Two GDPR/PECR Policies.

Image description

Cymark has two GDPR / PECR Policies, depending upon which set of data is being refered to.

Client Information :  Data we hold and process for car dealerships and vehicle manufacturers as a Data Controller and Data Processor under the Data Protection Act and EU GDPR

Dealer Information :  Data we hold about car dealerships and our contacts with them.  These fall under PECR regulations as B2B data.

Client Information.

Each client, dealership or manufacturer, has their own agreement in place when Cymark starts working with them.  Below is a copy of the generic sections of each agreement detailing how Cymark complies with GDPR.    The data transfer and use section of each agreement is individual to each manufacturer and has therefore been left out of this example.

Customer information, collected from an individual when they make an enquiry or they purchase a product from the dealership, is retained by the dealership and vehicle manufacturer ('the client')in order for them to provide the services you have either requested or have expressed an interest in.

Processing Data Lawfully.

We process data on behalf of the client stricktly in accordance with EU General Data Protection Regulation (EU) 2016/679 ("GDPR") under the clients chosen lawful reason of legitimate interests which means the client will only use the data for the purposes for which it was collected.  For the purposes of GDPR we act on behalf of the client who is the Data Controller of Information provided to Cymark through their sites and locations.  Cymark is also a registered Data Controller and Data Processor, our registration number is Z9633571.

What personal data is processed by Cymark

Cymark is provided with details of the following personal data from the client :  Customers / Enquirers name, address, telephone number(s) , email address, current vehicle details and optionally vehicle details enquired upon.  When we talk about personal data we mean any information that can identify you as an individual such as your name and postal address.

How is that data collected.

When you visit the clients website, or visit one of their locations, the data is collected in the natural course of doing business with the client.

Do we share your data with other companies.

Cymark is the recipient of shared information from car dealerships and vehicle manufacturers.  We only receive data once the supplying client has agreed to and signed a GDPR agreement covering the sharing of personal data.

Clients pass Cymark personal information so that we can contact individuals on their behalf in order to provide an independent level of customer care that allows the individual to be separate from the sales process and to provide statistical analysis of individuals responses in order to improve the service provided by the client.

Cymark only retains the information long enough to process the it on behalf of the client and to manage the next point of contact between the client and the individual concerned.

Cymark does not pass on individual personal information to any other party other than the supplying client.

How is the data kept secure.

Our servers are protected using HTTP and SSL technology.  Whilest client data is in our care it is stored on local data servers in our premises in Yorkshire.  Data is not stored on the internet.  We always ensure that the privacy of client information is paramount when designing new systems for data processing.

Our staff are trained in data security and our polices and procedures help them to understand what is required under their obligations to us, and their responsabilities under the Data Protection Act 2018 and other privacy legislation.

How long is the data retained.

Client data, relating to individuals personal informatio, is only kept for the length of time specified by the current legislation for each catagory :  Customers and prospective customers, After which time it will be deleted.  Cymark does not hold any sensitive information on behalf of the client.

Can you access your personal data which is held by us?  (Your rights)

We are always happy to tell you what information is yours that we hold.  Under the General Data Protection Regulation you may formally as to see what personall data of yours we hold by means of a Subject Access Request and have the formal rights of rectification and under some circumstances the rights of erasure, to restrict and object to thr processing.

You may exercise these rights or ask any questions regarding our data protection policy by contacting the Data Protection Officer at and of course you have the right to complain to the UK regulatory body of the Information Commissioners Office who can be found at   notwithstanding this, we welcome any input you care to give us in the course of our normal business activity  about changes to your personal data and we will incorporate them into our records straight away.

Trust and Confidence.

Cymark Dealer Services Limited takes the utmost care to protect and secure your personal data on behalf of our client when it is in our possesson.  We only lawfully receive it from our client companies, car dealers and vehicle manufacturers, process the information and return it to the client strictly for the purpose for which it was obtained.

We will always do this with the greatest transparency possible and grant the individual their full rights under the GDPR without hesitation.  We will never divulge your data to any other organisation unless we are obliged to disclose your data by law.  We will only hold the individuals data for the periods defined by our client based upon their understanding of the current regulations and will delete it immediately afterwards.

When Cymark makes a direct marketing approach to an individual on behalf of the client we will always give the individual the option to opt out on evey occasion.

Dealer Information.

Dealership information is currently regulated by the PECR regulations.   Cymark retains business to business information for its only legitimate interests when dealing with clients - car dealers and vehicle manufactureres and prospective clients.

Dealership information is held with the same level of security and attention as individual personal data and is only retained for as long as required.

Cymark collected the dealership information we hold by :  First establishing the contact details of the company by searching online for the contact address and telephone number.   We then called the company and asked to speak to the Dealer Principal, Head of Business, Sales Manager and other senior managers within the dealership.  We ask during the call the best means of contacting the individual and if it would be alright to have their email address for future contact.

Do data lists are bought containing dealership contact deails.

How is the data kept secure.

All our servers are protected using HTTP and SSL technology.  All servers and software contained wintin them are the property of Cymark and no information is available to any outside company.  Our staff are trained in data security and our policies are designed to help them understand what is required under their obligations to us and their responsabilities under the Data Protection Act 2018.

How long do we keep the data?

The data will be kept for the length of time specified by whichever current regulation applies to B2B and PECR regulation data.