Basket icon

Data Protection - Privacy Notice

  1. Introduction
    1. PTA Garage Services are committed to protecting your personal information and respecting your privacy. PTA Garage Services is a part of Petrocell Holdings Ltd. For simplicity throughout this notice ‘the company,’ ‘we’ and ‘us’ means Petrocell Holdings Ltd and PTA Garage Services.
    2. This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
    3. For the purpose of the General Data Protection Regulation [Regulation (EU) 2016/679], the data controller is Petrocell Holdings Limited (company number 1190922), whose registered office is 274-278 Wickham Road, Shirley, Croydon, CR0 8BJ.
    4. We may update this Privacy Notice from time to time. Any changes we make in the future will be posted on our website at https://www.ptagarages.co.uk/privacy-policy/. Please check back regularly to see any updates or changes to this Policy.
  2. Data Protection Team
    1. The contact details for our Data Protection Team are as follows:
      The Data Protection Team
      Petrocell Holdings Ltd
      274-278 Wickham Road
      Shirley
      Croydon
      CR0 8BJ
      Tel: 0208 655 4444
    2. If you have any comments / questions about privacy, please email: info@ptagarages.co.uk Please include the words DATA PRIVACY REQUEST in the subject line of your email.
    3. It is the responsibility of the Data Protection Team to keep our organisation and our staff informed and advised about their obligations to comply with data protection laws, to monitor compliance with those laws, to train staff and conduct internal audits, and to be the first point of contact for supervisory authorities and for individuals whose personal data we are processing.
  3. Your rights as a data subject
    1. The General Data Protection Regulation provides the following rights (subject to some exemptions):
      • The right to request access to the personal data that we hold about you;
      • The right to request rectification of the personal data that we hold about you;
      • The right to request erasure of the personal data that we hold about you;
      • The right to request restriction of processing about you;
      • The right to object to processing;
      • The right to data portability.
    2. If you wish to exercise any of the above rights, please notify our Data Protection Department using the contact details set out in Section 2 above. Please include the words DATA PRIVACY REQUEST in the subject line of your email, or at the top of your letter.
    3. You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Office of the Information Commissioner, full contact details for which can be found at https://ico.org.uk/global/contact-us/
  4. Processing your information – Contractual Necessity, Legitimate Interest, Consent
    1. We will generally process your personal data for contractual necessity in providing our products and services or for legitimate interests. We will use personal information for additional relevant purposes where you might reasonably expect us to do so, where the benefits of doing so are not outweighed by your own interests or fundamental rights or freedoms. The law calls this the “Legitimate Interests” condition for processing. Where we rely on it, the benefits being pursued are:
      • To maintain our records for administrative purposes, including updating your personal details and to log your vehicle’s service history. This allows us to issue you with an MOT or Service reminder and to honour our Warranty commitments on parts and work carried out on your vehicle.
      • Complying with / supporting compliance with legal and regulatory requirements e.g. DVSA – MOT Testing and Record Keeping.
      • CCTV systems may record your image, vehicle and registration when visiting forecourts, shops and workshop receptions to ensure the security of customers, staff, property and premises.
      • To monitor, analyse and improve our services and websites, including enhancing and personalising your customer service.
      • Internal training purposes.
      • To assist with queries, complaints and dispute resolution; including transmission of email enquiries coming via contact forms from traffic from the PTA Garage Services website portal.
      • To assist authorities to prevent and detect crime, trading standards offences and fraud and money laundering.
      • To improve data accuracy and completeness - when you register for our services you may supply us with additional information about yourself which we will use to improve our service offering.
      • To ensure network and account security.
      • Email tracking – in order to improve our communications with you.
      • To monitor and record communications with you (such as telephone calls) for the purpose of quality assurance, training, fraud prevention and compliance.
    2. Where we ask for your consent this will usually be for marketing purposes by email. Where our processing of personal data is based on your having given consent, you have the right as a data subject to withdraw that consent at any time.
    3. Please note that the withdrawal of your consent will not affect the lawfulness of any processing based on that consent before its withdrawal. If you wish to invoke this right, please notify our Data Protection Department using the contact details set out in Section 2 above. Please include the words DATA PRIVACY REQUEST in the subject line of your email, or at the top of your letter.
    4. Please be aware that withdrawal of consent to record personal and vehicle information for invoicing and service history records may void any warranties ordinarily guaranteed.
  5. Retention of Data
    1. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
    2. Under normal circumstances we will retain personal and vehicle information provided on servicing and invoicing records for a period of 10 years. This may assist with vehicle diagnostics and fault finding and will ensure that we can comply with our legal, contractual and warranty obligations.
    3. We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and will take all appropriate steps to protect it. We secure access to all transactional areas of our website using ‘https’ technology. Access to your personal data is password-protected and sensitive data such as payment card information is secured by SSL encryption. We regularly monitor our system for possible vulnerabilities and attacks and we carry out penetration testing to identify ways to further strengthen security.
  6. Recipients of Data – Third Party Data Processors
    1. We use service providers to help us provide you with our services. Personal data may be transferred to these outsourced data processors, who act for or on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed. We only disclose your data to third parties for a limited number of reasons, these include: services delivery, communications, marketing, data management, technical support, evaluating our services and processing payments.
    2. Such third parties have contracted with us as data processors under the requirements in the GDPR. They are contractually bound to only use personal data for the agreed purpose(s). Relevant persons working for these third parties will have access to your personal data under the terms of the data processor contract, but only to the extent necessary to perform their services for us.
    3. These data processors agree to implement reasonable contractual and technical protections, to keep your data confidential, not sell your personal data to third parties and to not disclose your personal data to third parties except as may be required by law, as permitted by us or as stated in this Privacy Policy.
    4. In appropriate circumstances we may disclose data to authorised bodies as required by law.
  7. Visitors to the PTA Garage Services Website – Cookies, Google Analytics, Facebook
    1. We use cookies to monitor how people use our website. Our first party cookies set directly by our website collect data on:
      • Google Analytics: to collect information about visitor behaviour on our websites. This analytics data is not tied to personally identifiable information. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
      • Banner advertising: whether you have seen an advert and how long since you have seen it.
      • Tracking PPC campaigns.
    2. We collect these cookies as a legitimate interest in order to provide you with our online services and to analyse visitor behaviour on our websites.
    3. Cookie information is held on your browser and you can amend your browser settings at any time. However, please be aware that blocking or deleting all cookies will affect the usability of our websites.
    4. Most device-based web browsers allow some control of most cookies through browser settings. Refer to your browser vendors to discover how to control what cookies your browser accepts and rejects.
    5. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.aboutcookies.org or www.allaboutcookies.org.
    6. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
    7. We may collect your Internet Protocol (“IP”) address, which is a number assigned to your computer when you connect to the Internet. As part of the protocol of the Internet, web servers can identify your computer by its IP address. In addition, web servers may be able to identify the type of browser you are using. We may collect IP addresses for the purposes of internal security, website analysis, and system administration, including to assess the traffic on the website, and to maintain and make improvements to the website. We do not link IP addresses to personal information, but we can and will use IP addresses to identify a user when we feel it is necessary to ensure compliance with this Privacy Notice or our Terms and Conditions, to protect the website, users, or other visitors, or to comply with applicable laws.