Privacy and Data Protection Notice

Privacy and Data Protection Notice

1. Policy Statement

1.1 CitNOW offers a subscription video solution and web service to the automotive industry. CitNOW acts as a processor and processes the data provided to us to fulfill the service our customers have subscribed to.

1.2 All individuals have rights with regard to how their personal information is handled. During the course of our business activities we will collect, store and process personal information about our customers and suppliers. We recognise the need to treat such information in an appropriate and lawful manner. This Policy will explain our treatment of data belonging to our suppliers, customers and other third parties who we engage with, our treatment of data which is shared by a visitor on our website and our use of Cookies.

1.3 CitNOW takes the issue of security and data protection very seriously and strictly adheres to guidelines published in the United Kingdom Data Protection Act of 2018 and the General Data Protection Regulation (EU) 2016/679 which is applicable from the 25th May 2018.

2. Status of the policy

2.1 This policy sets out our rules on data protection and the legal conditions that we will satisfy in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.

2.2 This policy is under regular review and the latest version of this policy is available on our website at all times. This Privacy Notice may be updated periodically and without prior notice to reflect our practices and compliance with relevant privacy laws.

Lawful Basis of Processing

3.1 Under the General Data Protection Regulation (GDPR) a company must have a Lawful Basis for Processing the data of which they hold. CitNOW recognises our lawful basis for processing as;

3.1.1 Contractual. Upon signing our Order Form and other agreements which form the entire agreement, You or Your Organization has given us contractual obligations to process the personal data provided to fulfil the services and provide support to individuals using our services.

3.1.2 Legitimate Interest. We have a legitimate interest in the data we hold and process. We need the data we collect and process to fulfill our working requirements such as building LIDs and assisting you with using our product.

3.1.2 Consent. We send our marketing and newsletter to you should you have signed up for this on our website or historically and consenting to receiving such communications.

3.1.4 Legal. We have a legal obligation to hold accounting records which may contain personal information.

4. Information we collect

4.1 We will only collect personal data to the extent that it is required for the specific purpose notified to the data subject. Any data that is not necessary for that purpose will not be collected. You directly provide us with most of the data we collect. In our business operations we will collect and process the following data about you should it be provided:

4.1.1 Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data;

4.1.2 Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter, an instant demo or contact us via the contact us page. Example information we collect by these means are, but not limited to, name, email address and phone number.

4.1.3 Information provided to us when you communicate with us via any means, for any reason.

4.1.4 Information provided to us on sign up to our services. This information will be provided to us by the dealership or OEM (employer) for us to input in to the Dashboard for use of our services. Example information provided to us by these means are , but not limited to, name, business or personal email address, business or personal phone number, address or contact details of your employer or address of place of work and job role.

4.1.5 Information updated or added in the Dashboard for our services by user-self management.

4.1.6 Information collected or added throughout the usage of Our services, including Your customer information, as detailed in our contracts.

4.1.7 In the event of prospecting by our sales or marketing teams, we get this information from Prospects websites, bought databases or through introductions. In the process of campaigning and prospecting, all data subjects will have the option to unsubscribe or have the right to be forgotten. For more information, You can email dpo@citnowgroup.com

4.2 CitNOW has taken the necessary steps to ensure we do not knowingly process any child data by the confirmation of age button upon signing up for our Newsletter. We encourage you to advise us should you think a child has signed up to our newsletter by contacting us at DPO@citnow.com and we will take the necessary steps to rectify this.

5. Use of your information

5.1 The information that we collect, process and store relating to you is used to enable us to provide our services to you, such as if you have signed up to receive marketing or if you are a user of our services, including offering you support as a user of our services.

5.2 We will only collect and process personal data for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the applicable Privacy Law. This means that personal data will not be collected for one purpose and then used for another. Further processing for archiving in the public interest, scientific research or statistical purposes shall, in accordance with Privacy Law, not be considered incompatible with the initial purpose. If it becomes necessary for us to change the purpose for which the data is processed, we will inform the data subject of the new purpose before any processing occurs.

