YEOMANS LIMITED PRIVACY POLICY

1. General introduction

1.1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:

1.1.1. what data we are processing;

1.1.2. why we are processing it and what we do with it;

1.1.3. whether we will share it with anyone else;

1.1.4. whether we will transfer it outside of the United Kingdom;

1.1.5. how we keep your data safe;

1.1.6. your rights.

1.2. We hope that you find this Privacy Policy helpful. If you have any questions, please don’t hesitate to contact us.

2. About us

2.1. Our company name is YEOMANS LIMITED and our registered office is at Yeomans House, Littlehampton Road, Ferring, Worthing, West Sussex BN12 6PB. In this policy we have referred to YEOMANS LIMITED as: we, us, our or Yeomans.

2.2. Yeomans is a multi-franchised car and commercial vehicle retailer operating in the South of England under various trading names. The trading names are shown on our website.

2.3. For any queries concerning your data please contact the Data Protection Representative at Yeomans House, Littlehampton Road, Ferring, Worthing, West Sussex, BN12 6PB or e-mail dataprotection@yeomans.co.uk.

3. Your personal data

3.1. We process your personal data if we understand that you may be interested in purchasing our products or services. In this section 3 we provide more detailed information about how we will manage your personal data.

3.2. What Data we hold about you and how have we obtained this.

3.2.1. We will obtain information about you when you enquire about our products or services. Typically, the information that we obtain will be your contact details and payment information. If you choose to buy finance or insurance products from us or from companies that partner with us, we will need more detailed information including, in some cases, identity and personal financial information.

3.2.2. If you have visited our website we may automatically collect some personal information including: details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies in section 5 for further information. We may also collect any personal information which you allow to be shared as part of your public profile on a third party social network.

3.2.3. Our telephone calls are recorded for training purposes and may also be used to verify any comments that were made during any conversation with us.

3.2.4. If you use our web chat function, we will keep a record of our communications.

3.2.5. We have CCTV in operation at some of our operations for security purposes. It is therefore possible that images of you will be recorded when visiting our sites.

3.2.6. Sometimes you will have sent your information directly to us, but you may have provided your information to third parties who, in turn, have provided the information to us.

3.3. How we use your personal data and what is the applicable lawful basis.

3.3.1. Unless you are a recent customer, we will only provide you with electronic information (email & text) that you have requested and, where you have consented, we will provide additional e-marketing information about our products, services and events.

3.3.2. If you have consented, we will use your interaction with our website and with our chat function to identify which products and services will be the most relevant to you in order to deliver targeted and relevant messages to you.

3.3.3. Where we are required to do so to perform our contract with you, we may process your information for completing warranty work or other after-sales obligations including the provision of breakdown and recovery services.

3.3.4. Where it is in your vital interests, we may use your information to organise and notify you about safety and product recall notices.

3.3.5. We may process your information to comply with legal obligations including assisting HMRC, the Police and the Driver and Vehicle Licensing Agency.

3.3.6. We may process your information to allow us to pursue our legitimate interests including for:

3.3.6.1. analysing our performance to further improve our customer services;

3.3.6.2. market research, training and to administer our websites;

3.3.6.3. the prevention of fraud or other criminal acts;

3.3.6.4. undertaking credit checks for finance;

3.3.6.5. complying with requests from you including if you exercise any of your rights noted in this Privacy Policy;

3.3.6.6. the purpose of corporate restructure or reorganisation or sale of our business or assets;

3.3.6.7. enforcing our legal rights or to defend legal proceedings and for general administration purposes.

3.3.6.8. contacting you by post or phone to provide you with marketing information about our or our selected partners’ products or services or about events;

3.3.6.9. contacting you by electronic means (email and text), where you are a recent customer, to provide you with marketing information about our or our selected partners’ products or services or about events.

3.4. Will we share your personal data with any third parties?

3.4.1. We may share your data with the manufacturer of the vehicle(s) that you have expressed an interest.

3.4.2. We may disclose your information to our third-party service providers for the purposes of providing services to us or directly to you on our behalf e.g. advertising agencies or administrative service providers. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

3.4.3. If we sell all or part of our business to a third party, we may transfer your information to that party to ensure that it can continue to provide information that you have requested or for any of the other purposes that we have noted above.

3.4.4. We may transfer your data to government or other official bodies for the purposes of complying with legal obligations, for enforcing our rights, or for the prevention or detection of a crime.

3.5. How long do we keep your data?

3.5.1.1. If you have expressed an interest in buying products or services from us or from our selected partners, we will retain your contact details and related information concerning your enquiry for 5 years from the date that we last had contact with you;

3.5.1.2. If you have purchased goods or services from us or from our selected partners, we will keep the data relating to that purchase (e.g. order forms and invoices and related correspondence) for 7 years from the date of the contract;

3.5.1.3. Voice recordings of telephone calls and CCTV images shall be kept for 3 months;

3.5.1.4. Records of any discussions through our web chat facility will be kept for 12 months;

3.5.1.5. If you have requested that we do not send you marketing information we will always retain sufficient information to ensure that we remember to comply with your request;

3.5.1.6. The periods stated in this section 3.5 may be extended if we are required by law to keep your data for a longer period.

