Please note that this data privacy notice only applies to Nordic and we are not responsible for, and have no control over, information that is submitted to or collected by third parties, such as those where our website may provide links and banner advertisements to third party sites. Since we do not control these websites, you are responsible for reviewing and abiding by the privacy policies of these third party sites to ensure they comply with the applicable data protection regulations.
Where possible, Nordic will take steps to erase any personal data that is no longer necessary for the purposes for which it is collected or otherwise processed, or if you have withdrawn consent for its processing and retention. As a general rule, if you currently have a contract or intend to enter into a contract with Nordic, we will store the data for a period of six years after the contract ends, for compliance with our general legal obligations and for the exercise or defence of any legal claims. Under the GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’. Specific circumstances in which you can request the deletion or removal of personal data includes:
You also have the right to see what personal information we are processing. This can be requested by emailing our Data Protection Officer. There will be no charge for this service. If however, you log multiple requests, then there may be nominal charge which we will request to cover the administration of these requests. You may also request from us a copy of the personal data which has been processed through automated means This will be provided in a structured, commonly used, and machine-readable format (where technically feasible) which you may then transmit to another controller. You have the right to request us to send this to another controller on your behalf, but only if this is technically feasible for us to do so.
Sharing of data with other data controllers
Nordic take your privacy seriously and the information we hold about you is confidential. We will only disclose it outside Nordic when:
- You have given us your consent to do so
- It is necessary for the performance of an agreement of which you will be made aware
- In order to obtain professional advice (e.g. legal advice)
- We or others need to investigate or prevent crime (e.g. to fraud prevention agencies)
- The law permits or requires it
- Regulatory or governmental body requests or requires it, even without your consent
- There is a duty to the public to reveal the information
Fraud Prevention
If you give us false or inaccurate information and fraud (in any form) is identified, details will be passed to the fraud prevention agencies. We and other organisations may also share, access and use this information to prevent fraud and money laundering, for example when:
- Checking details on applications for credit and credit related or other facilities
- Managing credit and credit related accounts or facilities
- Recovering debt
- Checking details of job applicants and employees
In addition, law enforcement agencies may access and use this information.
Protecting your privacy
In order to protect the personal data collected from you by Nordic against accidental or deliberate manipulation, loss, destruction or the access of unauthorised persons, technical and organisational security measures are constantly improved as part of our technological development. In addition, our employees, subcontractors and other support staff are obligated to observe confidentiality and data privacy. Wherever possible, we have tried to create a secure and reliable website for our users. However, you recognise that your use of the Internet and our website is entirely at your own risk and we have no responsibility or liability for the security of personal information transmitted via the Internet. All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without our prior written authorisation. You must not use any false identity in email or other network communications and you must not attempt or participate in the unauthorised entry or viewing of another user’s account or into another system. You must not use the services and/or network systems or any part thereof for fraudulent activities, or to breach another organisation’s security (cross-network hacking). This is an illegal act and prosecution under criminal law may result. You must not use any resources or any services provided by us for any illegal purpose, or for accessing, receiving or transmitting any material deemed illegal, indecent, offensive or otherwise unacceptable under UK law. We will monitor network traffic from time to time for the purposes of backup and problem solving and in order to ensure that you are not misusing any of the services provided to you.
Breaches
If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, and you, without undue delay.
Subject Access Requests
You have the right to request access to a copy of the personal information that we hold about you. This is also known as a ‘Subject Access Request’. This information is provided to you free of charge. However, we can refuse to respond or charge a ‘reasonable fee’ of £25 inc. VAT when a request is manifestly unfounded, excessive or repetitive. We will provide this information in a structured, commonly used and machine readable form such as a CSV file. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. If you would like to submit a Subject Access Request, please contact our Data Protection Officer in writing. We will respond to your request without delay and at the latest, within one month of receipt of your request.
Rectifying or updating personal data
If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to rectification. We will typically respond to your request within one month, although this can be extended by two months if your request for rectification is complex.
Withdrawing Consent
You have the right to withdraw your consent for us to collect, process and store your data at any time. If you wish to withdraw your consent, please confirm this in writing to our Data Protection Officer.
Right to complain
If you have a complaint about any aspect of data protection or if you feel your privacy has been breached by us, we would like to hear from you. To help us investigate and resolve your concerns as quickly as possible, please contact our Data Protection Officer. If you are unhappy with the final response you have received from Nordic, you have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO). You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.
Data Protection Officer
Data Protection Officer Nordic Unit 5 Castle Business Village Station Road Hampton Greater London TW12 2BX By Phone: 0208 939 3600 By Email: dpo@newsite.nordiccar.com