Privacy Notice

In this privacy notice “we”, “us” and “our” refers to Auto Windscreens a trading name of Auto Windscreens Services Limited. Our registered address is: 45 Westerham Road, Bessels Green, Sevenoaks, Kent. TN13 2QB

We are registered with the ICO, registration number Z2649297

We are part of the Markerstudy Group of companies. If you want to know more about the Markerstudy Group please go to www.markerstudygroup.com/about-us.

We are a leading automotive glass repair and replacement company in the UK. We also provide Advanced Driver Assistance Systems (ADAS) calibration and claims handling services. We have partnerships with most insurance providers and brokers and a nationwide fleet of mobile service units.

We take the privacy and security of your personal information very seriously and want you to be confident that information held by us is well managed and protected. We have set out in this notice how we and/or our carefully chosen third parties collect, store, use and share your personal information.

We are a controller of your data. This means we determine the purpose for which we use your personal information and the way in which it is used. If you have engaged with us as a result of our partnership with an insurance company or insurance broker (e.g. if you make a glass claim under an insurance policy) then that third party will also be a controller of your data. In those cases we will also act as a data processor for the third party in respect of the services we provide to you.

Where a third party is involved in the use of your data we strongly recommend you review their privacy notice so you can understand how they will collect store, use and share your information.

We have appointed a Data Protection Officer to oversee our handling of personal information. If you wish to know more or want to get in touch about your data, you can contact our Data Protection Officer at: 45 Westerham Road, Bessels Green, Sevenoaks, Kent TN13 2QB or emailing: dataprotection@markerstudy.com

The information we collect about you will be different depending on the service involved and your personal circumstances, this includes information such as:

  • your general personal information such as name, address, date of birth
  • vehicle registration number
  • the personal information of other individuals relevant to the service
  • financial information such as payment card details
  • photographic images, video footage and audio recordings
  • criminal offence information relevant to a product or service if you choose to disclose it
  • special categories of personal information such as health or medical information relevant to a product or service
  • your use of our websites

If you provide personal information to us about other individuals you should:

a) make sure you only share an individual’s personal information with us if you have their permission to do so

b) share this privacy notice with all individuals whose information is provided to us

We collect information about the following types of individuals:

  • previous, current and prospective customers/policyholders
  • persons authorised to speak to us on behalf of a customer or policyholder
  • third party claimants
  • witnesses to incidents
  • experts instructed in relation to claims
  • users of the Markerstudy Group websites
  • business partners
  • drivers of a vehicle fitted with a telematics device

We may obtain personal information in a number of different ways:

  • from you or someone connected to you
  • from your insurer
  • from third party databases used by the insurance industry (e.g. DVLA, Motor Insurers Bureau)
  • from third parties (including brokers, aggregators, insurance companies, business partners and accident management companies)
  • from publicly available sources (e.g. the electoral register)
  • from insurers with whom you hold (or have held) insurance
  • from other companies within the Markerstudy Group
  • from a telematics device installed in an insured vehicle

If you have any questions about the personal information we collect and use you can get in touch.

We only collect personal information which is necessary and will only use that information when it is appropriate to do so. When an activity does not require personal information we will seek to anonymise (remove personal identifiers from) the information involved wherever possible.

We may collect information about you and your personal circumstances, in line with our contractual responsibilities to identify customer vulnerability. This can include the recording and use of special category data relevant to you and your insurance which you choose to tell us. We will use this information to help identify and assist where possible, should additional support and assistance be required. We may use anonymised data taken from this information to make improvements which help us to better meet the needs of our customers in the future.

When you purchase a policy or renew with us, we may use the Trustpilot platform to send you an invitation to leave a review and rate our service and products. You can unsubscribe at any time using the link in your invitation email and we will also give you the opportunity to opt out of receiving review invitation emails from Trustpilot at the time of purchase.

If you want to understand more about why and how we use your information please use the How to Contact Us section to get in touch.

