Privacy Policy – Pivotal

Privacy Policy

Last Updated: 22nd October 2019

1. WHAT YOU CAN EXPECT TO SEE FROM READING THIS PRIVACY POLICY

Pivotal is a wholly owned subsidiary of Jaguar Land Rover (“JLR”) - one of the world’s leading producers of premium cars. Pivotal provides a hassle-free and enjoyable alternative to premium car ownership. Taking care of our customers is paramount.

We respect the privacy of our customers. This Privacy Policy explains how we use personal data received from your use of the Pivotal vehicle subscription service (“Pivotal Service”), and informs you of your data protection rights.

2. DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING THE Pivotal SERVICE

WHO WE ARE AND WHAT DOES THIS PRIVACY POLICY APPLY TO

Who We Are: When we refer to ‘Pivotal’, ‘we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: Inmotion Ventures 3 Limited, whose registered office is at: Abbey Road, Whitley, Coventry CV3 4LF, and whose registered number is: 10445040.

What this Privacy Policy covers - This Privacy Policy will apply to your use of:

  • www.drivepivotal.com (the “Website”) or the Pivotal Service app (the “App”) from which you subscribe to and use the Pivotal Service;
  • the Pivotal Service, including your use of the vehicle you have subscribed to (“Vehicle”); and
  • connected vehicle systems.

Please note that this policy does not apply to third party websites which you may access in connection with your use of the InControl Services or otherwise, or to services or features which you sign up to receive directly with a third party – please refer in these cases to the relevant third party’s privacy policy.

This policy sets out the basis on which data, including any personal data we collect from you, or that you provide to us, will be processed by us, following your use of the Website or App, the Vehicle, and our products and services. Please read it carefully to understand our views and practices regarding data collection and your personal data and how we will treat it.

Please be aware that it is your responsibility to alert other named drivers and all passengers and people you authorise to use the Vehicle about the privacy practices described in this Privacy Policy (including the ways in which we may collect and use data from the Vehicle and/or relating to users of the Vehicle).

How we are regulated: For UK data protection legislation purposes, Inmotion Ventures 3 Limited is registered with the Information Commissioner’s Office under registration number ZA427303.

Customer Relationship Centre contact details: If you would like to get in touch, please contact us via email at [email protected] or by telephone at +44 (0)20 3950 4833.

WHAT INFORMATION WE COLLECT AND WHAT INFORMATION WE RECEIVE FROM OTHER SOURCES.

We may collect and process the following data about you and/or your use of the Vehicle(s):

  • Submitted Information: information that you provide by filling in online forms during the application process for the Pivotal Service on the Website or App, or during your use of the Pivotal Service and Vehicle, via your use of the Vehicle’s infotainment system, information which you may otherwise provide to us directly (for example, when you communicate to us via telephone or email or through one of the forms on the Website or App), or that which an authorised JLR retailer provides or accepts on your behalf when servicing the Vehicle, or otherwise in connection with, or following up on, any other communication with you. This information will depend on the nature of your actions, but may include your name, address, telephone number (including mobile number), e-mail address, and your insurance, credit and driving history.
  • Additional Information:
    • if you contact us, we may keep a record of that correspondence; and
    • details of transactions you carry out through the Website or App.
  • Device Information (including location): We may collect information about the device or any computer you may use to access the Website or App, including the operating system and version, and the device’s locale settings and country code. More information on device data, automated data collection and cookies can be found at Section 11 (Cookies).
  • Vehicle Identification Information: information about the Vehicle(s) that you have subscribed to use, including the Vehicle Identification Number (VIN), the make, model, model year, features, registration number, date of purchase or lease, and the authorised JLR retailer where the Vehicle is serviced.
  • Location Information: information about the location of the Vehicle.
  • Vehicle Operation Information: this includes information relating to the Vehicle being involved in an accident such as the fact that the airbags have been deployed or the sensors have been activated. We will also collect and process other information about the operation of the Vehicle throughout the course of its day-to-day use, including, but not limited to, the fuel amount, the distance to empty status, the odometer value, the distance to service status, the coolant level, the washer fluid level, the brake fluid status, the brake pad wear, the tyre pressure, tyre pressure sensor failure, engine malfunction, the oil level, the door and window status, if seatbelts are buckled or not, and information from any sensors, for example in the car, on the steering wheel, or from camera information, including if the cab is open, boot open, bonnet open status, battery information including voltage, emissions information and whether the alarm is armed or sounding.
  • Log information: For the purpose of this privacy policy, “log information” refers to the log files listing actions or requests made to our systems in connection with your usage of the infotainment unit, and Website and App. When you access the Website or App, use the infotainment system, or connected features, connect a SIM card, or pair a device, we may automatically collect and store certain information in server logs, including but not limited to internet protocol (IP) addresses, internet service provider (ISP), clickstream data, browser type and language, viewed and exit pages and date or time stamps (“Website Log Information”). We may also collect and store information related to your usage of the Vehicle’s Infotainment system, plugged in SIM card or paired device (“Device Information”).
  • Marketing data: We may receive from you directly, or receive from retailers or other third party partners, your contact details, marketing preferences or other information, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.

