The Kevin O’Leary|Group takes the safeguarding of personal data very seriously.This policy describes how the Kevin O’Leary|Group meets its obligations under the General Data Protection Regulation in relation to the processing of personal data.
Automated Processing: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing.
Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of personal data relating to them.
Data Controller: the person or organisation that determines when, why and how to process personal data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all personal data relating to Kevin O’Leary | Group personnel and personal data used in our business for our own commercial purposes.
Data Subject: a living, identified or identifiable individual about whom we hold personal data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal data.
Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the processing of personal data.
Data Protection Compliance Manager (DPCM): Jonathan Kelly
EEA: European Economic Area, all EU member states, and Iceland, Liechtenstein and Norway.
Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).
General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the legal safeguards specified in the GDPR.
Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal data includes Sensitive Personal data and Pseudonymised Personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of personal data is a personal data breach.
Processing or Process: any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.
Sensitive Personal data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal data relating to criminal offences and convictions.
Kevin O’Leary | Group:
Kevin O’Leary | Group personnel: all employees, workers, contractors, agency workers, consultants, directors, and others of the Kevin O’Leary Group (Ltd) and any other companies that fall under the control of the directors of the Kevin O’Leary | Group.
This Policy sets out how we the Kevin O’Leary | Group handle the personal data of our members, suppliers, employees, workers, customers and other third parties.
This Data Protection Policy applies to all personal data we process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, members or supplier contacts, website users or any other Data Subject.
When you choose to purchase a vehicle from us or have a vehicle repaired/serviced or tested by us, we, the Kevin O’Leary|Group, will be one of the companies responsible for handling your personal information (known as a "controller" under data protection law).
There may already be information held by 3rd party companies such as the Road Safety Authority, Opel, Honda & financial institutions in relation to your vehicle/s and yourself. This data is held by those 3rd parties who also have responsibilities to you as a data controller. The data held by this company referred to in this statement relates to data held by us independently of other 3rd party companies and used by us in relation to providing our services to you.
This Statement describes how we use your personal information. Please take the time to read it carefully.
2.0 Personal Data Protection Principles.
You have a number of rights in relation to your information including the right to object to processing of your personal information where that processing is carried out for legitimate interests.
We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be:
Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
Collected only for specified, explicit and legitimate purposes (Purpose Limitation).
Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).
Accurate and where necessary kept up to date (Accuracy).
Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation).
Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their personal data (Data Subject's Rights and Requests).
3.0 Collecting Personal Information.
We may collect, store & use your personal data. The personal information collected by us includes your name, address, contact information, telephone number, mobile phone number, email address, finance information or any other personal information furnished by you during the purchase, retail, servicing/repair or testing of your vehicle.
Information that you provided us with when signing up to any distribution lists or services to receive correspondence from us.
We may also collect information about your vehicle during the course of a vehicle trade-in purchase, retail, a repair/service or a CVRT test. The information we may collect includes mileage, vehicle identification number and registration number.
4.0 Using Personal Information.
Personal data we receive will be used for the purpose it was provided including:
4.1 To enter into a contract with you to purchase, retail, repair/service or test a motor vehicle. We may require certain personal information from you in order to fulfil the contract and if you do not provide us with this information we may not be able to perform our contract. We will advise you if this is the case.
4.2 We may use your personal information for direct marketing purposes to make you aware of products and services which may interest/benefit you or for customer satisfaction surveys where you have already consented to us doing so.
4.3 As part of our marketing activities, we may also use your personal information (including, where permitted by you and your finance provider, any finance details) to analyse your suitability for finance products, trade-ins or upgrades. We may do this by phone, post, email, text or through other digital media that you have consented to. Where we do so we rely on the lawful processing ground of legitimate interest and our legitimate interest is to develop relationships with our existing customers and to assess our performance and standards. We may also use this information to send service reminders and campaign offers. We may also use your personal data to thank you for your custom. You have the right to opt out of these at any time if you so choose.
4.4 We may provide third parties with personal information in the fulfilment of legal and contractual agreements such as the Revenue Commissioners for the payment of VAT and where we apply for a VRT exemption on your behalf. We may also share your information with the Revenue Commissioners for the first registration of a motor vehicle and with authorities for motor tax purposes or the transfer of a vehicle ownership. Your details may also be shared with the RSA for the purpose of CVRT testing and the issuing of certificates.
