01562 320219 info@revautocare.co.uk
Login Register

Privacy Policy

Privacy Policy

Last updated: 06 December 2025

Version: 2.0

SECTION 1: INTRODUCTION AND SCOPE

1.1 About This Policy

1.1.1 This Privacy Policy explains how REV Auto ("we", "us", "our", "the Company") collects, uses, stores, and protects your personal information.

1.1.2 We are committed to protecting your privacy and handling your data in an open and transparent manner.

1.1.3 This Policy applies to all personal data we process about customers, website visitors, and individuals who interact with our services.

1.2 Legal Framework

1.2.1 We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2.2 We also comply with the Privacy and Electronic Communications Regulations (PECR) regarding electronic marketing.

1.2.3 This Policy should be read alongside our Terms and Conditions and Cookie Policy.

1.3 Policy Updates

1.3.1 We may update this Policy from time to time to reflect changes in our practices or legal requirements.

1.3.2 Material changes will be notified via our website or direct communication where appropriate.

1.3.3 The current version will always be available on our website.

SECTION 2: DATA CONTROLLER INFORMATION

2.1 Data Controller Identity

2.1.1 REV Auto is the data controller for personal information collected through our website, premises, and services.

2.1.2 We are responsible for deciding how we hold and use personal information about you.

2.2 Contact Details

2.2.1 Address: REV Auto, Kidderminster, Worcestershire, United Kingdom

2.2.2 Email: privacy@revauto.co.uk

2.2.3 Telephone: 01562 320219

2.3 Data Protection Officer

2.3.1 For data protection queries, contact our Data Protection Lead at privacy@revauto.co.uk.

2.3.2 You may also write to: Data Protection Lead, REV Auto, Kidderminster, Worcestershire.

2.4 ICO Registration

2.4.1 We are registered with the Information Commissioner's Office (ICO).

2.4.2 Our registration number is available on request.

SECTION 3: INFORMATION WE COLLECT

3.1 Categories of Personal Data

3.1.1 We collect and process the following categories of personal data:

  • Identity Data: Name, title, date of birth, gender, photograph (for ID verification)
  • Contact Data: Address, email address, telephone numbers
  • Financial Data: Bank account details, payment card details, credit history (for finance applications)
  • Transaction Data: Details of vehicles purchased, payments made, finance agreements
  • Technical Data: IP address, browser type, device information, location data, website usage data
  • Profile Data: Vehicle preferences, purchase history, feedback, survey responses
  • Marketing Data: Communication preferences, marketing consent status
  • Documentation Data: Driving licence details, proof of address, insurance documents

3.2 Special Category Data

3.2.1 We do not routinely collect special category data (sensitive personal data).

3.2.2 Where we need to collect such data (e.g., disability requirements for vehicle adaptation), we will obtain explicit consent.

3.2.3 Special category data includes: racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic/biometric data, health data, sex life/orientation.

3.3 Criminal Conviction Data

3.3.1 We may process criminal conviction data where relevant to anti-fraud measures or as required by law.

3.3.2 This is processed only where we have a lawful basis and appropriate safeguards.

3.4 Children's Data

3.4.1 Our services are not directed at children under 18.

3.4.2 We do not knowingly collect personal data from children.

3.4.3 If we become aware of data collected from a child, we will delete it promptly.

SECTION 4: HOW WE COLLECT YOUR DATA

4.1 Direct Collection

4.1.1 Information you provide directly to us through:

  • Website enquiry forms and contact forms
  • E-Agent AI assistant conversations
  • Telephone calls and emails
  • In-person visits to our premises
  • Vehicle purchase and finance applications
  • Test drive bookings
  • Part exchange valuations
  • Service and MOT bookings
  • Customer feedback and surveys
  • Marketing subscriptions

4.2 Automated Collection

4.2.1 We automatically collect certain data through:

  • Cookies and similar tracking technologies
  • Server logs and website analytics
  • CCTV at our premises
  • Call recording systems (with notification)

4.3 Third-Party Sources

4.3.1 We may receive data from third parties including:

  • Credit reference agencies (for finance applications)
  • Fraud prevention agencies
  • DVLA and other government bodies
  • Vehicle history check providers (HPI, Experian)
  • Finance lenders and brokers
  • Business partners and referral sources
  • Publicly available sources

4.4 Consequences of Not Providing Data

4.4.1 Where we need data to perform a contract or comply with legal obligations, failure to provide it may prevent us from providing services.

