Privacy Notice
Parts Alliance Group Ltd is one of the UK’s leading suppliers of automotive parts registered in England under company number 01779084. Parts Alliance Group Ltd and its subsidiary brands, our ultimate holding company and its subsidiaries (“GSF Car Parts”, “The Parts Alliance”, “we” or “us”) are committed to respecting your privacy and to complying with applicable data protection and privacy laws.
What kinds of personal information about you do we process?
The precise details of the personal information we collect and process about you will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you:
• Personal and contact details, such as title, full name, contact details and contact detail history
• Records of your contact with us such as via the phone number of your local branch and, if you get in touch with us online or via email
• Details of transactions you carry out through our branch network or online services
• Information about your computer, including where available your IP address, operating system and browser type, behavioural and browsing data.
• Analysis of marketing data including history of communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you.
• Insights about you and our customers gained from analysis or profiling of customers
What is the source of your personal information?
We’ll collect personal information from the following general sources:
• From you directly, and any information from colleagues, associates or beneficiaries of products and services
• Account sign up/application process
• Information generated about you when you use our products and services
• Browsing data and behaviour when using our online platforms
• From sources outside our business which may include our group of companies
How do we use the information we collect about you?
• to process your order or manage your account
• to contact you for your views on our services
• to notify you about important changes or developments to our site or services
• to provide a more personalised online experience
• to provide tailored communications
• for record keeping purposes
• to keep you informed about our products and services that we offer
• for market research purposes
• to allow you to participate in our reward or loyalty schemes
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarnas privacy statement.
Our use of Cookies on our websites
When you browse one of our websites we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and to deliver a better and more personalised service.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.
These 4 types of cookies are used across our group websites:
Essential Cookies
These are used to help distinguish each user on our website and to ensure they have a seamless buying experience. These cookies carry out essential functions like enabling you to search for parts using your vehicle details, remembering what you’ve added to your shopping basket and keeping you securely logged in throughout the ordering process.
Functional Cookies
This website also uses functional cookies to remember any preferences that you’ve set and improve the online experience. Examples include the cookies used to enable our live chat support function and cookies that are used to remember your details for next time you visit the site.
Performance Cookies
These analytical cookies collect anonymous data on how visitors use the site. This data enables us to improve the website and to ensure the site is easy to use and remains user-friendly
Other Third Party Cookies
We also use cookies from other external sites to add extra functionality, examples include cookies to enable you to interact and share pages from this site with social media such as Facebook and Twitter. We also use third party cookies to track users who have visited the site by clicking on an affiliate’s link.
Please note that our advertisers may also use cookies, over which we have no control.
Where applicable; our website may save the contents of your basket when you haven’t completed a transaction. If you quit our website without placing an order the system will remember the items you added to your basket and send you an email with a reminder. We do this to make sure your shopping experience is as hassle-free as possible. If you do not want to receive these emails in the future, please click on the unsubscribe link at the bottom of the email you have received.
How does the organisation protect data and disclose your information?
We take the protection of your information seriously and have appropriate physical and technological security measures in place to keep it safe. Internally, we restrict access to personal information. Only employees who need the information in order to do their jobs have access to it.
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. Your personal information may also be shared with trusted service providers acting on our behalf who provide services such as: web hosting, web analytics and integration, customer service web chat and ticketing, order fulfilment, data analysis including data personalisation, infrastructure provision, email marketing data, review sites of our services, auditing services and other services to enable them to provide services, our courier companies who may deliver your orders, our affiliate websites and garage partner networks, third party suppliers who manage our secure payment platform and credit card processing.
We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
How long will we keep your information?
We only retain your information for a limited period in order to respond to your query, provide you with the information you require or to send you updates on our products and services for as long as you indicate that you are happy for us to do so. We are required to keep some records for a longer period of time to meet our legal obligations, accounting, warranty or reporting requirements.
Your Rights
You have certain rights over your personal information. These include the right to access a copy of your personal information, or have some elements of it transmitted to you or another company in a common electronic format. In certain circumstances you can have your personal information corrected or erased, or you can restrict our use of it. You also have the right to object to the way we use your personal information.
If you request a copy of your information, we reserve the right to charge £10 to cover the administration costs involved.
We want to make sure that your personal information is accurate and up to date. Therefore, if you think any information we hold about you is incorrect or incomplete, please email or write to us at the addresses given below so we can update our records.
Email: sar@thepartsalliance.com
Post: The Parts Alliance, Subject Access Request, Knutsford Way, Sealand Road Industrial Estate, Chester, CH1 4NS.
You have the right to make a complaint to the Information Commissioner's Office (ICO); however, we would appreciate the chance to deal with your concerns before you approach the ICO so please get in touch.
This privacy notice was last updated in January 2021.
