This policy demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation ((EU) 2016/769) (“GDPR”) and all other data protection legislation currently in force in the UK (“Data Protection Legislation”).
Pursuant to Data Protection Legislation, when processing data we will;
Each company within the group is registered as a Data Controller with the ICO.
We are a Data Controller. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
The Data protection Policy clarifies:
We require all third parties to respect the security ofyour personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
An individual may make such a request verbally or in writing and we will comply with any valid request within 28 days of receipt unless exceptional circumstances require an extension to that time limit. We will inform the individual of any extension, and the reason for such, within 28 days of the original request.
Where we are not certain about the identity of the person making the request, we may ask for more information. Any information requested for identity verification will be processed only for that purpose.
There will normally be no charge for this, except where we consider the request manifestly unfounded or excessive. If we will charge a fee we will notify the individual making the request and we will only comply with the request once we have received the fee.
In some cases, we may refuse to comply with a request. If we refuse to comply we will inform the individual as soon as is practicable and within one month. We will inform the individual about the reasons we will not comply with the request, their right to make a complaint to the ICO or another supervisory authority and their ability to seek to enforce this right through a judicial remedy.
If you wish to exercise any of your rights relating to your personal data please contact:
James McGawleyData Protection OfficerAMT Group174 Armley RoadLeedsLS12 2QH
Telephone: 0844 826 2300Email: email@example.com
We do not transfer your personal data outside the European Economic Area (EEA).
We have extensive security arrangements in place to protect personal data we hold on our systems. If you require full details on our security policy, please contact your account manager or the Data Protection Officer, the contact details for which are:
In each case the above applies unless a legal obligation or other legitimate interest requires us to store the data for a longer period.
We carry out regular audits of any Personal Data we hold to ensure as far as possible that we do not hold any Personal Data that is no longer required.
If you have a complaint regarding any aspect of our collection or processing of personal data or our data protection policy, please contact:
James McGawleyAMT GroupAMT House174 Armley roadLeedsLS12 2QH
On receipt of a complaint regarding Data Protection, within 1 working day we will acknowledge the complaint and provide a response. Where a complaint requires an extension to that time limit we will inform the complainant and provide a formal response with the conclusions to any investigation with utmost urgency.
All complaints received are logged for reference, detailing the original complaint, the details of any investigation and the resolution.
Where we are not able to reach a satisfactory resolution, individuals are advised of their right to report their concern to the Information Commissioners Office or to seek judicial remedy.
When we become aware of any personal data breach we will document and justify any decisions made regarding it.
In the event of a material data breach, we will, where required and where feasible:
Personal data breaches should be reported to:
James McgawleyData Protection OfficerAMT Group174 Armley roadLeedsLS12 2QH
Telephone: 0844 826 2300Email: James.Mcgawley@amtvehiclerental.co.uk