Mazda UK Privacy Policy


 

Key Summary

We process your personal information only for the following purposes: vehicle loans, press events, market research, providing updates on network dealer changes, responding to general enquiries and requests sent to us, marketing analytics, personalised communications and direct marketing.

As part of our processing for these purposes, we share your information with suppliers who act on our behalf for services such as logistics travel agents database management, IT support, website support and marketing services.

This Policy explains what data we process, why, how it is legal and your rights.

 

About Mazda UK and this Privacy Policy

This Privacy Policy is provided by Mazda Motors UK Limited ("Mazda UK", "we" or "us") who is a controller in respect of your personal data for the purposes of the General Data Protection Regulation (EU) 2016/679 and the UK Data Protection Act 2018 (collectively referred to as the "Data Protection Laws"). Keeping your data safe is important to Mazda UK and this Privacy Policy explains what personal data we process, why we hold the data, what legal basis we rely on and what your rights are. Please take time to read this carefully.

 

How to contact us

To get in touch with Mazda UK with any queries about how we process your data , please contact us by:

Email:                       mazdaukdpo@mazdaeur.com

Address:                  Mazda UK DPO, Mazda Motors UK Limited, Victory Way, Crossways Business Park Dartford, Kent, DA2 6DT

Telephone:               03457 48 48 48

 

What information do we collect?

The personal information provided by you to us falls within the following categories for both car purchases and service visits:

  • Contact details - Includes your full name, address, contact information including telephone and email address details.
  • Other data- Passport, Driving licence and driving record
  • Website, electronic communications and app device usage – We will collect information such as if you open or engage with our email communications or if you use the Mazda website platforms: www.mazda.co.uk, Mazda dealer websites, online brochures or if you have registered an account on the My Mazda ownership App. We will collect usage, browser and online behaviour information through cookies, your IP address, web beacons, cross-device/ cross-context technology, registration based ID’s or other unique identifiers provided to us by customers as well as other storage/tracking technologies such as web analytics services provided by Google Analytics. Information gathered includes pages visited, the country you access our site from, where you joined our site from, the path you take through our sites and where you leave, browser, plug-ins you have installed on your browser, browser language, JavaScript objects, type of device, and how long you visited for including collecting your mobile device location details (if permitted within the App settings). We will use cookies based on your consent for Marketing Cookies on our websites and these will be for Mazda UK as well as third parties such as Facebook. You can read more about the respective cookie policies and how to refuse the use of cookies on www.mazda.co.uk/cookies.
  • Facebook – when you visit our Facebook fan page (https://www.facebook.com/MazdaUK/) your personal data can be processed for market research and advertising purposes: for example, when use profiles are constructed on the basis of interests identified through use behaviour and these profiles are utilised in placing advertisements. Usually, your data will be processed by cookies stored on your computer. This fan page is provided on the basis of our agreement with Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on joint processing of personal data under GDPR Article 26 (“Page Insights Controller Addendum” https://www.facebook.com/legal/terms/page_controller_addendum). This agreement does not allow decisions concerning the processing of Insights Data to be made or implemented by us alone. Facebook takes primary responsibility under the GDPR for the processing of Insights Data and for compliance with all duties arising from the GDPR in respect of the processing of Insights Data.
  • Email & Call Tracking, Call Recordings and Live Chat – We will collect any personal data provided to us as part of the live chat services and we will track emails, calls and record calls for quality and monitoring purposes.

 

How do we use your information and lawful basis for processing?

We use your personal data for the following purposes, and we are allowed to do so, on certain legal bases which are outlined below.

  • Legitimate Interests – We are permitted to process your personal data below if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interest of Mazda UK. To do so, we have considered the impact on your interests and rights and have placed appropriate safeguards to ensure that the intrusion to your privacy is reduced as much as possible. Our legitimate interest in processing the personal data below for the purpose specified is to provide you with useful services and information. We only use your personal data for the purposes specified and process personal data that is necessary for these purposes:
    • Journalists Requests – To fulfil requests you submit to us such as, brochure request or other type of request submitted through Mazda web platforms or app directly to MMUK
    • Marketing Communications - We will get in touch to provide you with information on relevant Mazda UK products and services as well as latest news such as all new models, promotions and events. You will always have the option to opt out of any further marketing communications. (See How you can amend your preferences later). We will also use the online data gathered to create profiles and to learn about your journey across the Mazda digital ecosystem including our website and app platforms. We will link the personal information you have shared with us via a form submission e.g. newsletter or test drive request to the browser information you linked to a device cookie or to existing tracking or profiling information to offer and improve the personalised experience within the marketing communications we provide. To learn more about the different IDs being set within the Oracle CX Marketing Platform and to review their privacy policy, please refer to the following link (https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html). We will use information gathered to support measurement services and targeted online adverts on Facebook or on other third party sites.
    • Market Research – We may contact you from time to time to invite you to participate in market research studies such as mystery shopping or other types of research.

Contractual

    • Warranty and Roadside Assistance services: If we have loaned you a Mazda vehicle, Mazda UK will share your information with our breakdown provider in the event that you should require the use of their services
    • Test Drive Events – To use the data to arrange flights and accommodation as well as test drives at press launches for new vehicles
    • Press vehicle loans – to deliver and collect MMUK vehicles from either your work or home address

Consent

    • Legal Obligation
    • DVLA Checks – Your data will be inputted into the DVLA to confirm your licence eligibility to drive one of our vehicles
    • Requests from authorities - We will share your personal data with the police, other law enforcement or regulators where we are required by law to do so.