We may collect and use your personal information for the following purposes:

a. Providing you with goods and services as part of a contractual relationship

This includes:

  • Applying for and arranging your service, referring to relevant databases to verify information provided and carry out fraud and anti-money laundering checks
  • Evaluating your ability to pay for goods and services.
  • Ongoing management of your service
  • Providing you with the services we have committed to in our contract with you and to allow you to participate in interactive features of our services / websites. This may include the transfer of your information to third parties where this is necessary for the provision of a service or product feature

This use of your personal information is a necessary part of providing you with our service. If we do not have this information we will be unable to assess and / or provide you with the services you require.

b. Where our interests mean it is reasonable and justifiable for us to do so (known as a legitimate interest)

This includes:

  • Collecting information about you from databases as described in this notice and verifying information you provide against those databases
  • Sharing information with other firms, industry and public bodies necessary to the conduct of our business
  • Recovering outstanding payments
  • Data analysis to support, review and improve our products and services
  • Audit and quality control to improve our customer service and training and to run our business well, this includes call recording or monitoring and may include the use of voice analytics
  • Strictly necessary website cookies such as those which allow the navigation and use of essential website features, or for website maintenance and improvement. More information can be found in our Cookies Policy
  • For development of our business operations, including for troubleshooting, data analysis, testing, research, statistical and survey purposes

c. Where we have your permission to do so

This includes:

  • Where personal information is supplied by an individual who holds no contractual relationship with us but gives us permission to collect, store and use their personal data (e.g. when you are a witness in relation to a claim)
  • The collection, storage and / or use of children’s personal information where this is necessary for the usage being undertaken (e.g. for the management of a claim involving minors)
  • Where you have given your consent for the use of certain types of optional website cookies, such as those which personalise your repeat visits to our websites or allow third parties to conduct web analytics. More information can be found in our Cookies Policy

d. Where there is a legal requirement to share personal information

  • To assist with the detection, prevention or investigation of criminal offences (e.g. detection of fraud, money laundering or organised crime), this includes the sharing of personal information in line with a legitimate request from a UK law enforcement agency.

Our approach to more sensitive types of personal information (criminal offence and special category information)

  • We do not actively request details about sensitive personal information including criminal offence information. However such information may be recorded if it is provided by you (or a third party) as part of the quote for service and / or claim administration process
  • When we collect, store and use more sensitive types of personal information such as special category (e.g. health or medical records) or criminal offence data, we will only do so for a specific reason and will make sure appropriate safeguards are in place to properly protect that information
  • As indicated above we may record sensitive personal information in relation to customer vulnerability
  • You can be assured that we will always minimise the use of this type of information

We may share your information with:

  • Insurers, reinsurers, partners, agents or carefully selected third parties – This is usually when a third party either provides services to us or we use a third party to fulfil a service to you on our behalf (e.g. a sub-contractor providing glass repair, replacement or ADAS calibration services on our behalf)
  • Third parties that we use to help us identify and maintain accurate information (e.g. payment card providers)
  • Other companies we partner with (e.g. insurance underwriters). We strongly recommend you also review the privacy notice of your underwriter so you understand how they will collect, store and use your information
  • Providing information required by statutory, regulatory, supervisory or otherwise authorised public bodies (e.g. the Information Commissioner’s Office)
  • Where we have a duty to disclose your personal information to an organisation under applicable law (e.g. a UK police force or court)
  • Financial crime detection agencies, providers who update on sanctions and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud
  • Third parties with whom you have given us permission to share your information or when you have agreed to benefit from an offer of service fulfilled by them (e.g. promotional vouchers)
  • Third parties in association with recovery of monies owed
  • Another company, where some or all of our business is being sold to them. To ensure service continues uninterrupted and, as part of any prospective sale, we may share personal information with the purchaser. Any prospective purchaser would be under a duty of confidentiality which covers all personal information that is shared with them.
  • Transfer of your information following sale to another company (if this happens we would specifically notify you of this and you will be able to exercise your right to object (see the your information rights section for more detail on this right)
  • Piloting improved systems and services. This may be facilitated wholly or in part by third parties.
  • Third parties where you have given permission for us to do so and it is reasonable for us to believe they are acting on your behalf

We take your security and privacy very seriously and will only share your personal information in a way that is consistent with UK data protection law.

The UK has implemented rigorous standards of data protection designed to keep your personal information safe. Whenever possible we will seek to keep your personal information within the UK. If we do need to transfer, store or use the personal information we hold about you outside of the UK, we will either verify that the location your information is being processed in is one the UK Government has determined to match the UK’s own safeguards (known as “adequacy”), or we will put in place such additional protections as are required to make sure it remains suitably secure. This means your information should keep a similar level of protection at all times.

Transfers outside of the UK may be completed by us or by our third party partners and suppliers. We include requirements necessary to protect personal data in the contracts we agree with third parties and periodically assess and review the arrangements that those third parties have in place, to make sure their information security measures are maintained in line with the requirements of data protection law and industry best practice.

We do not actively market our products and services using your personal information.

Please note that there is no personal information used in our online ad campaigns so you will need to check your browser or social media settings to avoid seeing these.