Privacy Notice
Privacy Notice
1. INTRODUCTION
Hello, and thank you for stopping by. This Consumer Privacy Notice “Notice” explains how your Personal Data is collected, used and disclosed by GSF Car Parts Limited and its subsidiaries (hereinafter referred to collectively as, “GSF” or “we”, “our”, “us”).
2. USEFUL INFORMATION
We have included some information here that may be helpful to you as you read through the Notice.
Our GSF Privacy and Data Protection Officer ensures that we are clear and fair about how we use your personal data and comply with any law that may affect your privacy. You can contact the Privacy Officer through email at: DataProtection@gsfgroup.com or by mail at 15th Floor 6 Bevis Marks, Bury Court, London, EC3A 7BA.
You are the consumer, data subject or individual. This can be someone who visits our website or stores, or purchases goods or services from us in person, via phone, in writing, or online. You may also be an owner or employee of a company that we conduct business with.
By personal data (also called data), we mean the information we have gathered about you, either because you’ve given it to us or we’ve collected or generated it. This is information that relates to and identifies you or can be used to identify you, like your name, email address, account data or digital identifiers, like IP address and cookies.
The data controller of your data is the GSF legal entity with which you conduct business or interact, This means that they decide how and why your personal data is processed.
Processing your data just means anything we do with it – collecting it, using it, storing it, sharing it, and deleting it.
3. SUMMARY CONSUMER PRIVACY NOTICE
We encourage you to read the full Consumer Privacy Notice below, but if you just need a quick view of how we collect and process your personal data, it’s available to you.
3.1 The personal data we collect
We collect and processes a range of data about you. This may include:
- Basic personal data
- Contact data
- Transaction data
- Digital data
- Website usage and other technical data
- Our insights about you based on analytics
- Financial data
- Biometric data
3.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
- From you directly
- From you indirectly
- From other people
- From monitoring devices
- From publicly available sources
- From sources outside our business
3.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law. We may use your data:
- To communicate with you
- To provide our products and services to you and otherwise conduct our business
- To ensure we are paid
- For marketing and loyalty programs
- For research and development
- To address claims, issues or concerns
- For safety and security
- To comply with legal or regulatory obligations
- To make changes to our business
3.4 Cookies
When you log onto or browse one of our websites, we may use a cookie file which is stored on the hard drive of your computer. You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do.
3.5 Who has access to your personal data
Personal data may be stored in a range of different places, like your account file and in IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access your personal data to perform their job.
3.6 How we safeguard your personal data
We have technical and organisational measures in place to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure and access. You also play a role in safeguarding your data online.
3.7 Cross border transfers of your personal data
Regardless of where you live, we will only transfer your data if we are confident that it will be appropriately safeguarded, for example by using contractual or other measures as required by law.
3.8 How long we retain your personal data
We will retain your personal data for as long as we need to to fulfill the purposes outlined in this Notice or as required by law. If we no longer have a business or lawful need to process your personal data, we will either delete or anonymise it where possible.
3.9 Your rights as a consumer
Depending on where you are located, you may have the right to require us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
3.10 Challenging compliance and exercising your rights
You can contact DataProtection@gsfgroup.com, the legal entity with whom you interact, or the regulatory authority if you have any questions or concerns about this Notice, or to exercise your rights.
4. FULL CONSUMER PRIVACY NOTICE
We are committed to protecting the privacy and security of all personal data, and to being transparent about how and why we collect and process your data. We update this Notice from time to time and encourage you to revisit to stay informed of how we are using personal data.
In this Notice we cover:
4.1 The personal data we collect
4.2 How we collect your personal data
4.3 How we use your personal data
4.4 Cookies
4.5 Who has access to your personal data
4.6 How we safeguard your personal data
4.7 Cross border transfers of your personal data
4.8 How long we retain your personal data
4.9 Your rights as a consumer
4.10 Challenging compliance and exercising your rights
4.11 Country specific information
4.1 The personal data we collect
Personal data marked with an asterisk (*) may be considered special category or sensitive data.
We collect and processes a range of data about you. This may include:
Basic personal data like your name and if you are a business client your employer and job title.
Contact data like your telephone number and shipping, billing or email address. It may also include any records related to your contact with us, such as the phone number or email address you contacted us from.
Transaction data related to activities you carry out at our physical locations, online services or in the course of carrying out other services we provide to you.
Digital data like your Internet Protocol (IP) address, preferences, operating system and browser type, behavioural and browsing data.
Website usage and other technical data, like details of your visits to our websites, marketing communications and whether you open them or click on links, or data collected through cookies and other tracking technologies.
Our insights like information about products or services we think you may be interested in based on our analytics and customer profiling.
Financial data* like payment related data, bank account details or data required to perform a credit check if you have payment terms with us.
Biometric data* like a recording of your image that may be captured on CCTV if you visit one of our stores or your voice if we record a call when you contact us.
