Privacy policy

Data Protection Compliance Statement

This policy demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.

Pursuant to that legislation, when processing data we will;

  • Process it fairly, lawfully and in a clear, transparent way
  • Only use it in the way that we have told you about
  • Ensure it is correct and up to date
  • Keep your data for only as long as we need it
  • Process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)

We are registered as a Data Controller with the ICO, our registration number is ZA209348.

AMT Contract Hire & Leasing Ltd is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.

“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.

Pursuant to that legislation, when processing data we will;

  • What personal data we collect
  • Why we process personal data
  • With whom we share personal data
  • The rights an individual has relating to their personal data and how to enact them
  • Our data retention policy
  • How personal data is secured
  • Our complaints procedure
  • Our data breach policy

If an employee acquires any personal information in the course of their duties, they must ensure that:

  • The information is accurate and up to date, insofar as it is practicable to do so.
  • The use of the information is necessary for a relevant purpose and that it is not kept longer than necessary.
  • The information is secure.

Details of Personal Information we hold about you, how we process that information and with whom it is shared

The information we collect and process: The information we collect and process Our basis for processing the information How we share this information: How we share this information:
Name & Contact Information To enable us to provide our services as a vehicle rental company, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners. To carry out market analysis and customer profiling, conduct market research, and create statistical and testing information.
To contact you in any way (including mail, email, telephone, text or multimedia messages) about products and services offered by us or the AMT Group for marketing purposes, only if you have given explicit consent for us to do so. To help detect and prevent against fraud or loss
With insurers and their agents for the purposes of insurance administration and claims With other members of our Group to enable us to process your vehicle order With law enforcement agencies, regulatory bodies, credit reference agencies, the DVLA and other third parties as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation With the finance company who provide finance to you in relation to the vehicle (or any member of that finance company’s worldwide group of companies), so that they or their agent(s) can process your order
Payment Information To enable us to provide our services as a vehicle rental company, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners, namely, to make transactions related to charges incurred through the use of our services. With other members of our Group only to enable us to process your vehicle order With the finance company who provide finance to you in relation to the vehicle (or any member of that finance company’s worldwide group of companies), so that they or their agent(s) can process your order
Insurance History To help detect and prevent against fraud or loss To provide insurance cover as part of our services offered With insurers and their agents for the purposes of insurance administration and claims With other members of our Group to enable us to process your vehicle rental or purchase With law enforcement agencies, regulatory bodies, credit reference agencies, the DVLA and other third parties as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation
Employment History To enable us to perform an affordability or credit check to consider eligibility for a product or service and to enable us to provide insurance cover. To help detect and prevent against fraud or loss With insurers and their agents for the purposes of insurance administration and claims With other members of our Group to enable us to process your vehicle order With law enforcement agencies, regulatory bodies, credit reference agencies, the DVLA and other third parties as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation With the finance company who provide finance to you in relation to the vehicle (or any member of that finance company’s worldwide group of companies), so that they or their agent(s) can process your order
Proofs of Identity To enable us to provide our products and services, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners. To help detect and prevent against fraud or loss With insurers and their agents for the purposes of insurance administration and claims With other members of our Group to enable us to process your vehicle order With law enforcement agencies, regulatory bodies, credit reference agencies, the DVLA and other third parties as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation With the finance company who provide finance to you in relation to the vehicle (or any member of that finance company’s worldwide group of companies), so that they or their agent(s) can process your order
The products or services about which you have enquired To enable us to provide our products and services, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners To carry out market analysis and customer profiling, conduct market research, and create statistical and testing information To contact you in any way (including mail, email, telephone, text or multimedia messages) about products and services offered by us or our partners, if you have specifically consented to such processing With third parties who assist us with market analysis, customer profiling and market research as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation
Information about your business, role and vehicle fleet To enable us to provide our products and services, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners To carry out market analysis and customer profiling, conduct market research, and create statistical and testing information To contact you in any way (including mail, email, telephone, text or multimedia messages) about products and services offered by us or our partners, if you have specifically consented to such processing With other members of our Group to enable us to process your vehicle order With credit reference agencies and other third parties (which includes third parties we use to assist us with our marketing activities) as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation
Information obtained from third parties, such as credit reference agencies or the DVLA To enable us to provide our products and services, to carry out any obligations in relation to any contract you enter into with us and to help us administer your account with us or any of our partners. To help detect and prevent against fraud or loss With other members of our Group to enable us to process your vehicle order With law enforcement agencies, regulatory bodies, credit reference agencies, the DVLA and other third parties as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation With the BVRLA, which may share your personal information with its members to prevent crime and protect their assets, as permitted under the Data Protection Act 1998 and any other relevant legislation including the General Data Protection Regulation

