Website Privacy And Cookie Notice

Last updated: 6 January 2021

This website privacy and cookie notice (the “Website Notice”) will inform you as to how we look after your personal data when you visit our website (www.astonmartinf1.com - the “Website”), regardless of where you visit it from, and tell you about your privacy rights and how the law protects you.

It is important that you read and understand this Website Notice. 

In this Website Notice, references to “we”, “us” and “our” means: AMR GP Limited, a company registered in England and Wales with registered address Dadford Road, Silverstone, Northamptonshire NN12 8TJ, England and registered company number 11496673.

If you have any questions about this Website Notice, please contact our Legal Team by email at: [email protected]

When we collect and use information about you, we will likely do so as the “data controller”. This means that we are responsible for deciding the purposes and means for which the personal data that we hold about you is being processed. We will comply with all applicable data protection laws, including without limitation the General Data Protection Regulation 2016/679 and the Data Protection Act 2018.

You have the right to object to the processing of your personal data, including where your personal data is being processed for direct marketing purposes. Further information on this right, and your other rights, is set out below.

PART 1: PRIVACY POLICY

1. The types of information we hold about you

Personal data means any information that relates to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.

Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our Website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties (including email marketing) and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Website Notice.

We do not collect any Special Category Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

2.   How your personal data is collected

We may collect personal data about you in a variety of ways:

Direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

o purchase our products or services;

o create an account on our Website;

o subscribe to our service or publications;

o request marketing to be sent to you;

o enter a competition, promotion or survey; or

o give us some feedback.

Automated technologies or interactions: As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

o Technical Data from the following parties:

o analytics providers such as Google based outside the EU;

o advertising networks based inside or outside the EU; and

o search information providers based inside or outside the EU.

o Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

o Identity and Contact Data from data brokers or aggregators.

o Identity and Contact Data from publicly available.

Certain information must also be provided by you in order to enable us to enter into a contract with you for your engagement, or to enable us to comply with our legal obligations. If you do not provide such information, this may hinder our ability to administer the rights and obligations arising as a result of our relationship. We may also be prevented from complying with our legal obligations. In this case we may, for example, have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How we will use information about you and on what basis

We need to process the information listed in paragraph 2 above:

• where you have given your consent to the processing of your personal data for one or more specific purposes;

• to perform our contract with you;

• to enable us to comply with our legal obligations; and  

• to pursue legitimate interests of our own or of third parties to operate our business, provided that the resulting impact on your interests and fundamental rights does not override those interests. 

The purposes for which we will process your personal data are set out in the table below. Sometimes the legal bases for processing will overlap and there may be several legal bases that support our processing of your personal data. 

Purposes

• To set-up your customer account and populate your customer account’s profile, if you choose to do so.

• To take receipt of your enquiries, understand them and respond to them.

• To fulfil any orders that we receive from you.

• To make suggestions and recommendations to you and other users, provided that you consent to us doing so, of our services about: (i) news and updates relating to us, our partners, products, services and content; (ii) content, goods and services that may interest you; and (iii) other promotional activity and events we think may be of interest. You can revoke your consent at any time by letting us know, including by messaging us.

• To understand how you use the Website, record your preferences for using the Website, remedy any issues, and assess and improve the Website’s performance.

• To assist us with our public relations responsibilities and other media-related activities.

4. Profiling

We may maintain basic profiles of you to improve our service delivery to you (such as helping you to track when you have left items in your shopping basket), to provide you with appropriate customer support and to draw your attention to any products or services that may interest you.    

5. Data sharing

We may have to share your personal data with the parties set out below for the purposes set out above.

Third party service providers

We may share personal data with third party service providers insofar as it is reasonably necessary for the purposes set out in this Website Notice, provided that they do not make independent use of the information. We only permit them to process your personal data for specified purposes and in accordance with our instructions. All our third party service providers are required to take appropriate security measures to protect your personal data in line with our policies. 

The following activities may be carried out by our third party service providers: IT and system administration services.

Group companies

We may share your personal data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

Other third parties

We may share your personal data with other third parties, for example in the event of a sale or merger, where using professional advisors (e.g. bankers, accountants, auditors, legal representatives) or where required by law, court order, administrative agency or other government body (e.g. to HMRC), public authority or regulator to meet national security, law enforcement or other legal requirements.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Children

We do not intentionally collect personal data from any children under the age of thirteen (13) and our Website is not intended for use by those under the age of thirteen (13).

If you believe we have inadvertently collected personal data from a child under the age of thirteen (13), please contact us at: [email protected] We will then delete the personal data as soon as possible.

