KYMCO UK LTD – PRIVACY POLICY

  1. Introduction to this Policy

KYMCO UK Limited (KYMCO) is a company registered in England and Wales under company number 06477339.

KYMCO takes its privacy obligations seriously and is committed to protecting your privacy. This privacy policy (Policy) explains how we collect information from our websites at http://www.kymcohealthcare.com, http://www.kymco.co.uk, any subdomain and/or mobile application for such website (together Website) or when you access any of our services or enter into commercial arrangements with us (Services). The term “you” or “your” refers to the individual accessing the Website or Services or entering into commercial arrangements with us (i.e. suppliers, distributors etc).

Before providing us with information relating to another individual, please inform that individual about this Policy and (where necessary) obtain their permission to share their information.

We, as the Data Controller, are responsible for, and control the processing of your Personal Data in accordance with the General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018 (Act). “Personal Data” means any information that identifies or makes identifiable a natural (living) individual.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  1. Information we may collect about you

When you use the Website and/or our Services and/or when you otherwise deal with us we may collect the following information about you:

personal information including first and last name and date of birth,

photograph and/or likeness including images captured on CCTV where you visit our site,

contact information including current residential address, email address and/or phone number,

financial data including account details, payment details and credit score,

vehicle and driver’s details including vehicle registration number and drivers license,

purchase history,

technical information including IP address, operating system, browser type and related information regarding the device you used to visit the Website, the length of your visit and your interactions with the Website;

information obtained through our correspondence; and

details of any enquiries made by you through the Website, together with details relating to subsequent correspondence (if applicable).

This information may be collected from you or a third party including credit reference agencies, other parties to a claim, third party websites, suppliers or distributors etc.

We may monitor your use of the Website through ‘cookies’ and similar tracking technologies. We may also monitor traffic, location and other data and information about users of the Website. Such data and information, to the extent that you are individually identifiable from it, shall constitute Information as defined above. However, some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. See below ‘cookie’ section for further information on our use of cookies.

  1. Legal basis for processing your information

In accordance with the GDPR/the Act, we may only process your Personal Data if we have a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your Personal Data is set out in the table below

Why we will process your Information

The legal basis for which is...

To answer your questions, improve the Website and to ensure that the Website is presented in the most effective manner for you and for your computer.

This is necessary for the legitimate interests we pursue in keeping our Website up to date and competitive.  There is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.

To maintain a record of any warranty/vehicle purchased for the purpose of validation.

This is necessary for the performance of the contract between us and information is processed to enable us to provide the Services to you.

To process any claims under a warranty

This is necessary for the performance of the contract between us and information is processed to enable us to provide the Services to you.

To collect any payment due, including, where necessary, debt recovery actions.

This is necessary for the performance of the contract between us and information is processed to enable us to provide the Services to you.

To advance or defend a claim against us or arising out of use of our Services

This is necessary for the legitimate interests we pursue in advancing or defending any claims relating to our Services we provide. There is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.

To answer your questions, improve the Service and to notify you of changes, updates and new features of the Service.

This is necessary for the legitimate interests we pursue in keeping our Services up to date and competitive. There is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.

To contact you for marketing purposes.

Such marketing may be aimed at both existing and potential customers and other businesses.

 

This processing is necessary for the legitimate interest we pursue in marketing products and services to you. Where this is the case, there is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.

Sometimes, this processing will take place based on your clear and informed consent. Where you have given consent to any data processing, you have the right to withdraw that consent at any time. Please see the marketing section below for further details.

To comply with our legal and regulatory obligations, including identity and other verification checks in relation to anti-money laundering, finance regulations, an order of a court, reporting to HMRC, registering a vehicle with the DVLA, etc.

This processing is necessary to comply with our relevant legal obligations.

 

    1. It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.
  1. Marketing and opting out

For the purposes of the GDPR and the Act we will either have a legitimate interest in processing your personal data (name and contact details) for marketing communications, or we may require your permission to send marketing communications.

For marketing communications that are business to business we do not require your permission, in line with current regulations. Where marketing communications are aimed at you as an individual we may require your permission as set out below.

Where you have previously ordered products or services from us we may contact you about similar or related products, services, promotions and special offers that may be of interest to you.

For marketing communications that are business to consumer, with your permission we may contact you by telephone, email or post to provide information in relation to other products, services, promotions, special offers and other information we think may be of interest to you.

    1. Further, with your permission, we may share your details with carefully selected third parties and they may contact you directly (unless you ask them not to) by telephone, email or post about products, services, promotions and special offers that may be of interest to you.
    1. You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right please follow the unsubscribe link in the communication in question or contact us via the below details. Alternatively you can contact the relevant third party, giving us or them enough information to identify you and process your request.

 

    1. Where you have requested that we no longer contact you for marketing communications, we may retain your Personal data as a record of this request.
  1. Your consent to marketing communications

As noted above, you will be required to give consent to certain marketing communications before we can process your information as set out in this Policy. Where applicable, we will seek this consent from you when we first obtain your Personal Data.

If you have previously given consent you may freely withdraw such consent at any time. You can do this by notifying us in writing (see below contact details).

Please note that if we need to process your Information in order to operate the Website and/or provide our Services, and you object or do not consent to us processing your Personal Data, the Website and/or those Services may not be available to you.

  1. How long we keep your information

We will review the retention of your Personal Data on an annual basis with a view to safely deleting the relevant Personal Data. As a general guide we expect to hold your Personal Data for no longer than 6 years following conclusion of any claim and/or contract. 

In certain circumstances we may be required to retain your Personal Data for longer. For example, in order to comply with our legal or regulatory obligations

  1. Automated decision making

Insert details of the existence of automated decision making, including profiling, and information about how automated decisions are made, and the significance and the consequences of those decisions.

