C-MAC Group Ltd (CMAC) Privacy Notice
23.10.23
INTRODUCTION
CMAC Group UK Limited take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you.
It also explains:
- what personal information we collect about you;
- how we keep your personal data secure;
- for how long we keep your personal data;
- your rights in relation to your personal data;
- how to contact us or the relevant supervisory authorities should you have a complaint.
In this policy, please note the use of the following terms:
personal data | has the meaning given to it by the UK GDPR and means any information that helps to identify a living individual (known as a data subject); for example, name, email address, phone number etc. |
processing | means any operation or actions performed on personal data; for example, collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal data. |
we, us and our | refers to CMAC Group UK Limited and its directors; |
you and your | refers to the person who is accessing our websites and apps, and whose data is processed; |
When we collect, use and process personal data we are subject to the provisions of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are described as a ‘controller’ of that personal information. In other words, we are primarily responsible for that data and we decide what data to collect and when, what we do with it, how we process it, who we share it with and how long to keep it.
This policy relates to your use of our websites and apps only. These include:
Please note that our websites and apps may link to other third-party websites that may also gather information about you. Third-party websites will operate in accordance with their own separate privacy policies, and we have no control over any personal data that they may acquire, store and use. For privacy information relating to these other third-party websites, you should consult their privacy policies, as appropriate.
We are committed to preserving the privacy of your data so that we can:
- deliver services of a high quality to our customers and service users;
- comply with the law and the various regulations that we are subject to;
- meet the expectations of our customers, service users, employees and third parties; and
- protect our reputation.
If you are aged under 18, we recommend that you speak to an adult that you trust if you have any difficulties reaching an informed decision regarding the activation of any use of your information or our treatment of your information.
Please note that our websites and apps not intended for use by children, and we do not knowingly collect or use personal information relating to children.
YOUR PERSONAL DATA
Personal data is collected about you whenever you access one of our websites or apps or use our services.
Personal data is collected either directly (i.e. information you provide to us, for example when you register with us, contact us, purchase services from us, complete forms or submit reviews on or via our website) or indirectly (i.e. data we collect from you, for example when you are browsing one of our websites, through the use of ‘cookies’).
How we collect and use your personal data depends upon which of our services you use and how you access that service.
The data that we can acquire may depend upon your relationship to us, for example:
- Where we supply services to/for you, you are our Customer
- Where you supply services to us/for us, you are our Supplier
- Where you are a user of the service provided for our Customer, you are a Passenger
- Where you are an employee of our Customer or Supplier and are accessing our websites or apps in the course of that employment, you are a User
In general, the data we collect may include:
For Customers, Suppliers, Passengers and Users
- name, address, email address, telephone number and other contact details;
- your gender;
- journey details (e.g. pick-up and drop-off locations and times etc)
- details of any feedback you give us - this may be by phone, email, post or via social media;
- information about the services we provide to you;
- account details, such as username, login details;
- IP address, device type, IMEA numbers, MAC address of networks, other unique device identification, device operating system, browser type, mobile network information, app version number, storage usage, data usage, time zone settings etc;
- the pages of our websites, or other resources on those websites, that you have accessed and when you accessed them;
- details of any documents or other resources that you have downloaded from our websites.
For Customers and Suppliers only
- website address;
- business name and VAT number;
- insurance details;
- signatures;
- bank account or other financial details;
- motor vehicle details e.g. make, model, colour, registration plate number;
For Users only
- date of birth;
- motor vehicle details e.g. make, model, colour, registration plate number;
- driving licence information;
- passport picture;
- your activities on, and use of, our websites or apps which reveal your preferences, interests or manner of use of the website/app and the times of use;
- details of your location with a high degree of precision (when you permit the collection of location data)
- behaviour reports (occasionally).
In general terms, we may use this personal data to:
Customers, Suppliers, Passengers and Users
- communicate with you;
- monitor the progress of a journey;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- improve our services;
- receive your reviews and respond to them.
Customers and Suppliers only
- create and manage your account with us;
- verify your identity;
- conduct due diligence checks;
- provide services to you;
- request services from you;
- receive and process invoices.
Sometimes you can choose if you want to give us your information and let us use it. Where that is the case we will tell you and give you the choice before you give the information to us. We will also tell you whether declining to share the information will have any effect on your use of the website, the app or our services.
By providing us with someone else’s personal data, you confirm you’ve either got their permission to give it to us, or permission from their parent or guardian (if the person is under 16).
Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal details change during your relationship with us.
LOCATION SERVICES/DATA
Our apps may request your consent to use location services to precisely identify your location. If applicable, your consent will be requested each time the app is opened. We require access to that data in order to monitor the progress of a journey and provide feedback to our Customers on the location of the vehicle fulfilling the booking/job/trip.
