Data Protection Policy

Privacy and Data Protection Notice

1. Policy Statement

1.1 CitNOW offers a subscription video solution and web service to the automotive industry. CitNOW acts as a processor and processes the data provided to us to fulfill the service our customers have subscribed to.

1.2 All individuals have rights with regard to how their personal information is handled. During the course of our business activities we will collect, store and process personal information about our customers and suppliers. We recognise the need to treat such information in an appropriate and lawful manner. This Policy will explain our treatment of data belonging to our suppliers, customers and other third parties who we engage with, our treatment of data which is shared by a visitor on our website and our use of Cookies.

1.3 CitNOW takes the issue of security and data protection very seriously and strictly adheres to guidelines published in the United Kingdom Data Protection Act of 2018 and the General Data Protection Regulation (EU) 2016/679 which is applicable from the 25th May 2018.

2. Status of the policy

2.1 This policy sets out our rules on data protection and the legal conditions that we will satisfy in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.

2.2 This policy is under regular review and the latest version of this policy is available on our website at all times. This Privacy Notice may be updated periodically and without prior notice to reflect our practices and compliance with relevant privacy laws.

Lawful Basis of Processing

3.1 Under the General Data Protection Regulation (GDPR) a company must have a Lawful Basis for Processing the data of which they hold. CitNOW recognises our lawful basis for processing as;

3.1.1 Contractual. Upon signing our Order Form and other agreements which form the entire agreement, You or Your Organization has given us contractual obligations to process the personal data provided to fulfil the services and provide support to individuals using our services.

3.1.2 Legitimate Interest. We have a legitimate interest in the data we hold and process. We need the data we collect and process to fulfill our working requirements such as building LIDs and assisting you with using our product.

3.1.2 Consent. We send our marketing and newsletter to you should you have signed up for this on our website or historically and consenting to receiving such communications.

3.1.4 Legal. We have a legal obligation to hold accounting records which may contain personal information.

4. Information we collect

4.1 We will only collect personal data to the extent that it is required for the specific purpose notified to the data subject. Any data that is not necessary for that purpose will not be collected. You directly provide us with most of the data we collect. In our business operations we will collect and process the following data about you should it be provided:

4.1.1 Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data;

4.1.2 Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter, an instant demo or contact us via the contact us page. Example information we collect by these means are, but not limited to, name, email address and phone number.

4.1.3 Information provided to us when you communicate with us via any means, for any reason.

4.1.4 Information provided to us on sign up to our services. This information will be provided to us by the dealership or OEM (employer) for us to input in to the Dashboard for use of our services. Example information provided to us by these means are , but not limited to, name, business or personal email address, business or personal phone number, address or contact details of your employer or address of place of work and job role.

4.1.5 Information updated or added in the Dashboard for our services by user-self management.

4.2 CitNOW has taken the necessary steps to ensure we do not knowingly process any child data by the confirmation of age button upon signing up for our Newsletter. We encourage you to advise us should you think a child has signed up to our newsletter by contacting us at DPO@citnow.com and we will take the necessary steps to rectify this.

5. Use of your information

5.1 The information that we collect, process and store relating to you is used to enable us to provide our services to you, such as if you have signed up to receive marketing or if you are a user of our services, including offering you support as a user of our services.

5.2 We will only collect and process personal data for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the applicable Privacy Law. This means that personal data will not be collected for one purpose and then used for another. Further processing for archiving in the public interest, scientific research or statistical purposes shall, in accordance with Privacy Law, not be considered incompatible with the initial purpose. If it becomes necessary for us to change the purpose for which the data is processed, we will inform the data subject of the new purpose before any processing occurs.

6. Marketing

6.1 CitNOW will only send you the CitNOW Newsletter and other on brand marketing in regards to our products should you sign up to this on our website or have given us your data and consented to receiving marketing via form of communication. Should we have your contact details, such as email address, from other means of communication we will not use this for marketing purposes. If you have agreed to receive marketing, you may always opt out at a later date by selecting unsubscribe or contacting us via the get in touch section www.citnow.com/get-in-touch of our website.

6.2 You have the right at any time to stop CitNOW from contacting you for marketing purposes. You can do so by clicking the “Unsubscribe” link on the received emails.

7. Storing and destroying your personal data

7.1 We store your data on secure servers inside the European Economic Area (EEA). Some of our subcontractors are based outside of the EEA, however we have the currently necessary safeguards in place to ensure safe processing. A list of our subcontractors is available on request.

7.2 Data that is provided to us is stored on secure servers. We use AES (Advanced Encryption Standard) encryption on the personal information held on CitNOW databases. Details relating to any transactions entered into via our site will be encrypted using this standard to ensure its safety.

7.3 The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

7.4 Personal data will not be kept longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems in a safe way when it is no longer required. For guidance on how long certain data is likely to be kept before being destroyed, you can request this by emailing us at DPO@citnow.com.

8. Disclosing your information

8.1 If required to fulfil the services and in line with the purposes of processing, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries.

8.2 We may disclose your personal information to third parties under the following circumstances:

8.2.1 If we are under a duty to disclose or share your personal data in order to comply with any legal requirements or in order to enforce or apply our terms of use and other agreements;

8.2.2 to protect the rights, property, or safety of the CitNOW group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

8.3 We only disclose your information to our subcontractors as far as is necessary to provide our service. We complete all the necessary security checks and due diligence to ensure that your data is kept safe with third parties. The subcontractors only have the right to use your data to complete an obligation, they do not have marketing rights over your data. Your data may be used in the following other third party circumstances:

8.3.1 We may contract a data cleansing organisation to ensure all data is accurate and up to date.

8.3.2 All phone call recordings and messages are kept by a third party who only have processing rights to fulfil the service over your data and will not contact you.

8.3.3 Where we sell any or all of our business and/or our assets to a third party.

8.3.4 Where Our Customers have signed up for a service offering which integrates with a third-party application. In this instance the data will flow through the application to fulfill the service, and the owner of the application will have access to this data, including the content, and will be the data controller.

8.4 You may find links to third party websites on our website. These third parties have their own privacy policies within their websites which we advise You to check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

9. Accurate data

9.1 Personal data must be adequate, relevant, limited to what is necessary for the specific purpose and kept up to date. If we identify information that is incorrect, misleading or is not accurate we shall take steps to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date data will be destroyed. If you identify any data that we are holding which is incorrect, misleading or inaccurate, please advise us and we will take the necessary action to correct this.

10. Your data protection rights

10.1 CitNOW would like to make sure you are fully aware of all of your data protection rights. Every user may be entitled to the following rights, subject to refusal in circumstances outlined by the Supervisory Authority:

The right to access – You have the right to request CitNOW for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request CitNOW to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that CitNOW restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to CitNOW’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:
Email: DPO@citnow.com
Or:
Telephone: 0118 997 7740
Postal: 9 Millars Brook, Molly Millars Lane, Wokingham, Berkshire, RG41 2AD

11. Cookies

11.1 Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. On occasion, we may gather information about your computer for our services. Such information will not identify you personally, it is statistical data about our visitors and their use of our site and does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve it and make your browsing experience more useful, more relevant and tailored to you.

11.2 Some of the cookies we use will expire after you close the browser window. These are called session cookies. Some cookies last longer than this, because they are used to identify return visits to the website, for such data as keeping you logged in or for remembering your previously selected preferences.

11.3 Please see below a breakdown of cookies we use on our website and their expiry periods: