1. Policy Statement
Where we are in control of deciding how and why your Personal Data is processed, we are Data Controllers of your Personal Data. The terms Data Controller and Personal Data are defined within the General Data Protection Regulation. We undertake to act in accordance with the General Data Protection Regulation (including having in place adequate levels of security in respect of such Personal Data).
2. Who are we?
We are Carsnip Ltd (“Carsnip” “we”, “us” or “our”). We are registered with the Information Commissioner’s Office with registration number 09296599 and you can search our registration details on the Public Register of Data Controllers at ico.org.uk.
3. What information do we hold about you and why do we collect it?
Customers and prospective customers
When you register an interest to use our Services and/or our sites, we may ask you to provide certain information such as your name, date of birth, address, email address and a contact number.
We may also request contact details so that we can communicate with you about our services, for example if you submit an enquiry for information or to send marketing communications.
We will use your information:
- in the normal course of our business, to allow us to register you to receive our Services and to provide you with our Services;
- to allow us to manage your account;
- to allow us to analyse your personal preferences and personalise our Services to you so that we can provide a more tailored experience to you;
- to ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- to record details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access on the basis that processing is necessary in order to perform our contract with you to provide our Services;
- to communicate with you, including sending you information about products and Services which we think may be of interest to you (details of how to manage your marketing preferences are covered below under Marketing);
- to validate your Personal Data (and, in some cases, match it against information that has been collected by a third party) to check that the Personal Data we hold about our customers/users is accurate, consistent and up to date on the basis that you have consented to such processing by agreeing to share your Personal Data with us for such purposes;
- to provide customer service, including answering questions and responding to feedback and complaints;
- to make automated decisions, including profiling (further details regarding automated decision making are set out below)
In order to provide customers/prospective customers with our Services we may also need to collect Personal Data which is defined as ‘sensitive’ or considered
When you visit our site, in addition to information you provide to us on the site (such as name and contact details) we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. We may also collect information about the website from which you came before visiting our site. Collecting this information enables us to better understand the visitors who come to our site, where they come from, and what content on our site is of interest to them. We may also use the information to pre-populate fields to make it easier for you to provide information when you return to our sites (using cookies – see more on this at section 11 below).
We use this information for our internal analytics purposes and to improve the quality and relevance of our site to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and other websites” below.
If you are a business contact we may, for the purpose of conducting business with you (or your employer), collect contact information such as name, address, telephone number, email address as well as name of your employer. In addition, we may correspond with you and that may contain certain Personal Data that we exchange in the ordinary course of business such as to schedule meetings and calls and for the purpose of services we provide to you (or your employer) or you (or your employer) provide to us.
Generally, whether you are a customer or prospective customer, business contact or a visitor to our site, we may use your Personal Data for the following purposes:
- to comply with any legal obligations to which we are subject on the basis that processing is necessary to comply with our legal obligations;
- in pursuit of our legitimate interests, such as developing and/or consolidating our business, defending our legal rights and/or seeking advice from our professional advisors;
- to respond to requests from law enforcement agencies.
Your Personal Data may be converted into anonymised form in a way which means you cannot be identified from it and then used for the purposes of information security testing, statistical analysis and to enhance our provision of products and services. Our use of all such data will be in line with our responsibilities under the General Data Protection Regulation and other applicable data protection laws and we would always anonymise it before using it for these additional purposes.
4. Legal basis for processing personal information
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our Services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
From time to time we would like to send you details of products and services, which may be of interest to you. The provision of Personal Data for the purposes of direct marketing is voluntary and you do not need to provide such Personal Data in order to receive our Services. Where you have consented, we may:
- use your Personal Data to send you information about our own products and services and those of our group companies and other carefully selected third parties which may be of interest to you; and
- pass your details to our group companies and other carefully selected third parties including anyone who introduced you to us, so that they may send you information about their products and services via e-mail, SMS text message, post and / or telephone
You can change your marketing contact preferences at any time by Contacting Us or unsubscribing from the relevant communication (email support[at]carsnip.com). To do this in relation to marketing from our group companies and third parties please write to them. Their contact details should be specified in the marketing communication itself which you have received from them.
5. Who will we share your information with?
When you register an interest to use our Services or make use of our Services you consent to us sharing your data with the following parties:
- service providers and other third parties who process and store data on our behalf;
- car dealers and brokers, including their business partners;
- car finance providers;
- professional advisors;
- individuals who you nominate as referees to verify certain information;
- in the event that our business, either in whole or in part, is acquired by a third party (in which case Personal Data about customers will be one of the transferred assets);
- if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
- companies and consultants providing services to us (for example, marketing agencies, mail outsourcing service provider, Information Technology service providers who provide and maintain our systems and our website host). Those companies and consultants providing services to us will only use your information to provide those services.
6. Where is your information stored?
In order to ensure fair and transparent processing, we will, taking into account our processing activities, adopt appropriate procedures for the processing of Personal Data, which shall include implementing technical and organisational measures which take into account the harm that may be suffered, and correct inaccuracies identified in Personal Data processed, so that risk of errors are minimised and your Personal Data is processed in a fair and secure manner.
All information you provide to us is stored on our secure servers which are located in England. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Some of our service providers and other organisations that we work with (including credit reference agencies), may be located outside the European Economic Area in countries that do not have the same standards of protection for Personal Data as the UK. We will, however, always use every reasonable effort to ensure sufficient protections are in place to safeguard your Personal Data. We will also ensure that our service providers enter into compliant processing agreements, including for transfers of data outside of the European Economic Area, with us to ensure that your Personal Data is processed in accordance with the General Data Protection Regulation and other applicable data protection laws.
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
7. What rights do you have in relation to way in which we hold and/or process your data?
- Access to your Personal Data (Subject Access Requests): You may contact us to request access to a copy of the Personal Data that we hold on you.
- Right to withdraw consent: You may withdraw your consent to us processing your data at any time. We will confirm the outcome of your request and where relevant our records will be updated accordingly. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- Rectification: You may ask us to rectify inaccurate Personal Data held about you at any time. Your request will be actioned subject to you providing us with any relevant information that we may ask you to provide.
- Erasure: You may ask us to delete your Personal Data at any time by contacting us and specifying why you would like us to delete your Personal Data. We will action your request UNLESS we have a lawful basis that allows us to continue to hold and process your data. We will confirm the outcome of your request and where relevant our records will be updated accordingly.
- Portability: You may ask us to provide you with the Personal Data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such Personal Data to another data controller.
- Make a complaint: You may make a complaint about our data processing activities to a supervisory authority. For the UK, this is the Information Commissioner’s Office, at ico.org.uk.
- Automated Decisions: We may use a credit-scoring system, i.e. an automated system to assess your credit worthiness and decide whether to enter into a finance agreement with you. You may contact us to ask that, when we are evaluating your application for finance, we do not base any decisions solely on an automated process and that human intervention is permitted. Please see further information on this below.
- Marketing: You can object to marketing from us at any time. See section 4 above for further information.
If you wish to contact us in relation to any of your rights, you can email us at support[at]carsnip.com or contact us by telephone on 01949 382008. Please note that we may ask you to provide a form of identification verification before we can give effect to any such request made by you.
8. What happens if there are any changes?
9. Cookies and other websites
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Links to Other Websites
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
10. Automated decision-making
In some instances, our use of your Personal Data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to make decisions about creditworthiness. We have implemented measures to safeguard the rights and interests of individuals whose Personal Data is subject to automated decision-making.
When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contact us using the contact details provided under the “Any questions” heading below.