Accelerate Global trading as American Motorcycle Experience
PRIVACY NOTICE FOR CUSTOMERS
ICO Reg. number ZA394829
Data Controller: Brian Mason
Address Data Controller: 3 Erles Road, Liphook, GU30 7BW
Telephone number: 07760 271984
Email address: [email protected]
What this Notice is about
This Privacy Notice tells you what information we obtain and hold about you as a customer, it explains what information we collect, why we collect it, and what we do with it, as well as who we share it with. We collect and handle personal information about our customers and prospective to enable us to provide our motorcycling services.
We call this information “your information”. It is also referred to as “data”.
You should read this notice when you give us information so you are aware of how and why we are using this.
Why we are giving you this notice
We are required by data protection law to give you this notice. We must be open with you about why information is collected about you and then what is done with it. We must act fairly in relation to this information. You have various legal rights relating to this information which are spelt out in more detail in this notice.
In order that we can collect or use information about you there must be a legal basis or gateway for doing so. This notice identifies the relevant gateway for the various types of information we collect and hold about you. A detailed explanation of these gateways is given in this notice.
Under data protection legislation we can only process data “as necessary” and only to the extent that it is needed. For example, we can use your bank details regarding payments and other limited purposes only. We may also share any of your data, as necessary, with the police/law enforcement agencies or regulatory authorities.
The data we collect/hold about you
We use different ways to collect data as necessary to provide our motorcycling services to you:-
• Email address and texts
• Home address
• Gift voucher number and date
• Phone number
• Ride out details
• PayPal transaction details, where payment is by PayPal
• Account details where payment is by BACS
• Insurance details for riders – licence number, date test passed, NH number, details on accidents and convictions, home address, dob, occupation, DVLA medical conditions, riding history, second ID (photo or address)
Sharing data with others
We will share information we hold with others, where this is necessary. When we do this, we must comply with data protection legislation. Information can be shared with our insurance company, PayPal, NatWest, Red Letter Days, Into The Blue, BuyAGift, Virgin Experience Days, MailChimp. Google, Facebook, Twitter, Microsoft are used by the company and may collect data from you.
DVLA Licence check
As necessary, we obtain information about your licence which is available via the DVLA website after receiving permission and a code from you. However when we do so we make sure that we comply with applicable guidelines under data protection legislation.
Special categories of data/sensitive personal data
In limited situations we will process information about your health or any disability. This data is given special protection under data protection law. Normally we would expect to ask you for your explicit consent before we collect or use this kind of data.
Obligation to process data
Vehicle insurance is regulated so we are under various legal obligations. These include an obligation to carry out licence and identity checks.
Why we collect data and the legal basis for processing your personal data
We must tell you why we collect and hold information about you.
We must also have a legal basis before we are allowed to collect or process your personal data. Processing personal data includes recording, storing, altering, using, sharing or deleting data. We only need one of these “gateways” and for our purposes they are –
• To perform our contract so that we can carry out our services, including anything you request us to do with a view to you becoming a customer.
• Compliance by us with a statutory or other legal obligation.
• Where we are pursuing our own legitimate interests or those of a third party. This will not apply if our interests are overridden by your interests or your fundamental rights and freedoms. We must carry out a balancing exercise therefore to decide whether we can rely on this gateway to ensure that it applies. In each case we have done this and we do not consider your interests, rights or freedoms outweigh our own or those of the third party concerned.
This notice identifies the relevant gateway applicable in each case. In some cases, we will rely on more than one gateway depending on the particular purpose for which we are using your data.
Additionally, any data must be processed by us fairly and openly.
Why we process your data
The various purposes for which it may be necessary for us to process various categories of your information include: –
• In our legitimate interests for deciding on the riding experience of a possible customer
• Our legal obligation to check licence details and identity
• For contractual performance for payment including banking details
• For contractual performance and/or in our legitimate interests for record keeping
• To perform our legal obligations to provide information to public or local authorities who are legally entitled to require this information
• In our legitimate interests for the storage of emails, records of calls and other communications
• In accordance with our legal obligations if you exercise your rights under data protection law
• To perform our legal obligations for compliance with legal and regulatory requirements
• In our legitimate interests for the establishment and defence of legal rights
• In our legitimate interests for prevention, detection and investigation of crime and anti social behaviour and the security of any website or other means of electronic communication
We may change the purposes where this is compatible for the purpose for which we obtained the data originally. If we need to use your data for a non-compatible purpose we will notify you and explain the legal gateway that allows us to do so. We may process your information without your knowledge where this is required or permitted by law.
