Privacy and Data Protection Notice - Vehicle Vision

Privacy and Data Protection Notice

1. Notice Statement

1.1. Vehicle Vision International Limited (“Vehicle Vision”) offers a subscription solution to the automotive industry. Vehicle Vision acts as a data processor and processes the data provided to Us to fulfil the Service our Customers have subscribed to. In some of our Products, the Customer’s Customer (“Data Subject” / “Consumer”) provides their data directly to us through URLs or Widgets specific to the Customer, which we share back to the Customer. In this instance, we require the Customer to be transparent in their Privacy Notices that such data passes through Vehicle Vision, and at all times the Customer is the Controller of the data passed through the Vehicle Vision Product.
1.2. All individuals have rights with regard to how their personal information is handled. During the course of our business activities we will collect, store and process personal information about our customers and suppliers. We recognize the need to treat such information in an appropriate and lawful manner. This Policy will explain our treatment of data belonging to our Customers, suppliers and other third parties who we engage with, our treatment of data which is shared by a visitor on our website and our use of Cookies.
1.3. Vehicle Vision takes the issue of security and data protection very seriously and strictly adheres to regulations published in the United Kingdom data Protection Act of 2018 and the General data Protection Regulation (EU) 2016/679 which is applicable from the 25th May 2018.

2. Status of the Policy

2.1. This notice sets out our rules on data protection and the legal conditions that we will satisfy in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.
2.2. This policy is under regular review and the latest version of this policy is available on our website at all times. This Privacy Notice may be updated periodically and without prior notice to reflect our practices and compliance with relevant privacy laws.

3. Lawful Basis of Processing

3.1. Under the General Data Protection Regulation (GDPR) a company must have a Lawful Basis for Processing the data of which they hold. Vehicle Vision recognises our lawful basis for processing as:
3.1.1. Contractual. Upon signing our Agreements and subscribing to our Product, You shall enter in to an Agreement; You or Your Organisation has given us contractual obligations to process the personal data provided to fulfil the services and provide support to individuals using our services.
3.1.2. Legitimate Interest. We have a legitimate interest in the data we hold and process. We need the data we collect and process to fulfil our working requirements such as assisting you with using our product. Where Legitimate Interest applies, we shall always conclude a Legitimate Interest Impact Assessment.
3.1.3. Consent. Where required, we may rely on Consent for processing such as Marketing. At all times, consent shall be freely given and in a transparent manner, and shall be revokable.
3.1.4. Legal. We have a legal obligation to hold accounting records which may contain personal information.

4. Information We Collect

4.1. We will only collect personal data to the extent that it is required for the specific purpose notified to the Data Subject. Any data that is not necessary for that purpose will not be collected. You directly provide us with most of the data we collect. In our business operations, we will collect and process the following data about you should it be provided:
4.1.1. Details of your visits to our Website and the resources that you access including, but not limited to: traffic data; location data; weblog statistics; and other communication data.
4.1.2. Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter, an instant demo or contact us via the Contact Us page. Example information we collect by these means are, but not limited to: name; email address; and phone number.
4.1.3. Information provided to us when you communicate with us via any means, for any reason.
4.1.4. Information provided to us upon subscribing to or purchasing our Product. This information will be provided to us by the dealership or OEM (employer) for us to input into said Product for use of our services. Example information provided to us by these means include, but not are not limited to: name; business or personal email address; business or personal phone number; address or contact details of your employer; or address of place of work and job role.
4.1.5. Consumer data processed through the Product. Such information shall be supplied by You or the Data Subject themselves, via our Product but at all times You shall remain the Controller. Example information provided to us by these means include, but are not limited to: name; email address; phone number; vehicle information including VIN; registration; and vehicle health information.
4.1.6. Information collected or added throughout the usage of Our services, including Your Customer information, as detailed in our contracts.
4.1.7. In the event of prospecting by our Sales or Marketing teams, we get this information from Prospects websites, purchasable databases or through introductions. In the process of campaigning and prospecting, all Data Subjects will have the option to unsubscribe or exercise their right to be forgotten. For more information, You can email dpo@citnowgroup.com.
4.2. Vehicle Vision has taken the necessary steps to ensure we do not knowingly process any data of children or vulnerable groups. We encourage you to advise us should you think we are unknowingly processing this data by contacting us at dpo@citnowgroup.com and we will take the necessary steps to rectify this.

5. Use of Your Information

5.1. The information that we collect, process and store relating to you is used to enable us to provide our services to you, such as if you have signed up to receive marketing or if you are a user of our Product or services, including offering you support as a user of our services.
5.2. We will only collect and process personal data for the specific purposes notified to the Data Subject when the data was first collected, or for any other purposes specifically permitted by the applicable Privacy Law. This means that personal data will not be collected for one purpose and then used for another. Further processing for archiving in the public interest, scientific research or statistical purposes shall, in accordance with Privacy Law, not be considered incompatible with the initial purpose. If it becomes necessary for us to change the purpose for which the data is processed, we will inform the Data Subject of the new purpose before any processing occurs.