7. International data transfers 

In the event that we would need to transfer your personal data to entities located outside the European Economic Area, we would not transfer your personal data except where we had first put in place appropriate measures to ensure the adequate protection of your personal data. Those measures may include, for example, specific contracts containing the EU Commission's standard contractual clauses or another appropriate measure. 

In the event an international data transfer of your personal data occurs and you require further information about the protective measures that we apply, please contact us at: [email protected]

8. Data security

We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.

Please be aware that, while we place a high priority on the security of all information that we hold and process and we endeavour to provide robust, commercially reasonable security at all times, no security system can prevent every possible kind of security breach.

9. Data retention

We will only retain your personal data for as long as necessary, bearing in mind the purpose for which the data was collected, or as otherwise described in this Website Notice.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or accidental disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

10. Your rights in connection with personal data

You have the following rights over the way we process personal data relating to you:  

Request access. You have the right to ask for a copy of personal data we are processing about you.

Request correction. You have the right to request correction of the personal data we hold about you, such as if it is incomplete or inaccurate.

Request erasure. You have the right to request erasure of your personal data, where there is no legitimate reason for us to continue to process it, or where you have exercised your right to object to the processing (see below).

Object to processing. You have the right to object to the processing of your personal data where we rely upon the legal basis of our (or a third party’s) legitimate interests for that processing.

Request processing restriction. You have the right to ask us to suspend processing of your personal data, such as if you want to establish its accuracy or the reasons for it being processed.

Request machine-readable copy and transfer. You have the right to request a machine-readable copy of your personal data, which you can use with another data controller. Where it is technically feasible, you can also ask us to send this information directly to another data controller if you prefer.

Right to make a complaint. You have the right to make a complaint to a data protection supervisory authority. In the UK, the relevant supervisory authority would be the Information Commissioner’s Office.

Right to withdraw consent. In the limited circumstances for any processing by us of your personal data for which we rely upon the legal basis of your consent, you have the right to withdraw such consent at any time upon notice to us. If consent is withdrawn, we will no longer process the relevant personal data.

If you wish to make a request or exercise your rights, please contact us at: [email protected] We aim to comply without undue delay, and within one month of your request.

Please be aware that we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Third-party links

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

12. Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13. Changes to this Website Notice and applicability 

We reserve the right to update this Website Notice at any time, and we will provide you with a new Website Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data. 

If you are unsure about how or if this Website Notice applies to you, please contact us at: [email protected]

PART 2: COOKIES POLICY

1. Our cookies

Cookies (and equivalent devices in the context of mobile devices) are small text files that are placed on your computer or device by websites that you visit and mobile applications you use. They are widely used in order to make websites and applications work, or work more efficiently, as well as to provide information to the owners of the sites and apps. The below table explains how we use cookies in our Website.

Cookie

Google Analytics

Duration

[12 months]

Purpose/ Third Party Access

This cookie is used to collect information about how visitors use our Website. We use the information to compile reports and to help us improve our Website. 

Google’s privacy information is available here: https://policies.google.com/privacy?hl=en-US You can also read Google’s overview of privacy and safeguarding data here: https://support.google.com/analytics/answer/6004245 

Cookie

Cloudflare

Duration

[12 months]

Purpose/ Third Party Access

This cookie is used to detect malicious visitors to our Website and minimise blocking legitimate users.

Cloudflare’s privacy information is available here: https://www.cloudflare.com/privacypolicy/ 

2. Third party cookies

Some cookies may be set by third parties when you visit our Website. These third parties may be suppliers who partner with us to deliver our services, companies that participate with us in affiliate marketing programmes and other third parties. These cookies are controlled by the third parties, so please check these third-party websites for more information about these cookies and how to manage them. 

3. How do I change my cookies settings?

Most web browsers and mobile devices allow some control of most cookies and similar devices through the browser and mobile device settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org.

Find out how to manage cookies on popular browsers:

• Google Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform=Desktop&hl=en%22%20%5Ct%20%22_blank 

• Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy%22%20%5Ct%20%22_blank 

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences%22%20%5Ct%20%22_blank 

• Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies%22%20%5Ct%20%22_blank 

• Opera: https://www.opera.com/help/tutorials/security/privacy/%22%20%5Ct%20%22_blank

• Apple Safari: https://support.apple.com/en-gb/safari

To find information relating to other website browsers, visit the browser developer’s website. Your mobile or tablet device provider may also provide you with additional cookie and browser control options, which may be available to you in your device settings – please consult your device settings for such device-specific controls (if applicable).

To find out more about Google Analytics and to learn how to opt out, please visit:

• How Google uses data when you use our partner's sites or apps: https://www.google.com/policies/privacy/partners/ or

• https://tools.google.com/dlpage/gaoptout/