Last Updated: 25th February 2022
Pivotal is a wholly owned subsidiary of Jaguar Land Rover (“JLR”) - one of the world’s leading producers of premium cars. Pivotal provides a hassle-free and enjoyable alternative to premium car ownership. Taking care of our customers is paramount.
2. DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING THE Pivotal SERVICE
- www.drivepivotal.com (the “Website”) or the Pivotal Service app (the “App”) from which you subscribe to and use the Pivotal Service;
- the Pivotal Service, including your use of the vehicle you have subscribed to (“Vehicle”); and
- connected vehicle systems.
This policy sets out the basis on which data, including any personal data we collect from you, or that you provide to us, will be processed by us, following your use of the Website or App, the Vehicle, and our products and services. Please read it carefully to understand our views and practices regarding data collection and your personal data and how we will treat it.
How we are regulated: For UK data protection legislation purposes, InMotion Ventures 3 Limited is registered with the Information Commissioner’s Office under registration number ZA427303.
Customer Relationship Centre contact details: If you would like to get in touch, please contact us via email at [email protected] or by telephone at +44 (0)20 3950 4833.
WHAT INFORMATION WE COLLECT AND WHAT INFORMATION WE RECEIVE FROM OTHER SOURCES.
We may collect and process the following data about you and/or your use of the Vehicle(s):
- Submitted Information: information that you provide by filling in online forms during the application process for the Pivotal Service on the Website or App, or during your use of the Pivotal Service and Vehicle, via your use of the Vehicle’s infotainment system, information which you may otherwise provide to us directly (for example, when you communicate to us via telephone or email or through one of the forms on the Website or App), or that which an authorised JLR retailer provides or accepts on your behalf when servicing the Vehicle, or otherwise in connection with, or following up on, any other communication with you. This information will depend on the nature of your actions, but may include your name, address, telephone number (including mobile number), e-mail address, and your insurance, credit and driving history.
- Additional Information:
- if you contact us, we may keep a record of that correspondence; and
- details of transactions you carry out through the Website or App.
- Device Information (including location): We may collect information about the device or any computer you may use to access the Website or App, including the operating system and version, and the device’s locale settings and country code. More information on device data, automated data collection and cookies can be found at Section 11 (Cookies).
- Vehicle Identification Information: information about the Vehicle(s) that you have subscribed to use, including the Vehicle Identification Number (VIN), the make, model, model year, features, registration number, date of purchase or lease, and the authorised JLR retailer where the Vehicle is serviced.
- Location Information: information about the location of the Vehicle.
- Vehicle Operation Information: this includes information relating to the Vehicle being involved in an accident such as the fact that the airbags have been deployed or the sensors have been activated. We will also collect and process other information about the operation of the Vehicle throughout the course of its day-to-day use, including, but not limited to, the fuel amount, the distance to empty status, the odometer value, the distance to service status, the coolant level, the washer fluid level, the brake fluid status, the brake pad wear, the tyre pressure, tyre pressure sensor failure, engine malfunction, the oil level, the door and window status, if seatbelts are buckled or not, and information from any sensors, for example in the car, on the steering wheel, or from camera information, including if the cab is open, boot open, bonnet open status, battery information including voltage, emissions information and whether the alarm is armed or sounding.
- Marketing data: We may receive from you directly, or receive from retailers or other third party partners, your contact details, marketing preferences or other information, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.
Information may also be received from other sources. For example:
- Vehicle related data from independent third party sources: Information connected with you and the Vehicle (including the Vehicle identification number or VIN) may be shared as is appropriate between our network of retailers, repairers, importers, credit providers and credit hire product providers, and used to inform the Pivotal Services you have subscribed to. The information that is shared will depend on factors like the services that you request from us throughout the period of the Vehicle subscription. Please visit Section 4 (Who we share personal data with) below to find out more.
- Third party support services: For the performance of the Website and App and to allow us to maintain appropriate records and to support ongoing queries, we may receive data about you or your website and/or App activities from our group companies or third party providers (e.g. to confirm subscription payments, to appropriately update our data records and to support website maintenance). More information on our categories of suppliers is provided at Section 4 (Who we share personal data with) below.
- Device data: The Website and App automatically take certain device information in order to optimise your user experience (for example, allowing our website to automatically adapt screen size as appropriate for the device you are using to browse the website or App). This data also supports our website and App analytics. More information on automated data collection and cookies can be found at Section 11 (Cookies).
