Privacy Policy

This privacy policy applies only to your use of our site (philippaulcars.co.uk). Our site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and would advise you to check the privacy policies of any such websites before providing any data to them.

 

What personal information will we use?

Philip Paul Ltd collects personal information from you when:

• you fill in forms

• automatically through the use of website cookies and similar technologies. You can find more about this in our cookie policy which can also be found on our site.

• you correspond with us by phone, e-mail or in person (see also supplementary privacy policy on display at dealership).

Our website enables you to provide both personal and non-personal information, including:

• Your name

• Your contact information e.g. e-mail address(es), telephone number

• Demographic information e.g. postcode. Preferences and interests; IP address, web browser type, operating system; a list of URLs starting with a referring site; your activity on our site and the site to which you exit.

• Information about your vehicle e.g. registration number, model, age, mileage

• Products and services in which you are interested and your contact and marketing preferences.

 

GDPR

Under GDPR you have the right: 

• to be informed

• of access

• of rectification

• erasure

• restrict processing

• data portability

• to object

• in relation to automated decision making and profiling

 

What lawful grounds do we rely on when we use your personal information?

1. Consent: the individual has given clear consent to process their personal data for a specific purpose

2. Contract: the processing is necessary for a contract you have with the individual, or because they have asked to take specific steps before entering into a contract

3. Legal obligation: the processing is necessary to comply with the law (not including contractual obligations)

4. Vital Interests: the processing is necessary to protect someone’s life

5. Public Task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law

6. Legitimate Interests: the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individuals’ personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks).

 

How do we use your personal information?

All personal data collected is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations under GDPR at all times.

Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, or because you have consented to our use of your personal data or because it is in our legitimate interests.

With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by e-mail and/or telephone and/or text message and/or post with information on our products and services.

We will not however send you any unsolicited marketing or spam and will take all reasonable precautions to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

3rd Parties whose content appears on our site may use 3rd party cookies. Please note that we do not control the activities of such 3rd parties, nor the data they collect and use, and advise you to check the privacy policies of such 3rd parties.

How and where do we store your data?

We only keep your data as long as we need in order to use it as described above, and/or for as long as we have your permission to keep it.

Some or all of your data may be stored outside the European Economic Area (EEA). By using our site and submitting information to us you are deemed to accept and agree to this.

If we do store data outside the EEA we will take all reasonable steps to ensure that your data is treated safely and securely as it would be within the UK, and in compliance with the GDPR.

Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our site.

 

Do we share you data?

Nexus Point Ltd has been appointed as a data sub-processor to process personal data on behalf of Philip Paul Ltd. Philip Paul Ltd will take all reasonable steps to ensure that your data will be handled safely, securely and in accordance with your rights, our obligations and the obligations of Nexus Point Ltd under the law.

We may sometimes contract with 3rd parties to supply products and services to you e.g. payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases the 3rd parties may require access to some, or all, of your personal data. Where any of your data is required for such a purpose we will take all reasonable steps to ensure that your data will be handled safely and securely and in accordance with your rights, our obligations and the obligations of the 3rd party under the law.

We may compile statistics about the use of our site; on such occasions all data will be anonymised and will not include any personally identifying data. If such data is shared with 3rd parties the data will only be shared, and used, within the bounds of the law.

In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example where we are involved in legal proceedings and where we are complying with legal requirements, under issue of a court order or at the request of a governmental authority.

We use Google Analytics, owned by Google, to collect, monitor, and analyse traffic to our website.

Google collects data about the device you are using, device type, browser information and device screen size. Google also collects your IP Address which is used to approximate your location. Google does not share your IP Address with us, which in turn does not allow us to identify you as an individual.

For further details on how Google Analytics uses and protects your data, please see Google’s privacy policy here.

We use Cloudflare to protect the identity of our servers for security reasons. Cloudflare also provides several services such as DDoS (Distributed Denial of Service) attacks protection, SSL/TLS (end-to-end encryption) and caching of web assets.  Due to the nature of Cloudflare, any data you submit to our servers will also pass through Cloudflare, albeit in a converted format using end-to-end encryption technologies.  Cloudflare complies with the GDPR and other legal frameworks. Further information can be found here.

We use Mailgun to handle outgoing and incoming email between us and the Data Subject. Mailgun keeps a log of all data, including any personal or sensitive data that you include within your email to us, along with your name and email address. These logs are kept for a maximum of 30 calendar days at which point they are permanently removed.

 

Social Media

We include resources from Facebook and Twitter on our website to allow us to connect with you. Whilst we do not share your data with either service without your consent, they may collect data on you which includes HTTP headers (Digital Footprint) and any data you voluntary submit to their service.

You may review how each service complies with GDPR below,

Facebook: https://www.facebook.com/business/gdpr

Twitter: https://gdpr.twitter.com/en.html

 

Contact and access to your information

If you have any queries surrounding the collection and/or storage of your data, or you wish to clarify or request a copy of the information we hold about you please contact us at the address below. As highlighted previously you also have the right to request correction, or deletion, of your personal data, but only where it is no longer required for legitimate business purposes.

 

Philip Paul Ltd

Maesbury Road

Mile Oak Industrial Estate

Oswestry

Shrops SY10 8GA

Alternatively please e-mail us on [email protected], quoting the phrase “PRIVACY INFORMATION REQUEST” as your subject heading.

 

Changes to our privacy policy

We keep our privacy policy under regular review and any changes to it will be posted on this page. This policy was last modified on 12/6/2018