GDPR and your information

What is GDPR?

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the EEA, and applies to an enterprise established in the EEA or—regardless of its location and the data subjects' citizenship—that is processing the personal information of data subjects inside the EEA. 

What information do you store?

I try to keep stored information to a bare minimum, the following is a full list of information I store about the customer and their vehicles and how regularly this information is stored.

Personal information

1. First name - Always.

2. Last name - Always.

3. Customers postcode - Rarely.

4. Email address if requesting a diagnostic report be sent - Always - This will not be used for any other purpose or forwarded on to any other 3rd party.

5. Customers phone number for quote purposes and to confirm bookings - Rarely stored.

6. General notes based on customer requests such as quotes, parts quoted, prices. - Always.

7. All emails between me and the customer - Always.

Stored  vehicle information

1. Vehicle make - Always.

2. Vehicle model - Always.

3. Vehicle full registration plate - Always.

4. Vehicle full 17 digit VIN number - Always.

5. Vehicle colour - Always.

6. Vehicle mileage - Always.

7. Vehicle engine size - Always.

8. Vehicle fuel type (petrol, diesel or electric) - Always.

9. Vehicle manufacture year - Always.

10. Full list of fault codes with date and time stamp - Always.

11. General notes to include customer requests, vehicle symptoms, updated mileage if a second or more visit to vehicle, additional vehicle faults, light statuses. - Always.

12. All emails between me and the customer - Always.

Why do you store this information?

I store this information to give me and my customers (at the customers request) a history of the vehicle and fault codes, it allows me to see if it is an ongoing or reoccurring problem with the vehicle, it also allows me to keep a record of parts fitted for parts warranties.

How Long do you store information for?

I store the information indefinitely or until I feel the information is no longer needed due to age or if the customer has sold the vehicle, No information would be passed to the new vehicle owner. 

we will not keep your personal details for any longer than we feel is neccesary and once it is no loger needed it will be securely destroyed.

If we sell or trade in any of our equipment then all customer data is always securely destroyed before the system is reset back to factory settings.

Who has access to my information?

Medway Diagnostics is a sole trader business so any information we collect on any of our platforms including email is only accessible by myself .

In the event of a manufacturer system being used for programming, manufacturers will store the vehicle VIN number, system being programmed (for example airbags or power steering) software version currently installed, Software version downloaded to system, programming procedures run, both failures and successfull, no personally identifiable information is put into the system to be uploaded to manufacturers. Each manufacturer has their own GDPR policies, if you are unsure or need more information, please contact your manufacturers customer services who will be legally bound to send you their GDPR policy.

We will never pass on or sell your personal details or vehicle details to any third party including main dealers or vehicle manufacturers.

If for example a garage was to request any details about you or your vehicle we would only give details with your express written permission via email, we would first discuss with you what details the garage is requesting and what information you would like us to pass on, You are well within your rights to decline this if you so wish.

Where is my information stored?

All of the above stored information is stored on one system which is my main diagnostic platform, it is backed up to a file which is only readable using a Snap-on diagnostic System, this file is stored on a separate hard drive and securely deleted after each backup, customer information is backed up monthly in case of a system crash.

Invoices are stored on Microsoft one drive and within emails to the customers.

All emails are through Microsoft office 365 Outlook

Microsoft office 365 is fully GDPR compliant, you can read their privacy policy here: https://privacy.microsoft.com/en-gb/privacystatement

Do you store payment or card information?

No credit or debit card information is stored by Medway Diagnostics, myself, or any systems used.

I use PayPal Zettle for card payments.

Amounts charged are sometimes stored in the general notes section of your vehicle job card, we do not store the payment information such as paypal email address or card numbers.

Paypal is fully GDPR Compliant, you can read their privacy policy here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Can I get access to my information?

Yes you can, This is called a subject access request, you can request this in writing via email, its free and you can expect all information including vehicle, personal, emails and text messages to be sent to you within 30 days of receiving the request, If there is a delay for any reason then I will keep you updated throughout.