© 2019 All rights reserved
WHO WE ARE
This policy is for and on behalf of Down And Out BMX Limited (Company Registration Number ********) whose registered office is at Down & Out BMX, Unit 1, Stanley Road, Barnsley, S70 3PG, United Kingdom and its Affiliates.
For the purpose of this policy; (a) “Affiliate” shall mean any entity that directly Controls, is Controlled by, or is under common Control with Down & Out BMX Limited, and (b) “Control” shall mean the beneficial ownership of more than 50% of the issued share capital of a company or the legal power to direct or cause the direction of the management of the company, and “Controls” and “Controlled” shall be interpreted accordingly.
All references in this policy to Down & Out BMX, Down And Out BMX, Down And Out BMX Limited, “we”, “us” or our” and/or to the company (as relevant) shall include Down And Out BMX Limited and its Affiliates (as defined above).
Postal Address:- Legal and Compliance Team, Down & Out BMX, Unit 1, Stanley Road, Barnsley, S70 3PG, United Kingdom
Email Address:- firstname.lastname@example.org
THE DATA WE COLLECT ABOUT YOU
Personal Data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:-
- Identity Data:- First name, maiden name, last name, username or similar identifier, date of birth and gender
- Contact Data:- Billing address, delivery address, email address and telephone numbers
- Financial Data:- Bank account and payment card details
- Transaction Data:- details about payments to and from you and other details of products and services you may have purchased from us
- Technical Data:- Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform and other technology on the devices you use to access this website
- Profile Data:- username, purchases or orders made by you, your interests, preferences, feedback and survey responses
- Usage Data:- information about how you use our website, products and services
- Marketing and Communications Data:- your preferences in receiving marketing from us and our thirds parties and your communication preferences.
- Public sources of data:- information to support website functionality, ensure owner information is accurate with DVLA and to support authentication and/or fraud checks
As a customer of Down & Out BMX we will not collect any special categories of information about you without your prior explicit consent (this include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and bio-metric data). Nor do we collect any information about criminal convictions and offences.
HOW WE RECEIVE THIS INFORMATION
We use different methods to collect data from and about you including through:-
Direct Interactions:- You may give us your identity, contact and financial data by filling in forms online, by post, on the phone or at our events, factory visitor experience or dealerships (who are part of the Down & Out BMX dealer network). This includes personal information you provide to us when you
- Apply for our products or services;
- Subscribe to our service or publications;
- Request marketing material to be sent to you;
- Enter a competition, promotion or survey;
- Attend one of our events and/or conferences.;
- Make a complaint; and
- Provide us with feedback or contact us
Third Parties or Publicly Available Sources:- We may receive personal data about you from various third parties and public sources as set out below:-
- Vehicle and identity related data from independent third party sources such as the DVLA in the United Kingdom;
- Advertising networks;
- Analytics providers (such as Google based outside the EU);
- Device data in order to carry out actions such as adapt screen size to your device;
- Credit referencing agencies; and
- Search information providers
Consumer Generated Sources:-. Any content that you create and then share with us on third party social networks or by uploading it to one of our Websites or apps, including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content.
Third Party Social Network Information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you such as where you are buying goods and services. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW WE USE YOUR PERSONAL DATA
Under applicable data protection law, we can only use your personal information if we have a proper reason for doing so (a legal basis for processing). In this regard Down & Out BMX will only use your data in the following circumstances:-
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal obligation; and
- Where you have provided your consent
For the purposes of clarity a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Generally, we rely on our legitimate interest as a legal basis for processing your personal data however in any event we will get your consent before sending you marketing communication either by post, email, telephone and/or SMS.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely upon to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need more details about the specific legal ground we are relying upon to processes your personal data.
▀ The table below does not apply to special category data which will only process with your explicit consent.
Type of data Lawful Basis for Processing including basis of Legitimate Interest
Marketing activities, research and analytics
We will obtain your consent for the purposes of sending you marketing communications either by email, SMS, phone or post.
We may also share your details for electronic marketing communications with our network of independent third parties, where you give consent for this to happen. We will also ensure we comply with applicable data protection regulation in respect of cookies for marketing use.
We may also market products and services to you on the legitimate interest ground such as where we tailor certain material to you and provide existing customers information about similar products and services.
It is possible we may contact you to identify if you are the current owner of a motorcycle and ask if you wish to participate in market research from time to time. In this instance and for the purposes of contacting you we would seek to rely on our legitimate interests and this is completely your decision if you wish to participate.
