Privacy Policy

1.1 We appreciate your interest in our products and services and your visit to this website. Your privacy is important to us and we want you to feel comfortable with how we use and share your personal information.

1.2 This policy sets out how Ciceley Commercials Ltd and its associated companies and the ultimate Mercedes-Benz franchisor, Mercedes-Benz UK, and its parent company Daimler Group that are based in the UK handle your personal information, including when and why it is collected, used and disclosed and how it is kept secure.

1.3 You will find our contact details at the end of this policy which you can use if you have any questions, including how to update or access your personal information or to make a complaint.

1.4 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes.

1.5 This policy was last updated on 22nd May 2019.

2.1 Ciceley Commercials Ltd is a Mercedes-Benz Van and Truck franchise dealer and is the ‘controller’ of your personal information. A ‘controller’ is a company that decides why and how your personal information is processed.

2.2 Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal information.

3.1 We may collect and process the following personal information about you:

Personal information you give to us or Mercedes-Benz UK: This is information about you that you give to us or Mercedes-Benz by entering information via our websites or our social media pages or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give to us includes your name, contact details (such as phone number, email address and address), enquiry details and your opinion of our products.

In addition to the above we will also store personal information only if you share that information; for instance, by filling out a registration form, contact form, survey, contest entry or to execute a contract. In such cases we will, store only the data we are allowed to keep based on consent given by you or in accordance with applicable legal regulations.

Personal Information we collect about you: We store certain information about the browser and operating system you are using; the date and time of your visit; the status of interaction (e.g. whether you were able to access the website or received an error message); the usage of features on the website; any search phrases you entered; how often you visit individual websites; the names of files you access; the amount of data transferred; the Web page from which you accessed our website; and the Web page you visited after visiting our website, whether by clicking on links on our websites or entering a domain directly into the input field of the same tab (or window) of the browser in which you have our websites open. In addition we store your IP address and the name of your internet provider for seven days. This is for security reasons; in particular, to prevent and detect attacks on our websites or attempts at fraud.

Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include Daimler group companies or other third party companies or personal information available within the public domain from third party websites; the personal information received is as described in the two paragraphs above.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 7.4 for further details.

3.2 Please see further How we use your personal information in Section 4 for details of the purposes for which we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.

3.3 You are neither legally nor contractually obligated to share your personal information. However, certain features of our website may depend on the sharing of personal information. If you do not provide your personal information in such cases, you may not be able to use those features, or they may be available with very limited functionality.

4.1 Where you have provided CONSENT

We may use and process your personal information where you have consented for us to do so for the following purposes:

to arrange test drives or where you have requested a call back;

to supply brochures and other material you have specifically requested from us;

to contact you via email, text message, post or telephone with marketing information about Mercedes-Benz and Smart vehicles and other products and services (see Marketing section below for further details);

and to process payments on your behalf including but not limited to card payments taken over the phone for the purposes of making payment of a deposit related to a vehicle.

4.2 You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 8.4 for further details.

4.3 Where required to perform a CONTRACT with you

We may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes.

To exchange information for warranty/aftersales;

To allow for the provision of third party breakdown services by our breakdown provider;

If you take a finance or lease agreement with Mercedes-Benz Financial Services UK Ltd – see also section 14;

4.4 Where it is in your VITAL INTEREST

We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.

4.5 Where required to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations including: (i) to assist HMRC, the Police, the Driver and Vehicle Licensing Agency (DVLA) or any other public authority or criminal investigation body; (ii) to identify you when you contact us; and (iii) to verify the accuracy of data that we hold about you.

4.6 Where there is a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

for analysis, and profiling to inform our marketing strategy, and to enhance and personalise your customer or visitor experience;

for market research in order to continually improve the products and services that we and our authorised dealers deliver to you;

to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes;

for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms;

for the prevention of fraud and other criminal activities;

to undertake credit checks for finance;

to correspond and communicate with you;

to create a better understanding of you as a customer or visitor;

for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

for the purposes of corporate restructure or reorganisation or sale of our business or assets;

for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;

to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and for general administration including managing your queries, complaints, or claims, and to send service messages to you.

5.1 Group companies

We may share your information with other companies within the Daimler Group. They may use your personal information in the ways set out in How we use your personal information in Section 4, in connection with products and services that complement our own range of products and services, for example finance or insurance products.

5.2 Our suppliers and service providers

We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

5.3 Authorised dealers in the Mercedes-Benz UK network

Daimler may share your information with other companies within the Authorised Dealer Network. They may use your personal information in the ways set out in How we use your personal information in Section 4 or in connection with products and services that complement our own range of products and services, for example finance or insurance products.

5.4 Third parties who provide products and services

We work closely with various third parties to bring you a range of products and services which are complimentary to ours.

When you enquire about or purchase one or more of these products or services through us (e.g. via our websites), the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them.

These third party product providers may share your information with us which we will use in accordance with this policy. In some cases, they will be acting as a controller of your information and therefore we advise you to read their privacy policy.

5.5 Other ways we may share your personal information

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers.

However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.

6.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.

6.2 We do not retain personal information in an identifiable format for longer than is necessary.

6.3 We may need your personal information to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in How we use your personal information in Section 4.

6.4 The only exceptions to this are where:

the law requires us to hold your personal information for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this section 7, or because we are required under the law (see further Erasing your personal information or restricting its processing in Section 7.6);

and in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.

7.1 Your ‘data subject’ rights:

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.

7.2 Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

7.3 Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.

7.4 Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information in Section 4, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

7.5 Objecting to our use of your personal information and automated decisions made about you

Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information in Section 4, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.

You may also contest a decision made about you based on automated processing by contacting the data protection department.

7.6 Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your personal information in the following situations:

where you believe it is unlawful for us to do so,

you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

7.7 Transferring your personal information in a structured data file

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under Section 4 How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

7.8 Complaining to the UK data protection regulator

You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.

8.1 Security measures we put in place to protect your personal information

All companies within the Daimler Group use technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk.

Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

8.2 Use of ‘cookies’

‘Cookies’ are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit. Information on the cookies that we use and their features can be found in the cookies section.

8.3 Links to other websites

Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and Apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

8.4 Third Parties and Social plugins

Our websites may also contain third-party offers. If you click on any such offers, we will transfer the amount of data required to the appropriate provider (e.g. the fact that you found the offer in question on our website and, if applicable, additional information that you have already provided for this purpose on our websites).

On our websites, whenever we use so-called “social plugins” from social networks like Facebook, Twitter and Google+, we incorporate them in the manner described below.

When you visit our websites, social media plugins are deactivated. That means no information whatsoever is transferred to the operators of those networks. If you wish to use one of the networks, click on the appropriate plugin in order to be connected directly to that network’s server.

If you have a user account with that network and are logged in at the moment you activate the plugin, the network will be able to detect your visit to our websites and assign it to your user account. If you wish to prevent that, please log off from the network before activating the social plugin. A social network will not be able to detect that you have visited other Daimler websites unless you have activated its social plugin on those sites as well.

When you activate a social plugin, the network transfers the content thus made available directly to your browser, which incorporates it into our websites. In that situation, data transfers initiated and controlled by the respective social network may also take place. Your connection to a social network, the data transfers that take place between the network and your system, and your interactions on that platform are governed exclusively by the respective network’s data protection provisions.

The social plugin will remain active until you deactivate it or delete your cookies.

Our cookie policy can be found at:- https://www.ciceley.com/cookie-info/

Whenever you click on the link to an offer or activate a social plugin, your personal information may be transferred to providers in countries outside the European Economic Area that, from the standpoint of the European Union (“EU”), do not guarantee an “appropriate level of protection” meeting EU standards for processing personal information. Please keep these circumstances in mind before you click on a link or activate a social plugin, thereby causing your data to be transferred.

9.1 We want the content of our websites to match your preferences as closely as possible, thereby improving what we offer you. To identify especially popular areas of our websites, we use the Google Analytics analysis tools.

