Version 1.1 – 1st March 2021
Please read this Privacy Policy (“Privacy Policy”) carefully before accessing or using and of DealerKit services (“Services”) provided through our websites (“Websites”).
The Websites are operated by DealerKit Limited a limited company (“we” or “us” or “our”). These Terms of Service apply to all Customers who access or use our Services. You can contact us on 0333 050 7102 or by e-mail [email protected].
By using our service, you agree to be legally bound by these Terms of Service, Data Processing Agreement and Privacy Policy as they may be modified and posted on our Websites from time to time. In these Terms of Service, “you” refers to the entity you represent (“Customer”).
The type of personal information we collect
We currently collect and process the following information:
Personal Data - When we say "personal data", we mean any information that relates to and identifies a living person. Personal data will be contained in the information that you provide to us or that is provided during your interactions with us or our service, or in the information that you authorise a third party to give to us on your behalf.
When it comes to your personal data, we comply in full with our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection legislation.
Information you provide – Your personal data includes the information you provide to us or that you authorise someone else to provide when you:
• elect to have a us setup account provided to you or on your behalf
• sign up to receive our emails or communications;
• participate in or answer questionnaires or surveys, provide feedback or enter competitions;
• provide information in your account profile;
• provide information during a support enquiry about you and/or your organisation or your customers;
• provide information when you complete any forms which you submit to us, or
• provide information via an upload or data transfer to your account.
Examples of this personal data include name, email address, contact number, address, as well as any correspondence sent by you when you contact us.
We have no requirement to collect or process any special categories of personal data, as defined under GDPR and the Data Protection Act 2018, in order to provide the service. In addition, we do not knowingly collect or solicit any personal data from anyone under the age of 16 or knowingly allow such persons to register Our service is not directed at children under the age of 16. In the event that we learn that we have collected personal data from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible.
Your Customers Data - In addition to your own personal data, we may also hold your customers data that you enter into our websites in order to make use of our services. Examples of your customers data may be their name, contact numbers & addresses. You are in control of the customer data subject to our Terms of Service.
It is your responsibility to safeguard your login information and control third party account access. Also, you need to make sure you have made suitable disclosures and, where applicable, have obtained any relevant consents or permissions necessary for you to upload the data of others (such as suppliers and clients) to our systems and for that data to be used as set out in this policy. If, at any time, you want to prevent third party access to your account or stop any transfer of data between third party services and your account, please contact [email protected]
Information we collect - We collect information about your usage of our service and website to improve our service, understand trends and enhance and customise content and campaigns. Some of this data may be "personal data", where it relates to an identifiable person. Here's the information that we collect and how we use it:
• we monitor patterns of usage, such as login dates and volumes of data, so we can understand how people are using our service. We also do this in order to keep our service secure and to develop and improve our products.
• we also monitor patterns of usage so that we can tailor any communications we may send to you or advertising that you may receive. For example, we may tailor a newsletter with information about product features that you haven't tried yet, instead of features that you use frequently. We want the content of our communications to be relevant and useful to you.
• for security reasons and to aid in our monitoring of usage patterns, we log your Internet Protocol (IP) address when you use our website. This is the individual identification number that is assigned to your computer when it’s connected to the internet.
• we monitor traffic information to our website and emails, including page visits, email clicks, purchases, referring sites, and video viewings. We use this information to improve our website, advertising, promotions, and to understand customer behaviour. Please see section 10 below regarding our policy on cookies.
• Information others provide to us.
• We may receive information from other companies or entities (e.g. e-sign provider or lead provider) when you have authorised that third party to provide information to us.
What do we use your personal data for?
We collect and use your personal data for a variety of business reasons. However, we need some of the data to enter into and perform our contract with you, maintain the security of our systems and provide you with access. This data includes your contact details and other information requested during the setup process. If you fail to provide this data, or refuse to do so, we may be unable to provide our service to you.
All the processing we carry out is underpinned by a set of processing conditions. These are the legal bases under which we have the authority to collect, use and store your personal information. The following is a summary of how these could apply to you within our service.