We will use profiling including segmentation tools and carryout research and analytics to assist and develop our marketing strategies, to understand our customers better, to support a more user friendly website and to better improve the customer experience across all business areas.
f) Marketing and Communications
g) Public Sources
Legitimate Interests for direct marketing and market research purposes (such as understanding how our customers use our products and how we can develop them and grow our business).
Maintaining and Supporting your Website/ App Use
Where you use our website and or other application/s either at home or at events we and our approved third parties may process your data to support these services.
We also may want to improve our services to strengthen our internal processes and your experience as a customer.
Legitimate Interests in ensuring our websites are effective and in developing the customer experiences in relation to the use of our website.
Personalisation (offline and online).
With your consent (where required), we use your Personal Data including for the purposes of profiling (i) to analyse your preferences and habits, (ii) to anticipate your needs based on our analysis of your profile, (iii) to improve and personalise your experience on our Websites and apps; (iv) to ensure that content from our Websites/apps is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content (including via social media), and (vi) to allow you to participate in interactive features, when you choose to do so.
Based on this type of information, and with your consent (where required), we also show you specific Down & Out BMX content or promotions that are tailored to your interests.
Legitimate Interests in working out which of our products and services may be of interest to you and telling you about them and for the purposes of identifying types of consumers for new products or services
We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that we obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks. a) Identity
Legitimate Interests in working out which of our products and services may be of interest to you and telling you about them and for the purposes of identifying types of consumers for new products or services
Your Motorcycle Purchase
Where you purchase a motorcycle from Down & Out BMX or one of our dealers (as part of our dealer network) we will use your information to update our internal databases for information relating a motorcycle VIN number.
In doing so we are able to provide you with up to date information relating to your motorcycle where we may share details with third parties to provide you with exclusive offers such as additional insurance policies and extended warranty.
Legitimate interests in ensuring our customers receive the best offers relating to their motorcycle purchase including extended warranties where current warranty has expired.
Warranty, Claims and Recalls
When you make a warranty claim from Down & Out BMX we will be required to process your personal information in order to log the claim and ensure your issues are rectified.
We are legally obliged to process your information to ensure where a product safety recall is required we are able to contact the registered owner of a motorcycle and effectively communicate this service.
Legitimate Interests to ensure warranty claims are administered and actioned in appropriate time and that customers are updated regularly with regard to the stage of their claim.
Magazine Articles, Social Media Posts
When you attend one of our events or the factory visitor experience centre on occasion we may take pictures and/or recordings which we may publish online via social media and/or magazine articles.
This data may be captured for a specific purpose in which case we will ask for your consent however normally it may be just part of recording an event to further the Down & Out BMX brand and inform customers and other individuals interested in the Down & Out BMX brand about our events, developments and activity.
Legitimate Interests to inform the public about our events and the general public about activity Down & Out BMX in order to promote the Down & Out BMX brand and showcase development.
When you fill out forms for the purposes of a request for example where you request a brochure, further information or a test ride we process your personal data in order to manage such request and ensure it is actioned accordingly.
Legitimate Interests in ensuring the customer’s request is actioned accordingly.
Legal and Regulatory Obligations
Where we need to manage legal and regulatory requests such as the prevention/detection of crime and liaising with regulatory bodies and/or law enforcement agencies such as the Police, HMRC, DVLA etc we have a legal obligation to process and/or transfer your personal data.
Network and Information Security
We may process data in order to maintain our network and security. In doing we take steps against loss, damage and theft both electronically and physically. We may also engage with third parties who may remotely store information for the purposes of maintaining appropriate server locations globally.
Legitimate Interests as appropriate for ensuring network and information security.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may routinely share your personal information with the following for the purposes set out in the table above:-
- Down & Out BMX subsidiaries and/or affiliates within the Down & Out BMX Group;
- Down & Out BMX authorised dealers who form part of our dealer network;
- Third parties who we use to help provide and deliver our products and/or services for example to offer finance, insurance, road side assistance, extended warranties, website services etc.;
- Marketing and research agencies who carry out work based on our express instructions such as a specific marketing campaign and/or market research surveys;
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other business or merge with them;
- Event companies who run and manage sponsored events;
- IT providers who provide us systems and services for customer support;
- Card Payment Services providers who operate payment platformsLogistics and courier companies who transport our products to you;
- Law firms who may provide legal advice to us (e.g. where there is a customer dispute)
- Other third parties we may appoint from time to time in order for the purposes of internal business administration only for the purposes set out in the table above.
