Your Car Club Ltd is a company registered under company number 15386420 in England and Wales (hereinafter referred to as “we”, “our” or “us”).
This Privacy Notice (“Notice”) applies to our websites including www.yccparts.com (“Websites”) and any mobile applications or other online and/or mobile applications operated by us or that are related to us and/or our Websites (“Apps”). Collectively, the Websites and Apps are, in this Notice, referred to as the “Service”. This Notice also describes how the Service collects information from you, what types of information the Service collects, what we may do with the information you provide, we collect and your rights regarding privacy.
This Notice governs the information collection, use, protection, storage and disclosure practices for the Service. By using the Service, you acknowledge you have read and understood the terms of this Notice. Please fully review this Notice before you use the Service or submit information to us.
Note that this Notice only applies to Your Car Club companies and for other YCC services or other relationships with users, suppliers or customers other privacy terms may apply. This Notice does not apply to third-party sites which may be linked to or from the Service. YCC is not responsible for such third party sites or others’ privacy terms.
INFORMATION WE MAY COLLECT FROM YOU AND OTHER SOURCES
- Although the precise details of the personal information collected by us will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you:
- Information that you provide us by filling in forms on our social media pages or on our Websites. This includes information provided at the time of registering to use our Websites, subscribing to our service, purchasing goods via our Websites or via our marketplace listings, posting material or requesting further services. We may also ask you for information when you report a problem with our Websites.
- if you contact us by phone, email or otherwise and is provided voluntarily, we may keep a record of that correspondence;
- please note that we may record and monitor telephone conversations that we have with you. The sole purpose of any recording is for training and quality control purposes. Under the GDPR any personal or confidential information disclosed to us by telephone shall not be made available to any third party (unless required by law to do so) or used for marketing purposes. Recorded conversations are generally deleted within three months after the recording was made;
- we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- details of transactions you carry out through our Websites or our marketplace listings and for the fulfilment of your orders;
- details of your visits to our Websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;
- we also collect browsing, transactional and behavioural data from you to improve the service/experience we offer and for the purposes of offering you a tailored or personalised online shopping experience; and
- we may collect information about your browsing device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is anonymous statistical data about our users’ browsing actions and patterns and does not identify any individual. We collect some of this information using Cookies. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
- We obtain and/or collect certain personal information about you from sources outside our business. We may also receive your personal information from other sources, such as: public databases, our retail and supplier partners, our trade customers, third party collection and recovery agencies, referrals from insurance and accident management companies, joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, this other personal data helps us to:
- provide the relevant services in an accurate manner;
- review and improve the accuracy of the data we hold; and
- improve and measure the effectiveness of our marketing communications, including online advertising.
USES MADE OF THE INFORMATION
-
- We use information held about you in the following ways:
- Ensure that content from our Websites is presented in the most effective manner for you and for your browsing device.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us. For example, we pass your contact details to our courier company (e.g. DHL and Royal Mail) who may contact you via email, text message or a telephone call to confirm delivery of your order. Where you use our Click and Collect service, we will notify you via text message or a telephone call to advise you when your order is ready to be collected by our branch. We may notify our suppliers of your details for any warranty purposes.
- To carry out our obligations arising from any contracts entered into between you and us. For example:
- where you may have credit terms with us for payment of goods we may pass your details on to third-parties;
- other independent third parties (i.e. workshops/garages/fitting service) (“Workshop(s)”) fitting goods (supplied by us) to your vehicle on your behalf, where the Workshop appointed by you needs to contact you in order for the fitment of such goods to be carried out to your vehicle;
- to allow you to participate in interactive features of our service, when you choose to do so;
- to enhance your experience whilst using our Websites; and
- to notify you about changes to our Service.
- If you are an existing customer, we will only contact you by electronic means (email or telephone) with information about goods and services that we offer. We will not contact you by email if you have unsubscribed from our mailing list, or by phone if you are registered with the Telephone Preference Service (and have not expressly indicated that we may continue to call you notwithstanding your registration).
- If you are a new customer, we will only contact you by electronic means if you have consented to this.
- Whether you are a new or existing customer, if you have consented to being contacted by electronic means we will contact you in accordance with your consents.
- We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any personal harm to you. It is in your vital interests for us to use your personal information in this way.
- Third-party links
- Our Websites or marketplace listings may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. Therefore, when you leave any of our Websites, we strongly encourage you to read the privacy statements of every website you visit.
