2018 General Data Protection Regulations
With the introduction of the new General Data Protection Regulations (GDPR) on 25th May 2018, which will supersede the Data Protection Act, there will be new regulations relating to UK data privacy law. We would like to take this opportunity to outline what steps we are taking to ensure that your data is managed responsibly.
We are a data processor, not a data controller.
What Information do we Collect and Use?
We can collect and use information about you. This is generally obtained from our client but it can be obtained in other ways too, such as emails, telephone calls, correspondence. We may also check public web sites for information about you, such as on the Sanctions Search web site or other sources, e.g., to check your address.
Why Do We Collect and Use Your Information?
CMA only collect personal information from you that is necessary, fair and lawful. We will collect and use your information only where:-
• The information is necessary to provide the service or product you acquired, It is necessary to meet our legal or regulatory obligations, e.g.,
• to make appointments, send you documents or for the detection and prevention of fraud;
• in the legitimate interests of CMA so that we can provide information and advice to our client and a service to their customer.
Who do we Share Your Information With?
We may share some of your information with third parties for the reasons outlined in Why Do We Collect and Use Your Information?
Third parties include:-
• A previous keeper or vendor of a vehicle
• The police, ambulance of fire service, as appropriate
• A witness to an event
• Where required by law
• Where enabled by the Data Protection Act either to prevent and / or detect fraud or in the course or connection with potential proceedings
• Our client and Supervisory Authorities such as the Information Commissioner’s Office (ICO), Ombudsman (FOS) or The Financial Conduct Authority (FCA)
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
How your Information is Protected
The security of your information is very important to us and we make every effort to comply with our obligations. We apply safeguards to any information that we collect or use whether collected electronically or on paper or with any other media so we adhere to the data protection regulations. Our employees also have an obligation to protect sensitive or confidential information and undergo regular training to ensure they know the requirements.
Storage of Information
Your personal information is kept secure and only used when it is needed to provide you with our services and products. Due to regulatory obligations, we may need to store your information for specific periods of time, depending on the obligation we need to meet.
Your Individual Rights
You have the following rights of access from the Data Controller:-
• You have the right to receive information on what personal information we have in a clear and easy to understand format;
• You have the right to access your personal information and if you do require to see what information we hold on you;
• If you find that we hold incorrect information about you, you have the right to have this corrected and can request us to do this;
• You have the right to have your information deleted if there is no good reason for it to be kept by us;
• You have the right to block or suppress the processing of your personal information if you have a reason to request this. This means that we can keep the information but you request that it is not used for particular reasons you specify;
• You can ask for copies of the personal information so that you may use it for other purposes;
• You have the right to object to us using your personal information for marketing or similar purposes however, this will not occur.
Making a Request or Complaint
Should you have any query or complaints with regards to the handling or processing of your personal information, please use the form below.
If you are still unhappy you can complain to our the supervisory authority, the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
As will be understood from our writing in respect of GDPR, we take your personal data seriously. There are circumstances in which we will seek information about you. For example:
• Consent – With your consent, we may approach organisations such as the DVLA or Police Constabularies.
• Public Record – We may seek and consider information that is readily available to all. Commonly, this is on-line data.
• Enabling Sections – The DPA does not provide an ‘impenetrable wall of protection’ preventing us from seeking information about you, or stopping others from releasing your information to us.