- Marketing data: Your contact details, marketing preferences or other information may be shared with us by retailers or other third parties partners, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.
- Public sources of data: We may use public sources of data, for example, to support functionality or services (e.g. to support authentication or fraud checks), and/or to maintain the accuracy of the data we hold. For example, we may make checks from time to time with the DVLA to check our Vehicle subscription information remains up to date.
3. HOW WE USE YOUR PERSONAL DATA
We use Vehicle data and personal data to manage and meet service and information requests, to understand service, Vehicle, Website and App use, for internal research and development purposes, and to make our products and services as effective as possible. For more information on our processing, and the legal grounds that are relevant, please see the “Tell me more” box below.
TELL ME MORE...
|Activity:||Applicable Legal Grounds:|
Determining your eligibility to receive the Pivotal service
We may collect special category personal data about you, for example in relation to insurance claims and your driving history (e.g. driving related convictions or bans) in order to assess your eligibility to access the Pivotal service. Special category information is a type of personal information and includes health information and information about racial or ethnic origin, political opinions, membership of trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences and criminal record. We will only collect special category personal data about you where we are permitted to do so by law.
Note: Where we collect your personal data with consent, you may withdraw your consent for us to use your information in any of these ways at any time. Please see 'Withdrawing your content' in Section 7 below for further details. (This right does not affect the lawfulness of processing that was based on that consent before its withdrawal.)
Supporting your requests and enhancing the Website and App
Personal data and Vehicle information is processed in order to set up you Pivotal service, your ongoing use of the Pivotal service, Website and App, and to send you information about the Pivotal service (for example, information about any updates to the Pivotal service).
Personal data and Vehicle information will also be used to enhance and simplify your digital experience across the website, in-vehicle experiences, and supporting your use of the Pivotal service.
|Necessary for contract
Legitimate Interests in running effective website and in-vehicle service.
Where personal data is required for entering into a contact, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service.
Global Positioning System (GPS), data tracking technology and anti-theft technology
Where we are permitted to do so by law, we may use Global Positioning System (GPS), telematics tracking technology and anti-theft technology that uses GPS. GPS is a network of satellites that would us to determine the location (latitude and longitude) of the vehicle. Additionally, the Vehicle may also have an on-board decide that may monitor the state of the vehicle, including its location. This information would be transmitted to us and stored. Where applicable, we use this information for a variety of legitimate interests and also in connection with the performance of our contract with you. For example, we may monitor or store Vehicle or GPS data to assist with roadside assistance or locate the vehicle that is lost or stolen.
|Necessary for contract
Legitimate Interested in running effective services and precent theft and fraud.
Enhancing website experience
Where we pre-fill website data fields to enhance and streamline your online experience
|Legitimate interests in enhancing, simplifying and streamlining website experiences|
Internal research and development
For internal research, development, analytics, analysis and reporting purposes, e.g. to monitor current Vehicle performance, predict trends or performance, develop new functions, products and services, or to evidence compliance with regulatory requirements.
|Legitimate interests in assessing and improving performance, managing compliance, monitoring trends and developing new products|
Resolving your queries, managing your transactions and continuing to improve our services
Your personal data (including the Additional Information) will be processed as applicable in order to help resolve your queries or complaints, to help resolve any issues with the Pivotal service, to improve our customer service, and to manage your transactions via the website.
Marketing activities and research and analytics
Other marketing activities will happen assessed on the legitimate interests ground. e.g. where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services. In order to improve the services we offer via our websites, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
We will use profiling, including segmentation tools and carry out research and analytics activities to inform our marketing strategies, to create a better understanding of our customers and visitors; and use of our websites, to support our website advertising, and to better improve the website information, functionality and the services we provide.
Note: Where we collect your personal data with consent, you may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 7 below for further details. (this right does affect the lawfulness of processing that was based on that consent before its withdrawal)
Legitimate Interests for direct marketing purposes.
Legitimate Interests for internal analytics and profiling, service awareness and service improvement.
Records maintenance and general administration
To maintain, cleanse and update our records, administer and maintain our websites, support your queries and any other internal operations and administrative purposes (for example, this will include troubleshooting, testing, supporting our audit requirements and in responding to any enquiries you may make, including any data protection rights you raise).
We may record calls with you for training and quality purposes and to help resolve disputes.