DISCLOSURE OF YOUR INFORMATION
-
- In order to make certain services available to you, we may need to share your personal data with third parties. This will be particularly necessary in the case of third-party providing services such as the fitment of goods as in clause 4.5.2
- We may disclose your personal information to:
- any member of the LKQ group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- our trusted service providers acting on our behalf who provide services such as: web hosting, web analytics and integration, customer service web chat and ticketing, order fulfilment, data analysis (including data personalisation), infrastructure provision, email marketing data, review sites of our services, auditing services and other services to enable them to provide services;
- our third party collection and recovery agencies (such as Shire Recoveries and/or Shire)
- our third party courier companies who delivers your orders (such as DHL);
- other selected third parties if you are a new customer and you have consented to this;
- our affiliate Websites that may use your personal information in the ways set out in the “how we use your information section” above or in connection with products and services that complement our own range of products and services; and
- third party suppliers who manage our secure payment platform and credit card processing from time to time (such as PayPal, Braintree or Ingenico)
- In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we substantially sell all of our business assets or are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect our rights, property, or safety, including of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- International Transfers
-
- It is sometimes necessary for us to share your data outside of the European Economic Area (EEA). This generally occurs when our service providers are located outside of the EEA or you are based outside of the EEA.
- If this happens, we will ensure that the transfer will be compliant with the relevant data protections laws including the GDPR.
- Our standard practice is to use standard contractual clauses approved by the European Commission for such transfers. Where the standard contractual clauses are not used appropriate security technical measures, contractual will be in place and if applicable the service providers have signed up to the EU-US Privacy Shield which is a framework designed to protect the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes
- Children
- The Service is intended for users over the age of 18 and is not directed to children under 18 (“Children”). We do not knowingly collect personal information from Children. If you become aware that a child has provided us with personal information without parental consent, please contact us at by using the contact information in section 11 (Privacy Questions) at the bottom of this Notice, and we will take steps to remove the information and terminate the child’s account.
HOW DO WE PROTECT YOUR DATA
- We are committed to keeping your personal data safe and secure and employ a number of security measures such as:
- We ensure our Websites and data is supported with TLS 1.2 technology using RSA 2048-bit security standard and/or other appropriate standards from time to time;
- Monitoring and auditing our service providers to ensure they have an adequate level of protection as required under the PCI DSS;
- All credit and debit card payment transactions are initiated on our Website via our online shopping basket;
- All information you provide to us is stored on our secure servers. For registered users, where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- We use reasonable, organisational, technical and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
- The personal data that you provide to us in order to purchase goods, or that is provided to Workshops fitting our goods on your behalf, other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you.
- All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations.
- In general, we only rely on opt-in consent as a legal basis to contact (and allow for selected third parties to contact) new customers by electronic means and/or send direct marketing communications via email or text message to new customers.
- You have the right to withdraw your consent at any time.
The following table describes what categories of data we process for what purposes, and on what legal basis we rely on:
Processing Purposes: |
Categories of data potentially involved: |
Legal basis: |
- Providing access to the Website
|
|
|
- Maintaining or restoring the security of the Website
|
- Detecting technical faults and / or errors in the transmission of electronic communications
|
|
|
|
- Providing products or services
|
- Carrying out the contractual relationship, the transaction and the product order or fitting
|
- Providing customer care services
|
|
- Contract
- Legitimate interests
|
- Compliance with legal obligations
|
|
|
- Defending, establishing and exercising legal / insurance claims
|
|
|
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
|
|
|
- promoting, marketing and advertising our products and services tailored to individual customers
|
- Account and Order Data
- Usage Data
|
|
- Understanding our customers’ behaviour, activities, preferences, and needs
|
- Account and Order Data
- Usage Data
|
|
HOW LONG DO WE KEEP YOUR DATA?
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Our procedures to manage data retention is to retain customer data for 7 years or longer to support some of our parts warranty.
- The email marketing unsubscribe function will remove your details from marketing lists and confirmation of your removal will be sent to your email address.
- Data back-ups can take up to 60 days to remove specific data from the system.
- We will take reasonable steps under Article 17 of the GDPR to meet data subject requests.
CHANGES TO OUR PRIVACY NOTICE
- We will occasionally update this Notice, in our sole discretion. When we post changes to this Notice, we will revise the “Issue Date” at the bottom of this Notice in order to notify you of changes. We recommend that you check the Service from time to time to inform yourself of any changes in this Notice or any of our other policies. If you do not agree to any update, please do not use the Service; by continuing to access or use the Service after a change to this Notice becomes effective, you agree to and accept the revised Notice as of the Notice Issue Date.
PRIVACY QUESTIONS
- If you have any questions about how we use your personal data that are not answered here, email: [email protected]
- If you want to exercise your Rights of Access rights regarding your personal data, please contact us via our secure Data Subject Access Request portal or write to us at Legal Department, Euro Car Parts Limited, T2 Birch Coppice Business Park, Danny Morson Way, Dordon, Tamworth, England, B78 1SE
You have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Notice Issue Date: January 2024