4.4.2 We will inform you where data provision is mandatory or optional.

SECTION 5: PURPOSES OF PROCESSING

5.1 Vehicle Sales and Services

5.1.1 Processing enquiries and providing quotations

5.1.2 Reserving vehicles and managing deposits

5.1.3 Processing vehicle purchases and part exchanges

5.1.4 Arranging vehicle preparation and delivery

5.1.5 Managing service, MOT, and repair bookings

5.1.6 Processing warranty claims

5.1.7 Managing customer accounts and preferences

5.2 Finance Applications

5.2.1 Assessing finance eligibility

5.2.2 Submitting applications to lenders on your behalf

5.2.3 Verifying identity and conducting credit checks

5.2.4 Complying with FCA regulatory requirements

5.2.5 Managing finance documentation

5.3 Legal and Regulatory Compliance

5.3.1 DVLA vehicle registration and transfers

5.3.2 Anti-money laundering (AML) checks

5.3.3 Consumer protection compliance

5.3.4 Tax and accounting obligations

5.3.5 Responding to legal requests and court orders

5.4 Business Operations

5.4.1 Managing payments and refunds

5.4.2 Debt recovery where necessary

5.4.3 Fraud prevention and detection

5.4.4 IT security and system maintenance

5.4.5 Business planning and analysis

5.5 Marketing and Communications

5.5.1 Sending promotional offers and newsletters (with consent)

5.5.2 Personalising website content and recommendations

5.5.3 Conducting customer satisfaction surveys

5.5.4 Managing marketing preferences

5.6 Website and AI Services

5.6.1 Operating and improving our website

5.6.2 Providing E-Agent AI assistant services

5.6.3 Analysing website usage and performance

5.6.4 Ensuring website security

SECTION 6: LAWFUL BASIS FOR PROCESSING

6.1 Contract Performance

6.1.1 We process data as necessary to perform our contract with you, including:

  • Processing vehicle purchases and deliveries
  • Managing service and MOT appointments
  • Handling warranty claims
  • Processing payments

6.2 Legal Obligations

6.2.1 We process data to comply with legal requirements including:

  • DVLA vehicle registration requirements
  • FCA regulations for finance brokerage
  • Anti-money laundering legislation
  • Tax and accounting laws
  • Consumer protection regulations

6.3 Legitimate Interests

6.3.1 We process data based on our legitimate interests where this does not override your rights:

  • Fraud prevention and security
  • Business development and marketing (non-electronic)
  • Improving our services and customer experience
  • Managing customer relationships
  • Internal record keeping and administration

6.3.2 We conduct legitimate interest assessments and document our reasoning.

6.4 Consent

6.4.1 Where we rely on consent, we will obtain clear, informed consent before processing:

  • Electronic marketing communications (email, SMS)
  • Non-essential cookies and tracking
  • Special category data (where applicable)
  • Sharing data with third parties for their marketing

6.4.2 You can withdraw consent at any time (see Section 11).

6.5 Vital Interests

6.5.1 In rare cases, we may process data to protect your vital interests or those of another person.

SECTION 7: DATA SHARING

7.1 Categories of Recipients

7.1.1 We may share your data with the following categories of recipients:

7.2 Finance and Insurance Partners

7.2.1 Finance lenders and brokers for credit applications

7.2.2 Insurance providers for vehicle and warranty products

7.2.3 Credit reference agencies for creditworthiness checks

7.3 Service Providers

7.3.1 Vehicle delivery and transport companies

7.3.2 IT service providers and hosting companies

7.3.3 Payment processors

7.3.4 Marketing and communications platforms

7.3.5 Customer relationship management systems

7.4 Regulatory and Legal Bodies

7.4.1 DVLA for vehicle registration

7.4.2 FCA and other regulators

7.4.3 HMRC for tax compliance

7.4.4 Law enforcement agencies where required

7.4.5 Courts and legal advisers

7.5 Fraud Prevention

7.5.1 Fraud prevention agencies and databases

7.5.2 Vehicle history check providers

7.5.3 Industry anti-fraud organisations

7.6 Business Transfers

7.6.1 In the event of a merger, acquisition, or sale, your data may be transferred to the successor entity.

7.6.2 We will notify you of any change in data controller.

7.7 Data Sharing Safeguards

7.7.1 We require all third parties to respect data security and process data lawfully.

7.7.2 We use data processing agreements with all processors.

7.7.3 We only share data necessary for the specified purpose.

SECTION 8: INTERNATIONAL TRANSFERS

8.1 Transfer Locations

8.1.1 Your data is primarily processed within the United Kingdom and European Economic Area (EEA).

8.1.2 Some service providers may process data outside the UK/EEA.

8.2 Transfer Safeguards

8.2.1 Where data is transferred outside the UK, we ensure adequate protection through:

  • UK adequacy decisions recognising the destination country's data protection standards
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Binding Corporate Rules for transfers within corporate groups
  • Other appropriate safeguards as permitted by UK GDPR

