1.1. We are committed to ensuring that we manage your personal data professionally and in
compliance with all applicable data protection laws. Part of this commitment is to ensure that
there is transparency about how we process personal data. This policy includes an
1.1.1. what data we are processing;
1.1.2. why we are processing it and what we do with it;
1.1.3. whether we will share it with anyone else;
1.1.4. whether we will transfer it outside of the European Economic Area (‘EEA’);
1.1.5. how we keep your data safe; and
1.1.6. your rights.
don’t hesitate to contact us.
2. Who we are and our contact details
2.1. Hills Garages (Woodford) Limited is located at 536-564 High Road, Woodford Green,
Essex, IG8 0PR. In this policy we have referred to Hills Garages (Woodford) Limited as: we,
us, our or Hills Garages (Woodford) Limited.
2.2. We also operate under the following trading names:
2.2.1. Hills of Woodford Toyota
2.2.2. Lexus Woodford
2.2.3 Hills Motor Group
. Hills Garages (Woodford) is an authorised Toyota and Lexus retailer. For any queries
concerning your data please contact the Data Protection Officer at the above address or by
email at: email@example.com (Toyota) or firstname.lastname@example.org (Lexus).
telephone calls to Hills Garages (Woodford) Limited may be monitored or recorded for
3. Your personal data
3.1. We process your personal data if we understand that you may be interested in purchasing
our products or services or in working with in our organisation. In this section 3 we provide
more detailed information about how we will manage your personal data.
3.2. What data do we hold about you and how have we obtained this?
3.2.1. We have obtained information about you when you have enquired about our products
or services either directly at one of our sites, on our website, on our social media page or at a
promotional event. We may also receive your data following your enquiry with third parties
such as used car sales companies, third party leasing companies and vehicle insurance
companies. Typically, the information that we obtain will be your name including gender
(based on title), postal address, contact details, payment information, any Motability
eligibility data, details of your current vehicle(s). If you choose to enter into a finance
agreement or purchase insurance products from us or from companies that partner with us,
we will need more detailed personal information including date of birth, employment history,
residential status, marital status, personal income and expenditure. Where vehicle related
servicing and repairs have been requested or carried out we will hold details of your current
and previous vehicle(s) including the vehicles’ history. If you purchase a vehicle from us we
may ask for your consent to photograph you with your vehicle.
3.2.2. If you have visited our website we may automatically collect some personal
information including details of your browser, operating system and device, the website from
which you visit our website, the pages that you visit on our website, the date of your visit,
and the Internet protocol (IP) address assigned to you by your internet service provider. We
collect some of this information using cookies – please see Cookies in section 4 - for further
information. We may also collect any personal information which you upload to our
website(s) including data provided through Live Chat, allow to be shared or that is part of
your public profile on a third party social network.
3.2.3. Our telephone calls are recorded and may be monitored for training purposes.
3.2.4. We have CCTV in operation at each of our facilities for security purposes. It is
therefore possible that images of you will be recorded when visiting our sites.
3.2.5. If we provide you with a courtesy or demonstrator vehicle or you test drive a vehicle,
we will ask you to provide your driver’s licence along with your driving and vehicle
insurance history. We may also collect vehicle telematics data which identifies how
efficiently you drive together with a log of the dates and times that you have used our
vehicles and any Connected Car Technology data that is collected by the vehicles you use.
Telematics data and Connected Car Technology may be collected where you part exchange
your vehicle with us or we purchase a vehicle from you.
3.2.6. If you have expressed an interest in working in our organisation, then we may have
obtained your personal data from recruitment agencies and/or electronic job boards.
3.2.7. Sometimes you will have sent your information directly to us, but you may have
provided your information to Toyota GB Plc, Lexus (GB) Plc or their affiliate companies or
another third party who, in turn, has provided the information to us. In such instances, we will
inform you of the identity of the third party who has provided your data to us.
3.3. How do we use your personal data and what is the applicable lawful basis?
3.3.1. We Hills Garages (Woodford) Limited rely on ‘legitimate interest’ to process your data
for marketing purposes. We use this basis as we are either supplying a vehicle, part or
accessory to you or have carried out servicing or repair on your behalf. You may unsubscribe
from receiving these at any time by clicking the unsubscribe button at the bottom of every
email or by getting in touch with us via the email: email@example.com
3.3.2. We may process your information where it is required to perform our contract
you e.g. registering insurance products, registering breakdown and recovery services,
providing courtesy cars, completing warranty and insurance work.
3.3.3. Where it is in your vital interests
, we will use your information to organise and notify
you about service reminders, safety and product recall notices.
3.3.4. We may process your information to comply with legal or regulatory
including assisting HMRC, Transport for London, the Police and the Driver and
Vehicle Licensing Agency.
