Data Protection and Privacy Policy

Data Protection and Privacy Policy

This data protection policy sets out how Buy A Van UK Ltd protects any information that you give Buy A Van UK Ltd through this website or other means. Any information provided to Buy A Van UK Ltd will only be used in accordance with this policy.

This policy may change from time to time. To ensure you are aware of any changes please check this page again in the future before providing additional information to Buy A Van Uk Ltd

Buy A Van UK Ltd will not share your information with any third party.

Data Storage and Security

We have in place robust physical, managerial and digital procedures to ensure you information is protected and is safe from unauthorised disclosure/access.Buy A Van UK Ltd is committed to protecting the security of data through the preservation of:

Confidentiality: protecting information from unauthorised access and disclosure.

Integrity: safeguarding the accuracy and completeness of information and processing methods.

Availability: ensuring that information and associated services are available to authorised users when required.

Granularity: ensuring data is only used for the purpose for which it was provided.

Examples of Personal Data may include:


Date of Birth

National Insurance Number

Telephone Numbers

Benefit Details

Bank Account Details

Information relating to the persons health or disability



Disposal of Information

All information is disposed of in a secure and timely manner, being kept only for the peroid of time required for the purpose or purposes of the data processing and for no longer than necessary.

Buy A Van UK Ltd will develop, implement and maintain this Data Protection and Retention Policy to ensure data is sufficiently stored, processed, transmitted and destroyed in a way consistent with our legal, contractual and ethical obligations.

At any time you may request details of personal information that Buy A Van UK hold about you as per the GDPR 2018. If you would like a copy of the information held about you currently please contact [email protected]

Cookie use

Cookies are tiny text files stored on your computer when you visit certain web pages. At Buy A Van UK Ltd cookies are used to identify when you visit a particular site, as well as analyse web traffic. Cookies also facilitate a more personal web experience, allowing web applications to gather information about your personal preferences, and respond to you as an individual. By using this website you agree to the use of these cookies.

Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered within these cookies along with third party data for advertising and marketing purposes, including interest based advertising. To find out more about interest based advertising please visit and to opt out of interest based advertising please visit To opt out of Google cookie use specifically please visit Google Ads Settings

It is the aim of Buy A Van UK Ltd to provide a very high standard of service to every client. It is important to us that all complaints are resolved as quickly as possible and to the complete satisfaction of our clients.

Rights for individuals
One of the key changes brought about by GDPR is the introduction
of new rights and the strengthening of existing rights to give
individuals more control on how organisations process their data.

The rights GDPR provides to individuals are:

Right to be informed – individuals have the right to be informed about the collection
and use of their personal data. ‘Privacy information’ explaining how an individual’s data
is processed, how long it is retained for and who it is shared with must be provided at
the time data is collected, for example, on or in conjunction with, the sales and finance
agreement. This information is usually known as a ‘Data Privacy Notice’ or DPN.

Right of access – individuals have the right to access their personal data and any
supplementary information that is held or has been processed by an organisation.
A reasonable fee can be charged only if the request is unfounded or excessive,
otherwise it must be provided free of charge without undue delay, within at least one
month of the request being made.

Right to rectification – individuals have the right to have inaccurate personal data
rectified, or completed if inaccurate. A request can be made verbally or in writing and
must be responded to within one month. In certain circumstances requests can be

Right to erasure – individuals have a right to ask to have their personal data erased.
This is known as the ‘right to be forgotten’. A request can be made verbally or in
writing and must be responded to within one month.

Right to restrict processing – individuals have the right to request the restriction or
suppression of their personal data. This allows for their data to be stored but not
used. A request can be made verbally or in writing and must be responded to within
one month.

Right to data portability – individuals have the right to obtain and reuse their personal
data for their own purposes across different services. This allows them to move, copy
or transfer personal data across IT platforms for convenience in a way that is portable
and safe. This information must be provided free of charge, without undue delay, and
within one month of being requested.

Right to object – individuals have the right to object to their personal data being
processed for direct marketing purposes (including profiling). The right to object must
be included in the initial privacy notice provided to the individual.

Rights related to automated decision making and profiling – individuals have a
right not to be subject to an automated decision making process or profiling unless
the decision is necessary for the entry into or performance of a contract. Since
affordability and creditworthiness checks are a requirement for finance providers to
undertake, individuals would not always be entitled to exercise this right where data is
being used for a credit application

Internal Procedures

All files relating a customer are collated and stored in folders on a cloud drive account and backed up on a USB drive which is kept locked off site.

At the start of each month all files over 6 months old are destroyed unless they are required to be help for FCA reporting purposes.

All paper files are scanned and added to the customer folder once a deal is completed.

Once scanned the paper files are shredded.


All calls are recorded but call recording is turned off when collecting card details off a customer.

All emails relating to a customer that contain any personal data are deleted after 6 months.

The person responsible for dealing with complaints and answering requests is the company`s Data Protection Officer, Paul Phillips. [email protected]: 01443561478

Send A Message