If you do not provide your consent, you may use the app but that will mean that the feature enabling the progress of your journey to be monitored will not be available. To withdraw your consent at any time you can either uninstall the app or stop tracking. Please note, that will not affect the lawfulness of our use of that data in reliance on your consent before it was withdrawn.
We will not process your location data other than as strictly required to enable the progress of your journey to be monitored and when the trip “ends”, location updates will no longer be available.
The location services in the app will not operate unless location services/data are generally enabled on your device. You may disable such functionality at any time by using the settings on your device to disable access to your location data.
THE PURPOSES FOR WHICH YOUR INFORMATION IS USED
Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those reasons may include the following:
- Where you have given consent to the use of your personal data for one or more specific purposes.
- Where the use is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
- Where the use is necessary for compliance with a legal obligation that we are subject to.
- Where the use is necessary in order to protect your vital interests or those of another person.
- Where the use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us.
- Where the use is necessary for the purposes of our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The reasons referred to above set out the purposes for which data may generally be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:
Customers, Suppliers, Passengers and Users
What we use your information for | Our reasons |
To respond to an enquiry or resolve a complaint | Our use of your personal data is based upon your consent |
To ensure the smooth running of our services, such as checking the progress and outcome of a job placed with us | Our use of your personal data is based upon our legitimate interests, or those of a third party |
In relation to information which you wish to include in, or post on, our website (for example by submitting a review of our services) | Depending on the circumstances, our use of your personal data is based upon:
|
Providing the functionalities, and improving the operation, of our website/app. This may include taking such security measures as are appropriate, backing up the data we hold | Depending upon the circumstances, our use of your personal data is necessary:
We will use data relating to your location only based on your consent as described in ‘Location services/data’ (above) |
To analyse the use made of our website/app. Here we may make use of your IP address, where you are based, the type and version of the browser you use, details of your operating system, how you came to our website (for example whether you were referred from another website or from a search engine), how long you remained on our site, the number of pages on our site that you viewed, how you moved around our site, the links that you followed, and whether any of those links were used to leave our site | Depending on the circumstances, our use of your personal data is based upon:
|
Conducting checks to detect fraud against you or us | Depending upon the circumstances, our use of your personal data is necessary:
|
To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances, our use of your personal data is necessary:
|
Communications with you not related to marketing, including about changes to our terms or policies or changes to the website/app or service or other important notices | Depending on the circumstances, our use of your personal data is based upon:
|
To protect the security of systems and data used to provide the website/app and its services | Our use of your personal data is necessary to comply with our legal and regulatory obligations We may also use your information to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us. |
Operational reasons, such as improving efficiency, training and quality control or to provide support to you | Our use of your personal data is based upon our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you. |
Statistical analysis to help us understand our customer base | Our use of your personal data is based upon:
|
Updating and enhancing customer records | Depending on the circumstances, our use of your personal data is necessary:
|
Disclosures and other activities necessary to comply with legal and regulatory obligations, e.g. to record and demonstrate evidence of your consent to our use of your information where relevant | Our use of your personal data is necessary to comply with our legal and regulatory obligations. |
To share your information with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency In such cases, information will be anonymised where possible and only shared where necessary | Depending on the circumstances, our use of your personal data is necessary:
|
Customers and Suppliers only
What we use your information for | Our reasons |
Create and manage your account with us | Depending upon the circumstances, our use of your personal data is based upon:
|
To verify your identity or carry out due diligence checks and to determine the initial suitability of your business to become (and remain) a supplier to us | Depending upon the circumstances, our use of your personal data is based upon:
|
To supply services to you or request services from you | Our sue of your personal data is necessary for the performance of a contract between us, and the steps needed to deliver those contractual services |
To receive or process invoices | Depending upon the circumstances, our use of your personal data is based upon:
|
Marketing our services to existing and former customers | Our use of your personal data is based upon our legitimate interests, i.e. to promote our business to existing and former customers See ‘Marketing’ below for further information. |
The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, and data concerning health, sex life or sexual orientation. We will only ever process information of that nature with your explicit consent.
MARKETING
We will use your information to send you updates (by email, text message, telephone or post) about our services, including new services.
We have a legitimate interest in using your information for marketing purposes (see above ‘How and why we use your information’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by contacting us – please see ‘How to contact us’ below.
We will always treat your information with the utmost respect and never sell or share it with other organisations outside the CMAC group for marketing purposes.
For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.
SHARING YOUR DATA WITH OTHERS
Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others in order to perform our services for you, to comply with our contractual obligations to you, to comply with our legal or regulatory obligations to you, or to comply with any contractual, legal or regulatory obligations that we are subject to. These may include:
- Sharing driver and vehicle information with a Passenger or Customer, so that they can track the progress of a journey;
- Sharing a Passenger’s information with a Supplier, so that they can provide the service;
- Sharing information between a Customer, Supplier and/or a Passenger, in order to deal with enquiries or resolve a complaint;
When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. In doing so we impose contractual obligations on all Suppliers, to ensure that your personal data is kept secure. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect that personal data are satisfactory.
