PRIVACY POLICY

Rolls-Royce Motor Cars is the Data Controller and responsible for the personal information we receive about you. For example via our websites or other marketing and communication channels, or via your use of our products and services such as Teleservices. 

When we refer to Rolls-Royce Motor Cars (‘we’, ‘us’, ‘our’) in this policy this refers to: Rolls-Royce Motor Cars Limited, a company registered in England and Wales under company number 03522604 and has its registered office at Summit ONE, Summit Avenue Farnborough, Hampshire GU14 0FB.


Regional Representation Offices

Rolls-Royce Motor Cars is a global operation with its headquarters located in the UK.  The worldwide sales and marketing operations and associated authorised Dealer network are supported by regional representation offices and branches, as listed below:

• The European Representation Office operates out of our UK head office and the German Representation Office operates as a branch office of Rolls-Royce Motor Cars Ltd, based in Munich, Germany. Between them they support geographical areas including:
  - countries in the European Economic Area (EEA)
  - countries participating in the Central European Free Trade Agreement (CEFTA)
  - countries participating in the Euro-Mediterranean partnership (EuroMed)

• The Americas Representation Office is provided by our BMW Group affiliate Rolls-Royce Motor Cars North America LLC and looks after geographical areas including:
  - USA
  - Canada
  - Mexico
  - Latin America
  
  
  Rolls-Royce Motor Cars North America LLC operates both as a service provider/data processor for us (for support provided in Canada, Mexico and Latin America) and as a separate Data Controller (for support provided in the USA). Therefore, only the services and associated data processing provided for Canada, Mexico and Latin America are covered by this policy.  For more information regarding Rolls-Royce Motor Cars North America LLC please visit their website.

• The Singapore Representation Office operates as a branch of Rolls-Royce Motor Cars Ltd and looks after geographical areas including:
  - India
  - Thailand
  - Japan
  - New Zealand
  - Malaysia
  - Singapore
  - Indonesia
  - South Korea
  - Australia
  - Vietnam
  - Philippines
  - Cambodia

• The Middle East Representation Office operates as a branch office of Rolls-Royce Motor Cars Ltd and looks after geographical areas including:
  - Africa
  - Saudi Arabia
  - United Arab Emirates
  - Lebanon
  - Qatar
  - Kuwait
  - Kingdom of Bahrain
  - Sultanate of Oman
  - South Africa

• The China Representation office looks including:
  - the People's Republic of China (PRC)
  - Taiwan
  - Hong Kong

and is supported by our BMW Group affiliate, BMW China Automotive Trading Ltd who operate as a service provider or data processor, conducting services on our behalf.

Authorised Rolls-Royce Motor Cars Dealers, Service Centres and Workshops (‘Dealers’)

Our global authorised Dealers are a network of independent businesses and not part of Rolls-Royce Motor Cars Limited.  They operate using the Rolls-Royce Motor Car brand under license to sell and/or support our products and services to customers. They are not covered by this policy and are referenced here to provide additional clarity regarding your personal information.

BMW AG

BMW AG is the parent company of Rolls-Royce Motor Cars Ltd and provides much of the backend IT infrastructure for our products and services. BMW AG is a service provider or Data Processor, conducting services on our behalf.

BMW AG is also a joint Data Controller for the technical provision of motor car telematic services, such as Teleservices, which includes vehicle metrics and measurements generated by sensors in your motor car, such as the mileage and check control messages (CarData).
For more information on Teleservices and CarData visit the Ownership section of our website here.

Rolls-Royce Motor Cars Financial Services

Rolls-Royce Motor Cars Financial Services is provided by our BMW Group affiliate BMW Financial Services (GB) Limited and is the Data Controller of the information which is used to grant and provide finance to you. They are not covered by this policy and are referenced here to provide additional clarity regarding your personal information.

These are the main ways we collect your information:

• If you contact us directly, for example via our websites, phone, email, to make an enquiry, or request information about our products and services.
• If you provide us with your details at an event.
• If you buy a product, or service directly from us, or from a member of our authorised Dealer network.
• If you use any of our products or services, such as websites, apps, social media, Teleservices.
• If you reply to our direct marketing campaigns (e.g. filling out a response form).
• If your contact details are transferred to us from an authorised Dealer or other third parties.
• If your vehicle data (incl. vehicle identification number) is transferred to us while you’re having your vehicle serviced or repaired.
• If other BMW Group legal entities or business partners transfer your personal data to us.
• If we acquired your personal data from other sources with your permission.
• If you submit a job application via our recruitment website.

Important Information

If you give information on behalf of someone else you must ensure that they have been provided access to this Privacy Policy before doing so.

If you are under 18 please do not provide us with any of your information unless you have the permission of your parent or guardian to do so.

Please help us to keep your information up to date by informing us of any changes to your contact details or preferences.  You may change or review your preferences by clicking here, or if you have a My Rolls-Royce account or Whispers membership, directly through these services.

The following types of personal information may be collected about you:

Contact Details:

For example:

• Name
  
• Address
• Phone numbers
• Email address

Interests:

Information you provide us about your interests, hobbies and preferences, including the type of vehicles you are interested in.

Website, App and Communication Usage (for example):

How you use our websites and apps and whether you open or forward our communications, including information collected through cookies and other tracking technologies (please see our Cookie Policy or app specific terms and conditions for more information).

Identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address and vehicle details.

Sales and Services Information:

Information relating to purchases and services, including payments, complaints and claims.

Identity Verification Information:

Information which enables us to confirm your identity such as government issued photo identity, passport or driving license.

Driving Eligibility Information

Information which enables us to confirm your driving eligibility, including driving offences.

Financial Crime Prevention Information

Information that enables us to conduct our risk management activities such as the identification of fraud, offences, suspicious transactions, politically exposed persons (PEP’s) and Sanctioned Parties.

Device and Service Usage:

Information about how you use our products and services (including usage via your mobile phone or motor car).

Vehicle Configuration Details:

Information about the features and current settings of your vehicle, (identified by the Vehicle Identification Number).

Vehicle Technical Information:

Vehicle status information and information about how the engine and systems within the vehicle perform, including fuel consumption data (identified by the Vehicle Identification Number).

Vehicle / Device Location Information (for example):

Your motor car or mobile device location where you have chosen services which require this data in order to operate. For example, to be able to provide real time traffic information and emergency call services in your motor car or other location specific services through the use of apps.

Travel and Hospitality Information:

For example information you provide us which enables us to make arrangements for you when attending a branded event or visiting the Home of Rolls-Royce. Depending on the scenario this could include dietary requirements, passport details, arrival and departure times etc.  

Job Application Data:

Information you submit via our recruitment website such as: contact information, qualifications and skills, career history etc.

CCTV Images:

Information captured by means of closed-circuit television, also known as video surveillance, which is the use of video cameras to transmit a signal to a specific place on a limited set of monitors.

Use of personal information under UK data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found here.

The main uses of your information include:

Customer Support and Marketing - to respond to enquiries and to bring you news, offers and events.

We use your personal data for customer care and for personalised communication of our product and service information, with your consent where necessary. For these purposes we may transmit this data to authorised Dealers.

In order to ensure that you receive relevant and personalised communications, we will use data we hold about you to create an individual customer profile. This may include but is not limited to data you have provided to us or which is generated by your use of our products, for example Contact Details, Interests, Website, App and Communication Usage, Sales and Services Information, Device and Service Usage, Vehicle Configuration Details and Vehicle / Device Location Information.

Vehicle Sales & Services – to process your sale, configure and service your vehicle.

We will obtain Contact Details, Vehicle Configuration Details, Vehicle Technical Information and Sales and Services Information when you purchase, service or repair a vehicle from us or from our authorised Dealer network. In certain circumstances we may also require Identity Verification Information. As part of the sale or service we will use this information to provide the services you request and notify you of issues in relation to your vehicle. This information may be accessed by BMW AG to troubleshoot technical or other issues relating to the delivery of these services.

We may also receive limited Vehicle Location Information during the repair process which will be used only in accordance with Location Information Safeguards. For further information on these safeguards click here.

Other Products and Services – to process your applications, orders and requests.

We will obtain Contact Details and depending on the product or services we may also collect data regarding Identity Verification, Interests, Website, App and Communication Usage, Sales and Services Information, Device and Service Usage, Vehicle Configuration Details, Vehicle/Device Location Information, Travel and Hospitality Information. Please see the terms and conditions of the specific product or service for more information.

Teleservices Services – to provide telematics services in the motor car.

We and BMW AG receive information from these services, such as:

Contact Details, Vehicle Location Information as well as Device and Service Usage Information, which is used in accordance with the Teleservices terms and conditions. For further information please click here.

Quality Assurance, Research and Development – to improve our products and services.

We and BMW AG may use any of the information that we receive through the provision of our services (including Location Information and Website, App and Communication Usage) for product and service quality assurance and development purposes. Before any such use is undertaken your information will be de-personalised so it cannot be directly linked back to you.