We require all third parties to respect the security of your personal data and both treat and process it in accordance with the law. In doing so we will only allow third parties to process your personal data where we are satisfied they take appropriate measures to protect your information.
Additionally we impose contractual obligations (such as a data processing agreement) on third parties to ensure they process and secure your data lawfully with the appropriate technical and organisational measures in place.
We do not allow our third party service providers to use your personal information for their own purpose and only permit them to process your personal information for specified purposes and in accordance with specific instructions.
INTERNATIONAL TRANSFERS OF INFORMATION
It may be necessary on certain occasions to share your personal information outside of the European Economic Area (“EEA”) such as:-
- With our subsidiary offices located outside the EEA;
- With service providers located outside the EEA;
- If you are based outside the EEA; and
- Where there is an international dimension to the services we are providing to you.
Whenever we do transfer your personal data outside of the EEA, we ensure a degree of protection (as stipulated by law) is afforded to it by ensuring at least one of the following is implemented:-
- We will only transfer your personal data to countries who by the European Commission have been deemed to provide an adequate level of protection for your personal data;
- Where we use certain service providers located outside the EEA, we may use specific contractual clauses approved by the European Commission which give personal data the same protection it has in Europe; and
- Where we use providers based in the US we may transfer data to them if they are part of the Privacy Shield Framework which requires them to provide adequate protection to data transferred between Europe and the US;
If you would like further information about data transferred outside the EEA please contact the Down & Out BMX Legal and Compliance team using the details at the beginning of this notice.
WHAT WE DO TO KEEP YOUR DATA SECURE
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately the transmission of information via the internet is not always completely secure despite our reasonable efforts. Whilst we will reasonably protect your personal data, we do not guarantee the security of your data transmitted over the internet; any such transmission is at your own risk and when we receive your information it will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.
We have in place procedures to deal with any suspected personal data breach and will notify you accordingly as well as notifying any applicable regulator where we are legally required to do so.
HOW LONG DO WE USE AND KEEP YOUR PERSONAL DATA
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a compliant or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
For the purposes of clarity in respect of your personal information the following retention periods will apply:-
- Your name, address, contact details will be retained for the lifetime of the motorcycle you have purchased (unless we are informed either by yourself, our dealer or the authorities of a change in ownership at which point it will only be retained for the purposes of complying with a legal obligation, resolving complaints and defending the companies legal interests)
- Contact details provided for the purposes of marketing will be retained until you inform us that you no longer wish to receive marketing material and/or if you have not interacted with Down & Out BMX for an eighteen (18) month period. This can either be by email or by updating your choices in your personal preference centre (if applicable)
Under certain circumstances, you have rights under the data protection laws in connection with your personal data. These are the following:-
- Right of access to your personal data;
- Right to request correction of your personal data;
- Right of erasure of your personal data;
- Right object to the processing of your personal data;
- Right to request the restriction of processing of your personal data;
- Right to request transfer of your personal data (data portability); and
- Right to object to the processing of your personal data
If you wish to exercise any of the rights above please email email@example.com or write to us at Legal and Compliance Team, Down & Out BMX, Unit 1, Stanley Road, Barnsley, S70 3PG, United Kingdom.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is actioned accordingly. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In the event you wish to restrict the processing of your personal data for the purposes of (where applicable) email newsletters, service emails and/or general marketing you may use the ‘unsubscribe option’ at the bottom of any of our marketing communications to you. It may take seven (7) working days for your unsubscribe request to be fulfilled.
HOW TO COMPLAIN
If you are not happy and have a data protection related complaint, please contact us directly by emailing firstname.lastname@example.org or by writing to us at Legal and Compliance Team, Down & Out BMX, Unit 1, Stanley Road, Barnsley, S70 3PG, United Kingdom.
If you remain unsatisfied with our response you have the right to lodge a complaint with a supervisory authority, in particular in the European Union state where you work, normally live or where any alleged infringement of applicable data protection law occurred. The supervisory authority in the UK is the Information Commissioners Office who may be contacted at https://ico.org.uk/concerns/ or by telephone on +44 0303 123 1113
LINKS TO OTHER WEBSITES
Our website may contain links to other websites run by other organisation which we do not control. This policy does not apply to those other websites and therefore we encourage you to read their privacy policies prior to using their services.