4. WHO WE SHARE PERSONAL DATA WITH.
We may share your personal data with:
- Those third parties who need to handle it so we can provide to you the products, services you have signed up to or requested, for example, to provide or offer finance or credit, insurance, to provide marketing and advertising support services and for optimised website services.
- With our network of retailers, authorised repairers and where relevant our importers network (together our “retail network”), so as to be able to fulfil requests for goods, services, etc, and for assessment and training, to be able to enhance the quality of the services you obtain when interacting with our Retail Network.
- Jaguar Land Rover group companies in line with the data uses set out in this Privacy Policy.
- Third parties in the event we sell or buy any business or assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.
We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.
More about JLRs network of Independent Third Parties...
We work with a number of independent third parties to provide services, such as our Retail Network, credit product providers, contract hire products. Personal data may be sent directly to these entities by you (for example if you contact them by phone or email or via their website pages), or we may share personal data with them where appropriate to support with your queries or other service requirements.
Where you use the UK websites to find or make contact with our Retail Network, a credit provider, or a contract hire product provider, these are (unless otherwise stated), independent businesses and not JLR group companies. Any contact you make to them (for example, to call or send an email) and any data you provide to them in use of their websites, will be controlled by them, not by JLR. If you have questions regarding a third party’s (such as a retailer, importer, credit provider, contract hire product provider or repairer's) use of your personal data, we recommend you contact those parties directly.
For information on independent third parties we work with:
For Jaguar:
- Our Retail Network is generally identifiable from the ‘locate a retailer’ website functionality. They can be searched for by name, location or postcode. A full list of all UK Retailers is accessible by clicking here.
- In the UK, credit is provided by Black Horse Limited trading as Jaguar Financial Services, St William House, Tresillian Terrace, Cardiff CF10 5BH.
For Land Rover:
- Our Retail Network is generally identifiable from the ‘locate a retailer’ website functionality. They can be searched for by name, location or postcode. A full list of all UK Retailers is accessible by clicking here.
- Credit products are provided by Black Horse Limited trading as Land Rover Financial Services, St William House, Tresillian Terrace, Cardiff CF10 5BH.
- Contract Hire products are provided by Lex Autolease Limited trading as Land Rover Contract Hire, Heathside Park, Heathside Park Road, Stockport SK3 0RB.
More about Suppliers...
We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example payment processors, information technology such as hosting service providers, marketing and digital advertising support services, customer services and relationship handling, service and system specialists, website analytics support, online store shipping, delivery and support for events and experiences.
More about JLR Group companies, and how they may provide service support..
As a member of the Tata Group of companies, we can benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us may be accessed by members of our group of companies only as necessary for service and system maintenance and support, aggregate analytics, business continuity, IT and administrative purposes. For example where necessary to support particular website enquiries, or to provide technical support that maintains website functionality.
More about Public bodies, law enforcement and regulators...
From time to time, the police, other law enforcement agencies and regulators can request personal data, for example for the purposes of preventing or detecting crime, or apprehending or prosecuting offenders.
5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS.
The Jaguar Land Rover UK websites use servers which are hosted in the EU. However we may share website personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.
More about the adequacy checks JLR puts in place for international data transfers...
Where JLR chooses to share personal data with a third party located outside the EU, the following factors are assessed to support adequate transfer of this data:
- Internal checks to identify the existence or absence of any adequacy decision by the European Commission. We have group companies, and use suppliers located in countries that have been approved by the European Commission as having essentially equivalent data protection laws. A full list of these countries as at the date of this Privacy Policy is: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay and the Isle of Man. (The European Commission has also approved as adequate the EU-US Privacy Shield programme – this is described below). This list and information about the protections the European Commission has considered is available via this link.
- Use of measures like European Commission approved measures to support adequate transfers of personal data. We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission. We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers). We may work with suppliers who are able to demonstrate to us they are Privacy Shield certified.
- To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location.
- To see a full list of approved Binding Corporate Rules, please click this link.
- A full list of Privacy Shield participants, and their Privacy Shield certification information is available from this website link.
6. HOW LONG WE HOLD PERSONAL DATA FOR.
We’ll keep your personal data for as long as we need it to provide the products and services you’ve signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests and to enforce our rights.
The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.
7. YOUR DATA PROTECTION RIGHTS.
You have rights in connection with your personal data, including: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.
We try to ensure that we deliver the best levels of customer service. If you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using either of the links below, and add into the subject header that it relates to your data protection rights. These Customer Experience Centre email addresses are the appropriate contact details for our Data Protection Officer where queries are data protection related:
https://www.landrover.com/ownership/contact-us/index.html
https://www.jaguar.com/contact-us/index.html
If you are not happy and have a data protection related complaint, please contact us direct at this email address: DPOffice@jaguarlandrover.com. If you are not satisfied, you also have the right to complain to the Information Commissioner’s Office.
To learn more about these data protection rights, see below.
More about my data subject rights...
- If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.
- You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.
- In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.
More about how I can get in touch with the Information Commissioner's Office (ICO)...
The Information Commissioner’s Office (the ICO) is the supervisory authority that regulates personal data in the UK. You can get in touch with the ICO in any of the following ways:
- By going to their website: www.ico.org.uk
- By giving them a call on 0303 123 1113
- or by writing to them. Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.
8. LINKS TO OTHER WEBSITES
Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.
9. KEEPING YOUR INFORMATION SECURE
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
We require all of our services providers to have appropriate measures in place to maintain the security of your information.
Where we have given you (or where you have chosen) a password that enables you to access any personalised area in a JLR website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.
Which JLR websites are covered under this Privacy Policy
This Privacy Policy covers those websites identified below. These are JLR websites for which Jaguar Land Rover Limited is a data controller.
Jaguar Land Rover is responsible for the processing any personal data you provide to us through these websites: