Non-Personal Information Collected Automatically.
Marshalls Self Drive is committed to the protection of the privacy of its website visitors. Please note that we may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-parties, but these statistics will include no personally identifying information.
Under GDPR, all data communicated is lawfully collected for specified, explicit and legitimate purposes, accurately and in a transparent manner. The Company does not pass on any data or personal information for marketing or sales to outside entities.
In order to respond to your questions, fulfil your requests or manage interactive customer programs, it may be necessary to ask for personal information such as your name, address, e-mail address and telephone number. We may use this information to respond to your requests, or to contact you via mail, e-mail or phone to inform you of new products, services or promotions we may offer.
If you place an order for a product, request a service or submit content to this Site, we may need to contact you for additional information required to process or fulfil your order and/or request. However, unless compelled by applicable legislation, we will not provide this information to a third party without your permission, except as necessary to process your order, fulfil your requests or manage interactive customer programs. You also hereby grant to Marshalls Self Drive the right to exchange any information provided by you between Marshalls Self Drive affiliates for the purposes mentioned before.
In addition to the personal information that you may provide us, this Site may use technology that lets us collect certain technical information like your Internet protocol address, your computer’s operating system, your browser type, traffic patterns and the address of any referring Websites.
Please note that while there are always risks associated with providing personal data, whether in person, by phone or over the Internet, and no system of technology is completely safe, “tamper” or “hacker-proof”, Marshalls Self Drive has endeavoured to take appropriate measures to prevent and minimise risks of unauthorized access to, improper use and the inaccuracy of your personal information. For example, we use encryption technology when collecting or transferring sensitive data such as credit card information.
Accuracy of collected data
Marshalls Self Drive will on its own initiative, or at your request, replenish, rectify or erase any incomplete, inaccurate or outdated personal data retained by Marshalls Self Drive in connection with the operation of this Site.
No information may be submitted to Marshalls Self Drive by persons under the age of 18 without the consent of a parent or legal guardian, nor may persons under the age of 18 make purchases or other legal acts on this Site without such content, unless permitted by applicable legislation.
Company Specific GDPR Policy
General Data Protection Regulation (GDPR) 25 May 2018
Marshalls Self Drive Ltd
The company processes personal data, which is held in some circumstances manually and in others on computer for the purpose of vehicle rental, staff administration, accounts, third party claims and records.
Additionally it processes personal data with the use of CCTV.
All data collected is :
- Lawfully collected for specified, explicit and legitimate purposes accurately and in a transparent manner
Customer data is collected and stored to ensure their identity as well as to ascertain their driving entitlements for the purpose of hiring vehicles.
All employee data is collected to ensure they are legitimately employed and the company complies with legislation
All employees are contractually obliged to inform Head Office of any personal changes.
- Processed for limited purposes to what is necessary
See timescales below
- Adequate, relevant and not excessive
This is in place
- Not kept longer than necessary
A maximum of three years plus the current year to meet insurance third party claims timescales for any CCTV footage, Incident & Accident Reports.
All third party personal data collected is for the legitimate process of claims, accidents, injury and legislative notifications, such as RIDDOR and Insurance Companies
No data is transferred outside the European Economic Area (EEA)
Only directors and appointed personnel processors are authorised to pass on any personal data for legitimate purposes
The Company does not pass on any customer or employee data for marketing or sales purposes within or outside entities
The Company does not hold any information on Minors
The Company is registered with the ICO and our registration number is 5362701
- Any request of information will normally be free of charge and handled quickly for most requests but all within one month.
Any considered requests that are unfounded or excessive will be charged or refused
Personal Data Breach
‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Any apparent breaches of security in access to data by persons other than those appointed must be immediately reported to a Director.
Should any individual or company contact you requesting details of information about themselves held by the Company, the request must be in writing and immediately forwarded to Head Office.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entities the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data, such as references.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Any request will be put forward by personnel and determined by a Director.
UK organizations handling personal data still need to comply with the GDPR, regardless of Brexit.
The Government has confirmed that it will follow the GDPR principles for data protection.
Remedies, Liability and Penalties
The Supervisory Authority can impose a fine of up to : 4% of annual global turnover ; or €20 million whichever is the greater. The administrative fines will in each case be designed to be effective, proportionate, and dissuasive.