Your rights to your Personal Information

  • What personal data we collect
  • Why we process personal data
  • With whom we share personal data
  • The rights an individual has relating to their personal data and how to enact them
  • Our data retention policy
  • How personal data is secured
  • Our complaints procedure
  • Our data breach policy

Employees’ obligations regarding handling of Personal Data are contained within the Employee Handbook and are as follows:

If an employee acquires any personal information in the course of their duties, they must ensure that:

  • The information is accurate and up to date, insofar as it is practicable to do so.
  • The use of the information is necessary for a relevant purpose and that it is not kept longer than necessary.
  • The information is secure.

Details of Personal Information we hold about you, how we process that information and with whom it is shared

Description of your rights How we will respond to a request
Right to access
You are entitled to:
  • Confirmation that we are processing your personal data;
  • a copy of your personal data; and
  • other supplementary information
We will comply with any valid request in accordance with our policy detailed below
Right to rectification
Individuals have a right to have inaccurate personal data rectified, or completed if it is incomplete.
Where we receive such a request we will take any reasonable steps to ensure that the data is accurate and complete. Where data records a disputed opinion, our records will make clear that it is an opinion and, if a challenge is received, such challenge will also be recorded.
Right to erasure
Individuals have a right to have their personal data erased. This right only applies if:
  • the personal data is no longer necessary for the purpose which we originally collected or processed it for;
  • we are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
  • we are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
  • we are processing the personal data for direct marketing purposes and the individual objects to that processing;
  • we have processed the personal data unlawfully;
  • we have to do it to comply with a legal obligation; or
  • we have processed the personal data to offer information society services to a child
Where we receive such a request we will normally comply as long at least one of the listed circumstances applies.
Right to restrict processing
Individuals have the right to request the restriction or suppression of processing of their personal data, in the following circumstances:
  • the individual contests the accuracy of their personal data and you are verifying the accuracy of the data
  • the data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
  • you no longer need the personal data but the individual needs you to keep it in order to establish, exercise or defend a legal claim; or
  • the individual has objected to you processing their data under Article 21(1) of the General Data Protection Regulation, and you are considering whether your legitimate grounds override those of the individual.
As a matter of course, we will restrict processing of any personal data where its accuracy or the legitimate grounds for processing is being considered. We will consider any request and comply if we believe it to be a valid request in accordance with our policy detailed below
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. This right applies only to information an individual has provided to us (or we have observed by the individual’s use of our products and services) and where our lawful basis for processing the data is consent or for the performance of a contract and we are carrying out the processing via automated means. This excludes paper files.
When we receive a valid request, we will provide the requested information in a structured, commonly-used and machine-readable format.
Right to object
Individuals have the right to object to the processing of their personal data in certain circumstances.
Where the data is processed for the purpose of direct marketing this is an absolute right, and on the receipt of a valid request we will cease such processing. In other cases, we will evaluate the request to decide whether we have compelling legitimate grounds which override the interests of the individual, considering the reasons why they have objected to the processing of their data. In particular, if the individual objects on the grounds that the processing is causing them substantial damage or distress (e.g. the processing is causing them financial loss), the grounds for their objection will have more weight. In making a decision on this, we will balance the individual’s interests, rights and freedoms with our own legitimate grounds. If we are satisfied that we do not need to stop processing the personal data in question we will explain our decision to the individual and inform them of their right to make a complaint to the ICO or another supervisory authority and their ability to seek to enforce their rights through a judicial remedy.
Rights relating to automated decision making including profiling
AMT Contract Hire & Leasing Ltd does not currently use automated decision making in its processing of personal data. This policy will be updated if we begin to do so.
 

Making a request regarding your personal data

An individual may make such a request verbally or in writing and we will comply with any valid request within 28 days of receipt unless exceptional circumstances require an extension to that time limit. We will inform the individual of any extension, and the reason for such, within 28 days of the original request.