More information about what we do with data and why, along with the relevant legal gateway is given in the Table. This also tells you who we share data with and receive it from.
We will retain records of your calls, emails, text messages, social media messages and other communications. This is in our legitimate interests to maintain an accurate record of these. We need these records for our ongoing dealings with you, including our data protection obligations.
Length of storage of data
Data can only be stored on a time limited basis and not indefinitely. We will hold personal data for insurance purposes about you for three years after the end of the insurance year in which your ride out has ended. We are also required to retain information for up to six years for tax purposes.
Storage and security of data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
All our information is stored securely electronically on servers or devices. Certain information is also retained on a secure basis in hard copy format.
Holding data outside the European Union
Our email account and web provider (if any) is the provider specified in the Table. Our email account is web based. Providers store related data internationally and not necessarily within the European Union. The recipient of this data is the provider concerned. You need to refer to the provider concerned to determine if they have the required clearance (adequacy decision) from the EU authorities or whether or not, instead, there is an agreement containing appropriate and suitable safeguards and to obtain a copy of this agreement.
Where we hold personal data about you, you are the data subject. Data protection legislation gives you a number of rights. To exercise any of these rights you should contact us. You can do so by email at the address given above or you can telephone us on the number given above. You can also write to us at our address given at the top of this notice. Normally no fee is payable.
In particular you have a right to object to the processing of your information where we are processing this in our own legitimate interests or those of someone else. This applies if you feel that this impacts on your own interests or your fundamental rights or freedoms.
These rights are as follows –
• Access – you have the right to make a request to be told what personal data we hold about you. This is a right to obtain confirmation that data has been processed and to have access to your personal data and the right to information details which should be provided with the privacy notice.
• Correction/Rectification – if you consider any data we hold about you is inaccurate you can tell us so that where appropriate this can be corrected. Where a mistake is made in data processing then you can ask to have it rectified. Any third parties who have received the data from us should then be told of the rectification and you should be informed by us of any such third parties.
• Erasure – you have a right to ask us in certain circumstances to erase any data we hold about you (the so called right to be forgotten). Individuals can request the right to have personal data erased to prevent processing in specific circumstances, i.e. it is no longer necessary, consent has been withdrawn, there is an objection and where applicable your rights etc., override the legitimate interests to continue our processing, or data has been unlawfully processed.
• You can object to our processing of data – this allows you to object to our processing of data about you. We must then stop processing data unless we can establish legitimate reason for continuing. In particular this applies where we are relying on our own legitimate interests or those of a third party to process data but it can also apply in other situations.
• Restricting processing – you can ask us to suspend processing of your personal data and we must then restrict processing of data. This includes where you are contesting the accuracy of a statement or the lawfulness of the processing.
• Data portability – this allows individuals to reuse their personal data for their own purposes across different services allowing them to move, copy or transfer personal data more easily.
Withdrawal of consent
Where your consent provides us with the legal gateway to process data about you you can withdraw this at any time by telling us by email or post using the telephone/addresses given above.
We operate our own internal complaints policy and if you have any concerns about the way in which we collect or handle data please contact us.
Additionally, you have the right to lodge a complaint with the Supervisory Authority who is –
Information Commissioner’s Office
About this Table
As necessary, we collect, use and otherwise process different categories of information (data) about you relying on the various legal gateways available to us. This relates to your purchase of a ride out and, if this goes ahead, so that we can provide the requisite motorcycling services.