8.3 Transfer Information

8.3.1 You may request information about international transfers and the safeguards in place.

SECTION 9: DATA RETENTION

9.1 Retention Principles

9.1.1 We retain personal data only as long as necessary for the purposes collected.

9.1.2 Retention periods are determined by legal requirements, contractual needs, and legitimate business purposes.

9.2 Specific Retention Periods

9.2.1 Vehicle purchase records: 7 years from transaction date (tax/legal requirements)

9.2.2 Finance application data: 7 years from application or agreement end

9.2.3 Service and MOT records: 7 years from service date

9.2.4 Warranty claims: 7 years from claim resolution

9.2.5 Marketing consents: Until consent withdrawn plus 3 years

9.2.6 Website analytics: 26 months (anonymised thereafter)

9.2.7 E-Agent conversations: 3 years from conversation date

9.2.8 CCTV footage: 30 days (unless incident requires longer retention)

9.2.9 Call recordings: 6 months (training) or 7 years (transactions)

9.2.10 General enquiries: 3 years from last contact

9.3 Retention Review

9.3.1 We periodically review retained data and securely delete data no longer required.

9.3.2 Some data may be anonymised for statistical purposes after the retention period.

SECTION 10: DATA SECURITY

10.1 Security Measures

10.1.1 We implement appropriate technical and organisational measures to protect your data including:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security assessments and penetration testing
  • Staff training on data protection and security
  • Physical security measures at our premises
  • Incident response procedures
  • Regular backups and disaster recovery planning

10.2 Third-Party Security

10.2.1 We conduct due diligence on service providers' security practices.

10.2.2 Contracts include appropriate security obligations.

10.3 Breach Notification

10.3.1 In the event of a data breach posing high risk to your rights, we will notify you without undue delay.

10.3.2 Breaches are reported to the ICO where required by law.

10.4 Your Security Responsibilities

10.4.1 Keep login credentials and account information secure.

10.4.2 Use strong, unique passwords for any online accounts.

10.4.3 Report any suspected security incidents promptly.

SECTION 11: YOUR RIGHTS

11.1 Right of Access

11.1.1 You have the right to request a copy of the personal data we hold about you.

11.1.2 We will respond within one month (extendable by two months for complex requests).

11.1.3 We may request proof of identity before disclosing data.

11.1.4 The first copy is provided free; additional copies may incur a reasonable fee.

11.2 Right to Rectification

11.2.1 You have the right to correct inaccurate or incomplete personal data.

11.2.2 We will correct data within one month of receiving your request.

11.2.3 We may need to verify the accuracy of new data you provide.

11.3 Right to Erasure (Right to be Forgotten)

11.3.1 You may request deletion of your personal data where:

  • Data is no longer necessary for the original purpose
  • You withdraw consent (where consent was the basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed
  • Legal obligation requires erasure

11.3.2 We may refuse erasure where we have a legal obligation or legitimate interest to retain data.

11.4 Right to Restrict Processing

11.4.1 You may request restriction of processing where:

  • You contest the accuracy of data (pending verification)
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification of grounds)

11.5 Right to Data Portability

11.5.1 You have the right to receive your data in a structured, machine-readable format.

11.5.2 This applies to data processed by automated means based on consent or contract.

11.5.3 You may request direct transfer to another controller where technically feasible.

11.6 Right to Object

11.6.1 You have the right to object to processing based on legitimate interests.

11.6.2 We will stop processing unless we demonstrate compelling legitimate grounds.

11.6.3 You have an absolute right to object to direct marketing at any time.

11.7 Rights Related to Automated Decision-Making

11.7.1 You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

11.7.2 We do not currently make significant decisions based solely on automated processing.

11.7.3 Where automated decisions are made, you may request human intervention, express your views, and contest the decision.