9.2 When we employ these analytics tools, information may be transferred to servers located in the US and processed there. Please note the following: From the standpoint of the European Union, the United States does not provide an “appropriate level of protection” meeting EU standards for the processing of personal information. However, an equivalent level of protection can be created for individual instances of processing by a company through certification under the EU-U.S. Privacy Shield Framework or other instruments (e.g. the EU’s so-called standard contractual clauses for the transfer of personal data).

9.3 If you do not wish us to use the above named analytics tools to collect and analyse information about your visit to our websites, you may permanently object to the practice (opt out) at any time.

We will comply with your rejection by placing an opt-out cookie in your browser. This cookie will only indicate that you have opted out. Please note that, for technical reasons, an opt-out cookie affects only the browser in which it has been installed. If you delete the cookie or use a different browser or device, you will need to opt out again.

9.4 Below you will find information about the providers of the analytics tools and the respective opt-out procedures:

Google Analytics from Google Inc. (“Google”):

Google is certified under the EU-U.S. Privacy Shield Framework.

You can prevent your information from being transferred as well as collected and processed by Google. Google provides information about this at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

10.1 We use so-called targeting and retargeting technologies in order to tailor our online marketing (e.g. banner ads) more specifically to your needs and interests. Google Search Ad and Google Display. These are monitored and used when you visit other websites that work together with the providers of these (re-)targeting technologies, so as to inform you while meeting your interests as closely as possible.

When the above technologies are used, cookies on our websites and (in the case of retargeting) on the websites of others register your interest in our products and services. In the process, random identifiers (so-called cookie IDs) are used which are not brought into connection with your name, your address or similar information, even if this information is known to us (e.g. from an existing contractual relationship), unless you have consented to this.

Further information about the above technologies from the respective providers, and the associated processing of personal data, can be found at the following links:

Google: https://policies.google.com/technologies/partner-sites

During the retargeting process, we may also collect information about your interest in the products and services of our retargeting partners.

When these targeting and retargeting tools are used, some data may be transferred to servers located in the United States and processed there. Please read the information concerning that in Section 5b of this Privacy Statement.

For legal reasons, the use of tracking and (re-) targeting technologies is sometimes only possible with your express consent (so called opt in see 10.2). In other cases you can object to the use of such technologies if you wish (so called opt out see 10.3),

10.2 Use of Google marketing products – Opt-in

We only use Google marketing products (e.g. Search Ad, Display & Video 360) with your express consent, which you can grant by clicking on the “Agree” button in the so-called Cookie Information Layer (“Opt-in”). We store this consent in a cookie on your device so that you are not asked for consent again each time you visit our websites, and for legal reasons, also on our servers with the IP address and a time stamp; we delete this information or restrict its processing if you withdraw your consent or 6 months at the latest after your last visit to our websites.

Should you change your mind at any time, you can withdraw your consent by clicking on the following link:

data-cookie optout Withdraw consent to Google marketing products

To delete cookies inserted with your consent when visiting our websites after your consent to Google marketing products is withdrawn, please visit the Google websites; at the time when these data protection notes were compiled, the following link can be used for this:

https://adssettings.google.co.uk/anonymous

11.1 We may collect your preferences to send you marketing information directly from us by email/SMS(where applicable) including:

if you register an account with us;

if you book a test drive or request a call back;

if you register your interest in a vehicle online or in person;

when you place an order for a vehicle, service or part.

We will only do so if you have consented to receiving such marketing information directly from us.

11.2 We may contact you with targeted advertising delivered online through social media and platforms (operated by other companies) by using your personal information, or use your personal information to tailor marketing to improve its relevance to you, unless you object.

11.3 We will only share your personal information with recommended third parties for them to contact you with marketing information about their products and services where you have indicated that you would like us to do so. Please use the link on the page requesting your consent to find out more about these third parties. Once shared, the relevant third party’s privacy policy will apply to their processing of your personal information, not ours. If you’d like to opt-out of receiving marketing from a third party after providing your consent, you can do so at any time by contacting the relevant third party directly.

