Revilo Group is a trading style of Revilo Capital ltd. Revilo Capital is committed to protecting your privacy and security. Our policy explains how and why we use your personal data, this will allow you to remain and in control of your information and informed about its use. From 1st March 2018, Revilo Group Companies will ask its customers to “opt-in” for marketing communications. This is due to a change to the rules which govern how we can communicate with you and a new regulation on personal data (the General Data Protection Regulation) coming into force in May 2018. Therefore, we are introducing a new approach that relies on you giving us your consent about how we can contact you. This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them, for example an email, phone, SMS or via post. If you would prefer not to receive communications from us or indeed wish to change how we contact you then please let us know by emailing email@example.com or in writing to Revilo Group, Revilo House, Suite 2, Bridgefold Road, Rochdale OL11 5BX or you can call us on 01706 509234 We will not sell your personal data and will only ever share it with an organisation that we work with where is necessary and only if its privacy and security of the transfer of this data is upheld.
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Revilo Capital registered in England with company number 9220357, registered with the ICO under data controller number ZA171255. The details for other Group Companies are shown below.
3. WHAT INFORMATION WE COLLECT AND HOLD
Personal data you provide We collect data you provide to us. This includes information you give to us when providing details of your name, address and vehicle details we take when initially communicating with you over any potential transaction with us of our products or services then this will be the details we take. For example: • personal details (name, date of birth, email, address, telephone etc.) • details of your requirements and type of transaction. • financial information (payment information such as bank account details. Please see section 8 for more information on payment security). Information created by your involvement with us Your activities and involvement with Revilo Group will result in personal data being created. This could include details of how you’ve helped us by delivering the vehicle or being involved with providing testimonials or the supply of the V5 registration docs and payments. Information we generate We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your vehicle make(s) and model(s) along with the purchase price, how you heard of us and mileage as this will help us to provide Management data to build a profile which assists us in deciding on marketing campaigns on specific makes or models of vehicle. This data also helps direct us in our direct marketing to only send you any marketing that would be of interest or relevance to you, Section 6 (Research and profiling) contains more information about how we use information for profiling and targeted advertising. Information from third parties. We sometimes receive personal data about individuals from third parties. For example, if we are partnering with another organisation (e.g. you provide your information to another buyer or dealer when we may collaborate on a project). This is also explained in Section 11 (Cookies and links to other sites), we may use third parties to help us conduct research and analysis on personal data (and this can result in new personal data being created). We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages. Occasionally, we may collect information from public sources. This could include public databases (such as Companies House), news or other media. We don’t do this to everyone, and it is the exception not the rule. Sensitive personal data. We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation. Accidents or incidents If an accident or incident occurs on our property, at one of our collection or sale points, or involving one of our members of staff then we will keep a record of this(which may include personal data and sensitive personal data).
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary to: • enter into, or perform, a contract with you; • comply with a legal duty; • protect your vital interests; • for our own (or a third party’s) lawful interests, provided your rights don’t override these. In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes): Marketing We use personal data to communicate with people, to promote our company with brand awareness and to offer our services to potential clients or indeed to any dealers/buyers. This includes keeping you up to date with our news, updates, campaigns and Revilo Group information. For further information on this please see Section 5 (Marketing). Administration We use personal data for administrative purposes such as: • sending or receiving payments (e.g. setting up of payees for immediate bacs payments); • maintaining databases of our customers, potential customer or buyers • performing our obligations under our contracts; • fulfilling orders for goods or services (whether placed online, over the phone or in person); • helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this). Internal research and analysis We carry out research and analysis on our marketing campaigns to determine the success of these and to better understand high or indeed low responses which will help us to identify patterns and trends. This helps inform our approach towards campaigning and makes us a stronger and more effective company, allowing us to uphold our customer service level. Supporter research and profiling We evaluate, categorise and profile personal data in order to tailor marketing, services and communications (including targeted advertising) and prevent unwanted material from filling up your inbox. This also helps us understand our customers, improve our company and carry out research. Further information on profiling can be found in Section 6 (Research and profiling).
