REV1017 LTD. Privacy Notice

This privacy notice provides you with details of how we collect and process your personal data within our business.

This Privacy Notice sets out:

• who we are;
• why we need to collect your personal data;
• the general categories of personal data that we may process;
• the purposes for which we may process your personal data;
• the legal bases of the processing;
• who has access to your data and who the data may be shared with;
• how we will protect your data;
• how long we will retain your data;
• your rights as a data subject;  

Who we are:

REV1017 Ltd is a data controller and data processor. As the data controller we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
We are specilized in selling spare parts;
REV1017 is committed to being transparent about how it collects and uses personal data and to meeting its data protection obligations.
We have appointed an Information Security Manager who oversees privacy-related matters for us. If you have any questions about this privacy notice, please contact the Information Security Manager using the details set out below.
REV1017's Information Security Manager can be contacted at:  info@rev1017.co.uk or by writing to;
REV1017 LTD
11-13 HOCKERILL STREET,
BISHOP'S STORTFORD, HERTS, CN23 2DH
UNITED KINGDOM
Company Number: 11411791
VAT Registration 320300576 EORI n. GB320300576000

As part of GDPR, it’s important that the information we hold about you is accurate and up to date. If you have any changes to your data please let us know by contacting our Information Security Manger on the details above.

Personal Data:

Personal data is any data which can or could identify a specific individual person, including:  Name, on-line username or pseudonym, IP address, email address, account numbers (inc. bank, NI, NHS etc.), address, mobile phone number, website cookies etc. Personal data may be electronic or paper. Anonymised data is excluded

We may process the following categories of personal data about you:

• Customer Data this includes data relating to any purchases of goods/services including but not limited to your name, title, billing/delivery address, email address, phone number, contact details, purchase details and your card details.

We will only use this data to provide you with the goods and/or services you have purchased and to keep records of such transactions for our records. 
Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

• Communication Data this includes but is not limited to any communication that you send to us through our website, through email, text, social media messaging, social media posting, online chats or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defense of legal claims.

Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

• Technical Data this includes but is not limited to data about your use of our website and online services such as your IP address, any login data, information regarding your choice of browser, length of visits to web pages, your journey through our website, how often you revisit the site time zone settings and other technology on the devices you use to access our website.

The source of this data is from our analytics tracking system, we process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our marketing.
Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly maintain our website and help our business and to grow and define a marketing strategy.

• Marketing Data this includes but is not limited to data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in competitions, prize draws and free giveaways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this marketing

Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

• We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display marketing on platforms including but not limited too Youtube, Instagram, Twitter, Google ads display) and to measure or understand the effectiveness of the marketing you see.

Our lawful ground for this processing is legitimate interests which are to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).

• User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.

We process this data to operate our website effectively and ensure relevant content is provided to you. Like all companies to ensure the security of our website we maintain backups of our website and/or databases and to enable publication and administration of our website, other online services, and business. 
Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
We do not collect any Sensitive Data about you. Under the GDPR sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, we have no need to collect this data so don’t.

Marketing

When we engage with marketing activity our lawful ground of processing your personal data to engage with you using marketing communications is either your consent or our legitimate interests (specifically to grow our business). 
Under PECR we may send you information about our company if you;

• You made a purchase or asked for information from us about our goods or services or
• You agreed to receive marketing communications and, in each case, you have not opted out of receiving such communications since.

Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time. 
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us or third parties to stop sending you marketing messages at any time by selecting the unsubscribe option that will be on all marketing communication going forward. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

Purpose of the processing and the lawful basis for the processing:

Processing of your personal data may be necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. 
Processing of your personal data may also be necessary to enable ISM to comply with legal obligations to which REV1017 is subject.

What we use personal data for & why:

We use customers’ personal data for a number of reasons: because we may be legally required to obtain & store it for a certain length of time, Legal requirements (business records), completing a sales or purchase transaction 
We will keep personal data as required by law, Data held by REV1017 is securely destroyed at the end of the retention period.

Who has access to your data?

Your information may be shared internally, including with REV1017 staff and managers and IT staff if access to the data is necessary for performance of their roles.
REV1017 may share data to;

• A subcontractor whose purpose is to uplift vehicles,
• Shipping and transport companies to collect and deliver goods,
• The DVLA if we are updating the V5 of a vehicle or notifying them of a change of keeper for a vehicle,
• Payment processing companies,
• Service providers who provide IT and system administration services,
• Professional advisers including lawyers, bankers, auditors and insurers,
• Any government authorities that have a right to request data and where we must comply with the law.

REV1017 does not sell your data to other organisations
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the GDPR and other Laws. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions and we will always have a legitimate reason for doing so.

Safeguarding personal data:

We take very seriously the storage & care of personal data. All our staff dealing with personal information receive Information Security & GDPR Training. 
REV1017 takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised employees in the performance of their duties.
Where REV1017 engages third parties to process personal data on its behalf, they do so on the basis of written instructions, and are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Unfortunately, countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal information, so the GDPR and other European Laws outlaw the transfer of personal data outside of the EEA unless the transfer meets certain criteria.

Some of our third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. 
If we need to transfer your data outside of the EEA, when we do, we do our best to ensure a similar degree of security of data by ensuring a minimum of one of the following safeguards is in place:

• We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data (there is a full list on the ICO website that you can look at) by; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
• If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.

Third-Party Links

Our website www.REV1017.co.uk sometimes includes links to third-party websites, plug-ins, and applications. By clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, therefore we encourage you to read the privacy notice of every website you visit.

Cookies

Your website browser gives you the control over cookies, and you have the ability to refuse all cookies, however, if you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about the cookies we use, please see our Cookie Policy HERE

Data Retention

All data is retained in line with REV1017's Data Retention Schedule. Please see our Date Retention schedule for

Your rights as a data subject:

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• request the organisation to delete or stop processing your data, when the data is no longer necessary for the purposes of processing.

If you would like to exercise any of these rights, please contact: 
Information Security Manager
REV1017 LTD
11-13 HOCKERILL STREET,
BISHOP'S STORTFORD, HERTS, CN23 2DH
UNITED KINGDOM
Company Number: 11411791
VAT Registration 320300576 EORI n. GB320300576000

Or e-mail us at info@rev1017.co.uk
You will be required to fill out a Data Subject Access Request form and supply Identification for use to establish the request is genuine. We will reply to you, with all relevant data within 1 month. 
Before we disclose any information, we will need to be confident that the request is genuine, so we will need to verify your identity.

If you are not satisfied:

If you are not satisfied about the way in which we have handled your request, you have the right to complain to the Information Commissioners Office in the UK. Details can be found here https://ico.org.uk