Information may also be received from other sources. For example:

  1. Vehicle related data from independent third party sources: Information connected with you and the Vehicle (including the Vehicle identification number or VIN) may be shared as is appropriate between our network of retailers, repairers, importers, credit providers and credit hire product providers, and used to inform the Pivotal Services you have subscribed to. The information that is shared will depend on factors like the services that you request from us throughout the period of the Vehicle subscription. Please visit Section 4 (Who we share personal data with) below to find out more.
  2. Third party support services: For the performance of the Website and App and to allow us to maintain appropriate records and to support ongoing queries, we may receive data about you or your website and/or App activities from our group companies or third party providers (e.g. to confirm subscription payments, to appropriately update our data records and to support website maintenance). More information on our categories of suppliers is provided at Section 4 (Who we share personal data with) below.
  3. Device data: The Website and App automatically take certain device information in order to optimise your user experience (for example, allowing our website to automatically adapt screen size as appropriate for the device you are using to browse the website or App). This data also supports our website and App analytics. More information on automated data collection and cookies can be found at Section 11 (Cookies).
  4. Marketing data: Your contact details, marketing preferences or other information may be shared with us by retailers or other third parties partners, where there is appropriate notice and in compliance with applicable data protection laws. You have the right to ask us not to use your personal data for marketing purposes. Please see your data protection rights at Section 7 (Your data protection rights) below for further information on these.
  5. Public sources of data: We may use public sources of data, for example, to support functionality or services (e.g. to support authentication or fraud checks), and/or to maintain the accuracy of the data we hold. For example, we may make checks from time to time with the DVLA to check our Vehicle subscription information remains up to date.

3. HOW WE USE YOUR PERSONAL DATA

We use Vehicle data and personal data to manage and meet service and information requests, to understand service, Vehicle, Website and App use, for internal research and development purposes, and to make our products and services as effective as possible. For more information on our processing, and the legal grounds that are relevant, please see the “Tell me more” box below.

TELL ME MORE...

Activity: Applicable Legal Grounds:
Determining your eligibility to receive the Pivotal service

We may collect special category personal data about you, for example in relation to insurance claims and your driving history (e.g. driving related convictions or bans) in order to assess your eilibility to access the Pivotal service. Sepcial category information is a type of personal information and invludes health information and information about racial or ethnic origin, political opinions, membership of trade union or political association, religious beliefs or affiliations, philosophical beliefs, sexual preferences and criminal record. We will only collect special category personal data about you where we are permitted to do so by law.
Consent
Note: Where we collect your personal data with consent, you may withdraw your consent for us to use your information in any of these ways at any time. Please see 'Withdrawing your content' in Section 7 below for further details. (This right does not affect the lawfulness of processing that was based on that consent before its withdrawal.)
Supporting your requests and enhancing the Website and App

Personal data and Vehicle information is processed in order to set up you Pivotal service, your ongoing use of the Pivotal service, Website and App, and to send you information about the Pivotal service (for example, information about any updates to the Pivotal service).

