Ken Brown Motor Group collects and stores data of existing and prospective customers, and employees. This data is collected through several channels - online, through our website, online enquiry forms, via telephone and in person. The company Data Protection Officer is Dave Royal.
Data is collated to be able to process vehicle sales as well as products and services associated with vehicle sales, and where applicable communicate and market to existing and potential customers with latest offers and products of interest, as well as matters relating to safety and maintenance of their vehicles, Also In order that we can propose and secure a finance agreement for you if required. Ken Brown Motor Group do not purchase data.
Data collated is predominantly stored in 4 specific categories, namely Existing Customers, Prospective Customers, Third Party Suppliers/Partners and Company Employees. Data is handled by Company Employees and where necessary shared with third parties through secure mechanisms, such as FTP transfer and all parties have stated they are compliant with current GDPR legislation.
Data is retained against specific schedules, depending on category as specified in the table below
|Category||Definition||Retention Period||Method of Approval|
|Existing Customer||Contacts/Transacts within 5 year period||7 Years||Not Applicable|
|Lapsed Customer||No contact/transaction in last 5 years||7 Year rolling||Deletion|
|Employees||Currently or Previously registered on Payroll||6 Years||Secure destruction of records via 3rd Party (Shred-It)|
|Third Party Suppliers (Data Processors)||Currently under contract with Ken Brown Motor Group||Ongoing||Removal of access and data sharing protocols upon contract termination|
Security measures are in place to ensure data of each category is stored securely. These procedures are broken down in Appendix B.
Employees receive training on GDPR as part of their induction process and then ongoing as required. This training also incorporates Cyber Security training to ensure employees are aware of risks and responsibilities of collating and using data within our network and systems.
Credit Reference Agencies
In order to process your finance application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at
|Pinewood (DMS)||Kia Finance|
Ken Brown Motor Group collates data in order to process sales, deliver products and services, process payments, communicate with you about orders, products, services and promotional offers, update our records and generally maintain your details with us. We also use this information to improve our processes and website, and to enable third parties to carry out technical functions on our behalf.
We gather a variety of information from you when you visit our website or by corresponding with us face to face, by phone, email, or other method. The information you provide may include name, address, email and contact numbers. You may also provide financial information. We may record calls to and from our business for training and quality purposes. You can choose not to provide certain information. This may mean you are not able to take advantage of offers and/or promotions that are displayed. We use the information you provide to help us respond to your request and to communicate with you. You have the right to withdraw from marketing communications at any time.
Rectification and Erasure
You have the right to have details held about you rectified by contacting us either face to face, via email, telephone or letter. We will respond to your request with one month of receipt. You also have the right to be forgotten when there is no compelling reason for its continued processing.
You can submit your right by emailing firstname.lastname@example.org or writing to us at Ken Brown Motor Group, Shephall Way, Stevenage, SG2 9RW
Storage, Retention and Disposal
Ken Brown Motor Group will store your data for a period of 7 years. If there has been no contact and/or transaction during this period from you, then all personal details will be securely deleted from our database.
Records of vehicle sales are stored securely and disposed of via a specialist 3rd party after a period of 7 years. Service Job Cards are disposed of via the same method after a period of 5 years. Where Warranty work has been undertaken on your vehicle, these Job Cards will be retained securely for a period of 13 years in order to comply with Manufacturer requirements.
We will not sell your data to any third party or participate in affiliate marketing programmes.
You have the right to access information held about you, by submitting a Subject Access Request (SAR) Your right of access can be exercised in accordance with the current GDPR legislation. We will provide details from your SAR within one month of the request being received. The information will be provided free of charge. Ken Brown Motor Group reserve the right to charge a fee if the request is considered to be excessive or repetitive. You may submit a SAR by emailing email@example.com or writing to us at Ken Brown Motor Group, Shephall Way, Stevenage, SG2 9RW. We will then contact you to complete the SAR Application Form in the Appendix.
Ken Brown Motor Group has subscribed for Cyber Essentials approval. This ensures we meet strict controls with regard to systems and storage. Ken Brown Motor Group restrict access to systems. Each user must have and use their own username and password. Each user uses an account that has permissions appropriate to the job they are carrying out at the time. Administrator accounts are only used when strictly necessary (e.g. for installing known and trusted software).
Ken Brown Motor Group ensure the latest Anti-Malware products are installed, and we regularly test and install patch updates from trusted suppliers when applicable. Only trusted devices have access to our company network, and files are encrypted before being transferred either internally or to third party partners. Employees are made of aware of potential Cyber threats, including recognising potential threats such as Phishing emails. Regular reviews and audits are undertaken and the results recorded.
Redundant IT equipment is securely disposed of via a 3rd party specialist, and certification of deletion and destruction is supplied to and retained by Ken Brown Motor Group for a period of 5 years.
This statement was last updated on 18 September 2019.