At SG Fleet UK we take privacy seriously and we are committed to protecting it. This policy explains when and why we and companies in, or group collect personal information about individuals; how this information is used; the conditions under which it may be disclosed to others; and how it is kept secure.
The following legal entities are subject to this policy and are collectively referred to as ‘SG Fleet UK’:
SG Fleet Solutions UK Limited, SG Fleet UK Limited.
SG Fleet UK is fully committed to compliance with the General Data Protection Regulation (GDPR), which came into force on 25th May 2018.
The purpose of this policy is to ensure that all personal data handled by SG Fleet UK is controlled and processed in accordance with the GDPR.
SG Fleet UK is part of the SG Fleet group of companies which offer a range of services, principally fleet management, leasing, employment benefit and vehicle tracking services.
Whenever dealing with one of our group companies, the relevant company is the data controller of your personal information in relation to the processing activities described below. A “data controller” is an organisation that decides why and how your personal information is processed.
Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal information.
Personal information is information or an opinion relating to an identified individual, or an individual who can be identified (directly or indirectly), whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Personal information includes information such as your name, age, driver’s licence or contact details.
You may provide us with your personal information where you enter your personal information in a form on our website, engage with us in respect of our vehicles, products, or services, or correspond with us by phone, email or otherwise or complete an application. It is provided entirely voluntarily. The information you give us may include:
We may also ask you for information about your vehicle and information about your driving history including information about insurance policies or claims.
We may also be required to collect your name, address, date of birth and other verification information to comply with the requirements of the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2007 and we will be using a third-party provider to conduct verification searches using this information.
We may automatically collect technical information about you including anonymous data collected by our hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform. We may also collect information about your vehicle and/or its location through our tracking services.
We may receive information about you from third parties in connection with our vehicles, products, or services. For example, we may:
What happens if we can’t collect your personal information?
If you choose not to provide personal information, some or all of the following may happen:
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
Where it is required to complete a CONTRACT: We may use and process your personal information where we have supplied you (or continue to supply you) with a vehicle or any other products or services, (including those of a third party), or where you are in discussions with us about this and to provide you with access to protected areas of our website. We will use your information in connection with the contract for the supply or lease of the vehicle, products, or service.
Where it is in your VITAL INTEREST: Where we have supplied you with any a vehicle, or any other product or service, we may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you.
Where there is a LEGITIMATE INTEREST: We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, including for the following purposes:
Where there is a LEGAL REQUIREMENT: We will use your personal information to comply with our legal obligations including: (i) to assist the Driver and Vehicle Licensing Agency, HRMC, the ICO or other public authority or criminal investigation body; (ii) to identify you when you contact us; or (iii) to verify the accuracy of data we hold about you or perform our obligations under relevant data protection laws.
Where you have provided CONSENT: We may use and process your personal information where you have consented for us to do so:
You may withdraw your consent for us to use your information in this way at any time. Please see Withdraw your consent for further details. Note that if you withdraw your consent to us processing certain data in connection with our vehicles, products, or services, we may not be able to continue to provide you with them.
From time to time, we may collect information about special categories of data, such as in relation to:
We will only collect or use this information with your consent. We may use and share this information in connection with services on your behalf, such as:
When you apply to us for a vehicle, we will check our own records about you and your business partners. We will also check the business records of you and your business partners at credit reference agencies (CRAs) and at fraud prevention agencies (FPAs). When CRAs receive a search from us they will place a search footprint on your business credit file that may be seen by other lenders. CRAs supply to us public (including electoral register) and fraud prevention information. We will make checks such as assessing this application and verifying identities to prevent and detect crime and money laundering. We may also make periodic searches at CRAs and FPAs to manage your account with us.
Information on applications will be sent to CRAs and will be recorded by them. Where you hire from us, we will give details of your accounts and how you manage it/them to CRAs. If you do not make payments in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.
If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to FPAs, and other organisations involved in crime and fraud prevention.
You find out more information by contacting the CRAs currently operating in the UK. The information they hold may not be the same, so it is worth contacting them all. They will charge you a small statutory fee.
Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes.
We may disclose your personal information to:
Our suppliers and service providers: When we use third party service providers, we will contract with them to keep your information secure and not to use it other than in accordance with our specific instructions.