Data protection law requires us to give you information about these processing activities as concisely as possible. To do so we have split information about you into different categories, which is in line with requirements in the legislation. We also have to tell you the extent for which your information can be used and shared. Due to the nature of our business information falling into one category will be combined with information in other categories to be handled by us as permitted for the stated purposes under the relevant legal gateway which we have to identify. For example, information about your identity/contact details will be combined with other categories of information to correctly identify you. However, we only do this to the extent that it is necessary in the circumstances.
To make this Table as concise as possible we employ a number of expressions –
Handle information – collecting, compiling, using or storing information (data).
Use information – when we use information this means we consult it, compile it, refer to it to make a decision, or act on it, or combine it with other data. When using it in this way we may have to alter it.
Share data – this includes transferring data to someone else where this is necessary, or receive it from a third party.
Collect data – this is where we receive information either from you, e.g. you complete an insurance form or we receive information about your licence from the DVLA.
Compile data – this is where we use information about you which we have collected to generate information about you, e.g. ride out date and details.
We keep information both electronically and in a manual filing system to maintain our records. We do this because we need to use it from time to time. Normally the legal gateway permitting us to do so which will apply will be the same as applies when we use the data. Additionally, however, there are legal obligations to retain data under data protection law, taxation legislation and insurance law. We also need to do so to fulfil our contract with you. In our own legitimate interests, we also need to retain information to deal with enquiries or disputes and for audit purposes.
Destruction of Data
We delete/destroy data once it is no longer needed. This is a requirement of data protection law. This notice tells you the period for which we normally store data.
What this Table tells you
Information is handled as necessary from time to time. As already stated, information falling under one category can be amalgamated with or added to information in another category in order to carry out the stated purposes.
Part 1 of this Table tells you, depending on the relevant category of your information, what our processing activities are and what is the legal gateway permitting processing as well as the purpose for which we carry out these processing activities.
Where the legal gateway in question is our own legitimate interests (or those of a third party) we identify the relevant legitimate interests.
Details about sharing data are set out in Part 2, whether we transfer it to someone else or receive from a third party.
Part 1 – Collecting, compiling, using and storing your information
In this Part we list out the different categories of your information, briefly explain them where needed, explain what we do with the information and why, as well as specifying the relevant legal gateway we rely on to do so.
We use the word “handle” to cover collecting, compiling, using or storing this information.
Identity and contact details
1. This includes name and contact details
2. We handle this information in order to enter into a contract with you to provide motorcycling services and subsequently to manage the ride out. This is done to perform the contract.
Personal and background information (Riders)
1. This includes details such as your name, email address, home address, licence details, insurance details (riding experience, current occupation, accident/conviction history, NH number, second ID) and associated photographs of yourself.
2. This information is handled to validate your insurance. This is done for legal reasons and for our own legitimate interests.
Bank details (where paying by bank transfer or PayPal)
This includes details of your bank, building society or other paying organisation, including those operating digitally/online.
1. We handle this information in order to receive payment from you or on occasion to make a payment to you. This is done to perform our contract.
2. We also handle this information if we seek to make recovery from you of unpaid debt. This is in our own legitimate interests. This is to recover what is due to us.
Ride out details
1. This includes date, place, duration and type ride out.
2. We handle this information to prepare and complete the ride out contract. This is done to perform our contract.
1. We operate a complaints procedure which may be informal. Although we will do all we can unfortunately sometimes things go wrong so complaints may arise.
2. Information handled concerns complaints which you may make or which may be made on your behalf. These will give rise to communications and records being compiled by us.
3. We handle complaints with a view to resolving these, although this might involve external intervention, e.g. by the courts.
4. We handle complaints for contract performance. This is also done in our own legitimate interests. These are to protect ourselves against claims and to ensure that the complaints are properly resolved.
1. Importantly, this is sensitive personal information to which additional protections apply. We may be given information about your health (whether mental or physical) or disabilities.
2. Health information may be given to us in the course of providing us with your licence details. You may wish us to have information about your health so that we are aware of how you may need assistance on occasion.
3. We may be given information about your disabilities so that we can make particular arrangements for you, including any adaptations which may be required to make under disability discrimination legislation.
4. We handle information about your health or disability, and the health of others depending upon the circumstances to assist us in the ride out. This may be to protect your vital interests. It will be in our own legitimate interests if we are told of any medical condition which affects you. This is so we are aware of possible impacts on you.
5. In addition, as this is special category data, additional legal requirements are imposed upon us about your health and/or disability and we may request your consent to handle this information.
1. Correspondence includes all ways in which we receive communications from whatever source. This includes emails, text messages, social messaging and messages, letters and documentation. This can include photographs and other visual recordings.
2. We handle these communications for contractual performance where applicable, to carry out any applicable legal obligations imposed on us, to protect your vital interests, or in our legitimate interests. These legitimate interests are to ensure that we have the necessary information relating to these matters and for accurate record keeping.
1. We insure the motorcycles and also insure against public liability, including liability to yourself for injuries.
2. We handle information about you which may be relevant to our insurances to arrange cover, to administer insurance contracts, to renew insurances and to make claims. Contractually we are under certain duties, e.g. to disclose information to the insurers. We handle this information to protect our legitimate interests. These are to ensure that appropriate risks are adequately insured against and to recover any sums due to us under the policy as a result of claims.
3. It is your responsibility to insure your own belongings. You may seek information from us relevant to arranging such insurance or making claims. We handle this information and will do so with your consent which is provided as part of your request for any assistance or information.
Part 2 – Sharing Information
We share your information with various persons, organisations and public authorities as necessary. This involves us either transferring your information to others or collecting it from them, depending upon the circumstances. This Part of the Table gives you details about this. It can be a two-way traffic between ourselves and others. In some instances, we may collect information about you from someone else following a request by us to them to provide this information.
Where we collect information from others (third parties) we have to tell you the source of this information, whether or not it is publically accessible, the nature of the source (i.e. whether it is publically or privately held) and the types of organisation from whom the information is obtained. Where possible we need to name the source as well but often this cannot be done. The required details appear in this Part of the Table.
Where information is received from a private person/body or a public authority, this information will not normally be publicly accessible, however in some instances it will be.
We share identity and contact details with all persons, organisations/authorities referred to below. This category of information is linked with the other information in every category for the purposes and under the legal gateway specified under each of the other categories of information. This is to ensure that you are correctly identified and, if need be, can be contacted.
A – Sharing of certain categories of your information
We share certain categories of your information (both transferring it to them and collecting it from them as necessary) with private persons/organisations and public authorities as necessary.
In Section B we go onto explain that, as necessary, certain private persons/organisations and public authorities can share any of your information (irrespective of its category).
Table 1 below identifies the different categories of your information and specifies the private persons/organisations/public authorities with whom these different categories of your information are shared as necessary. This Table should be read in conjunction with Table 2 (private persons/organisations). Table 2 explains why we share your information with these persons/organisations/public authorities and the legal gateway which allows this to happen.
Depending on the category of data concerned you should also refer to that category under Part 1 above because the purposes set out for which we handle data and the legal gateway for doing so also usually apply when we share data with others.
Table 1 – Data categories and who they are shared with
Data category/ With whom we share the data
Personal;background information/ Our insurers
Bank details/ Lloyds, PayPal
Gift voucher information/ Red Letter Days, Into The Blue, BuyAGift, Virgin Experience Days, other gift voucher providers
Email address/ MailChimp
Correspondence etc./ Depending upon the applicable category of information relevant correspondence etc. is shared with any of the persons/organisations/authorities listed in Section A.
Table 2 – Private persons/organisations
Categories of persons, organisations/ Purpose and legal gateway
Our insurers /To obtain insurance. This is to ensure suitability for a ride out in our own legitimate interests. We also provide information to our insurers in their legitimate interest to assist them in evaluating suitability for a ride out. These interests are to ensure that services are provided to suitable riders.
Names of persons/organisations/public authorities with whom information is shared
Where we are able we have to provide you with the identity of the persons/organisations/authorities which are referred to in Tables 1 and 2 above.
Email service providers – Easyspace, TsoHost, MailChimp
Our banks – Lloyds, PayPal
Insurance company – Devitts
Gift voucher services – Red Letter Days, Into The Blue, BuyAGift, Virgin Experience Days.