6. Marketing

6.1 CitNOW will only send you the CitNOW Newsletter and other on brand marketing in regards to our products should you sign up to this on our website or have given us your data and consented to receiving marketing via form of communication. Should we have your contact details, such as email address, from other means of communication we will not use this for marketing purposes. If you have agreed to receive marketing, you may always opt out at a later date by selecting unsubscribe or contacting us via the get in touch section www.citnow.com/get-in-touch of our website.

6.2 You have the right at any time to stop CitNOW from contacting you for marketing purposes. You can do so by clicking the “Unsubscribe” link on the received emails.

7. Storing and destroying your personal data

7.1 We store your data on secure servers inside the European Economic Area (EEA). Some of our subcontractors are based outside of the EEA, however we have the currently necessary safeguards in place to ensure safe processing. A list of our subcontractors is available on request.

7.2 Data that is provided to us is stored on secure servers. We use AES (Advanced Encryption Standard) encryption on the personal information held on CitNOW databases. Details relating to any transactions entered into via our site will be encrypted using this standard to ensure its safety.

7.3 The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

7.4 Personal data will not be kept longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems in a safe way when it is no longer required. For guidance on how long certain data is likely to be kept before being destroyed, you can request this by emailing us at DPO@citnow.com.

8. Disclosing your information

8.1 If required to fulfil the services and in line with the purposes of processing, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries.

8.2 We may disclose your personal information to third parties under the following circumstances:

8.2.1 If we are under a duty to disclose or share your personal data in order to comply with any legal requirements or in order to enforce or apply our terms of use and other agreements;

8.2.2 to protect the rights, property, or safety of the CitNOW group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

8.3 We only disclose your information to our subcontractors as far as is necessary to provide our service. We complete all the necessary security checks and due diligence to ensure that your data is kept safe with third parties. The subcontractors only have the right to use your data to complete an obligation, they do not have marketing rights over your data. Your data may be used in the following other third party circumstances:

8.3.1 We may contract a data cleansing organisation to ensure all data is accurate and up to date.

8.3.2 All phone call recordings and messages are kept by a third party who only have processing rights to fulfil the service over your data and will not contact you.

8.3.3 Where we sell any or all of our business and/or our assets to a third party.

8.3.4 Where Our Customers have signed up for a service offering which integrates with a third-party application. In this instance the data will flow through the application to fulfill the service, and the owner of the application will have access to this data, including the content, and will be the data controller.

8.4 You may find links to third party websites on our website. These third parties have their own privacy policies within their websites which we advise You to check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

9. Accurate data

9.1 Personal data must be adequate, relevant, limited to what is necessary for the specific purpose and kept up to date. If we identify information that is incorrect, misleading or is not accurate we shall take steps to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date data will be destroyed. If you identify any data that we are holding which is incorrect, misleading or inaccurate, please advise us and we will take the necessary action to correct this.

10. Your data protection rights

10.1 CitNOW would like to make sure you are fully aware of all of your data protection rights. Every user may be entitled to the following rights, subject to refusal in circumstances outlined by the Supervisory Authority:

The right to access – You have the right to request CitNOW for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request CitNOW to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that CitNOW restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to CitNOW’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:
Email: DPO@citnow.com
Or:
Telephone: 0118 997 7740
Postal: 9 Millars Brook, Molly Millars Lane, Wokingham, Berkshire, RG41 2AD

11. Cookies

11.1 Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. On occasion, we may gather information about your computer for our services. Such information will not identify you personally, it is statistical data about our visitors and their use of our site and does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve it and make your browsing experience more useful, more relevant and tailored to you.

11.2 Some of the cookies we use will expire after you close the browser window. These are called session cookies. Some cookies last longer than this, because they are used to identify return visits to the website, for such data as keeping you logged in or for remembering your previously selected preferences.