Financial Service Organisations: Your personal data may be shared with financial services organisations and rating agencies for the purpose of the funding, refinancing, sale, or securitization associated due diligence and review of the products and related services provided to you. We may provide personal data to enable such financial services organisations to carry out necessary searches in order to enable them to make a funding decision for you and meeting their legal and regulatory requirements. In addition, these funders may share your data within their own group of companies, as well as contractors and other third-party service providers who provide services to them, and so that they and any other companies in their group can look after your relationship with us and them.
A list of the funders who may receive your personal information can be found in section 17.
Other ways we may share your personal information: We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal or regulatory obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We also disclose information when required to do so by law, for example under a court order, or in response to properly made demands under powers contained in legislation. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
All information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our group companies are incorporated in a country outside of the EEA or if any of our servers or those of our third-party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims.; For this purpose, we will always retain your personal information for up to 7 years after the end of your contract with us or the date it is no longer needed by us for any of the purposes listed under How we use your personal information above. The only exceptions to this are where:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
When you log into the secure section of our website, we use a secure server. Any data you give us when you are logged into the secure section of our website, is encrypted using a Secure Socket Layer (SSL) session. SSL is an industry standard and is one of the best ways to ensure Internet messages are not intercepted. You should be aware, however, that some older browsers cannot use SSL. If your browser does not support 128-bit encryption (or higher) you will not be able to log into or use our secure website services.
Our general email enquiry forms are not sent via an encrypted channel and for this reason we ask that you do not include confidential information or sensitive personal information when using them.
While we use SSL encryption to protect user information online, we will use all reasonable endeavours to protect user information off-line. However, any personal details or other information entered onto or submitted through the site or by email to us is entered or transmitted at the user's risk and we shall not be liable for any such information being intercepted or accessed by any third party without our knowledge.
If you have given us permission to conduct business with you by electronic means then your personal information may be stored by our third-party document handler, DocuSign but for no longer than 6 months
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Cookies are small data files that are placed onto the hardware device which you use to browse the internet (e.g., your computer, smartphone, or tablet) by websites that you visit. Cookies contain information about your visits to that website and the purpose of cookies is to enable our websites to remember you, and your browsing habits, when you visit it again in the future.
We may work with third parties to research certain usage and activities on our website. No personal information about you is shared except to the extent it is required to be used by a third party or parties for providing such research, and in the course of conducting this research we, and these third parties may place a unique "cookie" on your browser.
If our website requires you to register or login to gain access to the website, cookies are used to assist in this process. Cookies are used as part of the registration process; they are also used to store the username while the user is logged into the site and to track the number of times the user has tried to log in during a single visit.
We may collect your preferences to receive marketing information directly from us by email in the following ways:
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
We may contact you with targeted advertising delivered online through social media and platforms operated by other companies by using your personal information or use your personal information to tailor marketing to improve its relevance to you unless you object.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see Withdraw your consent and Objecting to our use of our personal information
You have a number of rights in relation to your personal information under data protection law.
In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Complaining to the UK data protection regulator: You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect immediately after we post the modified terms on our website. We recommend you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy, you must immediately notify us and cease using our services.
Please direct any queries about this policy or about the way we process your personal information to our Privacy Officer using our contact details below.
If you wish to write to us, please write to Station Court, Old Station Road, Hampton-In-Arden, Solihull, England, B92 0HA. Our email address for data protection queries is firstname.lastname@example.org. If you would prefer to speak to us by phone, please call 0844 854 5100.
The SG Fleet group of companies consists of: SG Fleet Solutions UK Limited, SG Fleet UK Limited, all companies registered in England and Wales with a registered office address of Station Court, Old Station Road, Hampton in Arden, Solihull, B92 0HA; SG Fleet Australia Pty Ltd, an Australian company with a registered office of Level 2, Building 3, 20 Bridge Street, Pymble, NSW 2073, Australia and SG Fleet NZ Limited, registered in New Zealand, with its office situated at Level 3, 632 Great South Road, Ellerslie, Auckland, 1051, New Zealand.
This policy was last updated on 16 February 2024.