Privacy Information

This Privacy Policy explains in detail how we collect, use, share and protect your personal data when you interact with us. It will also provide you with a better understanding of your rights relating to the use of your personal data, and how you can exercise those rights.

We encourage you to take the time to carefully read the sections below. We would also ask that you share this Privacy Policy with anyone whose personal data you intend to share with us (such as other named drivers of your vehicle).

We reserve the right to amend or update this Privacy Policy at any time and in response to changes in data protection legislation and/or the systems and processes that we use. Please be assured that we will always notify you before using your personal data for any new purposes.

We are Halfords Limited and Halfords Autocentres Limited (collectively referred to as “Halfords”) of Icknield Street Drive, Washford West, Redditch, Worcestershire B98 0DE. Halfords is the UK's leading retailer of car parts, car enhancement, camping and touring equipment and bicycles, and the UK’s largest independent operator in garage servicing and auto repair.

For the purpose of the products and services provided by this website, we act as Data Controller, which means that we are responsible for deciding how we use your personal data. We share this responsibility with Call Assist Limited (“Call Assist”) of Axis Court North, Station Road, Colchester, Essex CO1 1UX who also act as Data Controller. Call Assist is a vehicle rescue company with an excellent reputation within the insurance and associated market places.

The underwriter of your policy is Ageas Insurance Limited, part of the Ageas group of companies which acts as independent Data Controller. Its purpose for collecting, using, sharing, transferring and storing your personal data differs from the purposes of Halfords and Call Assist; for further details, please refer to the Ageas Privacy Policy at www.ageas.co.uk/legal/privacy-policy.

Halfords has a dedicated Data Protection Officer. Should you wish to exercise any of your rights under data protection legislation (see section 7 below) or have any questions relating to this Privacy Policy, please direct your enquiry to Data Protection Officer, Halfords, Icknield Street Drive, Washford West, Redditch B98 0DE or email dataprotectionofficer@halfords.co.uk.

Personal data is information about you from which you can be identified. Dependent upon which service you require, we will collect different types of personal data about you. However, please be assured that we do not collect or process any personal data about you that we do not need in order to provide our services.

The types of personal data that we collect include:

• personal details, such as your title and full name;
• contact details, such as your email address and telephone number;
• date of birth;
• home address;
• vehicle information, such as your car registration number, make and model, reported faults;
• credit/debit card details, although this information is not stored by our systems;
• details of beneficiaries, such as named drivers;
• policy information, such as policy start date, call outs and/or claims made;
• telemetry information, such as your mobile phone location data and your computer’s Internet Protocol (IP) address, together with details of all web pages viewed, server requests and browser used (including  browser type, timings, connections, updates and exceptions);
• Information obtained from third parties, such as data available to the insurance industry, loss adjustors and/or suppliers appointed in the process of handling a claim.

We also collect special categories of data (also referred to as sensitive information) about you which includes:

• health data, such as your medical conditions or any disabilities that you may have, although this is limited only to information that may affect the provision of our services to you;
• criminal information, such as any instances of fraud or theft.

There are three lawful purposes for us collecting and processing your personal data and/or special categories of data:

a) The data is necessary to fulfil our contractual obligations to you and therefore provide the products and services you have requested: for example where the data is necessary to: 

• provide you with a policy quotation;
• issue policy documentation to you;
• administer your policy and/or handle any claims.

Please note that if you choose not to give us the data that is necessary for us to fulfil our contractual obligations, we will not be able to provide our products and services to you.

b) The processing is in your legitimate interests: for example where we monitor and record telephone calls in order to improve the quality of our service and to help us deal with any queries or complaints that you may have.

c) We have your consent to collect and process your data: for example, where the data is necessary to:

• send you marketing communications to keep you informed about our products and services (NB please be assured that even if you do give consent, you have the right to change your mind at any time);
• make any necessary adjustments to accommodate your specific needs, and safeguard your personal safety and well-being throughout the assistance. For example, if you have broken down and have a condition that requires you to take medication at a specific time, we will use this information with your agreement to prioritise your recovery or organise alternative transport.

We use a variety of methods to collect data from and about you including:

• Direct interactions. We collect your personal data when you order a product or service from us either via our contact centre or website. You may also give us your personal data when you correspond with us by post, phone or email.
• Automated technologies or interactions. When you use our website, we will collect your personal data via cookies, server logs and similar technologies, unless you choose otherwise by changing your browser settings. Please see our Cookies Policy https://www.halfordsbreakdowncover.com/info/cookies for further details.
• Third parties or publicly available sources. We source personal data from various third parties: this includes data available to the insurance industry and loss adjusters as well as data from analytics providers such as Google (see section 6 below).