4. Transferring your data outside of the United Kingdom (‘UK’)

4.1.1. The information that you send to us may be transferred to countries outside of the UK. By way of example, this may arise if any of our servers or those of our third-party service providers are from time to time located in a country outside of the UK. These countries may not have similar data protection laws to the UK.

4.1.2. If we transfer your information outside of the UK in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These measures include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us if you would like more information about the protections that we put in place.

4.1.3. If you use our services whilst you are outside the UK, your information may be transferred outside the UK to provide you with those services.

5. Cookies

5.1. We use Cookies on our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you visit our website. This enables us to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.

5.2. You can find out more about the Cookies we use in our Cookies Policy available on the home page of our website.

5.3. You can set your browser not to accept cookies, however some of our website features may not function as a result.

5.4. For more information about cookies generally and how to disable them you can visit: www.allaboutcookies.org.

6. Data security

6.1. We have adopted appropriate technical and organisational measures to protect the personal data we collect and use having regard to the state of the art, the nature of the data stored and the risks to which the data is exposed to human action or the physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.

6.2. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

6.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7. Links to other websites

7.1. Our website may contain links to and from other websites (e.g. social media sites such as Twitter, Flickr, YouTube and Facebook). Unless we own such websites, we accept no responsibility for the way in which they process your personal data. You are recommended to check the privacy policy of each website before you submit any personal data to it.

8. Your rights

8.1. Your right to access data

8.1.1. We always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:

8.1.1.1. a description of it;

8.1.1.2. an explanation of why we are holding it;

8.1.1.3. information about who it could be disclosed to; and

8.1.1.4. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.

8.1.2. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 2.3 and mark it clearly as ‘Subject Access Request’.

8.1.3. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

8.1.4. Unless you agree a different time, we will complete your subject access request within one month.

8.2. Right to stop marketing messages

8.2.1. You always have the right to stop marketing messages. We will usually include an unsubscribe button in any marketing emails. If you do wish to unsubscribe, please just click the unsubscribe button - we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at marketing@yeomans.co.uk. Alternatively you can write to us or phone us using the contact details are shown in section 2.3.

8.3. Right to be forgotten

8.3.1. If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.

8.4. Right to restrict data

8.4.1. If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.

8.5. Transferring your personal data

8.5.1. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under section 3, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.

8.5.2. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

8.6. Right to complain

8.6.1. You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.

9. Our website

Our website is powered by G Forces Web Management Limited ("GForces"), our third party web services provider. GForces is committed to ensuring that data is processed in accordance with applicable data privacy laws, and is kept secure. GForces is certified to the standard of ISO27001 (an international standard for information security). GForces uses Amazon Web Services, Inc. as its cloud platform provider. All data processed by GForces is stored on Amazon’s web servers in the EEA. GForces' wholly owned overseas subsidiaries sometimes need to access Personal Data in order to provide certain support and development services on behalf of GForces. Please see GForces’ privacy policy at https://www.gforces.co.uk/privacy-policy for more details on its overseas subsidiaries and the protections in place.

When someone visits our website, GForces collects standard internet log information (your IP address, browser, and type of device) and details of visitor behaviour patterns (where you joined our site from, the path you take through our site, the searches you conduct and where you leave). These are stored against unique ids (which are strings of numbers). GForces collects this information for the legitimate business purpose of monitoring the number of visitors to the various parts of the site, the general geographic location of visitors and engagement levels, which in turn enables it to make improvements to its websites and services, and provide business intelligence. This information is only processed in a way which does not identify anyone. It is kept indefinitely if you visit our website.

If you conduct a vehicle search on our website, GForces stores a record of the search in your browser. If you visit our website again, GForces accesses that record and offers you the option to replicate your previous search to save you time repeating it. It also uses that record to present recommended alternatives to the vehicles you previously viewed. In order to do this, GForces sends details of your previously viewed vehicles (without any personal information) to Amazon Web Services, which produces the recommendations using machine learning. If you don’t want search records or previously viewed vehicle page views to remain on your device, you can clear cookies and local/session storage in your browser. To find out how to manage website data (local storage, session storage and cookies) on popular browsers, see the links below. For information relating to other browsers, visit the browser developer's website.

• Google Chrome - https://support.google.com/chrome/answer/2392709
• Microsoft Edge - https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy
• Mozilla Firefox - https://support.mozilla.org/en-US/kb/storage
• Microsoft Internet Explorer - https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
• Apple Safari - https://support.apple.com/en-gb/guide/safari/sfri11471/mac

10. Policy updates

10.1. This policy was last updated on 2 nd November 2021.