Any other personal data relating to you that you may provide in the course of your business interactions with us.
4.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
From you directly during the account sign up or application process, or when you interact with us.
From you indirectly when you use our products and services and interact with our website and other online platforms.
From other people like your employer, business associates or beneficiaries of our products and services if you are conducting a business to business interaction with us.
From monitoring devices like CCTV, telephone logs and recordings. We will do our best to make it clear to you that your data is being collected at that time.
From publicly available sources, like company websites or other public platforms like LinkedIn where you have made your data available.
From sources outside our business, which may include other business entities within our group of companies or other strategic business partners
4.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law.
If you live or do business in the United Kingdom (UK) or European Economic Area (EEA), the use of personal data must be justified under one of a number of legal bases. The principal legal bases that justify our use of your personal data are:
- Contract performance: Where your data is necessary to enter into or perform our contract with you
- Legal obligation: Where we need to use your data to comply with our legal obligations
- Legitimate interests: Where we use your data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights
- Legal claims: Where your data is necessary for us to defend, prosecute or make a claim against you, us or a third party
- Consent: Where you have consented to our use of your data
Regardless of where you live or do business, we may use your data for the following purposes:
To communicate with you
- To contact you for your views on our products and services
- To notify you about important changes or development to our business, products or services
- Where available, to communicate with you in your preferred language
UK/EEA Legal bases: Contract performance, legitimate interests
To provide our products and services to you and otherwise conduct our business
- To process your order and manage your account
- To provide you with personalized online experience and tailored communications
- For record keeping purposes
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
To ensure we are paid
- To process credit card, e-transfer, cheque or other types of direct payments made to us
- To assess the risk of extending you credit through a payment plan
- If you fail to pay us per our contractual terms, to recover what we are owed through debt
collection agencies or taking other legal action
- To issue payments or credit to you as required
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
For marketing and loyalty programs
- To allow you to participate in our reward programs or loyalty schemes
- To allow us to manage our warranty program
- To keep you informed about the products and services that we offer
UK/EEA Legal bases: Contract performance, legitimate interests; consent
We will provide you with the option to unsubscribe from or opt-out of further marketing communication on any electronic communication sent to you.
For research and development
- To understand how you interact with our stores, shops or website so that we can make improvements and service you better
- To understand what you and people or businesses like you require so that we can meet your needs as a consumer
UK/EEA Legal bases: Legitimate interests
We will provide you with the option to unsubscribe from or opt-out of further use of your data for research purposes, or will anonymise your data so that you are unidentifiable.
To address claims, issues or concerns
- To investigate concerns or complaints about or from our employees or customers
- To respond to and defend against legal claims
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
For safety and security
- We may use CCTV and other location and recording devices for safety purposes
- We conduct monitoring to protect our customers, employees, authorised visitors, and property
- We may use server log data for security purposes, like detecting intrusions into our network
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
To comply with legal or regulatory obligations
- To comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorized by applicable laws, court orders, government regulations, or
regulatory authorities whether within or outside your country
UK/EEA Legal bases: Legal obligations; legal claims; legitimate interests
To make changes to our business
- At any time, we may sell, transfer or assign any or all of our rights to any part of our business, including our interests, rights or obligations regarding your account with us. If we do so, we
may share your personal data with prospective purchasers, transferees or assignees.
UK/EEA Legal bases: Legitimate interests.
There may be unique circumstances where we must process your personal data in the vital interest of you or another person, or in the public interest. Where we process special categories of data, we will ensure that we do so only for the allowed legal bases.
4.4 Cookies
When you log onto or browse one of our websites, we may collect data about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies help us to improve our website and to deliver a better and more personalized experience to you. This data is used to analyse trends, to administer the website you are visiting, to track movement around the website and to gather general demographic data about our visitor base. Cookies identify you as a number – no other personally identifiable data will be collected through them.
You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do so.
There are four types of cookies that we may use:
- Essential cookies, that help us to distinguish each user of our websites and allow our websites to function as they should
- Functional cookies remember any preferences you’ve set or purchases you’ve made and are there to improve your online experience
- Analytics cookies are analytical cookies that collect anonymous data about how visitors use the website, allowing us to make improvements to ensure our websites are easy to use
- Advertisement cookies are used to provide visitors with customized advertisements based on the websites you’ve visited and how you have interacted with the websites. These cookies also allow us to track who has visited our website by clicking on our affiliate links
Our advertisers or other third-party websites where we post content, like LinkedIn or Twitter, may also use cookies over which we have no control. Please check out the privacy notice on their websites for information about how they use cookies and otherwise manage your personal data.
4.5 Who has access to your personal data
Personal data will be stored in a range of different places, like your account file and other IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access them to perform their role.
Internal access
We take the security of your personal data seriously. We have appropriate policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by our employees except as required for their job.