11.8 Right to Withdraw Consent

11.8.1 Where processing is based on consent, you may withdraw consent at any time.

11.8.2 Withdrawal does not affect the lawfulness of processing before withdrawal.

11.8.3 To withdraw consent, contact us at privacy@revauto.co.uk or use unsubscribe links.

11.9 Exercising Your Rights

11.9.1 To exercise any right, contact us at privacy@revauto.co.uk.

11.9.2 We may request identity verification before acting on requests.

11.9.3 We respond within one month (extendable for complex requests).

11.9.4 There is no fee for exercising rights unless requests are manifestly unfounded or excessive.

SECTION 12: MARKETING COMMUNICATIONS

12.1 Marketing Consent

12.1.1 We only send electronic marketing (email, SMS) with your consent.

12.1.2 Consent is obtained through clear opt-in mechanisms.

12.1.3 You can unsubscribe at any time via unsubscribe links or contacting us.

12.2 Soft Opt-In

12.2.1 If you have purchased from us, we may send marketing about similar products unless you opted out.

12.2.2 Every communication includes an unsubscribe option.

12.3 Third-Party Marketing

12.3.1 We do not share your data with third parties for their marketing without explicit consent.

12.4 Marketing Preferences

12.4.1 You can update marketing preferences by contacting us or via preference centres.

12.4.2 Opting out of marketing does not affect essential service communications.

SECTION 13: COOKIES AND TRACKING

13.1 Cookie Usage

13.1.1 Our website uses cookies and similar technologies.

13.1.2 Full details are provided in our separate Cookie Policy.

13.2 Cookie Consent

13.2.1 We obtain consent for non-essential cookies via our cookie banner.

13.2.2 You can manage preferences at any time through the cookie settings.

13.3 Analytics and Tracking

13.3.1 We use analytics services to understand website usage.

13.3.2 IP addresses may be anonymised for analytics purposes.

SECTION 14: E-AGENT AI ASSISTANT

14.1 Data Processing

14.1.1 E-Agent conversations are processed to provide the AI assistant service.

14.1.2 Conversations are stored securely and may be reviewed for quality and training purposes.

14.2 AI Training

14.2.1 Anonymised conversation data may be used to improve the AI system.

14.2.2 Personal identifiers are removed before data is used for training.

14.3 Third-Party AI Services

14.3.1 E-Agent uses third-party AI services (OpenAI) for natural language processing.

14.3.2 Data shared with AI providers is subject to their privacy policies and our data processing agreements.

SECTION 15: CCTV AND CALL RECORDING

15.1 CCTV

15.1.1 Our premises are monitored by CCTV for security and crime prevention.

15.1.2 Signage notifies visitors of CCTV operation.

15.1.3 Footage is retained for 30 days unless required for investigations.

15.1.4 Access to footage is restricted to authorised personnel.

15.2 Call Recording

15.2.1 Calls may be recorded for training, quality assurance, and transaction records.

15.2.2 You are notified at the start of calls that recording may occur.

15.2.3 Recordings are retained as specified in Section 9.

SECTION 16: CREDIT REFERENCE AND FRAUD PREVENTION

16.1 Credit Checks

16.1.1 For finance applications, we share data with credit reference agencies.

16.1.2 Credit searches leave a footprint on your credit file.

16.1.3 Credit reference agencies may share your information with other lenders.

16.2 Fraud Prevention

16.2.1 We share data with fraud prevention agencies to prevent and detect fraud.

16.2.2 If fraud is detected, you may be refused services by us and other organisations.

16.2.3 Fraud prevention agencies may retain your data for up to 6 years.

16.3 Your Rights

16.3.1 You can contact credit reference agencies directly to access your credit file.

16.3.2 The main agencies are: Experian, Equifax, and TransUnion.

SECTION 17: THIRD-PARTY LINKS

17.1 External Websites

17.1.1 Our website may contain links to third-party websites.

17.1.2 We are not responsible for the privacy practices of other sites.

17.1.3 Review the privacy policies of sites you visit.

17.2 Social Media

17.2.1 Our website may feature social media plugins and links.

17.2.2 Interactions with social media features are governed by those platforms' policies.

SECTION 18: COMPLAINTS

18.1 Internal Complaints

18.1.1 If you have concerns about how we handle your data, contact us first.

18.1.2 Email: privacy@revauto.co.uk

18.1.3 We aim to resolve complaints within 30 days.

18.2 ICO Complaints

18.2.1 You have the right to lodge a complaint with the Information Commissioner's Office.

18.2.2 ICO Website: www.ico.org.uk

18.2.3 ICO Helpline: 0303 123 1113

18.2.4 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

SECTION 19: CONTACT US

19.1 Privacy Enquiries

19.1.1 For all privacy-related queries, contact:

Email: privacy@revauto.co.uk

Address: Data Protection Lead, REV Auto, Kidderminster, Worcestershire

Telephone: 01562 320219

19.2 Subject Access Requests

19.2.1 Submit subject access requests to privacy@revauto.co.uk.

19.2.2 Include your name, contact details, and description of information requested.

19.2.3 Provide proof of identity (copy of driving licence or passport).

19.3 General Contact

Website: www.revauto.co.uk

General enquiries: info@revauto.co.uk

END OF PRIVACY POLICY

Thank you for trusting REV Auto with your personal information.

Last updated: 06 December 2025 Contact Us
Back to Home
Vehicles Services £ Finance