CSG Bodyshop Ltd
The purpose of this statement is to describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR).
CSG Bodyshop Ltd is what is known as the Data Controller of the personal data that you provide to us. We only collect basic personal data about you and this does not include any special category information (eg race, ethnicity, religion, politics). Basic data includes your name, address, e-mail address, telephone number, vehicle details and insurance company.
WHY WE NEED YOUR PERSONAL DATA
We need to hold your personal data for one or more of the following reasons:-
a) To enable us to prepare an estimate for you
b) To carry out vehicle repairs in accordance with your requirements
c) To provide your insurance company with information about your repair if necessary
d) To provide advice and assistance with respect to our contractual obligations with you.
We will not collect from you any personal data that we do not need in order to be able to provide the above service(s).
We will only ever use your data with your consent or where it is necessary to:-
i) To perform the services that we are engaged to undertake
ii) To comply with a legal duty
iii) To protect your vital interests
iv) For your own (or a third party’s) lawful interest, provided your rights don’t override these.
In any event we shall only use your data for the purpose(s) for which it was collected or for closely related purposes.
WHERE WE KEEP YOUR DATA
We keep your data on encrypted, password protected computers and server within our office and any paper information is kept in locked filing cabinets.
HOW LONG WILL WE KEEP YOUR DATA
We will only keep and process your personal data for as long as it is required to enable us to perform the services we are engaged to undertake. We continually review what information we hold and delete what is no longer required.
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights under the GDPR, which are:-
a) You can make a request for us to provide you with details of the personal data that we hold on you (a Data Subject Access Request – DSAR)
b) The right to have your data erased – although we may still have to retain it for a Legal reason
c) The right to have incorrect data amended and rectified
There may be exceptions to the rights above but in these cases we shall inform you of the reasons why we cannot comply with your requests
If you wish to complain about how we handled your personal data you can contact our Data Protection Officer who will investigate the matter.
If you are not happy with the response or believe that we are processing your personal data not in accordance with the law, then you can complain to the Information Commissioners Office (ICO), the UK’s supervisory authority for data processing issues.