Legal requests for your information – to comply with our legal obligations, including requests from law enforcement, regulators and the court service.

We may be legally required to provide your information to law enforcement agencies, regulators, courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Within the EU certain On-Board Fuel Consumption Measurement “OBFCM” data, such as fuel consumption and kilometres driven may be collected from your vehicle during workshop visits and transmitted directly to the EU Commission via our parent company (BMW AG). You can refuse the collection and transmission of such data for this purpose via your local RRMC authorised dealership, service centre or workshop.

Compliance and Risk Management – where we have a legitimate interest as part of our compliance and risk management procedures, we may process your data such as, Identity Verification Information, Driving Eligibility Information, and Financial Crime Prevention Information to identify, for example:

• Politically exposed persons
• Driving eligibility in order to comply with our insurance obligations (if you drive a vehicle owned by us)
• Sanctioned parties

Job Applications – Job Application Data and any other additional information you may provide to support your application will only be used for the purposes of recruitment.  Further information can be found on our recruitment website here.

Security information including CCTV images – It is in our legitimate interest to utilise closed circuit television (CCTV) images for the purposes of providing a safe and secure environment for staff and visitors. We further use such images to protect buildings and assets from damage, disruption, vandalism and other crime, to assist in the effective resolution of disputes which occur on our premises, to assist in the defence of any civil litigation and to support law enforcement bodies in the prevention, detection and prosecution of crime.

Personal information which we collect may be transferred to or accessed by third parties on our behalf, with your consent where necessary.

The types of third parties include:

• Marketing and research companies who run and manage marketing and research campaigns


• Event companies who run and manage branded and/or sponsored events


• Companies who assist us with the provision of customer services, including concierge support.


• Authorised Roll-Royce Motor Car Dealers, Service Centres and Workshops who provide services to you


• IT providers who provide us systems and services for customer support


• Logistics and courier companies who transport our products to you


• Companies who provide transport to you or offer you mobility services (e.g. chauffeurs)


• Law firms who provide legal advice to us (e.g. where there is a customer dispute)


• Companies who provide document archiving services


• Affiliate companies within the BMW Group, such as our regional representation offices, parent company and Rolls-Royce Motor Cars Financial Services (see “Rolls-Royce Motor Cars as a data controller and our responsibilities ” for more information).


• Providers of luxury lifestyle products and services when you have requested them and with your permission where necessary

When data is shared it is always done in a secure manner and we ensure that it is only used for the purpose it was collected for and do not allow third parties to abuse their agreements with us.

We may transfer your personal information to a third party without your consent if there is an alternative legal ground, for example, it is in our legitimate interest, or if there is a contractual obligation to do so.

We use technical and organisational security measures including encryption and authentication tools to protect your personal information against manipulation, loss, destruction, and unauthorised access by third parties.

Although data transmission over the internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements.

Examples of our security measures include:

• Tightly restricted access to your data which is granted on a 'need to know' basis and only for the communicated purpose(s)


• Only transferring data in encrypted form


• Highly confidential data stored in encrypted form


• IT systems are technically isolated from other systems and hosted in secure data centre’s to prohibit unauthorised access e.g. from hackers


• Monitoring of IT systems to detect and stop misuse of personal data.

Please remember, if you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, it is your responsibility to keep this password confidential. We ask you not to share your password with anyone.

We retain your information only as long as is necessary for the purpose for which we obtained it and any other permitted linked purposes. If information is used for two purposes we will retain it until the purpose with the longest period expires. We will stop using it for the purpose with a shorter period once that period expires.

We restrict access to your information to only those persons who need to use it for the relevant purpose.


Our retention periods are based on a combination of legal requirements (where applicable) and business needs. Information that is no longer needed is either irreversibly anonymised or destroyed securely.

Use for marketing: 
We retain your personal information for marketing, such as Contact Details and Interests as long as is necessary. For example, if you have expressed an interest in one or more of our products or services we will keep your information for as long as we have an ongoing dialogue with you, or until such time as you ask us to stop. You retain the right to object to our use of your data for marketing at any point. (Please see How to change your privacy preferences)

Use to perform contract:
In relation to your information used to perform any contractual obligation with you, we may retain that data whilst the contract remains in force plus six years to deal with any queries or claims thereafter.

Teleservices:
We set out how long we retain your data in relation to each service in the Teleservices terms and conditions.


Where claims are contemplated:
Where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain relevant data for as long as that claim could be pursued.

