The following Data Protection Policy, provides information about how Crusader Vehicles Limited (we, us) and any of its trading styles or subsidiaries may collect, process, retain and disclose customer or potential customer (you, your) personal information.
When contacting us we will collect data from you. This data will be collected when you specifically write it in correspondence with us or when you verbally convey it to us. The information that we will collect from you will consist of, but not be limited to, your name, address, telephone number and email address. This information will be used to fulfil your requirements and to keep you informed of our future offers via our mailing lists should you have opted in to receive such communications. All emails and newsletters will have the option to opt out of any further mailings if you so wish. Information can be collected in several ways which include but are not limited to:
As a finance broker, to facilitate the service that we provide to you, at the point where you wish to proceed with finance for a vehicle or asset, it will be necessary for us to acquire further information from you. This is a contractual obligation we have in place with our panel of finance providers and the information we collect from you at this time, will be passed to a lender, for the purpose of carrying out ‘Pre-Contract Checks’. This information will include but may not be limited to, current & previous address history for 5 years, current employment & previous employment history for 5 years, income and outgoing expenditure details, date of birth, marital status, number of dependents, bank account details for direct debits and proof of address for Know Your Customer (KYC) validation. As regulation and legislation changes, these requirements may also change.
At Crusader Vehicles Limited, we take privacy very seriously and work to ensure that the information that we hold about you, remains in our control and is confidentiality protected. There may be times when it is necessary to disclose your data outside of Crusader Vehicles Limited and these instances are listed below. As a matter of course, we do not sell data to any companies and do not hand this data over to anyone unless it is in respect of the below.
We will share your personal data when:
There are a number pieces of personal data that is obtained during the course of providing the service of brokering finance for a vehicle. Some of this data is not necessary to be kept and where possible, will be erased as soon as possible. Where you have withdrawn your consent for us to hold or process your data, where possible, we will erase all of this data. There are some instances where it may not be possible to erase all data. These instances include where we have facilitated an agreement or taken steps towards facilitating an agreement, whereby it is necessary to comply with both are legal and regulatory obligations, that we retain the data for a period of 6 years. This data will be held in case of a requirement to present the data for the reasons outlined in the section entitled ‘When will we share your personal data?’ and also in exercise or defence of any legal claims.
Under the GDPR, you have the right to ask for ALL the information a company holds about you to be erased, deleted or forgotten. Article 17 of the GDPR states that this right is available on the one or more of the following grounds:
Paragraph 2 states that: Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Paragraph 3 of the act states that: Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; 3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3); 4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 5. for the establishment, exercise or defence of legal claims.
The GDPR also allows you the right to rectification. This is the right to have any data that we hold about you rectified and updated should it change or be incorrect. Where possible, we will also inform any third parties that this data relates to, in the facilitation of a service provided by us. Examples of this could be a change of address, a change of business details or a change of contact details given to a finance company that you have an agreement with.
You have the right to ask us to provide you with copies of all the information we hold about you. This is known as a Subject Access Request or SAR. You can read more on how we deal with Subject Access Requests here.
Our website may use cookie and tracking technology like any other website you may visit. We use these methods to track the way our website is used by our customers so we understand better how to make the service faster and more user friendly. The information we gather is analysed either in the aggregate or at a customer level, where we feel that the data we collect will help to enhance your purchasing experience. A cookie is a small file that asks you for permission to be placed on your electronic device and is used to analyse web traffic and store information about your browsing preferences. This data is anonymised but helps provide you with a better browsing experience by remembering specific things you have shown an interest in, to then serve this information to you as relevant information the next time you visit.
The information that a cookie collects includes but is not limited to:
You can opt out of allowing cookies to be used in your browser by visiting websites such as http://tools.google.com/dlpage/gaoptout although browsing experiences may differ without cookies enabled. Different cookies are kept for different lengths of time and depend specifically on the cookie and what it does. Should you require more information on the cookies we use specifically, please write to the Data Protection Office at: Data Protection Officer Crusader Vehicles Limited Crusader House High Street Buxted East Sussex TN22 4LA
We often have links from our website to other 3rd party websites where useful information may be found. It is important to note that this policy only covers the websites and applications of Crusader Vehicles Limited which include www.crusader-vans.co.uk. www.crusadercarleasing.co.uk. & www.vortexvans.co.uk
Here at Crusader Vehicles Limited, we are constantly thinking of ways to improve our operational efficiency and we carry out continuous improvement on our processes and equipment. Technology – By the nature of what we do, technology is at the forefront of our data protection policy. We use up to date systems and methodology to make storing and transmitting data as secure as possible. We hold all of our data in a central Customer Relationship Management system. This system is located offsite and as such, data is protected against fire, flood, theft and onsite hardware failures. At rest, your data is stored in a UK Data Centre protected by perimeter fencing, electric gate entry and a gate house which is manned 24x7x365 by security personnel. Strict access controls are operational within the data centre building including proximity access card readers and secure lockable racks to prevent unauthorised access to the data centre and equipment. In transit all communication between the web browser and our data centres is protected by 256-bit SSL encryption. All logins are password protected and access to the database is strictly controlled. Our PC’s run the latest operating system versions, with all software updates applied when they are available. Emails are secured through extensive firewalls with additional monitoring and all PC’s have an added layer of real time, end-to-end antivirus installed. Our website is encrypted using a SSL/TSL (Secure Sockets Layer/ Transport Layer Security) connection. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
A data breach occurs where a data subject’s personally identifiable information has been compromised or where a breach of our own systems has occurred and there is the potential for data to be compromised. At this point, we are required to notify the Information Commissioner’s Office of the breach and then inform all users affected. Where a breach occurs, we will investigate thoroughly, identifying root causes and making immediate changes to ensure data security remains in place.