This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive and how we use it.
National Accident Repair Group Limited is committed to complying with the UK’s Data Protection law and the EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services. If you have any questions about this privacy notice or how we use your personal data, please contact our Data Protection Officer:
In Writing: National Accident Repair Group Limited
Ten Pound Walk
By Email: firstname.lastname@example.org
What data is being collected and processed?
In order for National Accident Repair Group Limited (National) to provide its services, we will collect, store and use elements of your personal data. The processing of this personal data is necessary by National in order to provide the services you or your insurer / company / claims management provider have requested from us.
When you (or your insurer / company / claims management provider on your behalf) approach National to engage in our accident repair or related services, we will ask for consent to collect and process your personal data. Failure to provide this consent or if consent is removed and/or personal data may mean we will be unable to provide the services and will result in termination of our services with you.
When engaging Nationals services, you will usually need to disclose to us the following:
- first name(s), surname or company name (including representation as the case may be)
- address (street, street number, postal code, city and country/region)
- email address
- date of birth
- telephone and mobile number
We will also monitor, record, store and use any telephone, email or other electronic communications with you for training purposes so that we can check any instructions given to us and to improve the quality of our customer service.
Any personal data we collect from you will not be transferred outside the European Economic Area.
The following data is collected and stored by National until its automated deletion:
- IP address of the accessing computer/device
- Date, time and duration of your visit
- Name and URL of the accessed pages
- Identification data of the browser and operating system used
- Website from which the data was accessed
- Name of your internet access provider
The nature and content of the information collected via cookies differs, as does the period for which this information is retained. In line with our data protection obligations, we will ensure that this retention period is not excessive, and that the data is only retained for as long as is necessary for the purpose for which it was collected.
The data listed above is only analysed for statistical purposes and for improving our internet presence, then it is deleted. We will not attempt to personally identify you from your IP address unless required to as a matter of law or regulation.
Most browsers automatically accept cookies but you can set your browser options so that you will not receive cookies and you can also delete any existing cookies from your browser.
Links to websites of other providers third parties
Please note that this data privacy notice only applies to National and we are not responsible for, and have no control over, information that is submitted to or collected by third parties, such as those where our website may provide links and banner advertisements to third party sites. Since we do not control those websites, you are responsible for reviewing and abiding by the privacy policies of these third party sites to ensure they comply with the applicable data protection regulations.
How long will the data be stored for?
Where possible, National will take steps to erase any personal data that is no longer necessary for the purposes for which it is collected or otherwise processed, or if you have withdrawn consent for its processing and retention.
As a general rule, if you enter into or took steps to enter into an agreement for National to provide services, we will store the data for an indefinite period for compliance with our lifetime repair warranty and for the exercise or defence of any legal claims.
Under the EU GDPR (European Union General Data Protection Regulation), you have the right to ‘restrict’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’. Specific circumstances in which you can request the deletion or removal of personal data includes:
- Where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed
- Where you withdraw consent
- When you object to the processing and there is no overriding legitimate interest for continuing the processing
- Where the personal data was unlawfully processed (i.e. otherwise in breach of the EU GDPR)
- Where the personal data has to be erased in order to comply with a legal obligation
- In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be restricted instead of deleted.
Sharing of data with other data controllers
Here at National we take your privacy seriously and the information we hold about you is confidential. We will only disclose it outside National when:
- you have given us your consent to do so
- it is necessary for the performance of a contract with your insurer / company / claims management provider.
- in order to obtain professional advice (e.g. legal advice or appointment of an independent engineer)
- we or others need to investigate or prevent crime (e.g. to fraud prevention agencies)
- the law permits or requires it
- regulatory or governmental body requests or requires it, even without your consent, or
- there is a duty to the public to reveal the information
In order to provide services, we may need to share some of your personal information with other data controllers or processors. This processing is necessary for the purposes of delivering specific services to you. You agree that we can share or use your personal data with any of our appointed agents or suppliers to allow us to provide you services and products you have asked us to provide you under this agreement, such as to facilitate repair of your vehicle, to collect or deliver your or a vehicle from / to you. Other data controllers or processors which we may share this information with may include:
- Your insurer (where the instruction to provide services has come from your insurer)
- Who manages the fleet in your company (where the instruction to provide services has come from your company)
- Your claims management provider (where you have used a claims management provider and they have instructed us to provide services)
- Our contracted network repairers
- Specialist repair contractors (such as windscreen providers and installers)
- Vehicle recovery agents
If you give us false or inaccurate information and fraud (in any form) is identified, details will be passed to the fraud prevention agencies. We and other organisations may also share, access and use this information to prevent fraud and money laundering, for example when:
- You have given us fraudulent information to secure services you are not entitled too
- Checking of claims by your insurer
In addition, law enforcement agencies may access and use this information.
