Privacy Policy

Endeavour Automotive Ltd Privacy Statement

We, Endeavour Automotive Ltd, take information security and data protection very seriously. We are committed to ensuring that your privacy is protected. This Privacy Statement describes how we use the personal data that we collect from you, or that you provide, when you:

  • visit any of our websites or portals (the “Website”);
  • view and enquire on vehicles in one of our showrooms or online;
  • purchase a vehicle, parts, accessories or a service plan from us;
  • rent a vehicle (formal rental agreement, test drive or service loan car)
  • have your vehicles serviced with us;
  • make an online booking or booking through our Contact Centre;
  • or otherwise contact us.

Please read this privacy policy carefully before submitting any personal data to us as the terms below govern our use of your personal data. If you do not accept these terms, please do not submit your personal data.

The content of this statement may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we will also contact you directly should there be any material change in the terms within this statement.


Definitions

The “Company” (referred to as the “Data Controller” in this statement)

Endeavour Automotive Limited (also referred to as "we", "us" and "our"), a company incorporated in England and Wales under registered number 08048653 and whose registered office is at The Hyde, Edgware Road, London, England, NW9 6NW.

For the purposes of the Data Protection Legislation, the Company is the data controller and this statement applies to all Endeavour Automotive UK legal entities and trading names including Regent Automotive Limited, Volvo Cars London and Vernon Haddock Cars Limited.

“Customer Services”

To contact us regarding any data or privacy matter, please either write to Marketing Department, Endeavour Automotive, The Hyde, Edgware Road, London, England, NW9 6NW or email gdpr@endeavourautomotive.co.uk.

“Data Protection Legislation”

The General Data Protection Regulation 2016, any other directly applicable European Union regulations relating to privacy, and any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 or any successor legislation.

“Third Party”

Any company with which personal data is shared:

  • The vehicle manufacturer;
  • Providers of automotive products and value-added services including finance and insurance;
  • Third party processors for the purposes of data hosting, print production, data transfer, direct marketing (electronic and non-electronic), analytics, credit searches and fraud prevention.

“Personal Data” or “Personal Information”

Any information relating to an identified or identifiable natural person.

“Website”

Any website or online portal (including social media) operated by the Company through which personal data is captured.

Endeavour Automotive websites or portals may contain links to other websites outside of our group. Our Privacy Statement only applies to websites controlled by us. We are not responsible for the content, privacy or security of other websites. We encourage you to read the privacy notice of every website that you visit.

Our website and services are not intended for children and we do not knowingly collect data relating to children.



What information do we collect?

We collect personal data from you when you use our websites, contact centre, at off-site events or when you visit one of our dealerships. We may also obtain information about your vehicle, and whilst some of this information does not identify you personally, it provides us with information about how you use our services and engage with us (we use this information to improve our services and make them more useful to you). The information we collect includes some or all of the following:

  • Name (including title);
  • Address;
  • Phone number;
  • Date of birth;
  • Email address;
  • Vehicle information (including registration number, VIN, service reminders, mileage and warranty repair information);
  • The date and time you used our services;
  • The pages you visited on our website and how long you visited us for;
  • Your IP address;
  • Your GPS location (where you have permitted access to this);
  • The internet browser and devices you are using;
  • Cookie, Pixels or Beacon information (for more information please see our Cookie Policy);
  • The website address from which you accessed our website;
  • Details of any transactions between you and us;
  • Where you engage with us in a business context, we may collect your job title, company contact details (including email addresses), fleet size and company details;
  • Calls in to our business or messages you have left for us (for more information please see our Call Recording Policy);
  • Online "Live chat" records;
  • Any information within correspondence you send to us.

How is your Personal Data collected?