- Our group of companies may share your personal data internally to any legal entity within our group of companies
- Sales and Marketing team members who may require access to your personal data to perform general sales, marketing and account management functions
- Front Line Workers who may interact with you in person if you visit one of our stores or call our customer service numbers
- Information Technology team members who may require access to your personal data to perform general information technology functions, such as to provide IT support to you, administration of IT systems and monitoring, analytics, to support the investigation of consumer or employee concerns, or for other purposes as described in this Notice.
- Others, like employees supporting the finance, audit, legal, or other functions, if access to the data is necessary for the performance of their job
Service providers
Where we engage service providers to process personal data on our behalf, we only use service providers who limit their processing to the purpose described in the agreement and implement appropriate technical and organizational measures to meet the privacy requirements of the jurisdiction in which they are providing the service, and our requirements.
- IT platforms who own or manage the platforms that we use, like for customer management and sales management
- IT services who may perform data analytics and infrastructure provisioning
- Website service providers who perform web hosting, web analytics and integration and other website activities necessary for the purposes described in this Notice
- Order fulfillment service providers from who we ship products you have purchased direct to you, or the couriers used to make the delivery or otherwise fulfill our obligations set out in our agreement with you
- Customer Service providers may be used to support our web chat (where available), issue ticketing or other customer support as required to meet the needs of our customers
- Marketing providers may manage marketing emails, opt-outs or other marketing related activities
- Payment networks who manage our secure payment platform and credit card processing
Third parties
We may share your personal data with our affiliates and partner networks to enable them to serve you better. We may also share your data with a third party in the context of a sale of some or all our business. In those circumstances the data will be subject to confidentiality arrangements.
If you are a business, we may share your contact data like company phone and address (but not your email) with the third parties with which we have a relationship, so they may offer you the services they already provide to us, like uniforms or stationary. We do not sell your data.
You can opt-out of this disclosure of your personal data by contacting us as described in Section 10 – Challenging Compliance and Exercising Your Rights, but it may mean that we can’t provide you with the service you are requesting.
4.6 How we safeguard your personal data
We have technical and organisational measures in place, including but not limited to policies, physical, and technical safeguards, all designed to protect the personal data collected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access.
You can also help us to protect your personal data. If you receive an email that looks like it is from us asking for your personal data, do not respond. We will never request your password, username, credit card data through email. You should never share your login credentials or password with anyone. Even though we have put mechanisms and procedures in place for the protection of your personal data that are considered effective, because there are bad actors out there, no data transmission (including over the internet or on any website) can be guaranteed to be secure.
4.7 Cross border transfers of your personal data
Where your personal data is being transferred to countries outside the UK either by us or by third party service providers acting on our behalf, we will ensure that those transfers are adequately protected, by putting in place the necessary organisational and technical measures, and guarantee the lawful processing of your personal information in accordance with the relevant law.
If you are based in the UK or EEA, your data may be transferred to countries outside the UK or EEA, only if we are confident that the same data protection safeguards that we deploy will be deployed, for example we may take contractual or other measures to ensure that your personal data is protected in accordance with applicable data protection laws.
4.8 How long we retain your personal data
Unless a longer retention period is required by law, we will keep your personal data for as long as we need to in order to fulfil the purposes outlined in this Notice. Generally, this means we will keep your personal data so we can respond to your requests when you interact with us in any way, to provide you with products and services or to send you updates on our products and services for as long as you want us to. We are required to keep some records for a longer period of time to meet our legal obligations. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it in accordance with our retention processes wherever possible. We will only use anonymisation where we have a reasonable need to retain the data
4.9 Your rights as a consumer
We have summarised your rights in this section. You may have the right to require us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
We do our best to respond within a month, however it may take us longer than a month if your request is complex. We may also ask you for clarification about your request to speed up our response and to make sure that we meet your needs. If we expect our response to take more than a month, we will let you know. We do not discriminate against consumers who exercise their rights.
In some instances, we may refuse to comply with your request. For example, where the data relates to another individual or where an exception applies, like legal privilege. Remember, if you are a
business customer, we can only share data we hold that is about you as an individual, not business data. If we refuse your request, we will inform you of the reason. You can challenge our refusal.
We want to keep your data accurate and up to date, so if you think any personal data that we hold about you is incorrect or incomplete, please contact us.
4.10 Challenging compliance and exercising your rights
You can make a request to exercise your privacy rights, ask any questions about this Notice or challenge our compliance with applicable privacy laws by contacting the GSF Privacy and Data Protection Officer at DataProtection@gsfgroup.com or in writing to: Attn: GSF Privacy and Data Protection Officer – 15th Floor 6 Bevis Marks, Bury Court, London, EC3A 7BA.
You have the right to contact the UK regulatory authority, but we would like to have the opportunity to address your concern before you do.