11.3 Please see below a breakdown of cookies we use on our website and their expiry periods

Cookie Information
1P_Jar Carries information about how you use our website and any advertising that you may have seen before visiting it. 1 Month
wordpress_sec_{num} This cookie is used to store your authentication details On Exit
CAKEPHP A container for other cookies we use, wrapping them all up in one to make them more manageable. On Exit
_icl_current_language Language value for website from preferences 2 Days
FORMASSEMBLY Allows you to submit information to us that you wish to, such as a request form. On Exit
citnow_portal_country The last country you selected 1 Day
_gid These cookies store other randomly generated ids and campaign information about you.
Find out more
1 Day
_ga To record return visits to the website and what is selected and viewed. 2 Years from last Visit
hubspotuk To facilitate User Authentication 45 Days
citnow_notify_exclude Set if you have logged in to the CitNOW dashboard to prevent video watch notifications from triggering. 3 Months
_hssrc Used to determine if a user has restarted their browser. On Exit
_hstc Used to track and record visitors on the site. 13 Months
Lang This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. Session
bcookie This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page. 2 Years
lissc This cookie is provided by LinkedIn. This cookie is used for tracking embedded service. 2 Years
lidc This cookie is set by LinkedIn and used for routing 1 Day
UserMatchHistory Linkedin – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences. 30 Days
personalization_id This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting. 2 Years

11.4 Please see below a breakdown of cookies we use on our Dashboard and their expiry periods:

Cookie Information
Hotjar This cookie records interactions to see how users navigate through the site and what they focus on. This will help us understand the flows customers use, what they focus on, and what they find useful. Hotjar creates “heatmap” images to show where a user’s mouse and attention have been focused. We see what is clicked most and least to determine what should be prioritised on the page. 1 Year
Google Analytics We are tracking clicks on the our Dashboards to get data on what customers use the most often. 2 Years

11.5 CitNOW uses cookies in a range of ways to improve your experience on our website, including, but not limited to;

  • Keeping you signed in
  • Understanding how you use our website
  • Dedicated marketing

11.6 There are a number of different types of cookies, however, our website uses:

  • Functionality – CitNOW uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  • Advertising – CitNOW uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. We sometimes share some limited aspects of this data with third parties for advertising purposes.

11.7 And our Dashboard uses:

  • Necessary – These cookies are necessary for the Dashboard to function and
    cannot be switched off in our systems. They are usually only set in response to
    actions made by you which amount to a request for services, such as setting your
    privacy preferences, logging in, or filling in forms.
  • Analytics – These cookies help us to understand how visitors engage with the
    Dashboard. We may use a set of cookies to collect information and report site
    usage statistics to aid us in improving our Dashboard

11.8 All computers have the ability to decline cookies. This can be done by
activating the setting on your browser which enables you to decline the cookies.
Please note that should you decline cookies, you may be unable to access
particular areas of the website.
For more information on cookies you can read the guidance at All About Cookies.

12. Contact Us

12.1 The Data Protection Officer and Compliance Team are responsible for ensuring compliance with Privacy Law and with this policy. If you have any questions about CitNOW’s Privacy Notice, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email: DPO@citnow.com
Postal: Attention of DPO, 9 Millars Brook, Molly Millars Lane, Wokingham, Berkshire, RG41 2AD.
Phone: 0118 997 7740

13. Contact Authorities

13.1 If you are concerned that we are not using your information in accordance with the law, or are not satisfied with our response to a request made above, then you can complain to the Information Commissioner’s Office.
The Information Commissioner in Scotland can be reached by the following means;

Postal: The Information Commissioner’s Office – Scotland, 45 Melville Street, Edinburgh, EH3 7HL
Email: scotland@ico.org.uk
Phone: 0303 123 1115

The Information Commissioner in England can be reached by the following means;
Postal: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113

———

Date of Publication: 26th February 2021
Updated: 9th September 2022