Personal data and Vehicle information will also be used to enhance and simplify your digital experience across the website, in-vehicle experiences, and supporting your use of the Pivotal service.
Necessary for contract
Legitimate Interests in running effective website and in-vehicle service.
Where personal data is required for entering into a contact, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service.
Global Positioning System (GPS), data tracking technology and anti-theft technology

Where we are permitted to do so by law, we may use Global Positioning System (GPS), telematics tracking technology and anti-theft technology that uses GPS. GPS is a network of satellites that would us to determine the location (latitude and longitude) of the vehicle. Additionally, the Vehicle may also have an on-board decice that may monitor the state of the vehicle, including its location. This information would be transmitted to us and stored. Where applicable, we use this information for a variety of legitimate interests and also in connection with the performance of our contract with you. For example, we may monitor or store Vehicle or GPS data to assist with roadshde assistance or locate the vehicle that is lost of stolen.
Necessary for contract
Legitimate Interested in running effective services and precent theft and fraud.
Enhancing website experience

Where we pre-fill website data fields to enhance and streamline your online experience
Legitimate interests in enhancing, simplifying and streamlining website experiences
Internal research and development

For internal research, development, analytics, analysis and reporting purposes, e.g. to monitor current Vehicle performance, predict trends or performance, develop new functions, products and services, or to evidence compliance with regulatory requirements.
Legitimate interests in assessing and improving performance, managing compliance, monitoring trends and developing new products
Resolving your queries, managing your transactions and continuing to improve our services

Your personal data (including the Additional Information) will be processed as applicable in order to help resolve your queries or complaints, to help resolve any issues with the Pivotal service, to improve our customer service, and to manage your transactions via the website.
Marketing activities and research and analytics

We will obtain your consent where required for marketing communications to be sent to you using electronic marketing communications with our network of independant theird parties, where you give consent for this to happen. We will also comply with cookie obligations where we use cookies on our website.
Other marketing activities will happen assessed on the legitimate interests ground. e.g. where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services. In order to improve the services we offer via our websites, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
We will use profiling, including segmentation tools and carry out research and analytics activities to inform our marketing strategies, to create a better understanding of our customers and visitors; and use of our websites, to support our website advertising, and to better improve the website information, functionality and the services we provide.
Consent
Note: Where we collect your personal data with consent, you may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 7 below for further details. (this right does affect the lawfulness of processing that was based on that consent before its withdrawal)
Legitimate Intersests for direct marketing puposes.
Legitimate Interests for internal analytics and profiling, service awareness and service improvement.
Records maintenance and general administration

To maintain, cleanse and update our records, administer and maintain our websites, support your queries and any other internal operations and administrative purposes (for example, this will include troubleshooting, testing, supporting our audit requirements and in responding to any enquiries you may make, including any data protection rights you raise).
We may record calls with you for training and quality purposes and to help resolve disputes.
Specifically we will use Log Information (as explained above) in the follwing ways:
Legitimate Interests in maintaining appropriate websites, records and service administration


Way we use Log Infomation: Types of Log Information this uses:
For providing services to you Call Log Information
To investigate system issues Call Log Information
for website logging and to investigate website/system issues Website Log Information (about your usage of the Website and App)
To improve our operational processes regarding the Pivotal service Call Log Information (where possible we will take steps to anonymise, pseudonymise and/or aggregate the Call Log Information used)
For analytics purposes, to maintain and improve the quality of the services and features, including the Pivotal Service and to improve the customer experience on our Vehicle functionality, websites and apps Call Log Information (where possible we will take steps to anonymise, pseudonymise and/or aggregate the Call Log Information used)




Network and information security

To maintain our network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access. And to maintain appropriate service locations (for example, we may with third parties to support appropriate use of cloud services)
Legitimate Interests as appropriate for ensuring network and information security
Corporate acquisitions and disposals

Any data processed as is necessary in the context of corporate acquisitions or disposals
Legitimate business Interests