If you need more information on your rights as a data subject, or if you want to lodge a complaint to the Information Commissioner’s Office, please visit https://ico.org.uk/.
1. INTRODUCTION
Hello, and thank you for stopping by. This Global Consumer Privacy Notice “Notice” explains how your Personal Data is collected, used and disclosed by Uni-Select Inc. and its subsidiaries, many of which operate under GSF Car Parts®, Bumper to Bumper®, FinishMaster® or other store logos (hereinafter referred to collectively as, “Uni-Select” or “we”, “our”, “us”).
2. USEFUL INFORMATION
We have included some information here that may be helpful to you as you read through the Notice.
Our Global Privacy and Data Protection Officer ensures that we are clear and fair about how we use your personal data and comply with any law that may affect your privacy. You can contact the Privacy Officer through email at: privacy@uniselect.com or by mail at: Attn: Global Privacy and Data Protection Officer – Uni-Select, 170 Industriel Blvd. Boucherville QC (Canada) J4B 2X3.
You are the consumer, data subject or individual. This can be someone who visits our website or stores, or purchases goods or services from us in person, via phone, in writing, or online. You may also be an owner or employee of a company that we conduct business with.
By personal data (also called data), we mean the information we have gathered about you, either because you’ve given it to us or we’ve collected or generated it. This is information that relates to and identifies you or can be used to identify you, like your name, email address, account data or digital identifiers, like IP address and cookies.
The data controller of your data is the Uni-Select legal entity with which you conduct business or interact, many of which operate under GSF Car Parts® or the Bumper to Bumper®, FinishMaster®, or other store logos. This means that they decide how and why your personal data is processed.
Processing your data just means anything we do with it – collecting it, using it, storing it, sharing it, and
deleting it.
3. SUMMARY CONSUMER PRIVACY NOTICE
We encourage you to read the full Consumer Privacy Notice below, but if you just need a quick view of how we collect and process your personal data, it’s available to you.
3.1 The personal data we collect
We collect and processes a range of data about you. This may include:
- Basic personal data
- Contact data
- Transaction data
- Digital data
- Website usage and other technical data
- Our insights about you based on analytics
- Financial data
- Biometric data
3.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
- From you directly
- From you indirectly
- From other people
- From monitoring devices
- From publicly available sources
- From sources outside our business
3.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law. We may
use your data:
- To communicate with you
- To provide our products and services to you and otherwise conduct our business
- To ensure we are paid
- For marketing and loyalty programs
- For research and development
- To address claims, issues or concerns
- For safety and security
- To comply with legal or regulatory obligations
- To make changes to our business
3.4 Cookies
When you log onto or browse one of our websites, we may use a cookie file which is stored onthe hard drive of your computer. You can choose to disable cookies by modifying your web
browser, however you may be unable to access certain parts of our websites if you do.
3.5 Who has access to your personal data
Personal data may be stored in a range of different places, like your account file and in IT systems. Access to files and systems is limited to our employees and the employees of service
providers who have a need to access your personal data to perform their job.
3.6 How we safeguard your personal data
We have technical and organizational measures in place to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. You also
play a role in safeguarding your data online.
3.7 Cross border transfers of your personal data
Regardless of where you live, we will only transfer your data if we are confident that it will be appropriately safeguarded, for example by using contractual or other measures as required by
law.
3.8 How long we retain your personal data
We will retain your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice or as required by law. If we no longer have a business or lawful need to
process your personal data, we will either delete or anonymize it where possible.
3.9 Your rights as a consumer
Depending on where you are located, you may have the right to require us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
3.10 Challenging compliance and exercising your rights
You can contact privacy@uniselect.com, the legal entity with whom you interact, or your local
regulatory authority if you have any questions or concerns about this Notice, or to exercise your
rights.
3.11 Country specific information
We’ve added some country specific details about your rights and how to contact your local
regulatory data protection authority.
4. FULL CONSUMER PRIVACY NOTICE
We are committed to protecting the privacy and security of all personal data, and to being transparent about how and why we collect and process your data. We update this Notice from time to time and encourage you to revisit to stay informed of how we are using personal data.
In this Notice we cover:
4.1 The personal data we collect
4.2 How we collect your personal data
4.3 How we use your personal data
4.4 Cookies
4.5 Who has access to your personal data
4.6 How we safeguard your personal data
4.7 Cross border transfers of your personal data
4.8 How long we retain your personal data
4.9 Your rights as a consumer
4.10 Challenging compliance and exercising your rights
4.11 Country specific information
4.1 The personal data we collect
Personal data marked with an asterisk (*) may be considered special category or sensitive data.
We collect and processes a range of data about you. This may include:
Basic personal data like your name and if you are a business client your employer and job title.
Contact data like your telephone number and shipping, billing or email address. It may also include any records related to your contact with us, such as the phone number or email address you contacted us from.