We use different methods to collect personal data about you, including:-

  • Direct interactions, where you provide us with personal data yourself, when making purchases, subscribing to our services and publications, creating accounts, giving feedback or entering competitions, promotions or surveys;
  • Automated technologies or interaction; as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns;
  • Third parties; we may receive personal data about you from various third parties, such as analytics providers, providers of technical, payment and delivery services and credit reference agencies, and motor dealerships

We do not collect any “special categories of Personal Data” about you (this include details about your race or ethnicity, religions or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data).Nor do we collect any information about criminal convictions and offences.

Using Your Personal Information

There are various ways in which we may use or process your personal information, adhering to one or more of the following criteria:

Consent

Where you have provided your consent to at least one preferred contact method (direct mail, telephone, email, SMS), we may use and process your information to contact you from time to time about promotions, events, products, services or information which we think may be of interest to you.

We never share your personal information with third parties without ensuring you give your permission for us to send it to them.

Consent can be withdrawn freely and at any time by using the relevant unsubscribe features in our marketing messages, or by contacting customer services.

Legitimate Interest

We may use and process your personal information where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. Examples include:

  • To support enquiries into our business (for example test drive requests or online service bookings);
  • To analyse, evaluate and improve our products, services and online and offline presence (we generally use amalgamated data for this process which means you won’t be personally identifiable);
  • To send you marketing information from time to time after you have purchased a product or service from us or have expressed an interest in the same previously;
  • To identify and record when you have received, opened or engaged with our website or electronic communications (please see our Cookie Policy for more information).

You have the right to object to us processing your information on Legitimate Interest grounds at any time by using the relevant unsubscribe features in our marketing messages, or by contacting customer services.

Contractual performance

We may use and process your personal information to carry out our obligations arising from any contracts entered into between you and us (or one of our selected partners), including to manage payments, fees and charges and to collect and recover money owing to us.

Legal Obligation

We may use and process your personal information to comply with a legal obligation to which we are subject (for example to register your vehicle with the DVLA).

Safety & Security

We may use and process your personal information to contact you if there is any sort of product recall affecting the safety, security or performance of your vehicle or associated products.


Sharing Your Personal Information

The information you share with us will only be disclosed to relevant employees to be used for the relevant purpose stated above. We will not otherwise disclose your personal data to any third party unless one of the following applies:

  • In order to deliver our services to you and, as necessary, we may use Third Party processors. Such processing is conducted under contract which contains the same protections for your personal data as are set out in this policy and we ensure that appropriate data protection and information security assurances are provided. Some Third Parties may be based outside the EEA in countries that do not have the same standards of protection for personal information as the UK but we will, as far as is possible, ensure sufficient protections are in place to safeguard your personal data.
  • Where it is necessary for the performance of our contract with you, including where we need to take steps to enforce any agreement which may be entered into between us.
  • Where we are under a legal duty to do so in order to comply with any legal obligation to which we are subject.
  • To protect the rights, property or safety of our company, our staff and others.
  • In the event that we sell or buy any business or assets in which case we may disclose your personal data to the prospective seller or buyer as part of the sale or purchase process and disclosure is required to allow that transaction to proceed; or
  • If we or substantially all of our assets are acquired by a third party, in which case personal data that we hold about our customers will be one of the transferred assets.

External third parties with whom we may share data in the above circumstances include:-

  • Service providers who provide IT and system administration services (see the section on “Our Website” below);
  • Professional advisers including lawyers, bankers, auditors and insurers;
  • Debtor tracing agencies and recovery agencies;
  • HM Revenue & Customs, regulators and other authorities.

Credit Reference Agencies

In order to process your application we will supply your personal information to one or more credit reference agencies (CRAs) and they will give us information about you, such as about your financial history.We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time.CRAs will share your information with other organisations.Your data may also be linked to the data of your spouse, and joint applicants or other financial associates.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

Call Credit / Equifax / Experian:

  • www.callcredit.co.uk/crain
  • www.equifax.co.uk/crain
  • www.experian.co.uk/crain


Managing Your Personal Information & Your Rights

You have a number of rights as an individual regarding the personal information we hold about you, which include:

  • The right to request a copy of the information that we hold about you (we will under most circumstances provide this within one month of receipt)
  • The right to correct and update your information
  • The right to withdraw your consent (where we rely on it)
  • The right to object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information.
  • The right to erase your information (or restrict the use of it), provided we do not have any continuing lawful or contractual reason to continue to use and process that information;
  • The right to data portability (i.e. transfer your information in a structured data file to another third party, providing they have the means to accept such data).