We will only disclose/share information about you or your policy with a third party in the following circumstances:

• it has been authorised by you;
• it is with regulatory bodies, including but not limited to the Financial Conduct Authority (“FCA”), Isle of Man Financial Services Authority (“FSA”) and the Financial Services Commission (“FSC”);
• it is with fraud prevention and credit reference agencies;
• it is required by law;
• in case you make a complaint to us about the service we have provided, in which case we may be obliged to forward relevant details to the Financial Ombudsman Service (“FOS”);
• it is necessary for Recovery Operators or other suppliers who you wish to assist you, in which case your personal data will be limited to the minimum ordinarily required for service provision: additionally, these suppliers will only be able to use your data to provide the specific services;
• it is with a company that manages IT systems on our behalf such as Planning Inc who manages our customer database and Cheetah Digital who sends our customer emails;
• it is in the unfortunate event that you have to make a claim, in which case your data will be shared with third parties involved with the claim, together with their insurer, solicitor or representative, as well as an appropriate medical team, the police and other investigators;
• in the event that we undergo re-organisation or are sold to a third party, in which case any personal data will be transferred to that re-organised entity or third party.

In certain circumstances, it may be necessary to transfer your data to service providers located outside of the European Economic Area (“EEA") for the purposes of fulfilling your product or service order. However, we will not transfer your information outside the EEA unless it is to a country which is considered to have equivalent data protection laws or we have taken all reasonable steps to ensure the company has suitable standards in place to protect your information.

In the unfortunate event that you break down outside the EEA and make a claim, then we will need to disclose your information to the IMA Group, which is the business partner contracted to handle claims on our behalf outside of the UK. Thus, IMA will select a local Recovery Operator in the country in which you have broken down and will send your required job details to the Recovery Operator. In these circumstances, the data will be limited to your name, contact number and location of the breakdown.

Other circumstances where personal data might be made available to companies outside of the EEA include:

• Microsoft Azure - when we receive technical support, some data may be made available to Microsoft Engineers located outside of the EEA, typically in India or the United States of America. For further detail, please refer to - https://azure.microsoft.com/en-gb/overview/trusted-cloud/.
• Bing Ads is a service that provides pay-per-click advertising on both the Bing and Yahoo! search engines. This service is provided by Microsoft and therefore data sharing may occur as per Microsoft Azure above.
• Google AdWords is an advertising service for businesses wanting to display ads on Google and its advertising network. Support cases are handled outside of the EEA, mainly in India. Google is opted into the European Commission’s model contract clauses. For details of the model clauses, please follow the link - European Commission-approved model contract clauses.

Under data protection legislation, you have a number of rights relating to the information we hold about you. This includes the right to:

• ask for a free copy of any personal data we hold about you;
• ask for correction of any inaccurate information held about you;
• object to the use of your personal data for marketing purposes;
• withdraw any consent you have previously given to us to process your personal data;
• ask for your personal data to be deleted from our systems (NB there are times when we will not be able to delete your data as a result of us fulfilling our legal and regulatory obligations, or where there is a minimum statutory period of time for which we have to keep your information. If we are unable to fulfil a request, we will always let you know our reasons);
• not to be subject to automated decision making (without human involvement) where that decision produces a legal or other significant effect on you;
• obtain, move, copy or transfer your personal information in a format which enables you to transfer that data to another organisation;
• request that we suspend our processing of your personal data;
• complain to the Information Commissioner’s Office if you are not satisfied with our use of your data (https://ico.org.uk).

Should you wish to exercise any of your rights, please direct your enquiry to the Data Protection Officer, Halfords, Icknield Street Drive, Washford West, Redditch B98 0DE or email dataprotectionofficer@halfords.co.uk.

Your data is an important asset, and as such, we make every effort to ensure that security measures are in place to prevent unauthorised or inappropriate access, use, modification, disclosure or destruction.

On our website, we protect any information you give us by providing you with a User ID and password. You must keep this password safe and not disclose it to anyone. We will not accept responsibility or liability if a third party obtains and uses your User ID and password. You must tell us immediately if your User Name or password has been compromised in any way.

Other measures we take to keep your data secure include, but are not limited to:

• making regular backups of files;
• protecting file servers and workstations with virus scanning software;
• using a system of passwords so that access to data is restricted;
• allowing only authorised staff into certain computer areas;
• using data encryption techniques to code data when in transit;
• ensuring that staff are only given sufficient rights to any systems to enable them to perform their job function.

In most circumstances, we will retain your personal data for a maximum of seven years from the end of the insurance policy, in line with legal and regulatory requirements.

In this website, certain links, including hypertext links, will lead you to website or pages that are not under our control. These links are provided for your information and convenience, and the inclusion of any link does not imply endorsement by us in any way of the site to which a particular link leads. We accept no responsibility or liability for the content of other websites. If you are redirected to another website via our website, you will need to contact that organisation separately to remove your details from their records. No one may link into this site without prior written consent.