Transaction data related to activities you carry out at our physical locations, online services or in the course of carrying out other services we provide to you.
Digital data like your Internet Protocol (IP) address, preferences, operating system and browser type, behavioural and browsing data.
Website usage and other technical data, like details of your visits to our websites, marketing communications and whether you open them or click on links, or data collected through cookies and
other tracking technologies.
Our insights like information about products or services we think you may be interested in based on
our analytics and customer profiling.
Financial data* like payment related data, bank account details or data required to perform a credit
check if you have payment terms with us.
Biometric data* like a recording of your image that may be captured on CCTV if you visit one of our stores or your voice if we record a call when you contact us.
Any other personal data relating to you that you may provide in the course of your business interactions with us.
4.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
From you directly during the account sign up or application process, or when you interact with us.
From you indirectly when you use our products and services and interact with our website and other online platforms.
From other people like your employer, business associates or beneficiaries of our products and services if you are conducting a business to business interaction with us.
From monitoring devices like CCTV, telephone logs and recordings. We will do our best to make it clear to you that your data is being collected at that time.
From publicly available sources, like company websites or other public platforms like LinkedIn where you have made your data available.
From sources outside our business, which may include other business entities within our group of companies or other strategic business partners
4.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law.
If you live or do business in the United Kingdom (UK) or European Economic Area (EEA), the use of personal data must be justified under one of a number of legal bases. The principal legal bases that justify our use of your personal data are:
- Contract performance: Where your data is necessary to enter into or perform our contract with you
- Legal obligation: Where we need to use your data to comply with our legal obligations
- Legitimate interests: Where we use your data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights
- Legal claims: Where your data is necessary for us to defend, prosecute or make a claim against you, us or a third party
- Consent: Where you have consented to our use of your data
Regardless of where you live or do business, we may use your data for the following purposes:
To communicate with you
- To contact you for your views on our products and services
- To notify you about important changes or development to our business, products or services
- Where available, to communicate with you in your preferred language UK/EEA Legal bases: Contract performance, legitimate interests
To provide our products and services to you and otherwise conduct our business
- To process your order and manage your account
- To provide you with personalized online experience and tailored communications
- For record keeping purposes
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
To ensure we are paid
- To process credit card, e-transfer, cheque or other types of direct payments made to us
- To assess the risk of extending you credit through a payment plan
- If you fail to pay us per our contractual terms, to recover what we are owed through debt
collection agencies or taking other legal action
- To issue payments or credit to you as required
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
For marketing and loyalty programs
- To allow you to participate in our reward programs or loyalty schemes
- To allow you to participate in our roadside assistance program (Canada only)
- To allow us to manage our warranty program
- To keep you informed about the products and services that we offer
UK/EEA Legal bases: Contract performance, legitimate interests; consent
We will provide you with the option to unsubscribe from or opt-out of further marketing communication on any electronic communication sent to you.
For research and development
- To understand how you interact with our stores, shops or website so that we can makeimprovements and service you better
- To understand what you and people or businesses like you require so that we can meet your needs as a consumer
UK/EEA Legal bases: Legitimate interests
We will provide you with the option to unsubscribe from or opt-out of further use of your data for research purposes, or will anonymize your data so that you are unidentifiable.
To address claims, issues or concerns
- To investigate concerns or complaints about or from our employees or customers
- To respond to and defend against legal claims
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
For safety and security
- We may use CCTV and other location and recording devices for safety purposes
- We conduct monitoring to protect our customers, employees, authorized visitors, and property
- We may use server log data for security purposes, like detecting intrusions into our network
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
To comply with legal or regulatory obligations
- To comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorized by applicable laws, court orders, government regulations, or
regulatory authorities whether within or outside your country UK/EEA Legal bases: Legal obligations; legal claims; legitimate interests
To make changes to our business
- At any time, we may sell, transfer or assign any or all of our rights to any part of our business, including our interests, rights or obligations regarding your account with us. If we do so, we
may share your personal data with prospective purchasers, transferees or assignees.
UK/EEA Legal bases: Legitimate interests.
There may be unique circumstances where we must process your personal data in the vital interest
of you or another person, or in the public interest. Where we process special categories of data, we
will ensure that we do so only for the allowed legal bases.
4.4 Cookies
When you log onto or browse one of our websites, we may collect data about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies help us to improve our website and to deliver a better and more personalized experience to you. This data is used to analyze trends, to administer the website you are visiting, to track movement around the website and to gather general demographic data about our visitor base. Cookies identify you as a number – no other personally identifiable data will be collected through them.
You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do so.