3.3.5. We may process your information to allow us to pursue our legitimate
220.127.116.11. analysing our performance to further improve our customer services;
18.104.22.168. to contact you with MOT and service reminders;
22.214.171.124. market research, training and to administer our websites;
126.96.36.199. to provide you with telematics data about your journey in one of our vehicles;
188.8.131.52. the prevention of fraud or other criminal acts;
184.108.40.206. undertaking credit checks for finance;
220.127.116.11. undertaking driving licence and history checks for insurance;
18.104.22.168. complying with requests from you including if you exercise any of your rights noted
22.214.171.124. the purpose of corporate restructure or reorganisation or sale of our business or
126.96.36.199. enforcing our legal rights or to defend legal proceedings and for general
administration purposes; and
188.8.131.52. generating vehicle performance data from telematics data
3.4. Will we share your personal data with any third parties?
184.108.40.206. We may share your data with any of the other companies set out in section 2.2 and
with Toyota GB Plc, Lexus (GB) Plc and their affiliated companies; these companies include:
Toyota Financial Services, Lexus Financial Services, Toyota Insurance Management Ltd. and
Toyota Motor Europe SA/NV .
220.127.116.11. We may disclose your information to our third-party service providers for the
purposes of providing services to us or directly to you on our behalf e.g. finance providers,
Motability Operations Ltd, advertising agencies, vehicle scrappage, vehicle auctioneers,
administrative service providers and electronic platform service providers. When we use third
party service providers, we only disclose to them any personal information that is necessary
for them to provide their service and only when we have a contract in place that requires
them to keep your information secure and not to use it other than in accordance with our
18.104.22.168. If we sell all or part of our business to a third party, we may transfer your information
to that party to ensure that it can continue to provide information that you have requested or
for any of the other purposes that we have noted above.
22.214.171.124. We may transfer your data to government or other official bodies for the purposes of
complying with legal obligations, for enforcing our rights, or for the prevention or detection
of a crime.
3.4.1 Sharing your data with Toyota (GB)
We will send your data to Toyota (GB) Plc in order to process your vehicle order and
facilitate our side of the contract with you. This will include your contact details, Vehicle
Identification Number (VIN), registration number, order information and purchasing history,
mobility information and service information. This data will also be shared with Toyota (GB)
found here: https://goo.gl/FNjAoQ
and here: https://goo.gl/Kfn7KC
which provides more
details on processing and how you can exercise your rights. The information is shared for the
purposes of customer satisfaction and management, repair, and maintenance, research and
development of new vehicles, products, services and technologies, analysing trendsand
preferences and facilitating access to services offered by The Toyota Group (such as repair
and maintenance services or personal financial and insurance services
3.4.2 Toyota & Lexus – Keeping you updated
Toyota would like to keep you updated on our products services, offers as well as performing
customer satisfaction and research activities. They’ll also remind you when your service or
other products purchased from us are due for renewal. We will send these communications by
phone, email, phone, SMS or post. Following your transaction with us here at Hills Garages
(Woodford) Toyota/Lexus will send you a verification communication requesting your
consent to hear from them. For more information on how Toyota (GB) plc processes data and
3.4.3 Current Data Processors
CDK, 1Link, Ngage, Guild, EMAC, Edynamix, Experian, Rapid Response, Recall Potrtal,
Ingeni, VOSA, SAF, Toyota Value Chain, Akkroo, Bluesky (website providers), Autoxp,
Prohire, Indigo Car Hire, Towergate, Aioi Insurance, DVLA, Stapletons, All Tyres, Access
Lock and Key, Tracker, Barclays, London Borough of Redbridge, Approved Windscreens.
3.5. How long do we keep your data?
126.96.36.199. If you have expressed an interest in buying products or services from us or from our
selected partners, we will retain your contact details and related information concerning your
enquiry for 7 years from the date that we last had contact with you.
188.8.131.52. If you have purchased goods or services from us or from our selected partners, we
will keep the data relating specifically to that purchase (e.g. order forms, invoices and related
correspondence) for 7 financial years from the invoice date
184.108.40.206. If you have entered into a finance agreement or purchased an FCA regulated
insurance product from us or from companies that partner with us, we will retain information
relating to the transaction for up to 7 years from the agreement or insurance start date
220.127.116.11. Voice recordings of telephone calls, CCTV images and data related to your use of
courtesy vehicles shall be kept for a maximum of 3 weeks.
18.104.22.168. Images of you and your vehicle posted on social media and our websites with your
consent will be retained indefinitely unless you ask us to remove them.
22.214.171.124. If you have requested that we do not send you marketing information we will always
retain sufficient information to ensure that we remember to comply with your request.
126.96.36.199. All of the periods stated in this section 3.5 may be extended if there is a legal
requirement to do so.