Contractual Necessity
We will process data where it is necessary to enter into a contract with you for the provision of the service or to perform our obligations under that contract. Please note that if you do not agree to provide us with certain requested information it may be difficult for the service to operate as intended or at all. Examples include:
• executing your instructions; processing transactions, providing support or advice, resolving any queries or discrepancies and administering any changes;
• receiving calls or emails to our support team;
• managing and maintaining our relationships with you and for ongoing customer service;
• communicating with you about the service and products you receive from us or via the service; and
• handling any complaints, queries or requests which relate to the service.
Legal Obligation
When you elect to use our service, we are required by law to collect and process certain personal information about you. Please be aware that, should you refuse to provide us with certain mandatory information, it may not be possible for you to access the service. Examples include:
• confirming your identity and protecting against fraud as part of a model for secure access;
• sharing information with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation to do so, including reporting suspicious activity and complying with production and court orders;
• delivering mandatory communications to users of the service, providing service messages, publishing revised disclosures or terms and conditions;
• investigating and resolving complaints where we may need to exercise or defend our legal rights;
• conducting investigations into suspected criminal acts, breaches of conduct and corporate policies;
• performing assessments and analysing customer information for the purposes of managing, improving and fixing data quality
Legitimate Interests
We will process your personal data within our service where it is in our legitimate interests do so, and without prejudicing your interests or fundamental rights and freedoms. Examples include:
• providing you with updates about our service and its functionality, including new features and services;
• analysing your personal so that we can administer, support, improve and develop our business, customer service and features of the service; We may use third parties to assist us in performing these activities from time to time and, in those cases, we may pass on your personal data to them. We will only share your data with third parties that we trust, and when there are assurances in place as to how they will protect the data.
• improving your experience of the service by:
o gathering feedback from you on your use of and interactions within our service;
o assessing your use of our service;
o tracking your interactions with our service to tailor the content; and
o recording and monitoring communications to our telephone and online helplines.
• taking action if we need to defend our legal rights under our Terms of Service if you misuse the service or act in a way which contravenes laws, regulations or our Terms of Service;
• utilising available support functions for the management of the service. This may include budgeting, advice from our legal and accounting teams and technology support from relevant expert areas and third parties;
• tracking and analysing your use of our service to prepare reports on its performance;
• sharing anonymous or aggregate data in order to get you the best deals available on associated products and services, or with trusted third parties for research purposes;
• validating your information (and, in some cases, matching it against information that has been collected by a third party, for example Companies House) to check that the data we hold is accurate, consistent and current;
• monitoring anonymous, aggregated information so that we can produce insights about dealers and the motor industry. For example, based on an anonymous, aggregate data analysis, we may produce a white paper that reports on the most popular vehicle payment methods / finance providers;
• performing research and trend analysis to optimise your experience of the service;
• developing and enhancing our data models to improve the accuracy of the service and your insights;
• engaging our users by:
o gathering your feedback on the service;
o reporting at an aggregate level on the user experience and service performance;
o engaging and communicating with our users on social media and via SMS/email; and
o providing you with detailed information on your account activity.
• using your personal information in an anonymised and aggregated form to create content to include in:
o infographics, industry reports and media campaigns;
o blog posts and videos;
o emails that inform users about the success and performance of the service; and
o posts from social media accounts owned and operated by us.
Who do we share your information with?
Elective third party access to your data
Should you choose to use parts of our service that permit the sharing of your data with third parties (for example, if you choose to give your supplier access to your data), then your data will be shared in that way. Such data may include, for example, general, personal and transactional data and information from your account such as accounting balances, deals and invoices, bills, expenses and customer details. These third parties will use that data in accordance with any permissions and consents you have given us or that you may give to us in the future.
Supplier and third party arrangements
As part of the service, we may need to share your personal information outside our organisation. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so. Examples of when we will share your information include:
• when we have your permission to do so;
• when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience;
• when part of the service, or a product you are interested in, is supported or provided by a third party;
• when we are under a duty to disclose or share your data in order to comply with any legal or regulatory obligation;
• to cooperate with law enforcement officials, judicial bodies, government entities, tax authorities or regulatory bodies in the investigation of unlawful activities of users or relating to users; or in order to enforce or apply any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
• sharing with third parties and other financial services companies to help prevent, detect and prosecute unlawful acts and fraudulent behaviour;
• sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products;
• sharing with third parties in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case, personal information about customers will be one of the transferred assets);
• we may pass aggregate information on the usage of the service, where relevant, to maintain, improve and manage the service or for the purposes of research, but this will not include your personal data.