There are four types of cookies that we may use:
- Essential cookies, that help us to distinguish each user of our websites and allow our websites to function as they should
- Functional cookies remember any preferences you’ve set or purchases you’ve made and are there to improve your online experience
- Analytics cookies are analytical cookies that collect anonymous data about how visitors use the website, allowing us to make improvements to ensure our websites are easy to use
- Advertisement cookies are used to provide visitors with customized advertisements basedon the websites you’ve visited and how you have interacted with the websites. These cookies
also allow us to track who has visited our website by clicking on our affiliate links
Our advertisers or other third party websites where we post content, like LinkedIn or Twitter, mayalso use cookies over which we have no control. Please check out the privacy notice on their websites for information about how they use cookies and otherwise manage your personal data.
4.5 Who has access to your personal data
Personal data will be stored in a range of different places, like your account file and other IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access them to perform their role.
Internal access
We take the security of your personal data seriously. We have appropriate policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by our employees except as required for their job.
- Our group of companies may share your personal data internally to any legal entity within our group of companies
- Sales and Marketing team members who may require access to your personal data to perform general sales, marketing and account management functions- Front Line Workers who may interact with you in person if you visit one of our stores or call our customer service numbers
- Information Technology team members who may require access to your personal data to perform general information technology functions, such as to provide IT support to you,
administration of IT systems and monitoring, analytics, to support the investigation of consumer or employee concerns, or for other purposes as described in this Notice.
- Others, like employees supporting the finance, audit, legal, or other functions, if access to
the data is necessary for the performance of their job
Service providers
Where we engage service providers to process personal data on our behalf, we only use serviceproviders who limit their processing to the purpose described in the agreement and implement
appropriate technical and organizational measures to meet the privacy requirements of the jurisdiction in which they are providing the service, and our requirements.
- IT platforms who own or manage the platforms that we use, like for customer management and sales management
- IT services who may perform data analytics and infrastructure provisioning
- Website service providers who perform web hosting, web analytics and integration and other website activities necessary for the purposes described in this Notice
- Order fulfillment service providers from who we ship products you have purchased direct to you, or the couriers used to make the delivery or otherwise fulfill our obligations set our
in our agreement with you
- Customer Service providers may be used to support our web chat (where available), issue ticketing or other customer support as required to meet the needs of our customers
- Marketing providers may manage marketing emails, opt-outs or other marketing related activities
- Payment networks who manage our secure payment platform and credit card processing
Third parties
We may share your personal data with our affiliates and partner networks to enable them to serve you better. We may also share your data with a third party in the context of a sale of some or all our business. In those circumstances the data will be subject to confidentiality arrangements.
If you are a business, we may share your contact data like company phone and address (but not your email) with the third parties with which we have a relationship, so they may offer you the services they already provide to us, like uniforms or stationary. We do not sell your data.
You can opt-out of this disclosure of your personal data by contacting us as described in Section 10 – Challenging Compliance and Exercising Your Rights, but it may mean that we can’t provide you with the service you are requesting.
4.6 How we safeguard your personal data
We have technical and organizational measures in place, including but not limited to policies, physical, and technical safeguards, all designed to protect the personal data collected from accidental
or unlawful destruction, loss, alteration, unauthorized disclosure and access.
You can also help us to protect your personal data. If you receive an email that looks like it is from us asking for your personal data, do not respond. We will never request your password, username,
credit card data through email. You should never share your login credentials or password with anyone. Even though we have put mechanisms and procedures in place for the protection of your personal data that are considered effective, because there are bad actors out there, no data transmission (including over the internet or on any website) can be guaranteed to be secure.
4.7 Cross border transfers of your personal data
As a global company, we cannot limit our processing of your personal data to the country where you are based. Your personal data may be transferred outside the country where you are based but only if certain conditions are met.
If you are based in the UK or EEA, your data may be transferred to countries outside the UK or EEA, only if we are confident that the same data protection safeguards that we deploy will be deployed, for example we may take contractual or other measures to ensure that your personal data is protected in accordance with applicable data protection laws.
If you are based in Quebec, you should know that your data may be transferred outside of Quebec for processing, including storage and hosting. The transfer will be preceded by a formal or informal assessment of privacy protection, taking into consideration a number of factors like the sensitivity of the data, the purposes for which it is to be used, the protection measures (including contractual) that would apply to it, and the data protection principles applicable in the jurisdiction.
4.8 How long we retain your personal data
Unless a longer retention period is required by law, we will keep your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice. Generally, this means we will keep your personal data so we can respond to your requests when you interact with us in any way, to provide you with products and services or to send you updates on our products and services for as long as you want us to. We are required to keep some records for a longer period of time to meet our legal obligations. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it in accordance with our retention processes wherever possible. We will only use anonymization where we have a reasonable need to retain the data
4.9 Your rights as a consumer
We have summarized your rights in this section and added additional details by country in the “Country specific information” section at the end of this document. You may have the right to require
us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
Because your rights vary based on where you are located, if you contact us to exercise any of these rights, we will ask for identification and check your entitlement. We do our best to respond within a month, however it may take us longer than a month if your request is complex. We may also ask you for clarification about your request to speed up our response and to make sure that we meet your needs. If we expect our response to take more than a month, we will let you know. We do not discriminate against consumers who exercise their rights.
