For the purpose of The EU General Data Protection Regulation [‘GDPR’], we are the ‘Controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data). As we act as a credit intermediary, we undertake a number of financial tasks that relate to consumer credit. Our firm’s lawful basis for processing your personal data is done so under a Legitimate Interest - Article 6(1)(f) - “the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.”
This Policy was last updated January 2019.
Leasing Company data
This privacy statement is primarily aimed at users of our website. However, if you work for a leasing company with whom we partner, please read the below.
We will collect your business details and your employee details as well as other information relevant to our professional relationship with you, including a photo to display on the website. We will also maintain a record of your communications with us and information around any leads generated via our website.
We may collect information about your employees, from you directly, from user(s) of our website, or from publicly available sources (e.g. your leasing company website).
We will use this information for the purposes of developing and maintaining our partnership with you. If you would like to update or delete information on your profile on our website, please visit your Auto Lease Compare Dashboard or feel free to contact us at firstname.lastname@example.org
Personal data we may collect
We collect personal information from you when you provide it to us directly and through your use of our website. This information may include:
- Information you provide to us when you create an account with us, which will include your name, email address and password;
- Information you provide when using our website, for example your telephone number, searches, reviews and comments, messages sent to the leasing companies via our enquiry form;
- You are able to update your personal information at any time by visiting your AutoLease.Compare Dashboard.
- Any correspondence you have with leasing companies via our website;
- Records of your interactions with Auto Lease Compare Ltd (e.g. if you contact our support team). We maintain a record of enquiries which we then forward to the relevant leasing company on behalf of the customer, at their own discretion;
- Information you provide to us when you enter a competition or participate in a survey;
- Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates). We may also collect information about the device you use to access our website.
We may also receive confirmation from one of our leasing partners if you lease a car from them, for our accounting purposes and to manage the leasing company’s account with us.
How we use personal data
Depending on how you use our website, your interactions with us, and the permissions you give us, the purposes for which we use your personal information include:
- To fulfill requests submitted via the website and maintain your online account;
- To contact you about your use of the website and send you hot offer - supplying you with information by email that you have opted-in to (you may unsubscribe or opt-out at any time by using the unsubscribe link within all emails sent).
- Where you contact a leasing company via our website, AutoLease.Compare may telephone or email you to confirm whether you leased a car from that leasing company;
- To manage and respond to any queries or complaints to our customer service team;
- To fulfil our obligations to the leasing companies we work with;
- To improve and maintain the website, and monitor its usage;
- For market research, e.g. we may contact you for feedback about your experience on our website;
- To send you marketing messages, where we have your consent or are otherwise permitted to do so;
- For security purposes, to investigate fraud and where necessary to protect ourselves and third parties;
- To personalise the website to you and show you content we think you will be most interested in, based on your account information and your history on the website; and
- To comply with our legal and regulatory obligations.
Disclosure of personal data
We share users’ personal information with third parties in the following circumstances:
- With leasing companies, to pass on your interest or specific query - we will only pass on the information you have provided when you send an enquiry to the leasing company for the purpose of them providing you with a personalised quote.
- With our suppliers and service providers, for example we use a service provider to contact you via telephone to confirm whether you leased a car via our website;
- With our professional and legal advisors;
- With third parties engaged in fraud prevention and detection;
- With law enforcement or other governmental authorities, in response to a lawful request or court order;
- With any regulators within whose jurisdiction we operate within;
- Otherwise where we have your consent or are otherwise legally permitted to do so.
Please be aware that we will not sell or otherwise disclose any personal data provided to us to any other third party.
Marketing and opting-in
If you have opted-in to receive our marketing material, we may use your personal information to send you marketing by email.
The nature of these marketing communications relate to information on products, services, promotions and special offers which we believe may be of interest to you or others. If you or others would prefer not receive any further direct marketing communications form us, it is possible to opt out at any time by clicking the unsubscribe button on the email communications, alternatively please email email@example.com
You may also see adverts for our website on third party websites, including on social media. Where you see an ad on social media, this may be because we have engaged the social network to show ads to our users, or others who match the demographic profile of our users.
Keeping data secure
We currently safeguard personal data by storing it on a CRM protected by password and shall ensure that we use no lesser technical and organisational measures to safeguard personal data which is disclosed to us. Whilst we will take every effort to safeguard such personal data, you acknowledge that the use of the internet is not entirely secure and therefore we cannot guarantee the security of your personal data.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention or compliance purposes.
Information about other individuals
If you give us information about others, you confirm that the other third party person has appointed you to act on his/her behalf. This is also relevant where others are concerned if you indeed ask another to act on your behalf as a third party.
Under the third party authorisation, the other person can:
- Give consent on his/her behalf to the processing of his or her personal data for the purposes and reasons set out in this Policy; and
- Receive on his/her behalf any data protection notices.
Such authorisation will remain in place until this has been revoked, either by verbal or written communication.
Use of Google Analytics Advertising
We use Google Analytics Advertising Features (‘GAAF’) through our website, which means that certain information about the traffic on our website is collected. In light of using GAAF, We will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through GAAF unless we receive your express consent to that merger.
Furthermore, we are hereby notifying you that:
- The specific GAAF feature(s) which we have implemented are:
- Remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- We use first-party cookies (such as GAAF cookies) or other first-party identifiers, and third-party cookies (such as advertising cookies) or other third-party identifiers together and that this is done in the ways detailed under the sub-heading ‘Use of First & Third Party Cookies and Identifiers’ below; and
- You can opt-out of the GAAF you use, including through Ads Settings, Ad Settings for mobile apps, or any other available means such as the Google Analytics currently available opt-outs accessible via tools.google.com/dlpage/gaoutput
We will only process your personal data providing you have your consent for us to do, Under the provisions of the GDPR, our firm’s lawful basis for processing personal data is based on a Legitimate Interest.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We will retain personal information for the duration that you want to receive marketing communications from us or hold an Account with us.
If you have provided personal information for the purposes of receiving a quote from an advertiser then this legitimate interest relates to a legal requirement for the firm to hold your personal data and financial information on record for up to a total of six years. This six year period satisfies the requirement of our regulator, The Financial Conduct Authority and is also in line with other financial industry retention periods.
In the normal course of business there may be a need for AutoLease.Compare or any other firm associated to the business, usually when processing an application for credit, personal data would have to be transferred outside of the European Economic Area (EEA) where those countries do not typically have the same protections and safeguards in place for the protection of personal data to those countries within the EEA.
AutoLease.Compare may deal with a number of large, international corporations where data is likely to be transferred in this way. Assurances and processes will always be put in place and considered before any international transfer to a non-EEA country is undertaken to ensure the protection and security of the personal data.
You have certain rights in respect of your personal information, including the right to access, correct, to cease processing and request the erasure of your personal information.
You also have the right to object to your personal information being used for certain purposes, including to send you marketing - which you have the option to opt-out of.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To any requests regarding your personal information, or if you have any questions or concerns regarding your personal information, please contact us using the details below. You are also entitled to contact the UK’s supervisory authority for data protection, the Information Commissioner’s Office, or your local supervisory authority.
How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be sent to firstname.lastname@example.org with the subject ‘Data Subject Access Request’.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.