We will only keep your personal information for as long as reasonably necessary, as set out in this Privacy Notice and in order to comply with our contractual, legal and regulatory obligations.

We have in place a Document Retention Policy which controls how long various types of information should be retained. The Policy is reviewed on a regular basis to ensure that it aligns to
current legal and regulatory requirements.

It is important that you are aware that retention periods vary depending upon the
circumstances of an individual matter, but in general our retention periods for customer facing
documentation can be set out as follows:

  • quote information – usually 12 months from quote inception
  • service information – usually 7 years from date of last settlement / order
  • insurance information – usually 7 years from date of last settlement / order (this period may be extended if the claim involves a minor or the accident resulted in particularly severe injury)
  • warranty information - retained for the lifetime (of vehicle ownership) due to warranty period for workmanship
  • complaints information – usually 3 years from the complaint being resolved or the policy retention period, whichever is longer

If you would like further information regarding the periods for which your personal information will be stored, please get in touch using the Contact Us details provided in this notice.

We do not use computer systems to make automated decisions about you.

We do not use credit reference agencies.

Your data belongs to you and data protection law gives you legal rights in relation to your data. We have detailed these below and provide a short summary of our approach to each.

In some cases exercising one or more of these rights may result in us no longer being able to provide a product or service to you. Where this is the case we will inform you and give you the choice of exercising the right or continuing the product or service.

You should also be aware that we may not be able to agree to a request to exercise a right (for example when your request would negatively impact another individual, or the law requires that we do not). If this is the case we will always inform you of our decision and the reason why we have not been able to agree to it.

We will aim to respond to all valid requests within one month. We may take longer to respond if your request is particularly complex or it relates to a particularly large volume of information. If we believe your request is likely to take over one month we will engage with you to make you aware of this.

We may ask you for proof of identity so that we can satisfy ourselves that your information is only ever released to the right person. We may also ask for clarification on your request to better understand what information you wish to receive or clarify any concerns you have.

a. The right to access your personal information

You have the right to access a copy of the personal information we hold about you and certain details of how we use it.

There will not usually be a charge for dealing with these requests, although we may charge a reasonable fee to cover our administrative costs if:

  • Your request is manifestly unfounded or excessive
  • You request further additional copies of your data

b. The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.

c. The right to erasure

In certain circumstances, you may ask us to erase your personal information.

d. The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information.

e. The right to data portability

In certain circumstances, you have the right to ask that the personal information you have provided is transferred to another third party of your choice. This is most likely to be when you choose to switch a provider (e.g. moving your current account from one bank to another). All requests to move information in this way are reviewed on a case-by-case basis, to assess whether they meet the UK GDPR criteria for data portability.

f. The right to object

You may object where you have a reason based on your circumstances and we are using your personal information for our legitimate interests (see Why do we collect your personal information and how will we use it? for further details on this).

You should be aware that, as long as we can demonstrate a compelling reason to use your personal information, we may continue to do so.

g. The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

h. The right to be informed about communications following a request under rectification, erasure and restriction of processing

When we carry out a rectification or erasure of your personal information or a restriction of processing request, we are required to communicate this to the relevant recipients of that information (our suppliers and business partners). This is to make sure all necessary corrections, deletions and restrictions flow through to all records, held by us and by our business partners, which include your information. When we do this you have the right to request that we inform you who those recipients are.

i. Right to raise data concerns (complaints)

You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any collection, use or storage of your personal information by us is in breach of applicable data protection laws and regulations.

The ICO will usually ask that you try and resolve issues in relation to our handling of your information with us directly before referring your complaint to them, and we would recommend you contact us to allow us the opportunity to investigate and address your concerns.

More information can be found on the ICO's website at: www.ico.org.uk/concerns. Making a complaint will not affect any other legal rights or remedies that you have.

If you wish to exercise a right in relation to your information or have a complaint about how we collect, use or store your information, you can get in touch with our data protection team using:

dataprotection@markerstudy.com

Or by post at:

Data Protection Officer, 45 Westerham Road, Bessels Green, Sevenoaks, Kent. TN13 2QB.

When you make your request by electronic means, the information will be provided to you by electronic means whenever possible.

We keep our Privacy Notice under review and will update it to reflect important changes which affect how we use your personal information or how we are require to communicate its use to you.

Those changes may be due to government regulation, new technologies, or other developments in data protection laws or privacy generally.

You should check our website periodically to view the most up-to-date Privacy Notice.

This Privacy Notice was last updated on: 14 March 2022.