Data Protection and Privacy Policy

Data Protection and Privacy
Policy at Buy A Van UK

Data Protection and Privacy Policy

This data protection policy sets out how Buy A Van UK Ltd protects any information that you give Buy A Van UK Ltd through this website or other means. Any information provided to Buy A Van UK Ltd will only be used in accordance with this policy.

This policy may change from time to time. To ensure you are aware of any changes please check this page again in the future before providing additional information to Buy A Van UK Ltd

Buy A Van UK Ltd will not share your information with any third party.

Data Storage and Security

We have in place robust physical, managerial and digital procedures to ensure your information is protected and is safe from unauthorized disclosure/access. Buy A Van UK Ltd is committed to protecting the security of data through the preservation of:

Confidentiality: protecting information from unauthorized access and disclosure.

Integrity: safeguarding the accuracy and completeness of information and processing methods.

Availability: ensuring that information and associated services are available to authorized users when required.

Granularity: ensuring data is only used for the purpose for which it was provided.

Examples of Personal Data may include:


Date of Birth

National Insurance Number

Telephone Numbers

Benefit Details

Bank Account Details

Information relating to the persons health or disability

Disposal of Information

All information is disposed of in a secure and timely manner, being kept only for the period of time required for the purpose or purposes of the data processing and for no longer than necessary.

Buy A Van UK Ltd will develop, implement and maintain this Data Protection and Retention Policy to ensure data is sufficiently stored, processed, transmitted and destroyed in a way consistent with our legal, contractual and ethical obligations.

At any time you may request details of personal information that Buy A Van UK hold about you as per the GDPR 2018. If you would like a copy of the information held about you currently please contact

Cookie use

Cookies are tiny text files stored on your computer when you visit certain web pages. At Buy A Van UK Ltd cookies are used to identify when you visit a particular site, as well as analyze web traffic. Cookies also facilitate a more personal web experience, allowing web applications to gather information about your personal preferences, and respond to you as an individual. By using this website you agree to the use of these cookies.

Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered within these cookies along with third party data for advertising and marketing purposes, including interest based advertising. To find out more about interest based advertising please visit and to opt out of interest based advertising please visit To opt out of Google cookie use specifically please visit Google Ads Settings

It is the aim of Buy A Van UK Ltd to provide a very high standard of service to every client. It is important to us that all complaints are resolved as quickly as possible and to the complete satisfaction of our clients.

Rights for individuals
One of the key changes brought about by GDPR is the introduction of new rights and the strengthening of existing rights to give individuals more control on how organizations process their data.

The rights GDPR provides to individuals are:

Right to be informed – individuals have the right to be informed about the collection and use of their personal data. ‘Privacy information’ explaining how an individual’s data is processed, how long it is retained for and who it is shared with must be provided at the time data is collected, for example, on or in conjunction with, the sales and finance agreement. This information is usually known as a ‘Data Privacy Notice’ or DPN.

Right of access – individuals have the right to access their personal data and any supplementary information that is held or has been processed by an organization. A reasonable fee can be charged only if the request is unfounded or excessive, otherwise it must be provided free of charge without undue delay, within at least one month of the request being made.

Right to rectification – individuals have the right to have inaccurate personal data rectified, or completed if inaccurate. A request can be made verbally or in writing and must be responded to within one month. In certain circumstances requests can be refused.

Right to erasure – individuals have a right to ask to have their personal data erased. This is known as the ‘right to be forgotten’. A request can be made verbally or in writing and must be responded to within one month.

Right to restrict processing – individuals have the right to request the restriction or suppression of their personal data. This allows for their data to be stored but not used. A request can be made verbally or in writing and must be responded to within one month.

Right to data portability – individuals have the right to obtain and reuse their personal data for their own purposes across different services. This allows them to move, copy or transfer personal data across IT platforms for convenience in a way that is portable and safe. This information must be provided free of charge, without undue delay, and within one month of being requested.

Right to object – individuals have the right to object to their personal data being processed for direct marketing purposes (including profiling). The right to object must be included in the initial privacy notice provided to the individual.

Rights related to automated decision-making and profiling – individuals have a right not to be subject to an automated decision-making process or profiling unless the decision is necessary for the entry into or performance of a contract. Since affordability and creditworthiness checks are a requirement for finance providers to undertake, individuals would not always be entitled to exercise this right where data is being used for a credit application

Internal Procedures

All files relating a customer are collated and stored in folders on a cloud drive account and backed up on a USB drive which is kept locked off site.

At the start of each month all files over 6 months old are destroyed unless they are required to be help for FCA reporting purposes.

All paper files are scanned and added to the customer folder once a deal is completed.

Once scanned the paper files are shredded.

All calls are recorded but call recording is turned off when collecting card details off a customer.

All emails relating to a customer that contain any personal data are deleted after 6 months.

The person responsible for dealing with complaints and answering requests is the company’s Data Protection Officer, Paul Phillips. 01443561478