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain technical and organisational measures over each transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
Transferring information overseas
We will, from time to time, have to transfer your information to third parties or organisations in other countries. This will only happen on the basis that any party to which we pass your information will protect it in the same way that we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so when:
• the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
• the transfer has been authorised by the relevant data protection authority; and
• we have entered into a valid contract with the third party or organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
• For a full list of sub-processors and details of the safeguards in place in respect of data transfers outside the EEA, please see here.
How long do we store your data for?
We only store your data for as long as is necessary for the purposes of processing that are set out in this policy. When you cancel your account, we will automatically delete your data after 15 days.
If you are signed up to marketing communications, cancelling your account will not automatically cancel your marketing preferences. If you would like to unsubscribe, please email [email protected], otherwise we will delete your email address from our system after two years of inactivity.
To ensure the integrity of our systems and your data, we utilise various technologies to continually take secure, encrypted backups. All data, including deleted data, remains archived within these backups, which are maintained according to our data retention policy, after which they are deleted.
You can delete your data at any time
You have the option to delete all of your data at any time, by contacting us.
Deleting your data removes it from our active servers immediately; however, we retain archived database backups for a period of time, after which they are permanently deleted.
We don't store your or your clients credit card details
Where this information is provided, it is passed directly to our payment service provider, Stripe, via an encrypted link and is never stored on our systems. We handle ongoing billing by passing a token to Stripe that identifies your account. (Find out more about Stripe's privacy policy).
What are your rights?
Access to your personal data: You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting our team at [email protected]
Right to change or withdraw your consent: Where you have given us consent to make use of your personal data for any of the purposes outlined in this policy, you may withdraw that consent by contacting us using the details located in section 13 of this policy. If you wish to change your contact preferences or you no longer wish to be contacted for marketing purposes, get in touch.
Right to rectification: If you need to update out-of-date or inaccurate information we hold about you, please get in touch.
Right to erasure: You are free to delete your data at any point, just contact us.
Right to data portability: In certain circumstances you may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine-readable form, or ask for us to send such personal data to another data controller.
Right to object: In certain circumstances you may object to our processing of your personal data. If this is the case, please get in touch.
Right to restrict processing: You can ask us to restrict the processing of personal data we hold about you in certain circumstances. If you wish to do so, please get in touch.
Make a complaint: You may make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner's Office (ICO). Further details can be found on their website.
Getting in touch: To make enquiries and/or to exercise any of your rights as outlined in this privacy policy please contact our team at [email protected].
Use of cookies
Cookies are small files saved to your device that track, save and store information about your interactions and usage of our services. The primary purpose for our use of cookies is to allow us to provide a smooth, efficient and personalised experience for our users, both on and off our website, through remembering your preferences, securely storing your password (if requested) and serving you more relevant advertising.
If you want to manage or disable cookies for our website or any other site, you can do so by changing your browser settings. Please bear in mind that disabling functional cookies may impair the availability and/or functionality of the service. We suggest consulting the “Help” section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
Security and data storage
We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your data secure once it has been transferred to our systems. We adopt appropriate, industry-standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For further details of the security measures we have implemented, please see here.
Where we utilise third parties to help provide our services, we will always ensure that, as a minimum, the security policies and confidentiality arrangements of those third parties adhere to the same requirements that we impose and expect.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of the service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Please note that the internet is not a secure medium and although we will do our best to protect your data, we cannot guarantee the security of any data transmitted to us. Any such transmission is at your own risk.
Changes to this Privacy Policy
We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, so you should review this page periodically. When we change the policy in a material manner we will let you know and will update the ‘last updated’ header at the top of this policy.
Getting in touch
If you have any queries relating to this Privacy Policy or our use of your personal or financial data, please contact our Privacy Officer at [email protected] or 0333 050 7102.
Alternatively, our office address is noted below.
DealerKit Limited, 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ
Please note that phone calls to us are recorded for monitoring, training and security purposes.