At Cox Automotive Europe we are a collection of market-leading brands, together creating and supplying solutions at every stage of the vehicle lifecycle. Successful in both the wholesale and retail sectors, we work with dealers, manufacturers, fleet and leasing companies to measurably boost their performance and profitability, adding long-term value to their assets in the process.
Cox Automotive Europe collects and uses personal data as a data controller in order to provide products and services to our customers. We also handle personal data as a processor where we are providing services on behalf of our clients.
This policy statement will apply to all Cox Automotive Europe group companies, employees and contractor`s whilst working at any Cox Automotive Europe location. It will also apply to any Cox Automotive Europe systems which store or otherwise process personal data, whether in our capacity as a controller or processor.
Cox Automotive Europe is committed to ensuring that we and our suppliers handle all personal data in accordance with our legal obligations.
a) Ensure it is clear and transparent with individuals about what information it is collecting and why, that it only collects personal data that it needs and only shares personal data with other organisations as necessary and where it has a lawful basis for doing so.
b) Adopt appropriate technical and organisational security measures to protect the confidentiality, integrity and availability of the personal data it collects, stores and transfers in accordance with best practice and contractual obligations.
c) Adopt a privacy by design and default approach to systems and product development and project management, conducting Data Protection Impact Assessments as required to protect the privacy rights of customers and employees.
d) Respect the rights of individuals in relation to their personal data, in particular their right to request access to the personal data we hold about them and allow them to complain if their personal data has been mishandled.
e) Implement records management practices to ensure the ongoing quality of personal data we collect and that it will not be retained longer than necessary.
f) Not transfer personal data overseas without ensuring appropriate safeguards are in place to protect the privacy of individuals.
g) Ensure that all breaches of information security are reported and investigated.
h) Implement a privacy management and accountability framework to measure compliance with its legal obligations and regularly review its performance against the framework.
This statement will be made available on the Cox Automotive UK website and internally for staff on the intranet. It will be reviewed annually to ensure it reflects current regulatory and legal requirements.
Version control
Version | Date | Comments |
---|---|---|
0.1 | 30/01/2019 | Initial draft of privacy statement by Head of Privacy & Data Protection |
0.2 | 04/04/2019 | Incorporated amendments |
1.0 | 05/04/2019 | Final version |
1.01 | 14/05/2020 | Annual review – no updates required |
1.02 | 22/04/2022 | Annual review – no updates required |
1.03 | 15/02/2024 | Annual review – updated to remove references to ‘UK’ and replace with ‘Europe’ |
Privacy & Data Protection Statement v1.03 15/02/2024