IM Group Privacy Notice

Last updated 14 May 2024

IM Group is dedicated to protecting the confidentiality and privacy of information entrusted to us in accordance with the UK General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please read this Privacy Notice to learn about your rights, what information we collect, how we use and protect it.

We have offices in Europe and therefore when reading this policy, Data Protection regulations in both Europe and UK shall apply.

Who are we?

This Privacy Notice applies to IM Group and its entities. For a full listing of companies within the Group, refer to https://www.imgroup.co.uk/list-of-active-dormant-companies/

Who controls the use of my personal data?

Over time you may engage with more than one of our group entities. Each entity in our Group may act as a data controller and each will be responsible for compliance with the law and protecting your privacy and personal data.

IM Group has designated a Group Data Protection Officer, who will ensure that your data protection rights and freedoms are protected in all our entities. Where required, they will direct you to the relevant person in the IM Group entity.

Not covered by this notice.

This privacy notice does not apply to job applicants and candidates who apply for employment with us or to our employees whose personal information is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with an IM Group entity. IM Group maintains an external privacy notice for this purpose that can be found here.

Our websites.

Our websites are controlled by IM Group, unless a website identifies in its terms of use or otherwise that it is controlled by another entity. IM Group companies including individual divisions of IM Group may have their own websites with their own privacy notices, in which case this privacy notice will not apply to such websites unless such website provides a link to this privacy notice.

Websites and specific web pages linked to, or from, our websites may be subject to separate terms of use (including separate privacy notices, separate cookies notices and separate cookies preference managers that you can access and review on those websites). The inclusion of a link to a third-party website does not imply endorsement of the linked site or service by us or our entities. These third-party websites will be governed by different terms of use (including privacy notices) and you are solely responsible for viewing and using each such website in accordance with the applicable terms of use. IM Group is not responsible for how your personal information is handled by such third-party websites.

Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Notice or how we handle your personal data, please direct your correspondence to:

Data Protection Officer
IM Group Ltd
The Gate
International Drive
Solihull
West Midlands

B90 4WA

Telephone: 0121 747 4000

Email: dataprotectionofficer@imgroup.co.uk

HOW do we collect Personal Data?

In this section, references to a ‘website’ means any website owned and operated by or on behalf of any IM Group entity including websites of our dealers.

Directly

We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card(s), complete our online forms, engage in webchats, subscribe to our newsletters, attend marketing events we host, visit our offices, have purchased motor vehicles from a member of our nationwide dealer networks, or for recruitment purposes. We may also obtain personal data directly when, for example, we are establishing a business relationship.

Indirectly

We obtain personal data indirectly about individuals from a variety of sources. We may attach personal data to our customer relationship management system to better understand and serve our customers, subscribers, and individuals, satisfy a legal obligation, or pursue our legitimate interests.

Online

We collect information about you that you give to us via our websites or our social media pages or by contacting us by phone, email or otherwise.

Cookies

We may automatically collect personal data our web servers store as details of your browser and operating system, the website from which you visit our websites, the pages that you visit on our websites, the date of your visit, and, for security reasons the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies, please see our Cookies Notice for further information.

Social media

We may also collect personal data which you allow to be shared that is part of your public profile on a third-party social network.

Third party

We may obtain certain personal data about you from sources outside our business which may include our dealer networks or other third-party companies, such as estate agents.

Analytical / trend data

We also hold marketing and analytical data relating to our customers including history of those communications, whether our customers open them or click on links, and information about products or services we think our customers may be interested in, and analytical data to help target offers to our customers that we think are of interest or of relevance. This may include insights about customers or potential customers gained from analysis or profiling.

WHAT Information do we collect?

Identity and contact details

Contact details including but not limited to name, physical address, company name and contact details, work and personal landline and mobile numbers, email addresses.

Identity details including but not limited to date of birth, gender, marital status and contact preferences.

Details of our customers financial arrangements where there is a business-related need for us to do so.

Your opinion of our products through surveys we will send you about our vehicles, products services, and dealerships.

Special category data

We do not typically collect sensitive or special categories of personal data about individuals other than our employees.

Children’s data

We do not intentionally collect information from individuals under 13 years of age. If we reasonably believe that individuals aged 13-17 years old will provide us with their personal information, we will have due regard to the additional protections children are afforded.

Location-based data

We may process geographical locations you enter when seeking an office near you, including information derived from cookies and internet protocol addresses.

Correspondence

We hold electronic copies of our correspondence sent to or received from our prospect, customers and suppliers who work with us. Correspondence is primarily in email format, but may also be in ‘hard copy’.

Profiling

We process marketing and analytical data relating to our customers including history of those communications, whether our customers open them or click on links and the pages/products visited on our websites.

We use this information to inform our sales and marketing processes by identifying your interests and needs.

This information will help to tailor the marketing, advertising, and other correspondence you may receive from us.

You have the right to object to our use of profiling for direct marketing. See our contact details below if you wish to object.

Visiting our premises

CCTV at some of our sites collects images of site visitors. Our policy is to automatically overwrite CCTV footage within 30 days.

How will your information be used?