3.6. Transferring your data outside of the European Economic Area (‘EEA’)
3.6.1. If you use the Live Chat service on our website, the data collected will be stored in the
USA by the third party provider of the Live Chat service. The provider stores the data
collected in the USA under the EU-US privacy shield framework.
3.6.2. With the exception of data provided using the Live Chat service detailed in 3.6.1, we
do not currently transfer any personal data outside of the EEA. If this changes in the future,
any such transfer will comply with all applicable data protection laws and with our obligation
to adequately protect and secure your personal information. We will take measures to ensure
that personal information handled in other countries will receive at least the same level of
computer (or other electronic device) when you visit our website. This enables us to monitor
how many times you visit the website, which pages you go to, traffic data, location data and
the originating domain name of your internet service provider.
4.2. You can find out more about the Cookies we use in our Cookies Policy available on the home page of our website.
4.3. You can set your browser not to accept cookies, however some of our website features
may not function as a result.
4.4. For more information about cookies generally and how to disable them you can visit:
5. Data security
5.1. We have adopted the technical and organisational measures necessary to ensure the
security of the personal data we collect, use and maintain, and prevent their alteration, loss,
unauthorised processing or access, having regard to the state of the art, the nature of the data
stored and the risks to which they are exposed by human action or physical or natural
environment. However, as effective as our security measures are, no security system is
impenetrable. We cannot guarantee the security of our database.
5.2. Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security
of your data transmitted to our website; any transmission is at your own risk. Once we have
received your information, we will use procedures and security features to try to prevent
5.3. Where we have given you (or where you have chosen) a password which enables you to
access certain parts of our website, you are responsible for keeping this password
confidential. We ask you not to share a password with anyone
6. Links to other websites
6.1. Our website may contain links to and from other websites e.g. social media sites such as
Facebook, YouTube, Twitter. Unless we own such websites, we accept no responsibility for
the way in which they process your personal data. You are recommended to check the
7. Social Plugins
7.1. We use so-called social plugins (buttons) of social networks such as Facebook, Google
7.2. When you visit our websites, these buttons are deactivated by default, i.e. without your
intervention they will not send any data to the respective social networks. Before you can use
these buttons, you must activate them by clicking on them. They then remain active until you
deactivate them again or delete your cookies. Please see section 4 for further details regarding
7.3. After their activation, a direct link to the server of the respective social network is
established. The contents of the button are then transmitted from the social network directly
to your browser and incorporated in the website.
7.4. After activation of a button, the social network can retrieve data, independently of
whether you interact with the button or not. If you are logged on to a social network, the
network can assign your visit to the website to your user account.
7.5. If you are a member of a social network and do not wish it to combine data retrieved
from your visit to our websites with your membership data, you must log out from the social
network concerned before activating the buttons.
7.6. We have no influence on the scope of data that is collected by the social networks
through their buttons. The data use policies of the social networks provide information on the
purpose and extent of the data that they collect, how this data is processed and used, the
rights available to you and the settings that you can use to protect your privacy.
8. Your rights
8.1. Your right to access data
8.1.1. We always aim to be as transparent as we can and allow people access to their personal
information. Where we hold your personal data, you can make a ‘subject access request’ to us
and we will provide you with:
188.8.131.52. a description of it;
184.108.40.206. an explanation of why we are holding it;
220.127.116.11. information about who it could be disclosed to; and
18.104.22.168. a copy of the information in an intelligible form – unless an exception to the
disclosure requirements is applicable.
8.1.2. If you would like to make a ‘subject access request’ please make it in writing to our
contact email address noted in section 2 and mark it clearly as ‘Subject Access Request’.
8.1.3. If you agree, we will try to deal with your request informally, for example by providing
you with the specific information you need over the telephone.
8.1.4. Unless you agree a different time, we will complete your subject access request within
8.2. Right to stop marketing messages
8.2.1. You always have the right to stop marketing messages. We will usually include an
unsubscribe button in any marketing email and an unsubscribe number in any marketing
texts. If you do wish to unsubscribe, please just click the unsubscribe button or reply to the
number as directed and we will promptly action that request. Alternatively, you can update
your marketing preferences by contacting us at any-time. Our contact details are shown in
8.3. Right to be forgotten
8.3.1. If we hold personal data about you, but it is no longer necessary for the purposes that it
was collected and cannot otherwise be justified – you have the right to request that we delete
8.4. Right to restrict data
8.4.1. If we hold personal data about you and you believe it is inaccurate you have the right to
request us to restrict the data until it is verified. You also have the right to request that the
data is restricted where you have a right to it being deleted but would prefer that it is
8.5. Right to complain
8.5.1. You always have the right to complain to the personal data regulator, the ICO. You
may also be entitled to seek compensation if there has been a breach of data protection laws.9. Policy updates
9.1. This policy was last updated on the15/08/2018.