencies, governmental or representative bodies in accordance with the relevant legislation. This may also include public authorities, insurance companies, finance companies, automotive advertising companies and/or other agencies;
- In order to comply with any legal or regulatory requirements;
- To finance companies, if making a finance application through Hexon Cars; and
- To credit reference agencies, if making a finance application through Hexon Cars.
We will not pass on your personal information to third parties except in accordance with this policy and our Terms and Conditions.
8. What are your rights?
Depending on the legal basis we have relied upon to process your data you have various rights you can choose to exercise.
All requests will be considered by the Compliance Department or relevant Department Management and responded to within 28 days of receipt. Requests can be made either in person, by email (firstname.lastname@example.org) or over the phone (0129 663 11 99) during our office opening hours.
If you feel that there is no compelling reason for your personal data to continue to be processed you can request erasure. If consent was originally obtained this can simply be withdrawn. In other circumstances the request will be considered by the Compliance Department.
In event that data has been processed on the basis of consent or for entering into or the performance of a contract you may request to have the data provided to you in a structured, commonly used and machine readable form (usually in CSV format).
If you no longer wish your data processed due to grounds relating to your particular situation, where we are relying upon legitimate interests, you can exercise your right to object. Where this is concerned with direct marketing it will be stopped immediately.
Customers have the right to withdraw consent given to communications at any time.
|Consent||Necessary for performance of a contract||Compliance with a legal obligation||Necessary for the purposes of the legitimate interests|
|Right to erasure||✔||✔||X||✔|
|Right to portability||✔||✔||X||X|
|Right to object||X
but right to withdraw consent
You also have the right to access your personal data, to request a copy of your personal data please write to Data Controller, Hexon Cars, Unit 5 Seven Acre Farm Business Centre Aylesbury Road, Aston Clinton, Aylesbury, England, HP22 5AH
Other rights include the right to be informed about how your personal data is processed, to request rectification if you feel data is inaccurate or incomplete and related to automated decision making including profiling. You also have the right to have processing restricted in the event of contesting the accuracy of your personal data, where you have objected to processing and if you require the data to establish, exercise or defend a legal claim. Please visit the Information Commissioner’s Office website ico.org.uk if you require more information.
If you are unhappy with the response following your request or you would like to make a complaint about how your data has been processed please refer to the Information Commissioner’s Office at https://ico.org.uk/concerns/ who are the supervisory authority in this area.
Our cookies help us:
- Make our website work as you would expect;
- Save you having to register every time you visit My Garage;
- Remember your settings during and between visits;
- Improve the speed and security of the website;
- Allow you to share pages with social networks, like Facebook;
- Continuously improve our website for you; and
- Help our marketing be more targeted to your needs.
- Collect any personally identifiable information (without your express permission);
- Collect any sensitive information (without your express permission);
- Pass personally identifiable data to third parties; or to
- Pay sales commissions.
11. More about Hexon Cars Cookies
Strictly Necessary Website Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services such as:
- Determining if you are logged in or not;
- Remembering your search settings;
- Remembering if you have accepted our terms and conditions; and
- Remembering your preferences such as layout
You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.
Anonymous Visitor Statistic & Performance Cookies
All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies on your browser we will not know when our customers visited our site, and will not be able to improve its performance.
Cookies are widely used in online advertising. Neither us, advertisers or our advertising partners can gain personally identifiable information from these cookies. They will be used to build a profile of your interests and show you relevant adverts on other sites.
They do not store direct personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
You can learn more about online advertising at http://www.youronlinechoices.com. You can opt-out of almost all advertising cookies at http://www.youronlinechoices.com/uk/your-ad-choices. It is also worth noting that opting out of advertising cookies will not mean you won’t see adverts, just simply that they won’t be tailored to you any longer.
Third Party Cookies
Our website, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube video or pulling through Feefo Reviews. Disabling these cookies will likely break the functions offered by these third parties.
Site Improvement Cookies
From time to time we test new designs or website features. We do this by showing slightly different versions of our website to different people and anonymously monitoring how our website visitors respond to these different versions. We might also use anonymised heat mapping software to understand popular pages and specific functionality on our website. This helps us to offer you a better user experience.
You may notice that sometimes after visiting a website you see increased numbers of adverts from the site you visited. This is because advertisers, including ourselves, pay for these adverts. The technology to do this is made possible by cookies, and as such, we may place a so called “remarketing cookie” during your visit. We use these adverts to offer targeted messages to encourage you to come back to our site. However, we are unable to proactively reach out to you as the whole process is entirely anonymised and you can opt out of these cookies at any time as explained above and below.
Social Website Cookies
These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and other networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may therefore impact the content and messages you see on other websites you visit.
If you do not allow these cookies you may not be able to use or see these sharing tools.
The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
When do our cookies expire?
Except for essential cookies, most of the cookies on our websites expire at the end of your current session on our website. However, some of our cookies have an extended lifespan which ranges from 1 day to 26 years. Some of our cookies are persistent and will never expire. If the cookie used is a flash cookie, please note that flash cookies do not expire.
12. Turning Cookies Off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so however will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
Amending cookies setting in different types of browser:
Cookie settings in Edge – https://support.microsoft.com/en-us/help/196955
Cookie settings in Firefox – https://support.mozilla.org/en-GB/kb/enable-and-disable-cookies-website-preferences
Cookie settings in Chrome – https://support.google.com/accounts/answer/61416
Cookie settings in Safari – https://support.apple.com/kb/ph31411
It may be that your concern around cookies relates to so called “spyware”. Rather than switching off cookies in your browser, you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. Learn more about managing cookies with antispyware software.