Privacy Policy
Lind Group Holding Company Ltd Privacy Policy
1. General intro
1.1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:
1.1.1. what data we are processing;
1.1.2. why we are processing it and what we do with it;
1.1.3. whether we will share it with anyone else;
1.1.4. whether we will transfer it outside of the European Economic Area (‘EEA’);
1.1.5. how we keep your data safe; and
1.1.6. your rights.
1.2. We hope that you find this Privacy Policy helpful. If you have any questions, please don’t hesitate to contact us.
2. Who we are and our contact details
2.1. The Lind Group Holding Company Limited and our subsidiary companies including Lind AG Limited (T/A Porsche Centre Tonbridge), Lind US Limited (T/A Guildford Harley-Davidson, Newmarket Harley-Davidson, Norwich Harley-Davidson, Reading Harley-Davidson & Lind Harley-Davidson), Lind Motorrad Limited (T/A Lind Motorrad) and Lind Triumph Limited (T/A Jack Lilley, Jack Lilley Triumph, Lind Triumph, Triumph London, Triumph North London, Triumph West London & Triumph East London) are registered at Brook Farm, Five Oak Green Road, Tonbridge, Kent, TN11 0QN, Great Britain. In this policy we have referred to the Lind Group Holding Company Ltd and subsidiary companies as: Lind, we, us or our.
2.2. This policy is extended to cover the members of the Harley-Davidson Owners Group local chapters associated with our Lind US Limited businesses which include: Fenlanders, Hogsback, Iceni and Thames Valley, and the members of the Romford Riders Association of Triumph (RAT) Club associated with Lind Triumph Ltd.
2.3. For any queries concerning your data please contact the CRM Team at the above address or by email at crm@lind.co.uk
3. Your personal data
3.1. The personal data that we hold and how we manage it varies depending on why we are holding it. The reasons that we hold personal data are broadly when you have expressed an interest in our products or services. Under each section heading in 3.2, we have detailed how we manage and process the personal data. When we understand you are purchasing a vehicle, entering a competition, registering for news updates, purchasing parts or clothing, applying for vehicle finance, enquiring about any of our products or services.
3.2. What data do we hold about you?
3.2.1. Contact Details: Name, Address, Phone numbers, Email address.
3.2.2. Interests: Information you provide us about your interests. Including the type of vehicles you are interested in.
3.2.3. Website and Communication Usage: When you enter our web sites, we use your Internet protocol ("IP") address to help diagnose problems with our server, to administer our web sites and to help identify you. We also have the ability to know what type of operating system and browser software you use and to identify the geographical location of your browser. Your IP address is also used by us to gather broad demographic information and for other purposes, such as monitoring visitor frequency. How you use our website and whether you open or forward our communications, including information collected through cookies and other tracking technologies (refer to section 4 for our Cookie Policy).
3.2.4. Sales and Services Information: Relating to purchases and services in which you have expressed an interest or which you have purchased from us, including copies of any complaints and claims you may have sent us.
3.2.5. Credit and Anti-Fraud Information: Which establishes your identity, such as driving licences, passports and utility bills. Information about transactions, requests for credit and non-payment of debts with us and third parties and credit ratings from credit reference agencies. Fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included.
3.2.6. Vehicle Data: Information about the features and current settings of your vehicle (identified by the Vehicle Identification Number).
3.2.7. CCTV:We use CCTV recording on and around our premises in order to: Prevent, deter and detect crime, apprehend and prosecute offenders, and provide evidence to take civil action in the courts, help provide a safer environment for our staff and customers, protect public safety, help to provide improved customer service, for example by enabling staff to see customers requiring assistance, monitor operational and safety related incidents and assist with the verification of any claims made to us.
3.2.8. Call Recording: We may record calls made into our businesses, to assess customer satisfaction, train and develop staff, review call quality and have access to a verbal record of what is said in the event of a subsequent complaint.
3.3. How do we obtain this data?
3.3.1. If you contact us directly via our websites, social media channels, online chat, telephone, in-dealership, via one of the manufacturers we represent or at external events.
3.3.2. If you buy a product of service from us directly.
3.3.3. If you reply to our direct marketing campaigns.
3.3.4. If with your permission, your contact details are transferred from our partners or suppliers.
3.3.5. If you give us information on behalf of someone else, you confirm to us that you have obtained their permission to do so and that they do not have any objection to us processing their information in accordance with this Privacy Policy. If you are under 16 please do not provide us with any of your information unless you have the permission of your parent or guardian to do so and have provided us with a copy of that permission.
3.3.6. Please help us to keep your information up to date by informing us of any changes to your contact details or preferences. You may change or review your contact details or preferences at any time by notifying us by email or post, our contact details are in section 2.2.
3.3.7. You join one of the social clubs associated with one of our businesses i.e. a local Chapter of the Harley-Davidson Owners Group, Riders Association of Triumph Local Group or Porsche Owners Club Regional Club.
3.4. What do we do with this data?
3.4.1. Customer Support and Marketing - to respond to enquiries and to bring you news and offers. We use your personal data for customer care and for personalised communication of product and service information. In order to ensure that you receive relevant and personalised communications, we will use your data to create an individual customer profile and we may share your personal data between our group of companies and our business partners/suppliers which is outlined below in section 3.6.1 This may include data you have provided, or which is generated via your online trends, for example contact details, preferences, customer history, vehicle history and online behaviour.
