Data Protection Policy
The following Data Protection Policy, provides information about how Crusader Vehicles Limited (we, us) and any of its trading styles or subsidiaries may collect, process, retain and disclose customer or potential customer (you, your) personal information.
Crusader Vehicles Limited as a Data Controller.
For the purpose of the General Data Protection Regulations (GDPR), Crusader Vehicles Limited is seen as the Data Controller, as information is passed directly to us by you, for us to handle on your behalf. Within our organisation, Shane Baldock is known as our Data Protection Officer or DPO.
Crusader vehicles Limited
Tel: 01825 701205
When making contact with us we will collect data from you. This data will be collected when you specifically write it in correspondence with us or when you verbally convey it to us. The information that we will collect from you will consist of, but not be limited to, your name, address, telephone number and email address. This information will be used to fulfil your particular requirements and to keep you informed of our future offers via our mailing lists should you have opted in to receive such communications. All emails and newsletters will have the option to opt out of any further mailings if you so wish.
Information can be collected in a number of ways which include but are not limited to:
- Telephone calls (recorded for compliance monitoring and training)
- Social media interaction
- Notes we may take when we meet face-to-face
As a finance broker, to facilitate the service that we provide to you, at the point where you wish to proceed with finance for a vehicle or asset, it will be necessary for us to acquire further information from you. This is a contractual obligation we have in place with our panel of finance providers and the information we collect from you at this time, will be passed to a lender, for the purpose of carrying out ‘Pre-Contract Checks’. This information will include but may not be limited to, current & previous address history for 5 years, current employment & previous employment history for 5 years, income and outgoing expenditure details, date of birth, marital status, number of dependents, bank account details for direct debits and proof of address for Know Your Customer (KYC) validation. As regulation and legislation changes, these requirements may also change.
Sharing of your personal data
At Crusader Vehicles Limited, we take privacy very seriously and work to ensure that the information that we hold about you, remains in our control and is confidentiality protected. There may be times when it is necessary to disclose your data outside of Crusader Vehicles Limited and these instances are listed below. As a matter of course, we do not sell data to any companies and do not hand this data over to anyone unless it is in respect of the below.
When will we share your personal data?
We will share your personal data when:
- The law allows us to do so;
- A governmental or regulatory body requests us to do so, with or without your consent;
- It is necessary for the investigation or prevention of crime or fraud;
- You have given us permission to do so;
- We need to obtain professional advice such as legal advice.
- A finance company who will process the finance application;
- A credit reference agency to ascertain credit worthiness;
- The supplying dealer or supplier to order and deliver the vehicle;
- An accessory company to install accessories prior to or after delivery;
- A delivery company to facilitate the delivery;
- Third party providers of ancillary products such as GAP or vehicle insurance.
How long do we store data?
There are a number pieces of personal data that is obtained during the course of providing the service of brokering finance for a vehicle. Some of this data is not necessary to be kept and where possible, will be erased as soon as possible. Where you have withdrawn your consent for us to hold or process your data, where possible, we will erase all of this data.
There are some instances where it may not be possible to erase all data. These instances include where we have facilitated an agreement or taken steps towards facilitating an agreement, whereby it is necessary to comply with both are legal and regulatory obligations, that we retain the data for a period of 6 years. This data will be held in case of a requirement to present the data for the reasons outlined in the section entitled ‘When will we share your personal data?’ and also in exercise or defence of any legal claims.
Right to Erasure
Under the GDPR, you have the right to ask for ALL the information a company holds about you to be erased, deleted or forgotten. Article 17 of the GDPR states that this right is available on the one or more of the following grounds:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Paragraph 2 states that:
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Paragraph 3 of the act states that:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Right to rectification
The GDPR also allows you the right to rectification. This is the right to have any data that we hold about you rectified and updated should it change or be incorrect. Where possible, we will also inform any third parties that this data relates to, in the facilitation of a service provided by us. Examples of this could be a change of address, a change of business details or a change of contact details given to a finance company that you have an agreement with.
Subject Access Requests
You have the right to ask us to provide you with copies of all the information we hold about you. This is known as a Subject Access Request or SAR. You can read more on how we deal with Subject Access Requests here.
Cookies & Tracking
Our website may use cookie and tracking technology like any other website you may visit. We use these methods to track the way our website is used by our customers so we understand better how to make the service faster and more user friendly. The information we gather is analysed either in the aggregate or at a customer level, where we feel that the data we collect will help to enhance your purchasing experience.
A cookie is a small file that asks you for permission to be placed on your electronic device and is used to analyse web traffic and store information about your browsing preferences. This data is anonymised but helps provide you with a better browsing experience by remembering specific things you have shown an interest in, to then serve this information to you as relevant information the next time you visit.
The information that a cookie collects includes but is not limited to:
- The date, time and duration of your visit;
- The IP address of the device you visited from;
- The name and URL of the pages you visited as you traveled through our websites;
- The name of your internet service provider;
- The ID of the browser and operating system used.
You can opt out of allowing cookies to be used in your browser by visiting websites such as https://tools.google.com/dlpage/gaoptout although browsing experiences may differ without cookies enabled.
Different cookies are kept for different lengths of time and depend specifically on the cookie and what it does. Should you require more information on the cookies we use specifically, please write to the Data Protection Office at:
Data Protection Officer
Crusader Vehicles Limited
Links to 3rd party websites
We often have links from our website to other 3rd party websites where useful information may be found. It is important to note that this policy only covers the websites and applications of Crusader Vehicles Limited which include https://crusadervanleasing.co.uk/ and https://www.crusadercarleasing.co.uk/ .
Measures we take to protect your privacy
Here at Crusader Vehicles Limited, we are constantly thinking of ways to improve our operational efficiency and we carry out continuous improvement on our processes and equipment.
Technology – By the nature of what we do, technology is at the forefront of our data protection policy. We use up to date systems and methodology to make storing and transmitting data as secure as possible. We hold all of our data in a central Customer Relationship Management system. This system is located offsite and as such, data is protected against fire, flood, theft and onsite hardware failures. At rest, your data is stored in a UK Data Centre protected by perimeter fencing, electric gate entry and a gate house which is manned 24x7x365 by security personnel. Strict access controls are operational within the data centre building including proximity access card readers and secure lockable racks to prevent unauthorised access to the data centre and equipment. In transit all communication between the web browser and our data centres is protected by 256-bit SSL encryption. All logins are password protected and access to the database is strictly controlled.
Our PC’s run the latest operating system versions, with all software updates applied when they are available. Emails are secured through extensive firewalls with additional monitoring and all PC’s have an added layer of real time, end-to-end antivirus installed. Our website is encrypted using a SSL/TSL (Secure Sockets Layer/ Transport Layer Security) connection. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
A data breach occurs where a data subject’s personally identifiable information has been compromised or where a breach of our own systems has occurred and there is the potential for data to be compromised. At this point, we are required to notify the Information Commissioner’s Office of the breach and then inform all users affected. Where a breach occurs, we will investigate thoroughly, identifying root causes and making immediate changes to ensure data security remains in place.
Crusader vehicles Limited
Tel: 01825 701205