Here at Parkfoot we take the privacy of your data seriously and only share it with third parties who are working on our behalf in the legitimate interests of the company eg: in order for you to pay online or for us to send you special offers.
We may let you know of special offers in the jet wash if you regularly use your Ready2Wash app with us or let you know about our Christmas turkeys if you have previously bought one from us.
We keep your data secure and know who has access to it. We can delete you from records on request if this does not conflict with our legal requirement to hold data.
We have updated our Privacy Notice to be compliant with the Data Protection Act (DPA) and the EU General Data Protection Regulations (GDPR) which comes into force in May 2018.
It is important to us that you as customers trust us as a company and we want to make sure you understand how we collect your data and why; what we do with it; where we store it and who has access to it and how we keep it secure and for how long.
- Who is Parkfoot Garage?
- What are our legal bases for collecting data?
- When do we collect your personal data?
- What personal data do we collect?
- How and why do we use your personal data?
- How do we protect your personal data?
- How long do we keep your personal data?
- What are your rights over your personal data?
- What is our procedure if there is a data breach?
- Data Protection Officers
This Privacy Notice explains in detail the sorts of personal data we may collect from you when you interact with us. It explains how we process that data and keep it secure.
We hope that it will answer all the questions you might have, but if it doesn’t, do please contact one of our two Data Protection officers on email@example.com or call us on 01732 840000.
We will review and update this policy if any new legislation comes into force or if we change how we collect, use and store your data.
2. Who is Parkfoot Garage?
Parkfoot Garage Ltd is a private limited company registered in England no. 605551. We are a family business set up in 1949 by the grandfather of the current Managing Director and we are a Living Wage company. We are registered with the ICO (Information Commissioner’s Office)
We have two sites:
- Parkfoot West Malling on the A20 (265 London Road, ME19 5AE) is a petrol station with a large convenience store incorporating an in-store butchery and bakery and a car wash centre.
- Parkfoot Butchers at Hadlow is a high street butchers (3,The Broadway, TN11 OBZ)
3. What are our legal bases for collecting data?
Consent: we may collect data from you by consent eg: when you sign up to our newsletter or sign into our high speed broadband in-store. We always make it clear which service you are signing up for.
Contractual obligation: in order to deliver our contract with you, we may need to collect data such as your name, address, telephone number, email address or credit card details. These may need to be passed onto a third party such as Stripe for our online payments or Mailchimp for our newsletter database (name and email address only).
Legal compliance: we may need to collect your data and pass it on to the police; for example: if we suspect a criminal activity has taken place, we may share our CCTV footage (biometric or biological data) with Kent police.
Legitimate interest: we may collect and use data to pursue our legitimate interests as a company in a way it is reasonable to expect a business such as ourselves to operate, without materially impacting your rights, freedom or interests. For example, we may let you know of special offers or new products by email or brochure.
4. When do we collect your personal data?
- When you visit our website and buy products or services or redeem vouchers
- When you create an account with us
- When you purchase your Ready2Wash app for our jet washes
- When you engage with us on social media and comment on or review our business or individual products.
- When you contact us with queries or complaints
- When you join one of our loyalty programmes
- When you fill in an in-store order form
- When you ask us to send you information about a product or service
- When you visit our West Malling site where CCTV cameras, indoors and outdoors, capture images for your security and that of our staff.
- We collect information when you visit our website via cookies set up for Google analytics and Google maps.
5. What personal data do we collect?
- We collect your name, telephone number and credit card details when you shop online with us
- We collect your name and email for our mailing list and Mailchimp can tell us which country you are from
- We collect your name and email address when you sign into to our WiFi hotspot for high speed broadband
- We collect your name, address, phone number, company address (if applicable) and email when you open an account with us.
- We collect your name, email and telephone number when you use a Parkfoot order form, eg: for Christmas turkeys
- Your image and car number plate may be recorded on CCTV when you are on site
- We collect your comments, questions and product reviews on Social Media or in letters/emails to us
- We may make notes of conversations with you if you ask a question, making a comment or making a complaint.