 

Enquiries and sales negotiation

Activity

Personal data category

Lawful basis

Responding to enquiries and fulfilment of solicited
requests
Contact data, web profiling data, and chat history data Legitimate interests, contractual necessity
Responding to enquiries and fulfilment of solicited
requests via third parties
Contact Data Legitimate interests, consent
Responding to enquiries and fulfilment of solicited
requests for vehicle test drives
Contact Data, Identity data i.e., DVLA information Legitimate interests, legal obligation
Registration of vehicles as part of our contractual
obligation to provide breakdown cover for new vehicles
Contact Data, Identity data i.e., DVLA information Legitimate interests, contractual necessity

Business Promotion and Marketing

Activity

Personal data category

Lawful basis

Personalised direct marketing from our entities Contact data, web profiling data, and chat history data,
and data derived from cookies
Legitimate interests, consent
Retargeting via social media platforms Web profiling data, and data derived from cookies Consent for non-essential cookies
Competitions and prize draws Contact Data Consent
Market research to improve the products and services that we and our authorised dealers and agents deliver to you Contact data, web profiling data, and chat history data,
and data derived from cookies
Legitimate interests, consent
For client entertainment (including staff parties and
dealer conference, or similar events)
Contact Data, Identity data Legitimate interests

Our legal and security obligations

Activity

Personal data category

Lawful basis

Responding to enquiries and fulfilment of solicited
requests
Contact data, web profiling data, and chat history data Legitimate interests, contractual necessity
Responding to enquiries and fulfilment of solicited
requests via third parties
Contact Data Legitimate interests, consent
Responding to enquiries and fulfilment of solicited
requests for vehicle test drives
Contact Data, Identity data i.e., DVLA information Legitimate interests, legal obligation
Registration of vehicles as part of our contractual
obligation to provide breakdown cover for new vehicles
Contact Data, Identity data i.e., DVLA information Legitimate interests, contractual necessity

Insurance and warranty claims

Activity

Personal data category

Lawful basis

To undertake credit checks for finance Contact Data, Identity data Legitimate interests, legal obligation, consent
To process claims under vehicle, part, or
other warranties
Contact Data, Identity data, purchase history etc. Contractual obligation

Who receives your information?

We will share your personal information with other contracted parties who carry out processing on our behalf. These contracted parties include, but are not limited to;

  • Car Dealerships and Service Centres within our dealer networks
  • Roadside Assistance Providers (e.g., AA, RAC and Allianz Worldwide Partners ‘AWP’)
  • Holders of the Vehicle Safety Recall Databases (e.g., SMMT, SIMI and GI Solutions Group Ltd.)
  • Insurance Companies
  • Accident Management and Repair Service Providers
  • Estate Agents
  • Fraud Prevention Agencies
  • Credit References
  • Agents and Advisers who we use to help us carry out our business
  • Contractors
  • Warranty providers

Storing and securing your information

Your information is stored on secure computer systems and paper copies in our secure onsite storage facilities. We have invested in state of the art technical and organisational security measures to safeguard your personal data.

Transfers to third countries and safeguards for your information

IM Group is a global organisation and operates in the following countries:

  • UK and Guernsey
  • EU, including Republic of Ireland, Germany, Luxembourg, Sweden, Denmark, Finland, Estonia, Lithuania, and Latvia
  • People’s Republic of China
  • United States
  • Australia

Each IM Group entity will consider its local legal obligations to protect your information. UK, Guernsey, and EU entities will comply with the transfer rules in the UK and EU GDPR.

Your information will normally remain in the UK or the European Economic Area (‘EEA’).

If we do transfer personal data outside of these territories, we will ensure that safeguards are implemented, including the use of standard contractual clauses and transfer risk assessments.

How long will your information be held?

If we collect your personal information, the length of time we retain it is determined by the purpose for which we use that data and our legal obligations. We do not retain personal data in an identifiable format for longer than is necessary.

We may need your personal data to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified above.

If you are concerned about us holding your data, you have a qualified right of erasure, which our DPO will be able to assist you with.

Cookies

‘Cookies’ are small pieces of information stored on and read from your device to allow our websites to recognise you when you visit. These help us understand how you use our websites so that we can customise our marketing for you. It may also save you from having to re-enter information when you return to our websites. We will, however, only ever use non-essential cookies when we have your permission to do so. Our ‘cookie banner’ will help you to manage your choices.

For more information on how IM Group use ‘cookies’ see our Cookie Policy.

What are your data protection rights?

Under data protection law, you have important rights including:

1. Your right of access: You have the right to ask us for copies of your personal information.

2. Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

3. Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.

4. Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.

5. Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.

6. Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

7. If you have given your consent for us to process any of your personal information, you have the right to withdraw that consent at any time.

If you would like to exercise any of your ‘Data Subject Rights’, you can email our Data Protection Officer at dataprotectionofficer@imgroup.co.uk.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

How to make a complaint to us and our supervisory authority.

If you have any concerns about our use of your personal information, you can make a complaint to us at dataprotectionofficer@imgroup.co.uk

You can also complain to the UK Information Commissioner’s Office (ICO)

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

For a list of EU data protection authorities and contact details, please visit the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en

 

Do we change this Privacy Notice?

We regularly review this Privacy Notice and will post any updates on this webpage. This Privacy Notice was last updated on 14 May 2024.