6. Marketing

6.1. Vehicle Vision provides products to the Automotive Industry and therefore follows the PECR for B2B Marketing. As such, and in line with clause 4.1.7 of this Privacy Notice, we shall ensure that such marketing follows the current PECR guidelines, or any further Privacy Law of which becomes applicable at such time, and ensure that all Marketing:

  • Is relevant to Customer and/or Prospects Business;
  • Is transparent as to who we are and what we are marketing; and
  • Includes an unsubscribe option

6.2. We will always utilise “Positive Opt-In” where available, and at all times in EEA areas of which require this for marketing. For current Customers, You shall receive updates, “round-ups’ and other such newsletters from Vehicle Vision as appropriate. This material may include information of other companies within CitNOW Group. This information shall be relevant to the Product of which You are subscribed to.
6.3. You have the right at any time to stop Vehicle Vision or other CitNOW Group entities from contacting You for Marketing purposes. You can do so by utilising the “unsubscribe” option at the end of such emails, or by contacting dpo@citnowgroup.com.

7. Storing and Destroying Your Personal Data

7.1. Customer and Consumer data in relation to our Product are stored on secure servers based within the EEA and backed up to the UK. Some of our subprocessors are based outside of the UK and EEA, however we ensure have the currently necessary safeguards in place to ensure safe such as adequacy decisions or DPF Framework Registry. A list of our subcontractors is available here.
7.2. Customer data may be stored within Salesforce (CitNOW Group’s CRM) or Zendesk. Access Controls are in place internally based on RBAC and deny-by-default practices.
7.3. We use AES (Advanced Encryption Standard) encryption on the personal information held on Vehicle Vision databases as well as in transit. Details relating to any transactions entered into via our website will be encrypted using TLS 1.2 or above and our website is served over HTTPS.
7.4. The transmission of information via the Internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk.
7.5. Personal data will not be kept longer than is necessary for the Purpose. This means that data will be destroyed or erased from our systems in a safe way when it is no longer required. We have retention policies in place to ensure this Principle is met. You can request guidance on how long Your data is likely to be kept before being destroyed by emailing us at dpo@citnowgroup.com.

8. Disclosing your information

8.1. If required to fulfil the services and in line with the purposes of processing, we may disclose your personal information to another member of our Group. This includes, where applicable, our subsidiaries, our Parent company and its other subsidiaries. Our Parent Company, CitNOW Group, shall require access to Customer data for reporting, analytical, financial and other purposes, as reflected within our Contracts with Customers.
8.2. We may disclose your personal information to third parties under the following circumstances:
8.2.1. If we are under a duty to disclose or share your personal data in order to comply with any legal requirements or in order to enforce or apply our terms of use and other agreements;
8.2.2. To protect the rights, property, or safety of Vehicle Vision or CitNOW Group, our Customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.3. We only disclose your information to our subprocessors as far as is necessary to provide our service. We complete all the necessary security checks and due diligence to ensure that your data is kept safe with third parties. The subcontractors only have the right to use your data to complete an obligation, they do not have marketing rights over your data. Your data may be used in the following other third party circumstances:
8.3.1. We may contract a data cleansing organisation to ensure all data is accurate and up to date.
8.3.2. Where we employ a third party for Product enhancements, features, or projects in relation to the future of our Business or CitNOW Group
8.3.3. Where we sell any or all of our business and/or our assets to a third party.
8.3.4. Where Our Customers have signed up for a service offering which integrates with a third-party application. In this instance the data will flow through the application to fulfil the service, and the owner of the application will have access to this data, including the content, and will be the Data Controller or joint-processor.
8.4. You may find links to third party websites on our website. These third parties have their own privacy policies within their websites which we advise You to check. We do not accept any responsibility or liability for the content of third party policies or websites.

9. Accuracy of Data

9.1. Personal data must be adequate, relevant, limited to what is necessary for the specified Purpose and kept up to date. If we identify data that is incorrect, misleading or is not accurate we shall take steps to rectify this via amendment or destruction. We check the accuracy of any personal data at the point of collection and at regular intervals afterwards. If you identify any data that we are hold is incorrect, misleading or inaccurate, please advise us and we will take the necessary action to correct this.

10. Your Data Protection Rights

10.1. Vehicle Vision would like to make sure you are fully aware of all of your Data Protection rights. Every Data Subject is entitled to the following rights, subject to refusal in circumstances outlined by the Supervisory Authority:

  • The Right to Access: You have the right to request copies of your personal data.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
  • The Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via:

10.2. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us as soon as possible. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

11. Security

11.1. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to only those employees, agents, contractors and other third parties who have a business need for access. They will only process your personal information on our instructions, and are subject to a duty of confidentiality.
11.2. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable Supervisory Authority of a suspected breach where we are legally required to do so.

12. Cookies

12.1. Vehicle Vision have created a Cookie Policy for ease of our visitors to this website and our Customers. The Policy can be found here.

13. Contact Us

13.1. Our Data Protection Officer and Compliance Team are responsible for ensuring compliance with Privacy Law and with this policy. If you have any questions about Vehicle Vision’s Privacy Notice, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us:

14. Contact Authorities

14.1. If you are concerned that we are not using your information in accordance with the law, or are not satisfied with our response to a request made above, then you can complain to the Information Commissioner’s Office.
The Information Commissioner in Scotland can be reached by the following means:

The Information Commissioner in England can be reached by the following means:

  • Postal: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Phone: 0303 123 1113