In this policy, 'Next Green Car Sites and Services', also referred to as 'Next Green Car' and 'Sites and Services', refers to the websites, mobile applications and data services operated by Next Green Car Ltd. and associated with 'Next Green Car Website' [http://www.nextgreencar.com], also referred to as the 'Website'. The use of terms 'we' and 'our' refer to Next Green Car Sites and Services, and 'users' refers to contributors and users of the information published on any of the Sites and Services.
What information we collect
Every time you use any of the Next Green Car Sites and Services, we may automatically collect the following data, some of which can be considered personal information:
• Information about your activity on and interaction with Next Green Car, including your IP address, the type of device and browser you use, high-level location including the country from which you are accessing the Sites and Services, and;
• Information about your actions on the Sites and Services in the form of traffic analytics. You can opt out of being included in Google Analytics by using Google Analytics Opt-out Browser Add-on;
Users may also request additional Sites and Services features for which we need to collect and process some personal information. You may decline to provide us with your information; however, this will limit your ability to use these additional features.
We may ask for this information if you request a service on our Sites and Services, subscribe to our newsletters, request a leasing quote, brochure, or test drive, submit content to Next Green Car, or if you contact us. Depending on your use of Next Green Car, the personal information requested may include:
• Your first and last names, contact email, and contact phone number;
• The vehicle make(s) and model(s) for which you request a leasing quote, brochure, or test drive;
• If requesting a leasing quote: your reason for the quote, length of lease required, and your estimated annual mileage.
Other information which we may collect depending on your contact preferences and device settings includes:
• Your contact preferences, so that we know for what reasons we may contact you (e.g. Next Green Car newsletter, Next Green Car surveys, Next Green Car promotions, and third-party communications) as well as your preferred contact methods (e.g. email, telephone, post, text);
• Communications you send directly to us (for example, when you ask for support, provide additional information when requesting services, send us questions or comments, or report an issue);
• Your current location for certain location-enabled services. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent for us to access your location at any time through your device settings;
• Your notification and device storage (caching) preferences, which you can change at any time through your device settings.
How we use your personal information
For all users of Next Green Car Sites and Services, we use the information automatically collected for the following purposes:
• To enable us to provide you with Next Green Car Sites and Services, and to continually improve Next Green Car to ensure that the content is presented in the most effective manner for you and for your device;
• To track and analyse use of the Sites and Services so that we can improve how Next Green Car is performing and provide users with the best possible experience;
• To allow you to participate in interactive features of our Sites and Services, when you choose to do so, in order that you receive the best possible information service from Next Green Car;
• As part of our efforts to keep our Sites and Services safe and secure through pro-active site monitoring, and to administer Next Green Car for troubleshooting, data analysis, and testing purposes.
If you have requested an additional feature on Next Green Car Sites and Services, we use the personal information you have provided for the following purposes:
• To enable us to provide you with additional features on Next Green Car Sites and Services including those delivered by our commercial partners and/or third party providers;
Where you have provided other device setting and contact preference information, and where you have consented to such communications, we may use this information for the following purposes:
• Provide you with Next Green Car product updates and notify you about changes to our Sites and Services;
• Provide you with newsletters, promotions and other information about goods or services we think may interest you where you have consented to such communications;
• Invite you to participate in Next Green Car surveys and relevant market research where you have consented to such communications;
• Respond to your feedback, enquiries and complaints;
• Carry out our obligations from any contracts you have entered into with us; or process job vacancy applications and CVs.
To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, and the potential risk of harm from its unauthorised use or disclosure. In the case of personal information captured for leasing quotes, this is immediately passed on to our leasing partner and temporarily stored by Next Green Car before being deleted from our database after 120 days.
How we protect your personal data
We take security seriously, and the security of your personal data is important to us. We do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. This in effect removes any personal information and any security risk associated with your data. We may use or store this information indefinitely without further notice to you.
However, as no method of electronic communication or storage is completely secure, we cannot guarantee its absolute security. Next Green Car therefore has a protocol in place in the event of a data breach. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so, and within the time limit specified by GDPR regulations.