Legal Obligation
Management of legal and regulatory requirements

To manage legal and regulatory requests and requirements, meet or defend legal rights or for the prevention/detection of crime, (including where required to assist HMRC, law enforcement agencies such as the Police, the Driver and Vehicle Licnsing Angeyc (DVLA) or any other public authority or criminal investigation body, or for the safeguarding of national security).
Legitimate interests in complying with law and regulation, including responding to regulators

Legal Obligation
Service Communications

In the event we communicate to you an urgent safety or product recall notices.
Vital Interests

Legal Obligation

4. WHO WE SHARE PERSONAL DATA WITH

We may share your personal data with:

  • Those third parties who need to handle it so we can provide to you the services you have subscribed for, or that are appropriate for your Vehicle, for example, in-vehicle available services, emergency services, road side assistance and stolen vehicle tracking.
  • Our third party service providers: We use a number of service suppliers to support our business and these service providers may have access to our systems and data in order to provide services to us and on your behalf, for example: insurance services, website and hosting services, marketing services, customer management services, identify verification services, credit check services, customer contract services, customer contact support services, payment processing services, financial general ledger services, logistics, delivery and repair services, and email and document services. We will limit the data that is shared to that which is necessary for providing the service.
  • Public bodies, law enforcement and regulators From time to time, the police, other law enforcement agencies and regulators can request personal data, for example for the purposes of preventing or detecting crime, or apprehending or prosecuting offenders.
  • Jaguar Land Rover group companies in line with the data uses set out in this Privacy Policy. As a member of the Tata Group of companies, we can benefit from the large IT infrastructure and expertise that exists within our wider corporate structure. This means that the personal data you provide to us maybe accessed by members of our group of companies only as necessary for service and system maintenance and support, aggregate analytics, business continuity, IT and administrative purposes. For example where necessary to support particular website enquiries, or to provide technical support that maintains website functionality.
  • Third parties in the event we sell or buy any business or assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.

We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.

5. INFORMATION ABOUT INTERNATIONAL DATA TRANSFERS

The Website and App uses servers which are hosted in the EU. However we may share personal data with suppliers or group companies located outside of the EU where this is necessary for the purposes described above. Where this happens, we apply safeguards to add to the data protections that apply to those data transfers. This includes an assessment of the adequacy of the third country in question, use of European Commission approved model contract terms where appropriate, and assessment of Privacy Shield certification for US located entities where applicable.

TELL ME MORE about the adequacy checks Pivotal puts in place for international data transfers …

Where Pivotal chooses to share personal data with a third party located outside the EU, the following factors are assessed to support adequate transfer of this data:

Internal checks to identify the existence or absence of any adequacy decision by the European Commission. We have group companies, and use suppliers located in countries that have been approved by the European Commission as having essentially equivalent data protection laws. A full list of these countries as at the date of this Privacy Policy is: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay and the Isle of Man. (The European Commission has also approved as adequate the EU-US Privacy Shield programme – this is described below). This list and information about the protections the European Commission has considered is available via this link (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).

  • Use of measures like European Commission approved measures to support adequate transfers of personal data. We also have group companies, and use suppliers located in countries that are elsewhere in the world. To manage data protection compliance with these transfers, we will use European Commission approved data transfer mechanisms such as use of model contractual clauses approved by the Commission. We will also assess where applicable where a supplier is able to demonstrate to us they have Binding Corporate Rules. (Binding Corporate Rules is a GDPR – recognised Data Protection mechanism to ensure adequate personal data transfers). We may work with suppliers who are able to demonstrate to us they are Privacy Shield certified.
  • To understand the protections required in European Commission approved Model Clauses, a template copy of these is accessible from this location (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
  • To see a full list of approved Binding Corporate Rules, please click this link (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en).
  • A full list of Privacy Shield participants, and their Privacy Shield certification information is available from this website link.

6. HOW LONG WE HOLD PERSONAL DATA FOR

We will keep your personal data for as long as we need it to provide the products and services you have signed up to. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes, to meet our legitimate interests and to enforce our rights.