In some instances, we may refuse to comply with your request. For example, where the data relates to another individual or where an exception applies, like legal privilege. Remember, if you are a
business customer, we can only share data we hold that is about you as an individual, not business data. If we refuse your request, we will inform you of the reason. You can challenge our refusal.
We want to keep your data accurate and up to date, so if you think any personal data that we hold about you is incorrect or incomplete, please contact us.
4.10 Challenging compliance and exercising your rights
You can make a request to exercise your privacy rights, ask any questions about this Notice or challenge our compliance with applicable privacy laws by contacting the Global Privacy and Data
Protection Officer at privacy@uniselect.com or in writing to: Attn: Global Privacy and Data Protection Officer – Uni-Select 170 Industriel Blvd. Boucherville QC (Canada) J4B 2X3
You have the right to contact your local regulatory authority, but we would like to have the opportunity to address your concern before you do. We have provided you with the details of key
privacy regulators for each country in the “Country specific information” section below.
4.11 Country specific information
Further information about data protection practices, consumer rights and contact information for privacy regulatory authorities is included below for each of the countries in which we operate.
Exercising your rights may be subject to legal or contractual restrictions or regulatory exceptions.
UK / EEA
Your rights
The right of access to your personal data. This enables you to receive a copy of the personal data we hold about you.
The right to rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
The right to erasure of your personal data. This enables you to ask us to delete or remove personal data in the following circumstances where the personal data is no longer necessary for the purpose for which it was collected or where we may have processed your data unlawfully.
The right to restrict processing of your personal data. This enables you to ask us to suspend the processing of your personal data while we review a request to update inaccurate data or while you establish, exercise or defend legal claims.
The right to data portability of your personal data to you or to a service provider in a structured, commonly used, machine-readable format.
The right to object to processing (including profiling) of your personal data where we are relying on a Legitimate Interest (or those of a service provider) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
The right not to be subject to a decision based solely on automated processing, including profiling. You can express your point of view and contest the decision.
The right to object to direct marketing at any time by following the opt-out links on any marketing message sent to you or by contacting us.
The right to withdraw consent at any time. If you have given us consent in the past but subsequently change your mind, you can withdraw your consent at any time.
Exercising your rights should be free of charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Privacy Regulators
UK – Information Commissioners Office at https://ico.org.uk/global/contact-us; or
EEA– The data protection authority in the European Economic Area where you are located
US
Your rights
General description of privacy rights
The right to access the personal data we hold and process about you, although there may be some exceptions to what we must provide.
The right to correct inaccurate personal data maintained by us.
The right to submit a request for deletion of personal data under certain circumstances, although there may be legal or other reasons that we will retain your data.
The right of restriction or limitation of processing for the purpose of targeted advertising and to the processing of sensitive data.
The right to data portability, where possible in a readily useable format that allows you to transmit this data to another entity without hindrance.
The right to opt-out of the sale of personal data or sharing with third parties.
The right against automated decision making, to be provided with information about the logic involved in automated decision-making processes and a description of the likely outcome of the process.
Privacy Regulators
California – California Privacy Protection Agency
Colorado – Attorney General
Connecticut – Attorney General
Virginia – Attorney General
Utah – Attorney General
Canada
Your rights
The right to access information regarding the existence, use, and disclosure of personal data held about you.
The right to challenge accuracy and completeness of the information we have provided, and have it amended as appropriate can also be exercised.
The right to be forgotten or deletion is not directly provided in PIPEDA, however the general “limited retention” principle states that personal data that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous.
The right to object to direct marketing is an indirect provision. Generally speaking, we cannot require you to consent to use of your personal data for secondary marketing purposes. In addition, Canada has a strict “anti-spam” law that applies to “commercial electronic message” sent to you and allows you to opt-out of receiving these messages.
The right to withdraw consent to the collection, use and disclosure of personal data. We will inform you of
the consequences of withdrawing consent, if any, when you make the request.
If you are a resident of Quebec, as of September 23, 2023.
The right to data portability in a structured, commonly used technological format.
The right to be informed of decisions made exclusively by automated decisioning and to ask for the personal data used to render the decision, the reasons for the decision, and the right to have the personal data used corrected. You can also ask us to have a person review the decision.
The right to take-down, de-indexing and re-indexing if the dissemination of your personal data contravenes the law or a court order.
The right to deactivation of identification, location or profiling functions when technologies (like cookies) are used to collect personal data.
Privacy Regulators
Canada – Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/contact-the-opc/;
Quebec – Commission d’accès à l’information du Québec at https://www.cai.gouv.qc.ca/english/; or
Other Provinces – The privacy commissioner of your province