MOT City ensures that personal information given to it is protected from unauthorised access, and only used for:
- The purpose of processing garage service orders, including generating jobsheets and invoices.
- Archiving details of work done because of the legitimate interest in viewing work history if the car returns.
- Reminding MOT customers of the renewal date because of the legitimate interest in continuing to keep a previously tested vehicle safe.
- The sending of marketing information and Christmas greetings, but only if a customer consents.
- Cleaning of data by checking for errors, duplications and inactive customers because of the legitimate interest in keeping company records accurate.
- Personal information is never shared with anybody, unless required by law.
Protection is assured by:
- Having documented data protection procedures and keeping proof these are followed.
- Appointing a Data Controller responsible for regularly maintaining this policy, and Data Processors responsible for ensuring that processing is done as documented.
- Regularly analysing where and how information is stored and processed to ensure all risks to personal information are properly identified, understood and appropriate protection measures taken. The analysis is recorded in the personal data map.
- Ensuring there is a legal basis for each process that uses personal information.
- Regularly checking personal data for accuracy, duplication and removing inactive customer information from the company’s data stores unless required for archiving, and legal reasons. Usually someone is regarded as inactive if they have not made a booking of any type in the last 3 years.
- Ensuring that all staff that hold and process information are regularly trained in this policy, and that this includes the process of ensuring a prompt notification of any breach to the Information Commissioner’s Office as required by law*.
- Giving information on what information is held on a subject on request by that person.
- Never sharing personal data with third parties.
- Never sending marketing information unrelated to MOT City’s garage services.
- Ensuring the accounting service, garage management system, marketing, email and web server providers give written assurance of compliance with appropriate security and privacy standards to enable this policy to be delivered.
- Not holding or processing data outside the EU except for sending marketing emails by MailChimp which operates under US privacy laws.
- Not collecting information on visits to the website through logs or cookies that can be attributed to a person.
Awareness, Objections and Data Requests
- Awareness of the policy is ensured by publishing it on the website and displaying notices about it in email communications, and in garage reception.
- Anybody can object to the company’s use of their personal data by contacting the Data Controller to have it removed from MOT City’s data stores, and if this is not possible an explanation will be given.
- Anybody can request details of what information is held on them.
- All questions relating to data protection and privacy should be sent to the Data Controller at the email address below. If this does not result in a satisfactory resolution the ICO’s office can be contacted and details are on its website: ico.org.uk.
Data Controller – Sean Bradbury, email: firstname.lastname@example.org
* The relevant UK law is the General Data Protection Regulations that replaced the Data Protection Act on 25 May 2018. See the Information Commissioner’s website: ico.org.uk which also explains rights to request information and how to complain.
Sean Bradbury – Proprietor 08 May 2018