4x4
4x4

Privacy Policy

//Privacy Policy
Privacy Policy 2018-05-25T13:26:10+00:00

Privacy Notice

Ash & Scott Ltd t/a Causeway 4×4 and Retro Resus

Registered Office: Maxwells, 4 King Square, Bridgwater, TA6 3YF

Garage , Service and Repair

Scope

This privacy policy applies to any business operation, application or service operated by Ash & Scott Ltd where this privacy notice is referenced, regardless of how you access or use them.

Personal Information

Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, and an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We do not consider personal information to include information that has been obfuscated or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.

We collect personal information from you when you use our services, of which is Garage Data Systems which is the mode used to collate the personal information. Our websites are only used as an information tool, if in the future it is decided to be used as a different tool then under this notice we will inform you of this.

How we use your personal Information

We collect information on individual persons who is necessary on a legal basis for performance of a contract of a legal obligation between Ash & Scott ltd and the individual. We also use the information collected on you as an individual as a legal basis to consent and arguably, legitimate business interest in regards to vehicle MOT reminders and service reminders. We use the information to provide you certain services available at Ash & Scott Ltd.

Your Choices about how we use your personal information

You have choices about how we use your personal information to communicate with you, to send you relevant information, how we provide you with marketing information. You can control your communication preferences and choose what information you receive. As standard, GDS is only setup to send out letters of reminders for MOT and Servicing requirements. On discussion with the customer we are able to send out invoices via e mail with permission from the customer

Your rights to access control and correct your personal information

We respect your right to access, correct, request deletion or request restriction of our usage of your personal information as required by applicable law. We also take steps to ensure that the personal information we collect is accurate and up to date.

You have the right to know what personal information we maintain about you. We will provide you with a copy of your personal information in a structured, commonly used and machine readable format on request.

If your personal information is incorrect or incomplete, you have the right to ask us to update it. You have the right to object to our processing of your personal information.

You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our services.

How we might share your personal Information

Your personal date is only used within the structure of Ash & Scott Ltd and is not sold, rented or otherwise disclosed to any third parties for the purposes of marketing or advertising.

How long we keep your personal information

We retain your personal information for as long as necessary to provide the services you have requested, or for other essential purposes, such as complying with our legal obligations, resolving disputes and enforcing our policies.

Cookies & Similar Technologies

When you visit or interact with our websites, Electronic business cards, email or messaging, we or our authorised service providers may use cookies and other similar technologies to help provide you with a better, faster and safer experience.

Remote Access: Only documented staff have a password key to gain remote access to the Personal information held, this is gained only on PPTP VPN connections. We also have a documented exit process when any documented staff has left or been removed from the business, this entails the immediate change of the password key to a new one.

How do we protect our customers’ personal information?

We protect our customers’ information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration through our Network Providers Create Data Systems and the CLOUD system.

Firewall technology deployments to protect and manage access to our network and data centre.

Data Encryption- we secure all personal data exchanged between applications and data storage end points using modern industry acceptable standards. Typically this is “Secure Socket Layer” (SSL) encryption of traffic over TCP/IP channels through Create Data Systems. The public keys are stored with certificate authorities who validate Create Data Systems identity for trust purposes. They use 128bit encryption which is the strongest allowable within the United Kingdom and EU jurisdictions currently.

Physical access controls to our data centre. Manned 24 hours a day, 365 days per year

Access Control lists within the application

The cloud data centres are chosen for their reputation and high standards. Create Data Systems ensure they comply with all the necessary data protect standards and have high levels of service availability, service resilience and resumption planning in place. This ensures our customer data is accessible 365/24×7 and we insist on SLA’s that commit to a 99.9% availability throughout the contract period.

Our customer data is backed up to multiple servers at geographically diverse locations to ensure the data recovery following major technical or physical damage is sustained to Create Data systems servers or the data centres as a whole.

Our Data is ultimately our responsibility and we have a strong security culture within the business environment. All messaging sent to our customers using our system is accepted by customer unless the customer chooses to stop receiving them.

Data Controllers and Data Protection Officers

Our primary concerns should be as follows

Ensure all login accounts have a suitable and complex password

Staff codes should be at least 5 characters long

Unattended time locks should be set to no more than 5 minutes

PC’s should never be left unattended without locking the screen.

Ensure that only the appropriate and limited installations of licensed applications are installed on devices such as PC’s and laptops, and keep a registry of who has these installed.

Ensure we have a documented and published exit process for the staff that has access via GDS or other applications. If the exiting staff member has an application installed on their personal device the login account passwords should be changed as soon as they depart from the business. Where possible we should supervise the uninstalling of any application licensed and installed that can access our customers’ data.

Third Party Processors

At Ash & Scott Ltd a third Party company are involved with having employees information in regards to processing Wage and pension requirements. A system is setup , encrypted through Sage Payroll to ensure the information held is secure. This information is held by the company , purely for Wage and pension requirements. Ash & Scott Ltd update this information with the 3rd party, as and when required.