Vital Interests

    • 112 Based Emergency Calls – The system will send an automatic emergency message to an emergency call centre in case of a crash of the vehicle, where a decision is made on the appropriate response to the alert (fire brigade, police or ambulance call centre).

 

Who will handle your data?

We will never sell your information to third parties and will only provide your data to the third parties as detailed above to fulfil the relevant services. Mazda UK uses the following Mazda entities as processors to provide certain services and have access to your personal data in the process:

 

Who information is shared with Personal data
Mazda Motor Europe GmbH – Database management services
  • Contact details
  • Customer services
  • Vehicle Information
Mazda Motor Corporation - Vehicle and product quality support
  • Vehicle Information

 

Mazda UK will ensure that all processors (e.g. IT hosting, database management, customer contact providers, security etching, finance and contract administration, warranty and roadside assistance providers, marketing fulfilment, Mazda dealers) who are handling your data, comply with the Data Protection Laws and that data is only stored within the EEA, where possible. Mazda UK has agreed for your data to be transferred to countries outside of the EEA to fulfil specific processing. To comply with the Data Protection Laws, all our processors are required to provide evidence that they have appropriate levels of technical and operational security measures in place to protect your data, and we have a process in place to ensure these processors comply with their obligations. Data processed whilst visiting our Facebook fan page may be processed outside the EU. Facebook, Inc., as a Privacy-Shield certified US provider involved in processing your data, has agreed to comply with EU data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (version: 02/11/2018).

 

How long do we keep your information for?

Where we are storing website data against unique ID’s, as this data is processed in a way that does not identify you as an individual, this data will be kept indefinitely for historical reporting purposes. Where we are storing cookie data linked to personal information, we will store this cookie for 2 years unless you delete it from your browser settings or if you opt out from all marketing cookies on our website. Call tracking and recordings are kept for no longer than 6 months and for the live chat service we will collect any personal information that you provide as part of the live chat and it will be stored for up to 6 months to enable us to fulfil your enquiry We will retain your personal data for as long as you own a Mazda car and up to 7 years from when we are aware that you no longer own your car, to ensure we are able to deal with any queries you may have on your Mazda or to support any product recall and legal claims process. We may hold this data for a longer period, if we are legally required to do so. Vehicle information retained for 112-Based Emergency Call System is kept for a maximum of 13 hours from the moment an Emergency call system was initiated.

 

How you can amend your marketing preferences

If you do wish to stop receiving communications from Mazda UK, you can do this in the following ways:

 

Your Rights

Under the Data Protection Laws you have the following rights in relation to your personal data:

  • Right to object to processing of your personal data
  • Right to request a copy of your personal data and information on how we process it
  • Right to request to move, copy or transfer your personal data (data portability)
  • Right for your personal data to be erased
  • Right for your personal data to be corrected in a timely manner
  • Right to ask us to stop contacting you with direct marketing
  • Right to restrict your personal data being processed

To exercise your rights please contact the Mazda UK Data Protection Officer using the contact details provided in the section headed "How to Contact Us". We will ask you for information to confirm your identity and we will then respond to your request within 30 days from when we have received your request. As a UK Company, MMUK's local supervisory authority is the UK Information Commissioner's Office (ICO). Please visit the ICO website (www.ico.org.uk) for more details. You have a right to complain to the ICO if you believe your personal data has or is being used in a way that you believe does not comply with the Data Protection Laws.

Web Analysis, Monitoring and Optimisation

Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.

Data transfer to the US is possible, where the level of data protection may not be comparable to that of the EU area. The transfer will be legitimised by Standard Data Protection Clauses pursuant to Art. 46 (2) (c), (5) GDPR. Furthermore, additional measures have been implemented where necessary. If you consent to the use of this service, the transfer will be also legitimised pursuant to Art. 49 (1) (a) GDPR.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures in which the relevant user information for the aforementioned analyses is stored. This information may include, for example, content viewed, web pages visited and elements and technical data used there, such as the browser used, computer system used and information on times of use. If users have consented to the collection of their location data, these may also be processed, depending on the provider.

The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Profiles with user-related information (Creating user profiles), Optimization.

Security measures: IP Masking (Pseudonymization of the IP address).

Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Art. 49 para. 1 lit. a GDPR.

Technologies used: Cookies, Pixel, Tagging, Data modelling.

Location of Processing: This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

  • European Union

Duration to store the data: The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

  • The data will be deleted as soon as they are no longer needed for the processing purposes.
  • The Maximum age of cookie storage: 2 years

Distribution to third countries: This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.

  • United States of America

Data Recipients: Alphabet Inc., Google LLC, Google Ireland Limited

Services and service providers being used:

Google Analytics: Web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy.

Click here to opt out from this processor across all domains: https://tools.google.com/dlpage/gaoptout?hl=en

Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online services (please refer to further details in this privacy policy). With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies are stored. Google only receives the IP address of the user, which is necessary to run the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com;

Privacy Policy: https://policies.google.com/privacy.

Changes to this Privacy Policy

The Privacy Policy will be provided to you by email or a copy can be provided to you by getting in touch with us, see section headed "How to contact us". We may change this Privacy Policy from time to time and we will alert you when changes are made.