280 Oxlow Lane


RM10 8LP

Contact Us

Mon - Fri: 8am - 5:30pm

Sat: 8am - 2pm

Opening Hours


The General Data Protection Regulation

The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data. The GDPR is a standardised regulatory framework which ensures that personal information is obtained, handled and disposed of properly.

As the Company are obligated under the GDPR and UK data protection laws, we abide by the Regulations’ principles, which ensure that personal information shall be: -

a) Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)

b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)

c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)

f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Regulation also requires that ‘the controller shall be responsible for, and be able to demonstrate, compliance with the GDPR principles’ (‘accountability’). The Company have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with the relevant data protection laws and regulations.

2. What is Personal Information?

Information protected under the GDPR is known as “personal data” and is defined as: -

“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Information Commissioners Office (ICO) website.

A1 Website.

It is possible to use A1 Autocentre Ltd’s website without any indication of personal data; however, if a data subject wants to use certain services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

Due to GDPR, A1 Autocentre Ltd. has implemented several organisational measures to ensure the most complete protection of personal data processed through our website. However, some vehicle data transmissions are outsourced to an external company and so in principle may have security gaps, so absolute protection cannot be guaranteed. For this reason, every customer is free to transfer personal data to us by telephone.

The processing of personal data, such as the name, address, telephone number or email address of a customer shall always be in line with the General Data Protection Regulation (GDPR) By means of this data protection declaration, we would like to inform customers of the nature and purpose of the personal data we collect, use and process. Furthermore, customers are informed, by means of this data protection declaration, of the rights to which they are entitled.

Information Collected

- Name of Customer

- Address of Customer

- Telephone Number of Customer

- Vehicle details owned by customer


Collection of general data and information

A1 Autocentre Ltd website collects a series of data and information when a customer visits our website. This general data and information is stored in server log files.  A1 Autocentre analyses this information to research how customers are viewing our website to allow us to improve our business viewing online. (Google Analytics)


Information Collected.

- Browser types and version used to view website.

- Operating system used to view website.

- Website from which an accessing system reaches our website (so-called referrer),

- Date and time of access to our website.

- Internet protocol address (IP address) of visitor to our website.

- Any other similar data and information that may be used in the event of attacks on systems.


A1 Autocentre Ltd website may use cookies. Cookies are files stored on a computer system via an Internet browser.

Most Internet sites use cookies, With the use of cookies A1 Autocentre Ltd. can provide the user of our website with a more user-friendly service that would not be possible without the cookie setting.

By using a cookie, the information on our website can be adapted with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website.


The customer may at any time, prevent the use of cookies through our website by changing the settings of the Internet browser and may permanently deny the use of cookies. Please note. Our Website functions may not be entirely usable if cookies are disabled.


Potential cookies implemented on our website:


Cookie name                                                   Life span                                                  Purpose

svSession                                                      Permanent                                                 Creates activities and BI

hs                                                                   Session                                                      Security

incap_ses_${Proxy-ID}_${Site-ID}                 Session                                                      Security

incap_visid_${Proxy-ID}_${Site-ID}               Session                                                      Security

nlbi_{ID}                                                         Persistent cookie                                        Security

XSRF-TOKEN                                                Persistent cookie                                       Security

smSession                                                     Two weeks                                                 Identify logged in site members


Storage and removal of personal Data

All personal data entered by the customer is collected and stored exclusively for internal use by the controller and A1 Autocentre Ltd.

No personal information is passed on to third parties unless there is an obligation to pass on their data which serves the aim of criminal prosecution.

The storage of personal data (issued by customer) is intended to enable A1 Autocentre to offer the customer services that may only be offered to registered users.  Customers are free to change their personal data specified during the registration at any time, or to have them completely deleted from our company records.

A1 Autocentre Ltd. shall at any time, provide information upon request of any personal data stored about the customer.

A1 Autocentre shall correct or erase personal data at the request of any customer.  To do this please contact A1 Autocentre by telephone to arrange this.

Contact possibility via the website

If a customer contacts A1 Autocentre Ltd. Either by email or by an online booking, the customers personal data is automatically stored. Such personal data transmitted on a voluntary basis by the customer to A1 Autocentre Ltd is stored for processing purposes or to contact the customer.

3. The Right of Access

Under Article 15 of the GDPR, an individual has the right to obtain from the controller, confirmation as to whether personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information: -

· The purposes of the processing

· The categories of personal data concerned

· The recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed

· If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used)

· The envisaged period for which the personal data will be stored (or the criteria used to determine that period)

· Where the personal data was not collected directly from the individual, any available information as to its source

3.1. How To Make a Subject Access Request (SAR)?

A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section 3 of this document.

You can make this request in writing using the details provided in section 7, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).

3.2. What We Do When We Receive An Access Request

Identity Verification

Subject Access Requests (SAR) are passed to the [Data Protection Officer/Compliance Officer] as soon as received and a record of the request is made. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.

We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.


If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.


Information Gathering

If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.

Information Provision

Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.

4. Fees and Timeframes

We aim to complete all access requests within 30-days and provide the information free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.

Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs.

The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

5. Your Other Rights

Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reason(s).

We will rectify any errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.

If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Supervisory Authority and to seek a judicial remedy.

In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the contact details in section 7 to make such requests.

6. Exemptions and Refusals

The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request.

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in section 7 of this document.

7. Submission & Lodging a Complaint

To submit your SAR, you can contact us at ben@a1autocentregroup.com or download our Subject Access Request form on our website You can also submit your request in writing using the form, sending the request to: -

Ben Thompson

A1 Autocentre Ltd.

Unit 1, 280 Oxlow Lane


RM10 8LP

If you are unsatisfied with our actions or wish to make an internal complaint, you can contact us in writing at: -

Ben Thompson

A1 Autocentre Ltd.

Unit 1, 280 Oxlow Lane


RM10 8LP

7. Supervisory Authority

If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Information

Commissioner’s Office (ICO) can be contacted at: -

Information Commissioner’s Office

Wycliffe House

Water Lane





Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Fax: 01625 524 510

Email: enquiries@ico.org.uk