For more information about these rights, please see the website of the Information Commissioner’s Office at ico.org.uk.

You can exercise the above rights and/or manage your information by contacting us using the details below:

Post: Marketing Department, Endeavour Automotive Ltd, The Hyde, Edgware Road, London NW9 6NW

Email: gdpr@endeavourautomotive.co.uk

Data Retention Policy

We will only hold your personal data for as long as it is necessary to fulfil the purpose it was collected for, or as required by law, or as set out in any relevant contract we have with you.

  • If we have a relationship with you (e.g. you are a customer or the registered driver of a leased or other vehicle purchased from us), we hold your personal information for 10 years from the date our relationship ends. We hold your personal information for this period to ensure you can be contacted in the event of a product recall, or establish, bring or defend legal claims. Our relationship ending is defined as being the last time your vehicle visited one of our dealerships, as recorded on one of our Dealer Management Systems (DMS) or the last time we had contact with you (again as recorded on our DMS), whichever is the latter.
  • Where we have obtained your personal information following a request for information, test drive, brochure, quotation or any other information on any of our products or services, we hold your personal information for 1 year from the date we collect that information, unless during that period we form a relationship with you e.g. you purchase, rent, lease or service a vehicle or purchase any of our products. We hold your personal information for this period to give us an opportunity to form a relationship with you.
  • Where we are using cookies, user identifiers or advertising identifiers on our website or online portals we have set our data retention period to not automatically expire. Generally the information we get from these sources is aggregated and personal information invisible to us, but it allows us to provide a better user experience by comparing performance over an ongoing time period.

The only exceptions to the periods mentioned above are where the law requires us to hold your personal information for a longer period (or delete it sooner) or you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law

Please note, retaining your personal data is not the same as using your personal data, and for archive purposes we may retain your data for a longer period than we can use it depending on which element of the “Using your personal information?” criteria we use above.


Data Security

The security of your personal data is of the utmost importance to us. We are committed to providing appropriate security controls to protect your personal information against foreseeable problems.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach when we are legally required to do so.

If you require more information about your personal data security provisions, please contact customer services and we will be able to supply a more technical overview.

Our website

Our website is powered by G-Forces Web Management Limited (“GForces”), our third party web services provider. GForces is committed to ensuring that data is processed in accordance with applicable data privacy laws, and is kept secure. GForces is certified to the standard of ISO27001 (an international standard for information security). GForces uses Amazon Web Services, Inc. as its cloud platform provider. All data processed by GForces is stored on Amazon’s web servers in the EEA.

When visiting our website

When you visit our website, GForces collects standard internet log information (your IP address, browser, and type of device) and details of visitor behaviour patterns (where you joined our site from, the path you take through our site and where you leave). These are stored against unique ids (which are strings of numbers). GForces collects this information for the legitimate business purpose of monitoring the number of visitors to the various parts of the site, the general geographic location of visitors and engagement levels, which in turn enables it to make improvements to its websites and services, and provide business intelligence. This information is only processed in a way which does not identify anyone. It is kept indefinitely.

GForces also uses Google Analytics to collect standard internet log information and details of visitor behaviour patterns, which are stored against unique ids (i.e. strings of numbers). GForces collect this information for the legitimate business purpose of monitoring website traffic and engagement levels, which in turn enables us to make improvements to our website and the way we sell our cars and services. This information is only processed in a way which does not identify anyone. It is kept indefinitely.