4.5 Your personal information may be used to comply with any obligation under anti-money laundering legislation, to prevent fraudulent transactions and also for reducing credit risk. It may be accessed for the purpose of any statutory audit or for any other legal obligation to which we are subject to.
4.6 We may also use your personal information to manage our everyday business needs, including accounting such as to send statements, invoices and payment reminders to you, and collect payments from you. Where we do so we rely on the lawful processing ground of legitimate interest and our legitimate interest is in the effective management of our business.
4.7 We pass your personal information on to the manufacturer of the vehicle you purchase and/or their appointed distributor in Ireland for the purposes of warranty, safety, recall and customer satisfaction surveys. If you consent we will also pass your information to the manufacturer distributor of the vehicle you purchase or their appointed distributor in Ireland for marketing activities. The manufacturer or its appointed distributor may contact you separately about their use of your information.
4.8 We may share your personal information with third party service provides that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, lawyers and other business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administration services.
4.9 We may share your information with third party service providers who provide services to you such as insurance companies and car rental companies. We may pass your information to insurance companies and/or motor assessors appointed by you, a third party or an insurance company, where any portion of the costs of vehicle repairs or work being carried out by us is covered under an insurance policy.
4.10 Potential Sale of the Dealer or any other associated company of the Kevin O’Leary|Group: We may also transfer your personal information to companies we plan to merge with or be acquired by.
4.11 We may share your personal information with An Gardaí or other government bodies or agencies where required to do so by law or in connection with any ongoing or prospective legal proceedings.
5.0 Storage Period.
We may hold your personal information for a period of 7 years from the date of completion of this contract or from the end date of any warranty period, whichever is the later. We may hold this data for a longer period if we are legally required to do so.
6.0 Transfers outside of the European Economic Area (EEA).
We may transfer your personal data outside of the European Economic Area (EEA). These countries do not always afford an equivalent level of privacy protection and in such circumstances, we will take specific steps, in accordance with data protection law, to protect your personal information. In particular, for transfers of personal data, outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protections approved by the European Commission.
To make our website work properly sometimes small data files called cookies are placed on your device. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
None of the cookies used on our websites collect information that personally identifies you.
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
We may use Google Analytics to assist in managing our website to ensure we provide relevant information in an easily accessible format and as a tool to give our customers best service.
To view Google analytics data privacy and security analytics information check https://www.google.com/analytics
Below is a list of cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.
|Used to distinguish users
|Used to throttle request rate
|Identifies unique users
|Analytics. Used to distinguish users and sessions.
|Analytics. Used to determine new sessions/visits.
|Close of session
|Analytics. To determine whether the user was in a new session/visit.
|Analytics. Used to store visitor-level custom variable data.
|Analytics. Stores the traffic source or campaign that explains how the user reached your site.
9.0 Reporting a Personal Data Breach
We have put in place procedures to deal with any suspected personal data breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
10.0 Data Subject's rights and requests
Data Subjects have rights when it comes to how we handle their personal data. You have the right, free of charge to:
- withdraw consent to processing at any time;
- receive certain information about the Data Controller's processing activities;
- request access to personal data that we hold;
- prevent our use of personal data for direct marketing purposes;
- ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data;
- restrict processing in specific circumstances;
- challenge processing which has been justified on the basis of our legitimate interests or in the public interest
- object to decisions based solely on automated processing, including profiling (ADM);
- prevent processing that is likely to cause damage or distress to the Data Subject or anyone else;
- be notified of a personal data breach which is likely to result in high risk to their rights and freedoms;
- make a complaint to the supervisory authority; and
- in limited circumstances, receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format.
We retain the right to verify the identity of an individual requesting data under any of the rights listed. These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details contained in this order form. We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will explain why.
You also have the right to lodge a complaint to the office of the Data Protection Commission.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and, if we do, what that information is.
12.0 Contact Us
To contact the Kevin O’Leary | Group in relation to this policy or any other data compliance issue please contact our Data Protection Compliance Manager (DPCM), by email: info@kevinoleary. ie. For further information on data protection see www.dataprotection.ie.
13.0 Changes to this Data Protection Policy
We reserve the right to change this Data Protection Policy at any time without notice. Please check back regularly to obtain the latest copy of this policy.
We last revised this Data Protection Policy on 16/05/2018.
- Our Latest News