3.4.2. Vehicle Sales & Service – to process your sale, configure and service your vehicle. Our dealerships will obtain Contact Details, Vehicle Configuration Details, Vehicle Technical Information and Sales and Services Information when you purchase, service or repair a vehicle from or with them as part of the sale or service and will use it to provide the services you request and notify you of issues in relation to your vehicle. This information may be accessed by our business partners / suppliers to troubleshoot technical or other issues relating to the delivery of these services.
3.4.3. Vehicle Finance – to assess your eligibility for finance and administer its repayment. When you apply for finance we will share your information with one of our commonly used finance suppliers (which generally include: BMW FS, Black Horse, Close Brothers Finance and Volkswagen Financial Services). These finance providers may share the information with Credit Reference and Fraud Prevention Agencies to help them decide whether to offer you finance. Using information about you in this way is necessary for these finance providers to make this decision and if you do not provide it, they may not be able to offer you finance.
3.4.4. Compliance with legal requests for your information– to comply with our legal obligations to law enforcement, regulators and the court service. We may be legally required to provide your information to law enforcement agencies, regulators and courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where we are permitted to do so, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
3.5. What’s our lawful basis for the processing of this data?
3.5.1. The use of your information set out above is permitted under EU data protection law on the basis of these principal legal grounds:
3.5.2. where you have consentedto the use (you will have been presented with a consent form in relation to any such use and may withdraw your consent at any time by contacting our CRM Team
3.5.3. where necessary to enter into or perform our contractwith you
3.5.4. where we need to use it to comply with our legal obligations
3.5.5. where we use it to achieve a legitimate interestincluding promoting the dealerships [and social groups] of Lind Group, along with the brands we represent including: BMW Motorrad, Harley-Davidson, Porsche and Triumph, and to provide you with news and offers tailored to your profile, and to undertake research and development of vehicle related products and services
3.5.6. where there is a vital interest we may use your information to notify you about safety and product recall notices.
3.6. Will we share your data with any third parties?
3.6.1. Your data may be shared with the relevant brand partner as follows: BMW UK Ltd, Harley-Davidson Europe Ltd, Porsche AG and Porsche Cars Great Britain Ltd or Triumph Motorcycles Ltd. The brand partner shall at that point become a data controller.
3.6.2. If we sell all or part of our business, or are otherwise involved in a merger or business transfer, or in the unlikely event of bankruptcy, we may transfer your personal information to one or more third parties as part of that transaction.
3.6.3. There may be instances where the law requires we disclose your personal information to respond to subpoenas, court orders, or other legal process, to respond to a request of cooperation from a law enforcement or another government agency.
3.6.4. We may transfer your personal information to a third party if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA, Warranty Companies,)
3.6.5. We will never sell, rent, lease or give away your personal data to any third party.
3.6.6. We may disclose your personal information to our third party service providers for the purposes of providing you services to us or directly to you on our behalf e.g. Event Management companies, advertising and marketing agencies, lead management providers or administrative service providers.
3.7. How long do we keep this data?
3.7.1. We retain your information only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes. If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.
3.7.2. Use for marketing: We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. You retain the right to remove this consent at any point.
3.7.3. Use to perform a contract: In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus six years to deal with any queries or claims thereafter.
3.7.4. Where claims are contemplated: In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
3.8. Transferring your data outside of the European Economic Area (‘EEA’)
3.8.1. We will ensure that any of your information that is accessible outside the EEA is handled subject to appropriate safeguards. Certain countries outside the EEA, such as Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required. In countries which have not had such approval, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
4.1. We use Cookies on our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you visit our website. This enables us to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.
4.2. You can find out more about the Cookies we use in our Cookies Policy available on our website.
4.3. You can set your browser not to accept cookies, however some of our website features may not function as a result.
4.4. For more information about cookies generally and how to disable them you can visit: www.allaboutcookies.org.
5. Links to other websites
5.1. Our website may contain links to and from other websites (e.g. social media sites such as Twitter, Flickr, YouTube and Facebook). Unless we own such websites, we accept no responsibility for the way in which they process your personal data. You are recommended to check the privacy policy of each website before you submit any personal data to it.
6. Social Plugins
6.1. We use so-called social plugins (buttons) of social networks such as Facebook, Google+ and Twitter.
6.2. When you visit our websites, these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you can use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies. Please see section 4 for further details regarding our use of cookies.
6.3. After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
6.4. After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account.
6.5. If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
6.6. We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
7. Data security
7.1. We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
7.2. We use Secure Sockets Layer (SSL) software to protect your online transactions. SSL encrypts the personal information you provide to us before travelling over the internet; however we are unable to guarantee the security of the data transmitted to our website as unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
7.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
8. Your rights
8.1. Your right to access data: We always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:
8.1.1. a description of it;
8.1.2. an explanation of why we are holding it;
8.1.3. information about who it could be disclosed to; and
8.1.4. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.
8.1.5. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 1.2and mark it clearly as ‘Subject Access Request’.
8.1.6. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone
8.1.7. Unless you agree a different time, we will complete your subject access request within one month.
8.2. Right to be forgotten: If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.
8.3. Right to restrict data: If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.
8.4. Right to complain: You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.
8.5. Right to stop marketing messages: You always have the right to stop marketing messages and telephone calls. We will usually include an unsubscribe option in any marketing emails and in texts. If you do wish to unsubscribe, please just click the unsubscribe button in the email or send a STOP text to the number indicated and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time. Our contact details are shown in section 1.2.
9. Policy updates
9.1. As our business changes from time to time, we sometimes need to make changes to the way we collect and use your personal information. Therefore, this Privacy Policy may be updated from time to time. Your personal information is processed according to the current version of our Privacy Policy, so please do check to ensure you are aware of and agree to any updates.
9.2. This policy was last updated on Tuesday 04 June 2019.