GDPR Compliance

Overview

argent-glint operates in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a data controller, we take our responsibilities seriously and have implemented comprehensive measures to protect your personal information.

This page outlines our GDPR compliance framework and explains your rights in detail. For general privacy information, please refer to our Privacy Policy.

Data Controller Information

argent-glint acts as the data controller for all personal information collected through our services. Our details are:

argent-glint
42 Wellesley Road
Croydon, CR0 2AJ
United Kingdom
Email: [email protected]

We do not currently employ a dedicated Data Protection Officer as we fall below the threshold requiring such appointment under UK GDPR. However, our Managing Director oversees all data protection compliance matters.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The following bases apply to our processing activities:

Contractual Performance

When you engage our services, processing your personal data becomes necessary to fulfill our contractual obligations. Vehicle registration requires specific personal information including identity verification, address details, and vehicle ownership documentation. Without processing this data, we cannot deliver the service you have requested.

Legal Compliance

Certain data processing activities are mandated by law. We must maintain financial records for tax purposes, comply with anti-money laundering requirements, and retain specific documentation related to vehicle registrations as per automotive industry regulations. These legal obligations necessitate data retention and processing beyond the immediate service delivery period.

Legitimate Interests

We process some personal data based on legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Legitimate interests include fraud prevention, network and information security, internal administrative purposes, and defending against legal claims. Before relying on legitimate interests, we conduct assessments to ensure appropriateness.

Consent

Where processing cannot be justified under the above bases, we seek your explicit consent. This applies primarily to communications beyond essential service updates, such as informational newsletters about regulatory changes affecting vehicle owners. Consent is freely given, specific, informed, and unambiguous. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Data Subject Rights

UK GDPR grants you specific rights regarding your personal data. We respect these rights and have established processes to facilitate their exercise:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This GDPR page, our Privacy Policy, and service-specific communications fulfill this transparency obligation. We provide privacy information at the point of data collection and maintain accessible documentation about our processing activities.

Right of Access

You may request confirmation of whether we process your personal data and, if so, obtain access to that data along with supplementary information about the processing. We respond to subject access requests within one month, free of charge, unless the request is manifestly unfounded or excessive.

When submitting an access request, please provide sufficient information to enable us to locate your records. We may request additional identification to verify your identity before releasing personal information.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. We respond to rectification requests within one month. When we rectify data that has been shared with third parties, we inform those third parties of the correction unless this proves impossible or requires disproportionate effort.

Right to Erasure

The right to erasure, sometimes called the right to be forgotten, allows you to request deletion of your personal data in specific circumstances. These include situations where data is no longer necessary for the purpose it was collected, where you withdraw consent and no other lawful basis exists, or where data has been unlawfully processed.

However, this right is not absolute. We may retain data where legal obligations require retention, such as financial record-keeping requirements lasting seven years, or where retention is necessary for establishing, exercising, or defending legal claims.

Right to Restrict Processing

You can request restriction of processing in certain situations: when you contest the accuracy of data while we verify accuracy, when processing is unlawful but you prefer restriction to erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of our legitimate grounds.

When processing is restricted, we continue to store the data but do not process it further without your consent or for specified limited purposes such as legal claims or protecting another person's rights.

Right to Data Portability

Where we process your data based on consent or contract performance, and processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format. You may also request direct transmission to another controller where technically feasible.

This right applies only to data you have provided to us. It does not extend to data we have generated through our services or data derived from your information.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object, we must cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

For direct marketing objections, we stop processing immediately upon receiving your objection. We maintain suppression lists to ensure we do not inadvertently contact you again.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significant effects. We do not engage in automated decision-making of this nature. All substantive decisions regarding your registration are made by human staff members.

Exercising Your Rights

To exercise any data subject rights, contact us via email at [email protected] or by post at our registered address. Please include:

• Your full name and contact details
• Specific details of the right you wish to exercise
• Any relevant reference numbers or dates of service
• Proof of identity if requesting access to personal data

We respond to valid requests within one month. In complex cases, this may extend to three months, though we will inform you of any delay within the initial month and explain the reasons.