As part of our data security procedures, we regularly employ penetration testers to review our database and server security measures. Should you become aware of a security vulnerability across any part of our Sites and Services, we encourage the responsible disclosure of vulnerabilities by emailing email@example.com.
Your data protection rights
Under European GDPR legislation which takes effect from 25 May 2018, to process your data we must have a lawful basis to do so. GDPR permits six legal ways to process your personal data.
In the vast majority of cases, we process your personal data where:
• You have given consent to the processing of your personal data for one or more specific purposes.
In a small number of cases, we may also process your personal data where:
• It is necessary for compliance with a legal obligation to which we are subject; it is necessary in order to protect your vital interests; it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
• It is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
In cases where we must rely on legitimate interests rather than consent to process personal data, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.
Examples of legitimate interests include: reporting criminal acts and compliance with law enforcement agencies; internal and external audit for financial or regulatory compliance purposes; statutory reporting; maintenance of suppression lists; physical and network security; financial management and control; and general administration.
GDPR gives you the user of Next Green Car Sites and Services, a number of important rights with which to control the use of your personal information. Next Green Car is happy to comply with these rights which are:
• Withdraw consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time;
• Right to be informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used;
• Right of access – You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. From 25 May 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity;
• Right of erasure – From 25 May 2018, you have the right to be forgotten (i.e. to have your personal data deleted). Where this occurs, we will only retain your registration details on a suppression list to ensure that you are not contacted in the future. Should we be unable to comply with your request of erasure for legal reasons, we will notify you about this decision;
• Right of rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data provided to us;
• Right to restrict processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage;
• Right to data portability – Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
• Right to object – You have an absolute right to stop the processing of your personal data for direct marketing purposes. This right is implemented by amending your contact preferences;
• Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object.
To submit a Subject Access Request, change consent, request erasure or rectification, restrict processing, to port data to another provider, and/or to object to automated decision making, please contact Next Green Car via email at firstname.lastname@example.org, by phone on 0117 929 8855, or write to: Next Green Car Ltd & Zap-Map, Spike Island, 133 Cumberland Road, Bristol BS1 6UX. Mark your email or letter Privacy Information Request.
Data sharing with third parties
In order to facilitate your use of our Sites and Services, we may share your personal data with trusted third parties to provide elements of our Sites and Services to you. In all such cases we will first confirm that each party is fully GDPR compliant and will request documentary evidence to this effect. Where required, we will also insist on a signed contract which includes a GDPR compliance clause.
In these cases, we will provide your personal data to third parties only when they need the data to perform particular functions in delivering our Sites and Services to you or as part of our regulatory compliance. These include:
• Our vehicle leasing partners who provide users (if requested by the user) with a leasing quote, brochure, or test drive for specific vehicle make(s) and model(s);
• Service providers acting as data processors on our behalf, located in the UK and/or EU who provide data hosting facilities, email services, IT and system administration services which support Next Green Car Sites and Services;
• HM Revenue & Customs, regulators and other official authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances;
• If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or request or to investigate potential data breaches.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes (other than those related to the delivery of Next Green Car Sites and Services) and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Children and personal information
As GDPR has additional safeguards for the protection of children's personal data, Next Green Car does not knowingly collect any personal information from children under the age of 13 and children under 13 are not permitted to register for any service on Next Green Car Sites or Services.
Under our Terms and Conditions, from 25 May 2018, children under 13 are only permitted to use Next Green Car as anonymous users and must not provide any personal information, and must ensure that their devices are set to block the transmission of all personal data including the devices IP address and location information.
If you believe that a child has provided us with personal information, please contact us at email@example.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we will immediately remove the data from our databases.
Privacy contact information
If, for any reason, you have a complaint, please contact Next Green Car in the first instance to discuss your concerns. If after having contacted Next Green Car and received a response you are still dissatisfied, you are able to contact the Information Commissioner’s Office (ICO) directly by phone on 0303 123 1113. For more information, visit the ICO website.
Policy last updated: May 2018