Privacy Notice

C-MAC Group Ltd (CMAC) Privacy Notice


23.10.23


INTRODUCTION

CMAC Group UK Limited take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you.

It also explains:

In this policy, please note the use of the following terms:

personal data

has the meaning given to it by the UK GDPR and means any information that helps to identify a living individual (known as a data subject); for example, name, email address, phone number etc.

processing

means any operation or actions performed on personal data; for example, collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal data.

we, us and our

refers to CMAC Group UK Limited and its directors;

you and your

refers to the person who is accessing our websites and apps, and whose data is processed;

When we collect, use and process personal data we are subject to the provisions of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are described as a ‘controller’ of that personal information. In other words, we are primarily responsible for that data and we decide what data to collect and when, what we do with it, how we process it, who we share it with and how long to keep it.

This policy relates to your use of our websites and apps only. These include:

Please note that our websites and apps may link to other third-party websites that may also gather information about you. Third-party websites will operate in accordance with their own separate privacy policies, and we have no control over any personal data that they may acquire, store and use. For privacy information relating to these other third-party websites, you should consult their privacy policies, as appropriate.

We are committed to preserving the privacy of your data so that we can:

If you are aged under 18, we recommend that you speak to an adult that you trust if you have any difficulties reaching an informed decision regarding the activation of any use of your information or our treatment of your information.

Please note that our websites and apps not intended for use by children, and we do not knowingly collect or use personal information relating to children.

YOUR PERSONAL DATA

Personal data is collected about you whenever you access one of our websites or apps or use our services.

Personal data is collected either directly (i.e. information you provide to us, for example when you register with us, contact us, purchase services from us, complete forms or submit reviews on or via our website) or indirectly (i.e. data we collect from you, for example when you are browsing one of our websites, through the use of ‘cookies’).

How we collect and use your personal data depends upon which of our services you use and how you access that service.

The data that we can acquire may depend upon your relationship to us, for example:

In general, the data we collect may include:

For Customers, Suppliers, Passengers and Users

For Customers and Suppliers only

For Users only

In general terms, we may use this personal data to:

Customers, Suppliers, Passengers and Users

Customers and Suppliers only

Sometimes you can choose if you want to give us your information and let us use it. Where that is the case we will tell you and give you the choice before you give the information to us. We will also tell you whether declining to share the information will have any effect on your use of the website, the app or our services.

By providing us with someone else’s personal data, you confirm you’ve either got their permission to give it to us, or permission from their parent or guardian (if the person is under 16).

Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal details change during your relationship with us.

LOCATION SERVICES/DATA

Our apps may request your consent to use location services to precisely identify your location. If applicable, your consent will be requested each time the app is opened. We require access to that data in order to monitor the progress of a journey and provide feedback to our Customers on the location of the vehicle fulfilling the booking/job/trip.

If you do not provide your consent, you may use the app but that will mean that the feature enabling the progress of your journey to be monitored will not be available. To withdraw your consent at any time you can either uninstall the app or stop tracking. Please note, that will not affect the lawfulness of our use of that data in reliance on your consent before it was withdrawn.

We will not process your location data other than as strictly required to enable the progress of your journey to be monitored and when the trip “ends”, location updates will no longer be available.

The location services in the app will not operate unless location services/data are generally enabled on your device. You may disable such functionality at any time by using the settings on your device to disable access to your location data.

THE PURPOSES FOR WHICH YOUR INFORMATION IS USED

Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those reasons may include the following:

The reasons referred to above set out the purposes for which data may generally be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:

Customers, Suppliers, Passengers and Users

What we use your information for

Our reasons

To respond to an enquiry or resolve a complaint

Our use of your personal data is based upon your consent

To ensure the smooth running of our services, such as checking the progress and outcome of a job placed with us

Our use of your personal data is based upon our legitimate interests, or those of a third party

In relation to information which you wish to include in, or post on, our website (for example by submitting a review of our services)

Depending on the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • to comply with our legal and regulatory obligations; or
  • our legitimate interests, i.e. to provide the best service to you.

Providing the functionalities, and improving the operation, of our website/app. This may include taking such security measures as are appropriate, backing up the data we hold

Depending upon the circumstances, our use of your personal data is necessary:

  • for the performance of a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • to ensure the smooth running of our services, our use of your personal data is based upon our legitimate interests, or those of a third party.