When using our enquiry forms

When you submit information using an online form, GForces processes the data collected and stores it for 31 days for the legitimate business purpose of enabling us to access the information and deal with your request (it is then kept for a further 14 days in GForces’ routine back-ups for business continuity purposes). If you enter your post code, GForces stores the first part of it (e.g. ‘ME14’ or ‘SW1’) and links it to standard internet log information already collected (it is used for the same purposes as that information, as outlined above).

When using our LiveChat service

We use a third party provider, LogMeIn Inc., to supply our LiveChat service. If you use the LiveChat service we will collect any personal information that you volunteer to us. This is used for the legitimate business purpose of handling customer enquiries in real time and then following up in order to resolve them. This data is stored for 30 days by LogMeIn Inc. to enable us to access the information and deal with your enquiry. LogMeIn stores the information in the US under the EU-US privacy shield framework.



We also use a third party provider, Call It Automotive Limited to support our LiveChat service. Personal information that you volunteer to us via the LiveChat service may be shared with Call It Automotive for the legitimate business purpose of assisting with the handling of customer enquiries and follow ups. Personal information will be stored by Call It Automotive for a maximum of 2 years to enable us to access the information and deal with your enquiry. Call It Automotive stores the information in the EEA.


Cookie Policy

As you may already know, cookies are small text files downloaded to your computer when you visit a website. Our website, like almost every other, uses cookies to record details of your visit and ultimately help to give you a better online experience.

Consent

We've changed the way our website works so that we can keep up to date with recent developments in the law relating to cookies. This means that we need your consent to use cookies when you are browsing our site.

Managing your cookie preferences

You can accept or decline certain types of cookies by modifying the settings in your browser. However, you may find that disabling cookies means certain areas of the site do not function correctly and we cannot guarantee access to all the services we provide through our website. Also, if you delete all of your cookies, or use a different device to access our website, you may have to choose your preferences again.

If you enter any of our websites but choose not to alter the cookie settings, we will take this to mean that you are happy with the default settings (which allow all types of cookies to be used).

You can find information on how to disable or enable cookies by visiting www.allaboutcookies.org.

Online Remarketing Advertising

We use online remarketing advertising (facilitated by portals including Google, Bing & Facebook) to display relevant ads tailored to you based on what parts of the Endeavour website you have viewed by placing a cookie on your machine. This Cookie does not in any way identify you or give access to your computer but instead tells our remarketing partners you might be interested in seeing adverts related to the page you visited. This enables us to only display ads that are relevant to you.

If you do not wish to receive remarketing adverts, you can opt out by visiting the relevant portal’s Ads Preferences Manager.


Call Recording Policy

We track activity via telephone calls into our business using third-party providers to improve our marketing processes. We track which sources are effective at helping visitors find our website and make calls to us. We use IP addresses, geo-location data, caller telephone number, and voice recordings.

Telephone calls into our businesses are used only for training and monitoring purposes. We also record dates and times of incoming and outgoing calls (together with identifiable telephone numbers) for the purposes of tracking call volumes and billing.

All telephone call recordings are deleted once they have been listened to and reviewed, and we have a process in place to ensure sensitive personal information is not recorded or stored.

Any voicemails left on our systems are automatically deleted once they are listened to and can only be accessed by a member of staff using a secure PIN number. Any personal information left on voicemails is your implied consent for us to store your data for as long as it takes for us to access the voicemail and subsequently delete it.


Changes to this privacy statement

We keep our privacy statement under regular review; the updates will appear on our website. Please check it each time you visit this website or provide us with any personal data.

We last updated this privacy statement in November 2018.

Feedback on this policy

If you have any questions about this privacy policy or any personal data which we hold about you please contact Customer Services.

Complaints

If you are unhappy with the way in which we have collected or processed your personal data or have any other complaint in relation to our handling of your personal data you can make a complaint to the Information Commissioner’s Office (ICO), further information can be found on the ICO’s website at www.ico.org.uk, via their helpline on 0303 123 1113.We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.