Denis Mahony Ltd respects your privacy and will always ensure that Personal Data is protected.
The Personal Data that we hold may relate to your name, telephone number, email address but also to other data, such as your Vehicle Identification Number (VIN), registration number etc. In addition, we may hold data pertaining to your vehicle during the time of your ownership such as service records.
In this Data Protection Policy (“this Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, with whom we share it, how we protect it, and the choices you can make about your Personal Data.
This Policy applies to the processing of your Personal Data in the framework of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. that are provided or operated by us or on our behalf.
This Policy applies to all your Personal Data collected by (or on behalf of) Denis Mahony Ltd, referred to in this Policy as “we”, “us” and “our”.
If you accept the provisions of this Policy, you are agreeing to us processing your Personal Data in the ways that are set out in this Policy.
At the end of this Policy, you will find some definitions of certain key concepts used in this Policy and which are capitalised (for example, Personal Data, Processing, Data Controller…).
2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
The entity which is responsible for the processing of your Personal Data is:
- Denis Mahony Ltd, Exit 5 M50, North Road, Dublin 11
3. WHO CAN YOU CONTACT IN CASE YOU HAVE QUESTIONS OR REQUESTS? THE DATA PROTECTION CONTACT POINT
If you have any questions or requests concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at email@example.com.
4. KEY PRINCIPLES
We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles we apply are as follows:
• Lawfulness: we will only collect your Personal Data in a fair, lawful and transparent manner.
• Data minimisation: we will limit the collection of your Personal Data to what is directly relevant and necessary for the purposes for which they have been collected.
• Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and not process your Personal Data further in a way incompatible with those purposes.
• Accuracy: we will keep your Personal Data accurate and up to date.
• Data security and protection: we will implement technical and organisational measures to ensure an appropriate level of data security and protection considering, among others, the nature of your Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of Processing.
• Access and rectification: we will process your Personal Data in line with your legal rights.
• Retention limitation: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations and no longer than is necessary for the purposes for which they have been collected.
• Protection for international transfers: we will ensure that any of your Personal Data transferred outside the EEA is adequately protected.
• Safeguards towards third parties: we will ensure that Personal Data access by (and transfers to) third parties are carried out in accordance with applicable law and with suitable contractual safeguards.
• Lawfulness of direct marketing and cookies: when we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with applicable law.
5. PROCESSING OF YOUR PERSONAL DATA: WHICH PERSONAL DATA DO WE COLLECT AND ON WHICH LEGAL GROUNDS
Whenever we require your Personal Data, we will always clearly inform you which of your Personal Data we collect. Please note that in accordance with applicable data protection law, your Personal Data can be processed if:
- you have given us your consent for the purposes of the Processing (as described in the privacy notice related to that particular Processing). For the avoidance of doubt, you will always have the right to withdraw your consent at any time; or
- it is necessary for the performance of a contract to which you are a party; or
- with such Processing, we pursue a legitimate interest that is not outbalanced by your privacy rights. Such legitimate interest will be duly communicated to you in the privacy notice related to that particular Processing.
- it is required by law.
6. FOR WHICH PURPOSES WE PROCESS YOUR PERSONAL DATA
We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.
Such purpose can be the execution of an order you have placed, the improvement of your visit on one of our websites, the improvement of our products and services more generally, the offering of services or applications, marketing communications and actions, etc.
As part of our marketing activities, we may use your personal information (including, where permitted by you and your finance provider, any finance details) to analyse your suitability for trade-ins or upgrades. We may do this by phone, post, email, text or through other digital media. Where we do so we rely on the lawful processing ground of legitimate interest and our legitimate interest is to develop relationships with our existing customers and to assess our performance and standards.
When you purchase a new motor vehicle from us we will use your personal information to register the motor vehicle with the Revenue Commissioners to pay any VRT and VAT on the vehicle or, where applicable to apply for a VRT, VAT and/or motor tax exemption on your behalf, as required by law. We may also use your personal information to comply with any obligation under anti-money laundering legislation, for the purposes of any statutory audit or for any other legal obligation to which we are subject.
When your vehicle is in our Dealership for service or repair, we may carry out a Vehicle Health Check to identify if any safety or maintenance related work is required on the vehicle. We will follow up with you while your vehicle is with us to let you know the result of this Vehicle Health Check and, unless you request us not to, we will follow up with you later to remind you of any outstanding work.
We may also use your personal information to manage our everyday business needs, including accounting and to prevent fraud. Where we do so we rely on the lawful processing ground of legitimate interest and our legitimate interest is in the effective management of our business.
As members of the Society of the Irish Motor Industry, we manage personal data in line with their recommendations, terms and conditions.
7. KEEPING YOUR PERSONAL DATA ACCURATE AND UP-TO-DATE
It is important for us to maintain accurate and up-to-date records of your Personal Data. Please inform us of any changes to or errors in your Personal Data as soon as possible by contacting us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”). We will take reasonable steps to make sure that any inaccurate or outdated Personal Data is deleted or adjusted accordingly.
8. ACCESS TO YOUR PERSONAL DATA
You have the right to access your Personal Data which we are processing free of charge and, if your Personal Data is inaccurate or incomplete, to request the rectification or erasure of your Personal Data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”).
We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will explain why.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA
We may hold your personal information for a period of 7 years from the date of completion of a contract. We may hold this data for a longer period if we are legally required to do so. This is in line with the policy of the Society of the Irish Motor Industry.
10. PROTECTING YOUR PERSONAL DATA
We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to their integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and in accordance with current industry standards and practice.
Your Personal Data will only be processed by a third party Data Processor if that Data Processor agrees to comply with those technical and organisational data security measures.
Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:
(a) Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.