- Via Google maps and Google analytics we can access information such as time of visit, pages visited, time spent on each page, web browser used, the URI you came through to arrive at our site, the type of operating system you use, your network location and IP address but none of this is linked to personal data such as your name or email address.
6. How and why do we use your personal data?
We collect most of the above data to process payments, for marketing and security purposes and also to provide services you have requested. The Data Protection Act allows us to do this as part of our legitimate business in order to provide you with the highest level of service.
On occasion your data may be passed to a third party in order for them to fulfill a service, for instance: Mailchimp to deliver newsletters; CBE and Sage when operating customer accounts and Stripe when processing online payments.
Of course you are free to opt out from the newsletter (unsubscribe or request us to do so for you) or close your account. We do not currently keep your credit card details when you buy online from us. We do have your name; billing and delivery address; email; products purchased, and the last 4 digits of your card, together with its expiry date.
If you wish to change the data we have stored about you, you’ll find details below in “What are my rights?”
CCTV allows us to protect customers, staff, our site and premises from crime and to be aware of any danger to the public and staff as quickly as possible. This is in our legitimate business interests. If we suspect a crime has been or is about to be committed, we will process the data for the purposes of preventing or detecting an unlawful act, eg: smoking near the petrol pumps; driving off without paying or failure to pay for goods in store. There are signs outside and inside the shop to say that CCTV is in operation.
We may share information about criminal activity with other local retailers by request, and we will do this accurately, fairly, legally and securely considering whether it is relevant and the rights of the individual(s) involved under the DPA and GDPR.
We may run a competition or advertise a special offer or conduct a survey which at the time requires you to share data with us when you enter or sign up. We will always say how this data will be used.
Our Loyalty cards are simply there to reward regular customers and we do not use any data you give us when you sign up for a card to profile you or market to you without your express consent.
7. How do we protect your personal data?
Most of our information is stored on computers and hard drives with limited access (1 – 5 people) and access to the Google Suite in which they are stored is password protected.
Hard copies of letters and forms are kept in filing cabinets in the office. Sensitive information is kept in double locked cabinets.
8. How long do we keep your personal data?
This varies. Some data is collected for a specific event and then deleted. Other data is kept indefinitely. We keep data for as long as it is current (ie: you are still an active customer) or for up to five years in order to compare sales figures over a period or for the relevant legally required period.
9. What are your rights over your personal data
You have the right to be informed about your personal data held by us and to:
- request to see any or all of this data about yourself (access)
- ask for changes to be made to records (rectification)
- ask for any of all data to be deleted/destroyed (erasure) unless we have legitimate legal reasons to refuse
- ask for certain actions not to happen to your data (process restriction)
- object to any or all of the practices listed above (objection) You have the right to lodge a complaint to the Information Commissioner’s’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
- be able to obtain and reuse your personal data for your own purposes across different services in a secure way without hindrance to usability. (portability of data)
We will not charge you for any of these requests, unless the request is manifestly unfounded or excessive, particularly if it is repetitive and we undertake to respond to your request within one month.
10. Procedure in the case of data breach
If a breach occurs, Parkfoot will detect and stop the breach as quickly as possible; investigate how and what happened, and inform all affected parties.
If a serious breach occurs, Parkfoot will follow the same steps but will also report the breach to the ICO (Information Commissioner’s Office) within 72 hours, including:
- Description of nature of personal breach including number of individual concerned/and /or number of personal data records concerned
- Description of likely consequences of data breach
- Description of measures taken or proposed to deal with data breach including measures to mitigate any possible adverse effects
In both cases, once the breach is contained, investigated and reported, a review will take place and corrective steps will be taken to make sure that such a breach cannot recur.
11: Data Protection Officers
As of April 2018, Gilly Hobby (Finance Manager) and Sue Charman (Director) are the nominated Data Protection Officers