Mazda UK Privacy Policy
Key Summary
We process your personal information only for the following purposes: vehicle loans press events, market research, providing updates on network dealer changes, responding to general enquiries and requests sent to us, marketing analytics, personalised communications and direct marketing.
As part of our processing for these purposes, we share your information with suppliers who act on our behalf for services such as logistics travel agents database management, IT support, website support and marketing services.
This Policy explains what data we process, why, how it is legal and your rights.
About Mazda UK and this Privacy Policy
This Privacy Policy is provided by Mazda Motors UK Limited (“Mazda UK”, “we” or “us”) who is a controller in respect of your personal data for the purposes of the General Data Protection Regulation (EU) 2016/679 and the UK Data Protection Act 2018 (collectively referred to as the “Data Protection Laws”). Keeping your data safe is important to Mazda UK and this Privacy Policy explains what personal data we process, why we hold the data, what legal basis we rely on and what your rights are. Please take time to read this carefully.
How to contact us
To get in touch with Mazda UK with any queries about how we process your data , please contact us by:
Email: mazdaukdpo@mazdaeur.com
Address: Mazda UK DPO, Mazda Motors UK Limited, Victory Way, Crossways Business Park
Dartford, Kent, DA2 6DT
Telephone 03457 48 48 48
What information do we collect?
The personal information provided by you to us falls within the following categories for both car purchases and service visits:
(“Page Insights Controller Addendum”
https://www.facebook.com/legal/terms/page_controller_addendum). This agreement does not allow decisions concerning the processing of Insights Data to be made or implemented by us alone. Facebook takes primary responsibility under the GDPR for the processing of Insights Data and for compliance with all duties arising from the GDPR in respect of the processing of Insights Data.
How do we use your information and lawful basis for processing?
We use your personal data for the following purposes, and we are allowed to do so, on certain legal bases which are outlined below.
Our legitimate interest in processing the personal data below for the purpose specified is to provide you with useful services and information. We only use your personal data for the purposes specified and process personal data that is necessary for these purposes:
o Market Research – We may contact you from time to time to invite you to participate in market research studies such as mystery shopping or other types of research.
o Legal Obligation
o DVLA Checks – Your data will be inputted into the DVLA to confirm your licence eligibility to drive one of our vehicles
o Requests from authorities – We will share your personal data with the police, other law enforcement or regulators where we are required by law to do so.
Who will handle your data?
We will never sell your information to third parties and will only provide your data to the third parties as detailed above to fulfil the relevant services. Mazda UK uses the following Mazda entities as processors to provide certain services and have access to your personal data in the process:
Who information is shared with | Personal data |
Mazda Motor Europe GmbH – Database management services | o Contact details
o Customer services o Vehicle Information |
Mazda Motor Corporation – Vehicle and product quality support | o Vehicle Information |
Mazda UK will ensure that all processors (e.g. IT hosting, database management, customer contact providers, security etching, finance and contract administration, warranty and roadside assistance providers, marketing fulfilment, Mazda dealers) who are handling your data, comply with the Data Protection Laws and that data is only stored within the EEA, where possible. Mazda UK has agreed for your data to be transferred to countries outside of the EEA to fulfil specific processing. To comply with the Data Protection Laws, all our processors are required to provide evidence that they have appropriate levels of technical and operational security measures in place to protect your data, and we have a process in place to ensure these processors comply with their obligations.
Data processed whilst visiting our Facebook fan page may be processed outside the EU. Facebook, Inc., as a Privacy-Shield certified US provider involved in processing your data, has agreed to comply with EU data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (version: 02/11/2018).
How long do we keep your information for?
Where we are storing website data against unique ID’s, as this data is processed in a way that does not identify you as an individual, this data will be kept indefinitely for historical reporting purposes. Where we are storing cookie data linked to personal information, we will store this cookie for 2 years unless you delete it from your browser settings or if you opt out from all marketing cookies on our website.
Call tracking and recordings are kept for no longer than 6 months and for the live chat service we will collect any personal information that you provide as part of the live chat and it will be stored for up to 6 months to enable us to fulfil your enquiry We will retain your personal data for as long as you own a Mazda car and up to 7 years from when we are aware that you no longer own your car, to ensure we are able to deal with any queries you may have on your Mazda or to support any product recall and legal claims process. We may hold this data for a longer period, if we are legally required to do so.
Vehicle information retained for 112-Based Emergency Call System is kept for a maximum of 13 hours from the moment an Emergency call system was initiated.
How you can amend your marketing preferences
If you do wish to stop receiving communications from Mazda UK, you can do this in the following ways:
Your Rights
Under the Data Protection Laws you have the following rights in relation to your personal data:
To exercise your rights please contact the Mazda UK Data Protection Officer using the contact details provided in the section headed “How to Contact Us”. We will ask you for information to confirm your identity and we will then respond to your request within 30 days from when we have received your request.
As a UK Company, MMUK’s local supervisory authority is the UK Information Commissioner’s Office (ICO). Please visit the ICO website (www.ico.org.uk) for more details. You have a right to complain to the ICO if you believe your personal data has or is being used in a way that you believe does not comply with the Data Protection Laws.
Web Analysis, Monitoring and Optimisation
Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.
Data transfer to the US is possible, where the level of data protection may not be comparable to that of the EU area. The transfer will be legitimised by Standard Data Protection Clauses pursuant to Art. 46 (2) (c), (5) GDPR. Furthermore, additional measures have been implemented where necessary. If you
consent to the use of this service, the transfer will be also legitimised pursuant to Art. 49 (1) (a) GDPR.
In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.
For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar procedures in which the relevant user information for the aforementioned analyses is stored. This information may include, for example, content viewed, web pages visited and elements and technical data used there, such as the browser used, computer system used and information on times of use. If users have consented to the collection of their location data, these may also be processed, depending on the provider.
The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.
Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Profiles with user-related information (Creating user profiles), Optimization.
Security measures: IP Masking (Pseudonymization of the IP address).
Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Art. 49 para. 1 lit. a GDPR.
Technologies used: Cookies, Pixel, Tagging, Data modelling.
Location of Processing: This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
Duration to store the data: The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
Distribution to third countries: This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.
Data Recipients: Alphabet Inc., Google LLC, Google Ireland Limited
Services and service providers being used:
Google Analytics: Web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy.
Click here to opt out from this processor across all domains: https://tools.google.com/dlpage/gaoptout?hl=en
Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online services (please refer to further details in this privacy policy). With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies are stored. Google only receives the IP address of the user, which is necessary to run the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
Website: https://marketingplatform.google.com;
Privacy Policy: https://policies.google.com/privacy.
Changes to this Privacy Policy
The Privacy Policy will be provided to you by email or a copy can be provided to you by getting in touch with us, see section headed “How to contact us”. We may change this Privacy Policy from time to time and we will alert you when changes are made.