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive, particularly if repetitive, we may charge a reasonable administrative fee or refuse to act on the request.

Data Protection Principles

Our data processing activities adhere to the fundamental principles established by UK GDPR:

Lawfulness, Fairness, and Transparency

We process personal data lawfully under identified legal bases. Processing is fair, meaning we do not process data in ways you would not reasonably expect. We maintain transparency through clear privacy information and open communication about our processing activities.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes. If we wish to use data for a new purpose not covered by the original basis, we inform you and obtain consent where required.

Data Minimisation

We collect only data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Our data collection forms request only information essential for service delivery or legal compliance.

Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay. We encourage clients to inform us of any changes to their personal information.

Storage Limitation

Personal data is kept in a form that permits identification only for as long as necessary for the purposes for which it is processed. We maintain documented retention periods for different data categories and delete information when retention periods expire.

Integrity and Confidentiality

We process data securely using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Our security measures are regularly reviewed and updated.

Accountability

We take responsibility for compliance and can demonstrate compliance with all GDPR principles. We maintain records of processing activities, conduct data protection impact assessments where appropriate, and implement policies supporting our compliance obligations.

International Data Transfers

We primarily process data within the United Kingdom. On rare occasions, data may be transferred to countries outside the UK, such as when using certain cloud service providers with international infrastructure.

When international transfers occur, we ensure appropriate safeguards are in place. These may include adequacy decisions recognising the destination country's data protection framework, standard contractual clauses approved by the UK authority, or other legally recognised transfer mechanisms.

We do not transfer personal data to countries without adequate protection unless absolutely necessary and with appropriate safeguards in place.

Data Breach Procedures

Despite robust security measures, data breaches can occur. We have established procedures to detect, report, and investigate personal data breaches:

Detection and Containment

Staff are trained to recognise potential breaches and report them immediately to management. Upon detection, we take immediate steps to contain the breach and limit its impact.

Assessment

We assess the nature and severity of the breach, including the type and volume of data affected, the number of individuals impacted, and the potential consequences for those individuals.

Notification

If a breach is likely to result in a risk to individuals' rights and freedoms, we notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the risk is high, we also notify affected individuals without undue delay.

Documentation

All breaches are documented, including facts relating to the breach, its effects, and remedial actions taken. This documentation enables us to demonstrate compliance with notification obligations.

Third-Party Processing

We engage third-party service providers who process personal data on our behalf. These processors include payment processing services, IT infrastructure providers, and document verification services.

All processors are selected carefully and must provide sufficient guarantees regarding technical and organisational security measures. We maintain written contracts with processors specifying:

• The subject matter and duration of processing
• The nature and purpose of processing
• The type of personal data processed
• Obligations and rights of the data controller
• Security requirements and breach notification procedures

Processors may only act on our documented instructions and may not use personal data for their own purposes.

Privacy by Design and Default

We implement data protection principles from the earliest stages of designing systems and processes. Technical and organisational measures are embedded to ensure that, by default, only personal data necessary for each specific purpose is processed.

This includes minimising the extent of processing, the period of storage, and the accessibility of data. Privacy settings favour protection rather than requiring individuals to manually configure privacy protections.

Records of Processing Activities

We maintain detailed records of our processing activities as required by UK GDPR Article 30. These records include:

• The purposes of processing
• Categories of data subjects and personal data
• Categories of recipients to whom data is disclosed
• Details of international transfers and safeguards
• Retention periods for different data categories
• Technical and organisational security measures

These records are available to the Information Commissioner's Office upon request.

Supervisory Authority

The Information Commissioner's Office is the UK supervisory authority responsible for monitoring application of data protection legislation. If you have concerns about our data processing practices that we have not adequately addressed, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first to resolve any concerns, but you have an unconditional right to lodge a complaint with the supervisory authority.

Updates to This Information

We review our GDPR compliance regularly and update this page as necessary to reflect changes in our processing activities or legal requirements. Significant changes will be communicated to active clients.

Further Information

For additional details about our data processing practices, please consult our Privacy Policy. For specific questions about GDPR compliance or to exercise your data subject rights, contact us at [email protected].