Specifically we will use Log Information (as explained above) in the following ways:
|Legitimate Interests in maintaining appropriate websites, records and service administration|
Network and information security
To maintain our network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access. And to maintain appropriate service locations (for example, we may with third parties to support appropriate use of cloud services)
|Legitimate Interests as appropriate for ensuring network and information security|
Corporate acquisitions and disposals
Any data processed as is necessary in the context of corporate acquisitions or disposals
Legitimate business Interests
Management of legal and regulatory requirements
To manage legal and regulatory requests and requirements, meet or defend legal rights or for the prevention/detection of crime, (including where required to assist HMRC, law enforcement agencies such as the Police, the Driver and Vehicle Licensing Agency (DVLA) or any other public authority or criminal investigation body, or for the safeguarding of national security).
|Legitimate interests in complying with law and regulation, including responding to regulators
In the event we communicate to you an urgent safety or product recall notices.
4. WHO WE SHARE PERSONAL DATA WITH
We may share your personal data with:
- Those third parties who need to handle it so we can provide to you the services you have subscribed for, or that are appropriate for your Vehicle, for example, in-vehicle available services, emergency services, road side assistance and stolen vehicle tracking.
- Our third party service providers: We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example: insurance services, website and hosting services, marketing services, customer management services, identify verification services, credit check services, customer contract services, customer contact support services, payment processing services, financial general ledger services, logistics, delivery and repair services, and email and document services. We will limit the data that is shared to that which is necessary for providing the service.
- Public bodies, law enforcement and regulators From time to time, the police, other law enforcement agencies and regulators can request personal data, for example for the purposes of preventing or detecting crime, or apprehending or prosecuting offenders.
- Third parties in the event we sell or buy any business or assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.
5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS
The Website and App uses servers which are hosted in the EU and in the UK. However we may share personal data with suppliers or group companies located outside of the EU and the UK where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.
TELL ME MORE about the adequacy checks Pivotal puts in place for international data transfers …
Where Pivotal chooses to share personal data with a third party located outside the EU or the UK, the following factors are assessed to support adequate transfer of this data:
- Use of measures like European Commission approved measures to support adequate transfers of personal data. We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission, which the UK also recognises for data transfers from the UK We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers). We may work with suppliers who are able to demonstrate to us they are Privacy Shield certified.
- To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
- To see a full list of approved Binding Corporate Rules, please click this link (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en).
- A full list of Privacy Shield participants, and their Privacy Shield certification information is available from this website link. (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en)
6. HOW LONG WE HOLD PERSONAL DATA FOR
We will keep your personal data for as long as we need it to provide the products and services you have signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests and to enforce our rights.
The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.
7. YOUR DATA PROTECTION RIGHTS
You have rights in connection with your personal data that include the following: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.
We try to ensure that we deliver the best levels of customer service. if you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using the email address below.
If you are not happy and have a data protection related complaint, please contact us direct at this email address: [email protected]. If you are not satisfied, you also have the right to complain to the Information Commissioner’s Office.
To learn more about these data protection rights, see the “Tell me more” section below.
TELL ME MORE about my data subject rights ...
- If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.
- You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.
- In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.
About how I can get in touch with the Information Commissioner’s Office (ICO):
- The Information Commissioner’s Office (the ICO) is the supervisory authority that regulates personal data in the UK. You can get in touch with the ICO in any of the following ways:
- By going to their website: www.ico.org.uk
- By giving them a call on 0303 123 1113
- or by writing to them. Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.
8. CHANGES TO THIS POLICY
9. LINKS TO OTHER WEBSITES
10. KEEPING YOUR INFORMATION SECURE
We require all of our services providers to have appropriate measures in place to maintain the security of your information.
Your password enables you to access the Pivotal member area. You are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.
We may obtain information about your computer, which includes your IP address, browser type and operating system where available. This accumulation of data is used to assist system administration.
We may also collect information regarding your browsing activity and interests through use of a cookie file. This cookie file is stored on the hard drive of your computer, and contains information that is transferred to your computer's hard drive. We use the collection of this data to help us improve the experience of users on our website, and to deliver a more personalised service with more relevant content. The collection of this data allows us to:
- store data indicative of your preferences, allowing us to adjust our website to appeal to your individual interests;
- estimate the size and usage patterns of our audience;
- record the details of any transactions carried out by you through our website;
- identify you upon your return to our website; and/or
- increase the speed of your searches.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works.
You can find more information about some of the individual cookies we use and the purposes for which we use them below. Example of cookies that we use:
Tool: Google Analytics