Please be aware that, from time to time, we may be required to disclose your personal data to, and exchange information about you or relating to you with, government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
From time to time it may be necessary for us to share data for statistical purposes (for example with other companies within the CMAC group). We will always take steps to try to ensure that information shared is anonymised but, where this is not possible, we will require that the recipient of the information keeps it confidential at all times.
Other than as set out above, we will not share your personal data with any other third party.
HOW LONG PERSONAL DATA IS KEPT
Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.
Where your personal data is retained after we have finished providing our service to you, or where the contract with you has ended in any other way, this will generally be for one of the following reasons:
- so that we can respond to any questions, complaints or claims made by you or on your behalf;
- so that we are able to demonstrate that your matter was dealt with adequately and that you were treated fairly; or
- in order to comply with legal and regulatory requirements.
In general, we will retain your data for only so long as is necessary for the various objectives and purposes contained in this policy. Generally, we will retain personal data for up to 7 years after the end of any business relationship we have with you. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.
YOUR RIGHTS IN RELATION TO YOUR DATA
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your information | The right to be provided with a copy of your information A more detailed explanation of this right is available here |
Correction (also known as rectification) | The right to require us to correct any mistakes in your information A more detailed explanation of this right is available here |
Erasure (also known as the right to be forgotten) | The right to require us to delete your information—in certain situations A more detailed explanation of this right is available here |
Restriction of use | The right to require us to restrict use of your information in certain circumstances, e.g. if you contest the accuracy of the data A more detailed explanation of this right is available here |
Data portability | The right to receive your information that you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations A more detailed explanation of this right is available here |
To object to use | The right to object: —at any time to your information being used for direct marketing (including profiling) —in certain other situations to our continued use of your information, e.g. where we use your information for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims A more detailed explanation of this right is available here |
Not to be subject to decisions without human involvement (automated decision making) | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by the app A more detailed explanation of this right is available here |
The right to withdraw consents | If you have provided us with a consent to use your information, you have a right to withdraw that consent easily at any time You may withdraw consents by emailing or writing to us – see ‘How to contact us’ below Withdrawing a consent will not affect the lawfulness of our use of your information in reliance on that consent before it was withdrawn |
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please contact us (see ‘How to contact us’ below). When contacting us please:
- provide enough information to identify and any additional identity information we may reasonably request from you, and
- let us know which right(s) you want to exercise and the information to which your request relates
ABOUT COOKIES
We use cookies in connection with the operation of our websites. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website) and which is then stored by the browser. The cookie contains an identifier which is stored in your browser and then sent back to our server each time your browser accesses our website. These cookies may either be ‘persistent cookies’ (in which case they will continue to be held by your browser until they are deleted, or until a specified event/date) or they will be ‘session cookies’ which expire when you close your browser.
Usually, cookies do not hold any data by which you can be identified, although if we do hold personal data about you (for example, because you have subscribed to a service that we offer) the cookie may be linked to that data.
In addition to cookies used by us, our service providers may also use cookies, and those cookies may also be stored in your browser when you visit our website.
If you wish to do so then, usually, you can prevent cookies from being downloaded to your browser and can delete those that have already been downloaded. How this may be achieved varies between different browsers. Consult the website of your browser provider for more details.
However, you should be aware that if you block or delete cookies this may have a detrimental impact upon your ability to access our websites, and the services that we provide. It may mean that not all of the facilities on our website will be accessible by you, or it may mean that you are unable to access any member services which we provide.
KEEPING YOUR DATA SECURE
In order to ensure that your personal data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used, or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.
Our systems are subject to rigorous testing; and we are ISO 27001 certified, meaning that we observe industry standards for information security.
In the event that there is a suspected data security breach you will be notified. Where relevant we will also inform the appropriate regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required to do so.
If you want detailed guidance from Get Safe Online on how to protect your information and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org Get Safe Online is supported by HM Government and leading businesses.
MAKING A COMPLAINT
If you have any queries or concerns as to the acquisition, use, storage or disposal of any personal data relating to you please contact us (see ‘How to contact us’ below)
Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk
HOW TO CONTACT US
If you have any queries as to the acquisition, use, storage, or disposal of any personal data relating to you please contact dataprotection@cmacgroup.com
We can also be contacted by post at CMAC Group UK Limited, Suite 1 The Globe Centre, St James Square, Accrington, BB5 0RE.
THIS POLICY
The terms and provisions of this privacy policy may be changed, updated and amended from time to time.
If you would like this policy to be supplied to you in another format (for example audio, large print, braille) please contact us (see ‘How to contact us’ above).