5. DISCLOSING AND SHARING DATA
We will not sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, Group companies, or third-party products and services, but these communications will always come from Revilo Group Companies and are usually incorporated into our own marketing materials (e.g. advertisements in magazines or newsletters). We may share personal data with subcontractors or suppliers who provide us with services. For example, if we are purchasing your vehicle then as a fraud prevention precaution we will perform a HPI check on the vehicle which includes, your name, address, vehicle registration and mileage will be shared with the delivering company. However, these activities will be carried out under a contract which imposes strict requirements to keep your information confidential and secure.
From the 1st March 2018, Revilo Group Companies will ask its customers and buyers to “opt-in” for most communications. This includes all our marketing communications (the term marketing is broadly defined and, for instance, covers information about the business and the Revilo Group that we feel may be relevant to you). This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (post, phone, email, text). If you would prefer not to receive communications from us or indeed wish to change how we contact you then please let us know by emailing firstname.lastname@example.org or in writing to Revilo Group, Revilo House, Suite 2, Bridgefold Road, Rochdale OL11 5BX or you can call us on 01706 509 239. What does ‘marketing’ mean? Marketing does not just mean offering things for sale, but also includes news and information about: • our business, Group Companies and charity work; • our events and activities • products, services and offers (our own, and those of third parties which may interest you); When you receive a communication, we may collect information about your response to us or with the communication and this may affect how we communicate with you in future.
6. RESEARCH AND PROFILING
This section explains how and why we use personal data to build profiles which enable us to understand our customers or buyers to improve our relationship with them and provide a better customer experience. Analysis and grouping We analyse our data to determine common characteristics and preferences. We do this by assessing various types of information including behavior (e.g. previous responses) or demographic information (e.g. age or location). By grouping people together based on common characteristics, we can ensure that group is provided with communications, products, and information which is most important to them. This helps prevent your inbox from filling up, and means we aren’t wasting resources on contacting people with information which isn’t relevant to them. Profiling to help us understand our customers We profile our customers as this information helps us to ensure communications are relevant and timely. On occasion, we may also combine information about particular customers with external information (such as directorships listed on Companies House, or news about an individual which has featured in the media) in order to create a more detailed profile about a particular individual. We will also obtain information about you from other sources, much of which is available on public and private databases. We do this to enhance and fill-in any gaps so that we can understand our customers better, send you the most relevant communications and target our resources effectively. Anonymised data We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new staff or buyers, or to identify trends or patterns within our existing database. This information helps inform our actions and improve our services and documentation.
7. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to or use or disclosure of your personal information. Electronic data and databases are stored on secure computer systems and servers and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which all members of staff are required to follow when handling any of your personal data. Payment security All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. Revilo Group Companies comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council and will never store card details or bank account information. Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk. CCTV Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Revilo Group staff. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
Where we store information Revilo Groups operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected. For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme). How long we store information We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed). We continually review what information we hold and delete what is no longer required. We never store payment information.
10. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows: • the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request); • the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason); • the right to have inaccurate data rectified; • the right to object to your data being used for marketing or profiling; and • where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent. This information will be provided in a common electronic format. Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you would like further information on your rights or wish to exercise them, please write to our registered offices at Revilo House, Suite 2, Bridgefold Road Rochdale, OL11 5BX. Complaints If you have a complaint, then please direct this to us using the details set out above. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
11. COOKIES AND LINKS TO OTHER SITES
Registration Number: ZA171255
Date Registered: 09 March 2016 Registration Expires: 08 March 2021
Data Controller: Revilo Capital Limited
Registration Number: ZA286236
Date Registered: 18 October 2017 Registration Expires: 17 October 2021
Data Controller: Revilo Life Limited
Registration Number: ZA246356
Date Registered: 12 April 2017 Registration Expires: 11 April 2021
Data Controller: Revilo Homes Limited
Registration Number: ZA189432
Date Registered: 17 June 2016 Registration Expires: 16 June 2021
Data Controller: Revilo Automotive Limited
Registration Number: ZA272751
Date Registered: 23 August 2017 Registration Expires: 22 August 2021
Data Controller: Revilo Developments Limited