The criteria we use to determine storage periods include the following: Information we have told you about storage periods on our website or in website terms and conditions. We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.

7. YOUR DATA PROTECTION RIGHTS

You have rights in connection with your personal data that include the following: to withdraw consent where you have given it, to be informed and have access to your personal data, to correct or complete inaccurate data, and in certain circumstances to restrict, request erasure, object to processing, or request portability of your personal data to another organisation.

We try to ensure that we deliver the best levels of customer service. if you do need or want to get in touch with us for any reason regarding your data protection rights, please get in touch using the email address below.

[email protected]

If you are not happy and have a data protection related complaint, please contact us direct at this email address: [email protected]. If you are not satisfied, you also have the right to complain to the Information Commissioner’s Office.

To learn more about these data protection rights, see the “Tell me more” section below.

TELL ME MORE about my data subject rights ...

  • If you have given us consent to process your personal data, including for electronic marketing communications, you have the right to withdraw that consent at any time. Just use the unsubscribe options presented, for example, these are present in the email marketing communications sent by us.
  • You can ask for access to the personal data we hold about you, object to the processing, request that we correct any mistakes, restrict or stop processing or delete it. If you do ask us to delete or stop processing it, we will not always be required to do so. If this is the case, we will explain why.
  • In certain circumstances you can ask us to provide you with your personal data in a usable electronic format and transmit it to a third party (right to data portability). This right only applies in certain circumstances. Where it does not apply, we will explain why.

About how I can get in touch with the Information Commissioner’s Office (ICO):

  • The Information Commissioner’s Office (the ICO) is the supervisory authority that regulates personal data in the UK. You can get in touch with the ICO in any of the following ways:
  • By going to their website: www.ico.org.uk
  • By giving them a call on 0303 123 1113
  • or by writing to them. Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.

8. CHANGES TO THIS POLICY

Updates to this Privacy Policy will be displayed here: www.drivepivotal.com/privacy-policy. A notice will be posted on the Website and App along with the updated Privacy Policy.

9. LINKS TO OTHER WEBSITES

The Website and App may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.

10. KEEPING YOUR INFORMATION SECURE

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We require all of our services providers to have appropriate measures in place to maintain the security of your information.

Your password enables you to access the Pivotal member area. You are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet; any transmission is at your own risk. Your information will be kept in a secure environment protected by a combination of physical and technical measures such as encryption technologies or authentication systems to prevent any loss, misuse, alteration, disclosure, destruction, theft or unauthorised access.

11. COOKIES

We may obtain information about your computer, which includes your IP address, browser type and operating system where available. This accumulation of data is used to assist system administration.

We may also collect information regarding your browsing activity and interests through use of a cookie file. This cookie file is stored on the hard drive of your computer, and contains information that is transferred to your computer's hard drive. We use the collection of this data to help us improve the experience of users on our website, and to deliver a more personalised service with more relevant content. The collection of this data allows us to:

  • store data indicative of your preferences, allowing us to adjust our website to appeal to your individual interests;
  • estimate the size and usage patterns of our audience;
  • record the details of any transactions carried out by you through our website;
  • identify you upon your return to our website; and/or
  • increase the speed of your searches.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works.

You can find more information about some of the individual cookies we use and the purposes for which we use them below. Example of cookies that we use:

Tool: Google Analytics

Cookie purposes: We use Google Analytics to collect information about how visitors use the site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For more information about Google’s privacy policy, please visit https://www.google.com/intl/en/policies/. If you do not wish to allow the use of Google Analytics cookies at all, Google provides an opt-out plug-in for most common website browsers https://tools.google.com/dlpage/gaoptout.

Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You remain entitled to refuse cookies by adjusting your browser settings accordingly. Doing so however may restrict your access to certain areas within our website. Unless you adjust your browser settings to refuse cookies, our system will issue cookies when you log on to our website.

Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You remain entitled to refuse cookies by adjusting your browser settings accordingly. Doing so however may restrict your access to certain areas within our website. Unless you adjust your browser settings to refuse cookies, our system will issue cookies when you log on to our website.