RETAILER SYSTEMS PRIVACY POLICY
Jaguar Land Rover (JLR) Retailer Systems Privacy Policy.
Who We are
When we refer to ‘Jaguar Land Rover’, ‘JLR’ ‘we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: Jaguar Land Rover Limited, whose registered office is at: Abbey Road, Whitley, Coventry CV3 4LF, and whose registered number is: 1672070.
Retailer Systems Contact Details
If you have any questions or queries regarding the JLR Retailer Systems Privacy Policy please email – Retailer@jaguarlandrover.com with “Privacy Policy Query” in the subject line. If you have any other queries about JLR systems for Retailers or their use these should be raised with your local National Sales Company (NSC) or Importer.
Data collected and used
Some of the Retailer activities carried out in order look after our customers require access to certain JLR systems. The personal data that we hold and process is limited to first name, last name, email address, job role and the Retailer organisation. It is gathered at the point you access the system when you log-in.
How we use your personal data
Jaguar Land Rover has a legitimate interest in being able to process your personal data. This is to provide you with access to our systems to enable you to carry out your job.
Sharing with third parties
We use third party software to support and operate the Retailer systems. We also benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us may be accessed by members of our group of companies only as necessary for service and system maintenance and support.
International Data Transfers
JLR systems use servers which are hosted in the EU. However we may share website personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate.
Where JLR chooses to share personal data with a third party located outside the EU, the following factors are assessed to support adequate transfer of this data:
Internal checks to identify the existence or absence of any adequacy decision by the European Commission. We have group companies, and use suppliers located in countries that have been approved by the European Commission as having essentially equivalent data protection laws. A full list of these countries as at the date of this Privacy Policy is: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay and the Isle of Man. This list and information about the protections the European Commission has considered is available via this link.
• Use of measures like European Commission approved measures to support adequate transfers of personal data. We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission. We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers).
• To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location.
• To see a full list of approved Binding Corporate Rules, please click this link.
How long is your personal data held for
When you leave the employ of the Retailer, the Head of Business has a duty to inform us immediately. This allows us to update our records and close your ‘user’ account, at this point the retention period (for the personal data we hold on you) of 5 years is triggered.
The criteria we use to determine storage periods include the following: Information Jaguar Land Rover receives from Retailers about your start/leave dates, requirements to respond to your queries and to support and demonstrate as applicable appropriate record keeping and audit requirements, applicable contractual provisions that are in force, legal statutory limitation periods, and applicable regulatory requirements and industry standards.
Your data protection rights
You have rights in connection with your personal data that include the following: to be informed and have access to your data, to correct or complete inaccurate data, to withdraw consent where you have given it, to, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.
If you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch at Retailer@jaguarlandrover.com.
If you are not happy with the response you have received, or have a data protection related complaint, please contact the Privacy and Data Protection Team direct at this email address: DPOffice@jaguarlandrover.com. If you are not satisfied, you also have the right to complain to the Information Commissioner’s Office. Contact details are available from their website: https://ico.org.uk.
Keeping your information secure
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy.
We require all of our services providers to have appropriate measures in place to maintain the security of your information.
Where we have given you (or where you have chosen) a password that enables you to access the JLR system(s), you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.
Updated as at 02.11.20