We will use data relating to your location only based on your consent as described in ‘Location services/data’ (above)

To analyse the use made of our website/app. Here we may make use of your IP address, where you are based, the type and version of the browser you use, details of your operating system, how you came to our website (for example whether you were referred from another website or from a search engine), how long you remained on our site, the number of pages on our site that you viewed, how you moved around our site, the links that you followed, and whether any of those links were used to leave our site

Depending on the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • our legitimate interests, (in that we are seeking to monitor and improve our website/app and/or the services we provide).

Conducting checks to detect fraud against you or us

Depending upon the circumstances, our use of your personal data is necessary:

  • to comply with our legal and regulatory obligations; or
  • for our legitimate interests, i.e. to minimise the risk of account or identity theft or fraud that could be damaging for you, a third party or us.

To enforce legal rights or defend or undertake legal proceedings

Depending on the circumstances, our use of your personal data is necessary:

  • to comply with our legal and regulatory obligations; or
  • for our legitimate interests, i.e. to protect our business, interests and rights.

Communications with you not related to marketing, including about changes to our terms or policies or changes to the website/app or service or other important notices

Depending on the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • to comply with our legal and regulatory obligations; or
  • our legitimate interests, i.e. to provide the best service to you.

To protect the security of systems and data used to provide the website/app and its services

Our use of your personal data is necessary to comply with our legal and regulatory obligations

We may also use your information to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Operational reasons, such as improving efficiency, training and quality control or to provide support to you

Our use of your personal data is based upon our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.

Statistical analysis to help us understand our customer base

Our use of your personal data is based upon:

  • your consent where this has been given; or
  • upon our legitimate interests in processing the data (in that we are seeking to monitor and improve the website/app and/or the services we provide).

Updating and enhancing customer records

Depending on the circumstances, our use of your personal data is necessary:

  • to perform our contract with you or to take steps at your request before entering into a contract; or
  • to comply with our legal and regulatory obligations; or
  • where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our customers about existing orders and new products.

Disclosures and other activities necessary to comply with legal and regulatory obligations, e.g. to record and demonstrate evidence of your consent to our use of your information where relevant

Our use of your personal data is necessary to comply with our legal and regulatory obligations.

To share your information with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency

In such cases, information will be anonymised where possible and only shared where necessary

Depending on the circumstances, our use of your personal data is necessary:

  • to comply with our legal and regulatory obligations; or
  • for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets

Customers and Suppliers only

What we use your information for

Our reasons

Create and manage your account with us

Depending upon the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • upon our legitimate interests (in that we are seeking to provide services as part of our business); or
  • the performance of a contract between us, and the steps needed to deliver those contractual services.

To verify your identity or carry out due diligence checks and to determine the initial suitability of your business to become (and remain) a supplier to us

Depending upon the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • upon our legitimate interests (in that we are seeking to provide services as part of our business); or
  • the performance of a contract between us, and the steps needed to deliver those contractual services.

To supply services to you or request services from you

Our sue of your personal data is necessary for the performance of a contract between us, and the steps needed to deliver those contractual services

To receive or process invoices

Depending upon the circumstances, our use of your personal data is based upon:

  • your consent, where this has been given; or
  • upon our legitimate interests (in that we are seeking to provide services as part of our business); or
  • the performance of a contract between us, and the steps needed to deliver those contractual services.

Marketing our services to existing and former customers

Our use of your personal data is based upon our legitimate interests, i.e. to promote our business to existing and former customers

See ‘Marketing’ below for further information.

The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, and data concerning health, sex life or sexual orientation. We will only ever process information of that nature with your explicit consent.

MARKETING

We will use your information to send you updates (by email, text message, telephone or post) about our services, including new services.

We have a legitimate interest in using your information for marketing purposes (see above ‘How and why we use your information’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by contacting us – please see ‘How to contact us’ below.

We will always treat your information with the utmost respect and never sell or share it with other organisations outside the CMAC group for marketing purposes.

For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.

SHARING YOUR DATA WITH OTHERS

Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others in order to perform our services for you, to comply with our contractual obligations to you, to comply with our legal or regulatory obligations to you, or to comply with any contractual, legal or regulatory obligations that we are subject to. These may include:

When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. In doing so we impose contractual obligations on all Suppliers, to ensure that your personal data is kept secure. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect that personal data are satisfactory.

