top of page

Our Privacy Policy

At Lawrences Garages London Ltd, we value and respect the fundamental human rights of privacy and data protection. Our employees and customers work and live with a range of backgrounds, cultures and experiences. Lawrences Garages London Ltd is the organisation that is responsible for the personal information processing that this notice describes, and as described in data protection legislation, we are the ‘data controller’. Throughout this notice, when we use terms like ‘we’, ‘us’, ‘our’, or even ‘LGL’, we are referring to Lawrences Garages London Limited.

 

Our Company Registration

Lawrences Garages London Limited is a company incorporated in England and Wales.  Our registration number is 594639 and our registered office is Meadow Barn, Drury Square, Beeston, King’s Lynn, Norfolk PE32 2NA

Our data protection supervisory authority is the Information Commissioners Office, or ‘ICO’.

We are registered with the ICO, these are the details of our registration:

Our data protection registration is Z5725644

Data Protection Officer: S C Lawrence

Registration number: Z5725644

Our Privacy & Data Protection Team

If you ever have a query about how we are handling your personal information, or you want to exercise a right in relation to your information, there’s a number of ways you can contact us

You can write to us at: DPO, Meadow Barn, Drury Square, Beeston, King’s Lynn, Norfolk PE32 2NA

If you prefer to email, use scl@lawrencesgarages.co.uk

 

Your data protection rights

If you would like to exercise a subject access requests, you can submit a request either by email or letter.

 

We are protecting your information

We are committed to your upholding your privacy and protecting the information that we have. So we describe how we collect, use, and share your personal information. Privacy and data protection are ever changing and enhancing the rights of individuals. As such, we review how we use personal information, and we may update this privacy notice from time to time to reflect changes in applicable laws or the way we use your personal information. The privacy notice displayed on this page is always the most up to date version. We would encourage you to re-visit our privacy notice from time to time so that you are aware of any relevant updates we have made.

 

What do we mean by personal information?

In recent years, the most widely talked about data protection law was the EU’s General Data Protection Regulation, also known as the GDPR. The UK adopted the GDPR into UK law and it’s commonly known as the UK GDPR. As you’ll see below, the definition of personal information is quite broad, and we recognise and respect personal information, defined as: -

“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

 

How do we categorise information?

To help explain the different types of information we use, we use categories. Now, it’s worth pointing out that we only collect personal information that is appropriate and lawful. In general terms, this describes the categories we use.

Identity information - Information specifically related to your identity which includes, your full name, marital status, title, date of birth, national insurance details and other recognised official identity documents.

 

Contact information - The contact information of you and others, including, email addresses and telephone numbers, postal address details and social media handles.

 

Technical data - In this technical age there is quite a bit of technical data around, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. We will not collect information about how you use our website.

 

Marketing and communications data - We’d like to develop lasting relationships and to help with this we collect information about your marketing preferences. But do not worry, we are not interested in bombarding you with marketing content, just timely and relevant information about services and products we care about and that we think are relevant to you. We put you in control, so you always have the option to decline this or opt out at any point.

 

Special categories of personal information - For the purpose of employment and assessing the working capabilities of our employees, we may process special category personal information. There may be instances where other special categories of personal information are disclosed to us, but this is incidental and not part of an organised processing activity.

 

Data requiring special protection - There may be instances where we process criminal record checks, but this is only done where necessary and is strictly limited to specific people in our teams.

 

How we may collect personal information

Personal information you voluntarily provide to us. It’s important to state that we only collect personal information that is relevant to our relationship with you, for example: when you subscribe to our mailing lists; when you attend events or meetings organised by us, or conducted at our offices or sites, for example, sales events, promotional and marketing events, training sessions and social events; when your images are captured by us via CCTV cameras while you are within the properties we operate and use, or when photographs or videos of you are taken when you attend events, meetings or training sessions organised by us; when you use our services or enter into transactions with us, or express an interest in doing so, including services, products and transactions in person at one of our many locations or electronically; when you communicate with us by telephone, email, via our website or through other communication channels, for example, through social media platforms; when you submit an employment application to us or when you provide documents or information including your CV in connection with such applications; and/or when you submit your personal information to us for any other reason.