(b) Integrity: we will protect your Personal Data from being modified by unauthorised third parties.
(c) Availability: we will ensure that authorized parties are able to access your Personal Data when needed.
Our data security procedures include: access security, backup systems, monitoring, review and maintenance, management of security incidents and continuity, etc.
12. DISCLOSURE OF PERSONAL DATA
Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:
1. Manufacturers: We pass your personal information on to Toyota Ireland for the purposes of managing sales enquiries, warranty, safety, recall and customer satisfaction surveys. If you consent we will also pass your information to Toyota Ireland for marketing activities. Toyota Ireland may contact you separately about their use of your information.
2. Third Party Service Providers: We may share your personal information with third party service provides that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, legal advisers and other business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administration services. We may also share your information with third party service providers who provide services to you such as insurance companies and car rental companies.
3. The Revenue Commissioners: We may sometimes share your information where we do the first registration of your motor vehicle or where we apply for exemptions from VRT, VAT and/or motor tax for you.
4. Insurance Companies and Motor Assessors: We may pass your information to insurance companies and/or motor assessors appointed by you, a third party or an insurance company, where any portion of the costs of repairs or work being carried out by us is covered under an insurance policy.
5. Finance and Leasing Companies: we may share your information with finance and leasing companies in order to obtain a quotation for you.
6. Potential Sale of the Dealer: We may also transfer your personal information to companies we plan to merge with or be acquired by.
7. An Garda Siochana, Government Bodies or officials: We may share your personal information with an Gardai or other government bodies or agencies where required to do so by law.
Please be aware that third party recipients listed above – especially service providers who may offer products and services to you through Toyota services or applications or via their own channels– may separately collect Personal Data from you. In such case, these third parties are solely responsible for the control of such Personal Data and your dealings with them will fall under their terms and conditions.
13. TRANSFERS OUTSIDE THE EEA
Your Personal Data may be transferred to recipients which may be outside the EEA, and may be processed by us and these recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, Denis Mahony Ltd will implement appropriate specific measures to ensure an adequate level of protection of your Personal Data. These measures can for instance consist in agreeing with recipients on binding contractual clauses guaranteeing such adequate level of protection.
14. YOUR CHOICES AND YOUR RIGHTS
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your Personal Data.
• Your choices on how you want to be contacted
In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, social media, phone…), for which purpose and how frequently by following the unsubscribe instructions included in the communication or contacting us at firstname.lastname@example.org.
Please note that by default you will receive our promotional communications at the normal frequency of the publication involved.
• Your Personal Data
You may always contact us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”) to find out what Personal Data we have concerning you. Under certain conditions, you have the right to receive your Personal Data, which you have provided to us, in a commonly used, structured machine readable format and to transmit your Personal Data to any third party of your choice.
• Your corrections
If you find any mistake in your Personal Data or if you find it incomplete or incorrect, you may also require from us that we correct or complete it.
• Your restrictions
You have the right to request a restriction on the Processing of your Personal Data (for example, while the accuracy of your Personal Data is being checked).
• Your objections
You may also object to the use of your Personal Data for direct marketing purpose or to the sharing of your Personal Data with third party for the same purpose.
You may withdraw your consent at any time to the continued Processing of the Personal Data that you have provided to us by contacting us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”).
Moreover, you may require us to erase any data concerning you (except in some cases, for example, to prove a transaction or when required by law).
Please note that these rights are in some circumstances limited by data protection legislation.
Finally, please note that you have the right to file a complaint with the Data Protection Commissioner.
15. MARKETING FROM DENIS MAHONY LTD
If you do not wish to hear from us about special offers and promotions by way of post, email, phone, text or digital media please let us know by contacting us at email@example.com.
16. CUSTOMER SATISFACTION SURVEYS
We and Toyota Ireland Ireland use feedback to improve the quality of the products and services that we provide.
If you do not wish to hear from us for customer satisfaction surveys by post, email, phone for please let us know by contacting us at firstname.lastname@example.org.
If you do not wish to hear from Toyota Ireland for customer satisfaction surveys by post, email, phone for please let us know by contacting us at email@example.com.
17. MARKETING FROM MANUFACTURERS
If you would you like to hear from Toyota Ireland about special offers and promotions by way of post, email, phone, text or digital media please let us know by contacting us at firstname.lastname@example.org.
18. LEGAL INFORMATION
The requirements of this Policy supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this Policy and requirements in applicable data protection law, applicable data protection law will have priority.
Denis Mahony Ltd may amend this Policy at any point in time. Where this happens we will alert you of any changes and we will then ask you to re-read the most recent version of our Policy and to confirm your acceptance thereof.
In this Policy, the following terms have the following meanings:
(a) Data Controller means the organisation which determines the purposes for which, and the manner in which, your Personal Data is processed.
Unless we inform you otherwise, the Data Controller is Denis Mahony Ltd Exit 5 M50. Further information may be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.
(b) Data Processor means the person or organisation which processes your Personal Data on behalf of the Data Controller.
(c) Data Protection Contact Point means the contact point where you can address your questions or requests regarding this Policy and/or (the Processing of) your Personal Data and which will handle such questions and requests. Unless we inform you otherwise, the Data Protection Contact Point can be reached as described in section 3 “Who can you contact in case you have questions or requests?”).
(d) EEA means the European Economic Area (= member states of the European Union + Iceland, Norway, and Liechtenstein).
(e) Personal Data is any information that may relate to your name, telephone number, and email address but also to other data, such as your Vehicle Identification Number (VIN), registration number, (geo-) location, etc. In addition, we may hold data pertaining to your vehicle during the time of your ownership. We will also hold information in relation to customer satisfaction surveys completed by you.
(f) Processing means the collection, accessing and all forms of use of your Personal Data.