  1. Disclosure of your information

We may disclose your information to third parties (including Personal Data):

to other companies within our group of companies (which means our subsidiaries, our ultimate holding company (which is KWANG YAMG MOTOR CO. Limited, in Taiwan) and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006);

to our business partners (including suppliers and distributors), service providers or third-party contractors (including IT support, couriers and credit providers/ reference agencies) to enable them to undertake services for us and/or on our behalf (and we will ensure they have appropriate measures in place to protect your Information);

to any prospective buyer or seller (and their representatives) in the event that we sell or buy any business or assets;

if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (such as registering a motorcycle with the DVLA), including (but not limited to) any request or order from law enforcement agencies and/or HMRC in connection with any investigation to help prevent unlawful activity; and

to other third parties if you have specifically consented to us doing so.

We may disclose aggregated, anonymous information (i.e. information from which you cannot be personally identified), or insights based on such anonymous information, to selected third parties, including (without limitation) analytics and search engine providers to assist us in the improvement and optimisation of the Website. In such circumstances we do not disclose any information which can identify you personally.

If our whole business is sold or integrated with another business your information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.

  1. Keeping your Information secure

We will use technical and organisational measures in accordance with good industry practice to safeguard your Personal Data, including the use of data encryption, limiting access to only those at KYMCO that require access as part of their role.

While we will use all reasonable efforts to safeguard your Personal Data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Information that is transferred from you or to you via the internet.

  1. Overseas transfers

From time to time we may need to transfer your Personal Data to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). Non-EEA countries that we may need to transfer your Information to includes:

Taiwan, because our group company and IT servers are based there.  

Such countries may not have similar protections in place regarding protection and use of your data as those set out in this Policy. Therefore, if we do transfer your Personal Data to countries outside the EEA we will take reasonable steps in accordance with the GDPR and the Act to ensure adequate protections are in place to ensure the security of your information including the use of approved contractual clauses. For transfers to our group company, we have established standard contractual clauses to protect your data, in accordance with GDPR Article 46(2).

By submitting your Personal Data to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.

  1. Information about other individuals

If you give us information on behalf of a third party, you confirm that the third party has appointed you to act on their behalf and has agreed that you can: give consent on their behalf to the processing of their Information; receive on their behalf any data protection notices; and give consent to the transfer of their Information abroad (if applicable).

  1. Your rights

This section sets out the legal rights of individuals in respect of the Personal Data we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details below) giving us enough information to identify you and respond to your request.

    1. You have the right to request access to information about your Personal Data that we may hold and/or process and to have any inaccurate information we hold about you corrected and/or updated. Most requests will receive a response within one month of receipt of a valid request; those which are more complex or numerous may take up to three months. You may not be entitled to see all the information about you if an exemption under GDPR/ the Act applies.

 

In certain circumstances you have the right to ask for Personal Data we hold about you to be deleted, e.g. where the data is no longer needed for the above purposes. This not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case, we will let you know. You can also object to or seek to restrict our processing of the relevant information in similar circumstances.

    1. You have the right to receive the Personal Data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.

You may object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

    1. You can also object in certain other situations to our continued processing of your personal information, or otherwise restrict our processing of your Personal Data in certain circumstances.

If you seek to exercise a right under the relevant law and we consider an exemption is applicable (or the relevant right is not exercisable), we will explain this to you in as clear a way as we can

You have the right to object and/or withdraw your consent to direct marketing, for which see the marketing and consent section above.

If you would like to exercise any of these rights, please contact our Data Protection Manager (see below), providing enough information to identify you and let us know which information to which your request relates.

  1.  ‘Cookies’ and related software

Our software may issue ‘cookies’ (small text files) to your device when you access and use the Website and you will be asked to consent to this at the time (e.g. when you first visit our website). Cookies do not affect your privacy and security since a cookie cannot read data off your system or read cookie files created by other sites.

Our Website uses cookies and other tracking and monitoring software to: distinguish our users from one another; collect standard Internet log information; and to collect visitor behavior information. The information is used to track user interactions with the Website and allows us to provide you with a good experience when you access the Website, helps us to improve our Website, and allows us to compile statistical reports on Website visitors and Website activity.

You can set your system not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted), however please note that some of our Website features may not function if you remove cookies from your system. For further general information about cookies please visit www.aboutcookies.org or www.allaboutcookies.org.

  1. Changes to this Policy

We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on the Website, and place notices on other pages of the Website as applicable, so that you may be aware of the Information we collect and how we use it at all times. You are responsible for ensuring that you are aware of the most recent version this Policy as it will apply each time you access the Website.

This Policy was last updated on the 27th of September, 2018.

  1. Links to other websites

Our Website may contain links to other websites. This Policy only applies to our Website. If you access links to other websites any Information you provide to them will be subject to the privacy policies of those other websites.

    1. We have no control over third party websites or systems and accept no legal responsibility for any content, material or information contained in them. Your use of third party sites or systems will be governed by the terms and conditions of that third party. It is your responsibility to ensure you are happy with such third-party terms and conditions.
    2. The display of any hyperlink and/or reference to any third-party website, system, product or service does not mean that we endorse that third party's website, products or services and any reliance you place on such hyperlink, reference or advert is done at your own risk.
  1. Accessibility

This Policy aims to provide you with all relevant details about how we process your Personal Data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.

  1. Complaints
    1. If you have any concerns about how we collect or process your Personal Data then you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
  2. Contact us
    1. We welcome your feedback and questions on this Policy.

We can be contacted via our representative responsible for data protection, Kevin Su, by email at sales@kymcohealthcare.co.uk, by telephone on 01656 645755, or by post at 30 North Road, Bridgend Industrial Estate, Bridgend, Mid Glamorgan CF31 3TP