Where we are not certain about the identity of the person making the request, we may ask for more information. Any information requested for identity verification will be processed only for that purpose.

There will normally be no charge for this, except where we consider the request manifestly unfounded or excessive. If we will charge a fee we will notify the individual making the request and we will only comply with the request once we have received the fee.

In some cases, we may refuse to comply with a request. If we refuse to comply we will inform the individual as soon as is practicable and within one month. We will inform the individual about the reasons we will not comply with the request, their right to make a complaint to the ICO or another supervisory authority and their ability to seek to enforce this right through a judicial remedy.

If you wish to exercise any of your rights relating to your personal data please contact:

James McGawley
Data Protection Officer
AMT Group
174 Armley Road
Leeds
LS12 2QH

Telephone: 0844 826 2300
Email: james.mcgawley@amtvehiclerental.co.uk

Information Security

We have extensive security arrangements in place to protect personal data we hold on our systems. If you require full details on our security policy, please contact your account manager or the Data Protection Officer, the contact details for which are:

James McGawley
Data Protection Officer
AMT Group
174 Armley Road
Leeds
LS12 2QH

Telephone: 0844 826 2300
Email: james.mcgawley@amtvehiclerental.co.uk

Data Retention Policy

We store Personal Data for differing periods depending on the type of Personal Data and in particular as follows:

  • Customer contact data for 7 years from the date on which you cease to be a customer of ours;
  • supplier contact data for 7 years from the end of our commercial relationship; or
  • until the customer or supplier asks us to return or destroy it and we no longer have a legitimate interest in retaining the data

Personal Data supplied by a customer on behalf of its client(s) in relation to the provision of services is stored until:

  • the services have been provided or in accordance with any contract for the supply of services; or
  • the customer or the data subject asks us to destroy it.

Personal Data held about employees is kept:

  • for the duration of their employment with any member of the AMT Group; and
  • for 6 years following the termination of their employment with any member of the AMT Group

Personal Data held about prospective employees is kept:

  • for 6 months following receipt of the information

In each case the above applies unless a legal obligation or other legitimate interest requires us to store the data for a longer period.

We carry out regular audits of any Personal Data we hold to ensure as far as possible that we do not hold any Personal Data that is no longer required.

Making a complaint

If you have a complaint regarding any aspect of our collection or processing of personal data or our data protection policy, please contact:

Customer Support Manager
AMT Contract Hire & Leasing Ltd
AMT House
174 Armley road
Leeds
LS12 2QH

On receipt of a complaint regarding Data Protection, within 1 working day we will acknowledge the complaint and provide a response. Where a complaint requires an extension to that time limit we will inform the complainant and provide a formal response with the conclusions to any investigation with utmost urgency.

All complaints received are logged for reference, detailing the original complaint, the details of any investigation and the resolution.

Where we are not able to reach a satisfactory resolution, individuals are advised of their right to report their concern to the Information Commissioners Office or to seek judicial remedy.

Data Breach Policy

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

When we become aware of a personal data breach, we will establish the likelihood and severity of the resulting risk to individuals’ rights and freedoms. Where necessary, we will promptly inform those affected. We will tell them:

  • the name and contact details of our data protection officer or other contact point where more information can be obtained
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects

When we become aware of any personal data breach we will document and justify any decisions made regarding it.

Where required and where feasible, we will notify the ICO of the breach within 72 hours. Where we are unable to provide a full explanation of the breach within 72 hours we will still provide notification of the breach and an explanation of the delay, with the results of the corresponding explanation being provided as soon as they are available.

We will document any breach, whether or not the ICO or any affected individuals are notified, as follows:

  • a description of the nature of the personal data breach;
  • the categories and approximate number of individuals concerned
  • the categories and approximate number of personal data records concerned
  • a description of the likely consequences of the personal data breach
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

Personal data breaches should be reported to:

Customer Support Manager
AMT Contract Hire & Leasing Ltd
AMT House
174 Armley road
Leeds
LS12 2QH

Have more questions?

Then give us a call to discuss, we're here to help:

0113 387 4240

Your recently viewed vehicles

Sign up to our newsletter

Keep up to date with our latest special offers and industry news