Please be aware that, from time to time, we may be required to disclose your personal data to, and exchange information about you or relating to you with, government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

From time to time it may be necessary for us to share data for statistical purposes (for example with other companies within the CMAC group). We will always take steps to try to ensure that information shared is anonymised but, where this is not possible, we will require that the recipient of the information keeps it confidential at all times.

Other than as set out above, we will not share your personal data with any other third party.

HOW LONG PERSONAL DATA IS KEPT

Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.

Where your personal data is retained after we have finished providing our service to you, or where the contract with you has ended in any other way, this will generally be for one of the following reasons:

In general, we will retain your data for only so long as is necessary for the various objectives and purposes contained in this policy. Generally, we will retain personal data for up to 7 years after the end of any business relationship we have with you. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.

YOUR RIGHTS IN RELATION TO YOUR DATA

You generally have the following rights, which you can usually exercise free of charge:

Access to a copy of your information

The right to be provided with a copy of your information

A more detailed explanation of this right is available here

Correction (also known as rectification)

The right to require us to correct any mistakes in your information

A more detailed explanation of this right is available here

Erasure (also known as the right to be forgotten)

The right to require us to delete your information—in certain situations

A more detailed explanation of this right is available here

Restriction of use

The right to require us to restrict use of your information in certain circumstances, e.g. if you contest the accuracy of the data

A more detailed explanation of this right is available here

Data portability

The right to receive your information that you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

A more detailed explanation of this right is available here

To object to use

The right to object:

—at any time to your information being used for direct marketing (including profiling)

—in certain other situations to our continued use of your information, e.g. where we use your information for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims

A more detailed explanation of this right is available here

Not to be subject to decisions without human involvement (automated decision making)

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

We do not make any such decisions based on data collected by the app

A more detailed explanation of this right is available here

The right to withdraw consents

If you have provided us with a consent to use your information, you have a right to withdraw that consent easily at any time

You may withdraw consents by emailing or writing to us – see ‘How to contact us’ below

Withdrawing a consent will not affect the lawfulness of our use of your information in reliance on that consent before it was withdrawn

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see How to contact us below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

If you would like to exercise any of those rights, please contact us (see ‘How to contact us’ below). When contacting us please:

ABOUT COOKIES

We use cookies in connection with the operation of our websites. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website) and which is then stored by the browser. The cookie contains an identifier which is stored in your browser and then sent back to our server each time your browser accesses our website. These cookies may either be ‘persistent cookies’ (in which case they will continue to be held by your browser until they are deleted, or until a specified event/date) or they will be ‘session cookies’ which expire when you close your browser.

Usually, cookies do not hold any data by which you can be identified, although if we do hold personal data about you (for example, because you have subscribed to a service that we offer) the cookie may be linked to that data.

In addition to cookies used by us, our service providers may also use cookies, and those cookies may also be stored in your browser when you visit our website.

If you wish to do so then, usually, you can prevent cookies from being downloaded to your browser and can delete those that have already been downloaded. How this may be achieved varies between different browsers. Consult the website of your browser provider for more details.

However, you should be aware that if you block or delete cookies this may have a detrimental impact upon your ability to access our websites, and the services that we provide. It may mean that not all of the facilities on our website will be accessible by you, or it may mean that you are unable to access any member services which we provide.

KEEPING YOUR DATA SECURE

In order to ensure that your personal data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used, or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.

Our systems are subject to rigorous testing; and we are ISO 27001 certified, meaning that we observe industry standards for information security.

In the event that there is a suspected data security breach you will be notified. Where relevant we will also inform the appropriate regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required to do so.

If you want detailed guidance from Get Safe Online on how to protect your information and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org Get Safe Online is supported by HM Government and leading businesses.

MAKING A COMPLAINT

If you have any queries or concerns as to the acquisition, use, storage or disposal of any personal data relating to you please contact us (see How to contact us’ below)

Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk

HOW TO CONTACT US

If you have any queries as to the acquisition, use, storage, or disposal of any personal data relating to you please contact dataprotection@cmacgroup.com

We can also be contacted by post at CMAC Group UK Limited, Suite 1 The Globe Centre, St James Square, Accrington, BB5 0RE.

THIS POLICY

The terms and provisions of this privacy policy may be changed, updated and amended from time to time.

If you would like this policy to be supplied to you in another format (for example audio, large print, braille) please contact us (see How to contact us above).

Built by Statuo, Designed by Arena