Protecting your privacy
In order to protect the personal data collected from you by National against accidental or deliberate manipulation, loss, destruction or the access of unauthorised persons, technical and organisational security measures are constantly improved as part of our technological development. In addition, our employees, subcontractors and other support staff are obligated to observe confidentiality and data privacy.
Any access to your data that is stored at our company only takes place through an encrypted connection. By using the most up-to-date firewall systems, we provide the best possible protection for your data. Our management systems and website is encrypted using a SSL/TSL (Secure Sockets Layer/ Transport Layer Security) connection. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
Wherever possible, we have tried to create a secure and reliable internet based web applications (such as our iDeploy application) for our users. However, you recognise that your use of the Internet and our web applications is entirely at your own risk and we have no responsibility or liability for the security of personal information transmitted via the Internet.
All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without our prior written authorisation. You must not use any false identity in email or other network communications and you must not attempt or participate in the unauthorised entry or viewing of another user’s account or into another system.
You must not use the services and/or network systems or any part thereof for fraudulent activities, or to breach another organisation’s security (cross-network hacking). This is an illegal act and prosecution under criminal law may result. You must not use any computers, computer equipment, network resources or any services provided by us for any illegal purpose, or for accessing, receiving or transmitting any material deemed illegal, indecent, offensive or otherwise unacceptable under UK law.
We will monitor network traffic from time to time for the purposes of backup and problem solving and in order to ensure that you are not misusing any of the services provided to you.
If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, the data controller (for instance your insurer) and you, without undue delay.
Subject Access Requests
You have the right to request access to a copy of the personal information that we hold about you. This is also known as a ‘Subject Access Request’. This information is provided to you free of charge however, we can refuse to respond or charge a ‘reasonable fee’ of £10 inc. VAT when a request is manifestly unfounded, excessive or repetitive.
We will provide this information in a structured, commonly used and machine-readable form such as a CSV file. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
If you would like to submit a Subject Access Request, please contact our Data Protection Officer by email in the 1st instance or in writing should you not have email:
We will response to your request without delay and at the latest, within 40 days of receipt of your request.
Rectifying or updating personal data
If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to rectification. You can let us know about any changes to. Where possible, we will also inform any third parties to whom we have disclosed the personal data in question to so they can rectify their records.
We will typically respond to your request within one month, although this can be extended by two months if your request for rectification is complex, such as a Novation or Transfer of Lease.
You can do this by contacting us via telephone to the ‘National Claims Centre’ where your call is recorded or by email to our Data Protection Officer.
You have the right to withdraw your consent for us to collect, process and store your data at any time. If you wish to withdraw your consent, please confirm this by email or in writing to our Data Protection Officer
Please note, by withdrawing consent, National may be unable to execute the contract that you have entered into with us and will result in termination of our services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to complain
If you have a complaint about any aspect of data protection or if you feel your privacy has been breached by us, we would like to hear from you. To help us investigate and resolve your concerns as quickly as possible, please contact our Data Protection Officer:
If you are unhappy with the final response you have received from National, you have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO) within three months of your last meaningful contact with us. You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.
Due to the further development of our website, government regulations or the implementations of new technologies, this policy will be reviewed, and may change, from time to time. National Accident Repair Group Limited reserves the right to change this data protection information at any time with effect for the future. The revised policy will be posted to this page so that you are always aware of the information we collect, how we use it and under what circumstances we disclose it. We therefore recommend you read the current data protection information again from time to time.
Last updated: 22.5.18