Privacy Policy

Data protection policy

Barn Cars Limited processes the personal data of living individuals such as its staff, Customers, contractors, research subjects and customers. This processing is regulated by the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). The UK’s regulator for the DPA and GDPR is the Information Commissioner’s Office (ICO).

The Company is registered as a Data Controller with the ICO1 and is responsible for compliance with the GDPR and DPA.

This DPA and GDPR contain a number of key definitions which are referenced in this policy such as ‘Personal Data’, ‘Processing’ and ‘Data Controller’. 

This policy sets out Barn Cars Limited commitment to comply with the Data Protection Act 2018 (‘DPA’), and the General Data Protection Regulation (‘the GDPR’).

This policy applies to all Barn Cars Limited staff, Customers and others who use or process any Personal Data. This policy applies regardless of where Personal Data is held and or the equipment used if the Processing is for Barn Cars Limited purposes. Further, the policy applies to all Personal Data (including Sensitive Personal Data) held in any form whether manual paper records or electronic records.

Barn Cars Limited workers must comply with this Policy, the DPA and the GDPR whenever Processing Personal Data held by the Company or on behalf of Barn Cars Limited.

All Customers are responsible for compliance with the rules and policies made by Barn Cars Limited. Customers must comply with this policy where collecting and Processing Personal Data as part of their course, studies or research.

Third parties such as consultants, contractors undertaking work on behalf of Barn Cars Limited involving Personal Data, must adhere to the Company’s Data Protection Policy and comply with the DPA and the GDPR. Provision will be made in contracts with external providers to ensure compliance with this Policy, the DPA and GDPR.

Barn Cars Limited will provide appropriate information to individuals when collecting their Personal Data by means of privacy notices. The Company will also ensure at least one lawful basis is available before Processing Personal Data.

Barn Cars Limited will clearly set out purposes for Processing Personal Data. The Company will only process Personal Data for purposes notified to individuals and where the new purpose is compatible with an existing purpose.

Barn Cars Limited will only collect as much information as is necessary to meet the purposes that have been identified. Personal Data must be adequate, relevant and not excessive and will ensure that Personal Data processed is accurate and where necessary kept up to date.

Barn Cars Limited will protect the security of Personal Data by maintaining, and monitoring compliance with the requirement setup by the GDPR.

Barn Cars Limited will maintain a records retention and disposal schedule setting the periods for which records containing Personal Data are to be retained.

Barn Cars Limited will only disclose Personal Data to third parties such as the police, central government and other education institutions where there is a lawful basis for doing so and appropriate arrangements are in place with those parties.

Barn Cars Limited will seek to ensure that Personal Data is only shared across different teams, divisions or faculties where those areas have a business need for accessing that data.

Barn Cars Limited will comply with requests from an individual to exercise their rights under the DPA, and the GDPR. All individuals have the right to be informed what information the Company holds about them and to request copies of that information. This is known as a Subject Access Request. Any individual wishing to submit a Subject Access Request should contact the company in writing.

All staff and Customers are responsible for checking that information they provide to the Company in connection with their employment or studies is accurate and up to date. Any changes to Personal Data provided (e.g. change of address) must be promptly notified, in writing, to the Company.

Any staff member who knows or suspects that an actual or potential Personal Data Breach has occurred must immediately notify the responsible. All staff are responsible for fully engaging and cooperating with DPO in relation to their investigation of a Personal Data Breach.

Compliance with this Policy, the DPA and the GDPR is the responsibility of all members of staff and Customers. Employees must comply with the rules and procedures made by the Company.

Any breach of the policy by a member of staff may result in disciplinary action. Serious or deliberate breaches of the DPA can result in a criminal prosecution.

Any breach of the GDPR by the Company may result in a substantial fine or actions imposed upon the Company by the ICO.

Further information about the DPA and the GDPR can be found on the Information Commissioner’s Office (ICO website). 

Need help financing your next purchase?
Need help financing your next purchase?
Secure your dream car
Need help financing your next purchase?
How we can help