Personal information that has been provided by others

Depending on your relationship with us, we may also collect your personal information from third party sources, for example:- from your referees, educational organisations or previous employers (if you have applied to us for a job); from your family members, friends or colleagues who provide your personal information to us on your behalf; and/or from public agencies or other public sources.

 

Being transparent about our personal information processing

Lawful basis

There are specific reasons set out in data protection law that ensure personal data processing is lawful, this is known as a ‘lawful basis’. We always have a lawful basis for processing personal information, and we have methodically assessed the purpose or our processing and the lawful basis.

It is safe to say that we have a comprehensive list of all of ways we use personal information, which are called ‘processing activities’. If you would like more information about a particular processing activity, we’re more than happy to provide that. You can ask us for information using any of the methods we outlined earlier.

Here are some of the more common ways we process your information, our lawful basis and how we try to ensure your information and rights are respected: -

  • Processing activity such as communication via email, post or telephone. When you have asked us to, we’ll use your information to contact you with details of our products, events and services and to facilitate our relationship with you, your business or colleagues. You can of course ask us not to contact you, but it's likely to affect our ability to fulfil our obligations to you.

  • Processing type such as an enquiry or complaint, we can ask for access to your information, you can ask us to update it, or for us to remove it

  • Processing type such as training and other corporate events. The information you provide will be used to communicate with you about your attendance at the event and to follow-up on your experience post-event. The personal information we may process could include your name, job title and employer, address and phone number, email address, dietary requirements, access requirements. We will ask for your consent to process health related data

  • Processing activity such as email marketing to consumers. We like to let our customers know about our services, products or projects, and when you are already a customer, we think you’ll be happy for us to send you relevant information. But you can object or opt out of that at any point

  • Processing activity such as promotional Images and film footage. We may take photographs and / or video footage at our offices or an event we host, which could capture personal information of staff, customers, visitors and other third parties. We will always notify participants when a photographer or filmmaker is present at our offices or events. Written consent will always be obtained, and we will respect the wishes of anyone who signals their desire not to have their image taken and will always ask for consent where photos are to be published alongside a name or other personal identifier. You have the right to withdraw consent at any time or to opt out of the activity

  • Processing activity such as sharing information with Companies House, Accountants, legal advisors, HMRC and Statutory authorities. We are subject to audits and assessments from industry standard bodies and in the protection of our interests and to comply with UK law, we may be obligated to share information with the statutory authorities

  • Processing activity such as administrative purposes. We may disclose your personal information to third parties who provide services to us, including our service providers and data processors (providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing, human resources, professional services, tracing services and when we investigate suspected theft) and our consultants and professional advisors (such as accountants, compliance, lawyers, auditors).

  • Processing activity such as fulfilling job roles and recruitment. If you apply for a job with us, in addition to the specific position which you have applied for, we pass your personal information to other departments within the Lawrences Group, for the purpose of offering alternative or additional employment opportunities. We’d really like to find work for you, but of course, you can ask us not to do this.

  • Processing activity such as Security and Safety. We may process personal data for the specific purposes of security and safety. This is in connection with the buildings that we own and/or rent, or events organised by us or conducted at the buildings we own and/or use; and through the systems that we operate throughout the organisation. We use CCTV in and around our sites, we also use cameras that will automatically recognise your vehicle registration, known as ANPR. We use this technology to prevent, report and investigate crime. Furthermore, Facewatch facial recognition is used in some/all of stores for the prevention of unlawful acts including theft and violence against our staff and customers. We supply CCTV images of people entering our protected stores and receive alerts from Facewatch (www.facewatch.co.uk) if these match known subjects of interest. We display clear signage in all stores where Facewatch is used and a detailed privacy notice is available on request by emailing our contact for data protection enquiries.

  • Processing activity such as marketing engagement metrics. If you would like to receive tailored information about products and services, you will have the opportunity to consent to this.

 

When you provide consent to processing

Where you have given your consent for us or a 3rd party of ours to process your data, you can withdraw your consent at any time. Where consent has been used as the lawful basis for processing your information, the information we provide about our processing activities will be fair, transparent, unambiguous and you will have the power to decide whether you give consent.