11.4 If you opt-in to receiving marketing from our recommended third parties, you will receive marketing from the third parties listed in the table below via your preferred communication methods indicated by you:

11.5 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

11.6 You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see Withdrawing your Consent in Section 8.4 and Objecting to our use of your personal information and automated decisions made about you in Section 8.5 above for further details on how you can do this.

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this policy when you visit our website. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using our services.

If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your marketing preferences with Ciceley Commercials Ltd, please contact the Data Protection Officer

Ciceley Commercials Ltd Data Protection Officer

Ciceley Commercials Ltd
Head Office
Cicely Lane
Blackburn
BB1 1HQ

If you have any questions regarding the processing of your personal information within the Daimler Group, please contact the Daimler UK Data Protection Co-ordinator.

Daimler UK Data Protection Co-ordinator:

Mercedes-Benz UK
Legal Department
Tongwell,
Milton Keynes
MK15 8BA

Email: datacompliance@daimler.com
Telephone: 08082081701

Mercedes-Benz Financial Services UK Limited Privacy Notice

Mercedes-Benz Financial Services UK Ltd (MBFS) is a subsidiary company of Daimler AG, owners of the Mercedes-Benz brand. MBFS works with other subsidiary companies which includes our Retailer partners and Dealer Network in the UK to provide finance, leasing and related services to Mercedes-Benz and smart customers.

How your Personal Information is used

MBFS takes your privacy seriously. Unless you have agreed otherwise, your personal information will only be used to provide the financial services you have requested from us and to administer your agreement.

Your details will be shared with third parties who include our agents, credit reference and fraud agencies, group companies.

Details may be transferred out of the European Economic Area and will at all times be held securely and handled with the utmost care. Your details will be stored, but will not be retained longer than necessary. Your personal data is protected by legal rights which are detailed later in this document.

MBFS may disclose the data provided by or about you to a third party in connection with our corporate finance purposes, which may include granting such third parties the right to receive amounts you owe us.

Your Application for Credit

In order to process your application, we will perform credit and identity checks with one or more Credit Reference Agencies (CRAs). We may also make periodic searches at CRAs to manage your agreement with us.

We will supply your personal information to CRAs and they will provide us with information about you. CRAs will supply public (such as the electoral register) and shared credit information. This will include information relating to both your financial situation and history in addition to information used for the purposes of fraud prevention.

We will use this information to:

• Assess your creditworthiness and determine whether you can afford to take the vehicle
• Verify the accuracy of the data you have provided to us
• Prevent criminal activity, fraud and money laundering
• Manage your account(s)
• Trace and recover debts
• Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or inform us that you have a spouse, partner or financial associate, we will link your records together. Please ensure you discuss this with the relevant parties, and share this information with them, before lodging the credit application. CRAs will also link your records together and these links will remain on your and their files until such time as you or any other individual involved in a joint application successfully files for a disassociation with the CRAs.

If you are making this application as a partner in a firm or as the director of a limited company, MBFS may also carry out searches with credit reference and/or fraud prevention agencies in respect of other partners and directors. By making this application you warrant that your partners or directors understand that MBFS will be carrying out such searches and using their personal information.

Experian

www.experian.co.uk/crain

The personal information we have collected from you will also be shared with fraud prevention agencies. It will be used to prevent fraud and money-laundering and to verify your identity. These checks require us to process your personal data. If fraud is detected, you could be refused certain services, finance or employment.

The personal data provided will be used to prevent fraud and money laundering, and to verify your identity. This includes but is not limited to your name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details. We, and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data because we have a legitimate interest in preventing fraud and money laundering, and to verify your identity to protect our business, and to comply with the law. Such processing is also a contractual requirement of our provision of financial services.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Automated Decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

Consequences of Processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the financial services you have requested, or we may cease to provide existing services to you.

A record of any fraud or money laundering risk will be retained by fraud prevention agencies, and may result in others refusing to provide services, finance or employment to you. If you have any questions about this, please contact us on the details below.

Transfer of Data

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data. This protects your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your Legal Rights

Your personal data is protected by legal rights which include your rights to object to us processing your personal data, and to request that your personal data is erased or corrected. You may request access to your personal data. To exercise your data protection rights, please contact us using the contact details below. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.