Rolls-Royce Motor Cars is a global company. Your personal information may be accessed by our staff, or our carefully selected agents or contractors from a country outside of the UK and the European Economic Area (EEA) for any of the purposes set out in this policy. These countries may have in place data protection laws which may be of a lower standard than in the UK and the EEA. We will ensure that any of your information that is accessible outside the UK and the EEA is handled subject to appropriate safeguards.
Countries in the EEA and certain Countries outside such as Canada and Switzerland, have been approved by the UK Data Protection Regulator as providing essentially equivalent protection to UK Data Protection Laws and therefore no additional legal safeguards are required. In countries which have not had such approval, we will either ask for your consent to the transfer, or transfer it subject to UK approved contractual terms that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable Data Protection Law to make such transfers without such formalities.

The majority of our data processing takes place within the UK and the EEA. Generally speaking your data will only be transferred to a location outside of the UK & EEA if you are located outside of these areas, and in those cases only to the country/countries which are best placed to support you with your enquiry or for the provision of the products and services which you have engaged with us for. For example, if you have registered to attend an event hosted in Dubai, relevant information relating to your attendance will be shared with our regional office in Dubai and our carefully selected local agents and contractors who support us with the delivery of the event, where necessary. 

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information.

You can change your marketing preferences, withdraw your consent for marketing or object to our use of your data for marketing purposes by one of the following:

• Calling the Customer Contact Team on +44 (0)1243 525700


• Sending an email to enquiries@rolls-roycemotorcars.com


• By writing to us at:
      Customer Contact Team
      Rolls-Royce Motor Cars Limited
      The Drive
      Westhamptnett
      West Sussex
      England
      PO18 0SH

If you have a My Rolls-Royce account or Whispers membership, you can also change your marketing preferences or withdraw your consent for marketing directly through these services.

If you have any questions in relation to our use of your information you should first contact the Client Contact Team by one of the following:

• Calling us on  +44 (0)1243 525700


• Sending an email to enquiries@rolls-roycemotorcars.com


• By writing to us at:
      Customer Contact Team
      Rolls-Royce Motor Cars Limited
      The Drive
      Westhamptnett
      West Sussex
      England
      PO18 0SH

In addition you may contact our Data Privacy Officer directly by:

• Sending an email to dataprivacyofficer@rolls-roycemotorcars.com


• Calling on +44 (0)1243 384000


• Writing to the ‘Data Privacy Officer’ at the above address

Under certain conditions you have the right to ask us to:

• Provide you with further detail about how we use your information


• Provide you with a copy of your information


• Update any inaccuracies in the information we hold about you


• Delete any information about you that we no longer have a lawful ground to use


• Remove you from our direct marketing lists when you object to our marketing or withdraw your consent


• Provide you with your personal information in a usable electronic format and transmit it to a third party of your choosing (right to data portability)


• Restrict our use of your personal information


• Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights (click here for more information).

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third parties.

If you are dissatisfied with our use of your information or our response to any exercise of these rights, you have the right to complain to your data protection authority. For the UK, The Information Commissioner’s Office can be found here: click ICO for more information).

If you have chosen services that disclose your location or the location of your vehicle, we take the confidentiality of that information very seriously.

The following safeguards are applied to Location Information (including information accessed as part of the vehicle service process):

• It is only kept for as long as necessary to fulfil the service.
• It is only obtained or accessed in that form where necessary to provide the service requested or where we are obliged to retain and/or provide the information by law (and where we are required to provide the information to law enforcement or any other third party, we will - notify you unless to do so would prejudice the prevention or detection of a crime or we are not permitted to do so).
• Vehicle Location Information and Device Location Information are not linked unless necessary to provide the service requested.
• Any other use of Location Information for analytics purposes will be undertaken on irreversibly anonymised data.

You will have been provided with a detailed description of the Location Information obtained to provide a Location Information dependent service when you initially purchased the vehicle or activated or configured the service or application (e.g. Teleservices or mobile app). You can control whether we continue to hold or collect that information through the vehicle, service or application so future Location Information ceases to be collected. Please note that we may not be able to provide certain features of our services to you if you limit the collection of your Location Information. 

Our use of personal data is permitted under UK data protection law on the basis of the following principal legal grounds:

• Where necessary to enter into or perform a contract with you
• Where needed to comply with our legal obligations
• Where necessary in order to protect your or someone else’s, vital interests (in life threatening situations such as following an accident) 
• Where we use it to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting our business and tailoring news and offers to you, research and development of vehicle related products and services, detecting fraud and criminal activities)
• Where you have consented to the use (you will have been presented with a consent notice in relation to any such use and may withdraw your consent at any time by contacting us.

There may be uses that are permitted on the basis of other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.