Where legitimate interest is the most appropriate lawful basis

When processing your personal information is a legitimate interest for us, or a third-party, we undertake legitimate interest assessments to ensure that our processing does not impact on the rights and freedoms that you have been afforded by data protection legislation.

 

Use permitted under applicable laws

We may also collect, use, disclose and process your personal information, without your knowledge or consent, where this is required or permitted by law.

 

When we share your personal information

While providing the services or products that you request from us, we share your information with our processing partners, known as recipients and data processors.

When disclosing personal information to third parties, we have contracts with these third parties to protect your personal information, which ensures we are compliant with the law and so that they only process your personal information in accordance with our instructions.

We conduct thorough due diligence with both recipients and data processors around the areas of their data security protocols and data protection policies.

 

Recipients of your personal information

  • We share your personal information for the following reasons or when required law, for example:-

  • personal information is shared internally,

  • our third-party vendors and service providers, who are engaged to provide business, support, operational and/ or administrative functions such as IT support, auditing, legal, marketing, website maintenance, payment, fulfilment and delivery of orders.

  • regulatory authorities, statutory bodies or public agencies, including to support their investigations.

  • if the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

  • credit reference agencies, debt collection and tracing agencies, financial organisations.

  • investigations by government or law enforcement authorities.

 

 

The security of your personal information

Unauthorised access - We have put in place security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Specific access - We limit access to your personal information to those employees, agents, contractors and other third parties who have been authorised to access your personal information.

Vulnerabilities - We have put in place procedures to deal with any suspected personal information breach and will notify you and the appropriate supervisory authority of a breach where we are legally required to do so. However, we cannot guarantee that our systems or applications are invulnerable to security breaches, and we can’t provide warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, and other vulnerabilities.

We also cannot guarantee the security of information that you choose to send us electronically. Sending such data is entirely at your own risk.

 

How long we keep personal information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal information are available and you can request more details of that by contacting our DPO

You have rights when it comes to your personal information. At any point while we have your personal information you can exercise what we can subject access requests, or individual rights.

 

Right of access

You have the right to request a copy of the information that we hold about you. Access to a copy of your personal information is often known as a Subject Access Request, is usually free of charge and we have a one-month time period with which to respond. If requests to information are excessive or unfounded, the law permits an extension to the one-month timeline of up to two further months if the request is particularly complex. It is also permitted to apply a fair administration fee for access requests that are deemed manifestly unfounded or excessive or if further copies of data are requested.

Right of rectification

You have a right to review and correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten

In certain circumstances you can ask for the data we hold about you to be erased from our records. As detailed within data protection law, a request to be forgotten is not an absolute right and will be assessed on its merits.

Right to restriction of processing

Where certain conditions apply to have a right to restrict the processing. In particular, where we do not have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.

Right of portability

You have the right to have the data that you have provided to us, for the fulfilment of a contract or where you have provided your consent, transferred in a structured and machine-readable format to another organisation.

Right to object

You have the right to object to certain types of processing, in particular where we process your personal information for marketing purposes, this is an absolute right. You will be able to object to or opt out of any marketing message we send you.

Right to object to automated processing, including profiling

You also have the right to be subject to the legal effects of automated processing or profiling.

 

Right to judicial review

In the event that we refuse your request under rights of access, we will provide you with a reason why. You have the right to complain about that, and we have provided a specific section on this below.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal information.

 

What to do when things don’t go as planned

If you ever wish to make a complaint about how your personal information is being handled by us or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the relevant supervisory authority where you live, and with our DPO

 

We'd like to try and resolve a complaint

You can write to us at: DPO, Meadow Barn, Drury Square, Beeston, King’s Lynn, Norfolk PE32 2NA

If you prefer to email, use scl@lawrencesgarages.co.uk

 

If you wish to lodge a complaint with a supervisory authority

The UK’s supervisory authority is the Information Commissioners Office. Information Commissioner, Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Web: https://ico.org.uk/make-a-complaint/

Telephone: 0303 123 1113

 

If you'd like more information about this privacy notice

If you have any queries about this privacy notice, please feel free to get in touch with our Privacy & Data Protection team and we will do our best to answer your questions.

 

This Privacy Policy is effective from the June 2022.

bottom of page