How your personal information is used
Use of personal information under the data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found in the ‘use of your information’ section in your finance agreement.
The main uses of your information are:
To assess your eligibility for finance, to comply with legal obligations and for legitimate interests. Eg. to ensure that Alphabet offers the most appropriate offers of finance to you, to ensure that the services function correctly, to prevent fraud and money laundering and to ensure that your records are accurate and up to date.
When you apply for finance from Alphabet you must provide certain personal information. Alphabet will share the information with Credit Reference and Fraud Prevention Agencies to help us decide whether to offer you finance. Using information about you in this way is necessary for Alphabet to make this decision and if you do not provide it Alphabet may not be able to offer you finance. Your information will be used by Alphabet and these agencies as follows:
- Alphabet will check records about you and others held by them and by Credit Reference and Fraud Prevention agencies, for example to assess your application for credit and verify identities to prevent and detect crime and money laundering. The Credit Reference Agencies will place a search footprint on your credit file that may be seen by other lenders. They will supply public information (for example information held on the electoral register) as well as shared credit and fraud prevention information. The Fraud Prevention Agencies will use your personal information to prevent fraud and money-laundering and to verify your identity.
- If you are making a joint application, e.g., if you advise Alphabet of a director or that you have a spouse or financial associate, they will link your records together so you must be sure that you have their agreement to disclose information about them. Credit Reference Agencies also link your records together and these links will remain on your and their files until such a time as you, a director or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.
- If you give Alphabet false or inaccurate information or Alphabet suspects or identifies fraud, it will record this and may also pass on the information to Fraud Prevention Agencies and other organisations involved in crime prevention. Law enforcement agencies may also access and use this information. If fraud is detected, you could be refused certain services, finance or employment.
- Alphabet and other organisations may access and use from other countries the information recorded by Fraud Prevention Agencies, which may be publicly-available sources.
- Your data may also be used for other purposes for which you give your permission or, in limited circumstances, when required by law or where permitted under the terms of relevant data protection and privacy law.
If you would like full details about how your information will be used by us, Credit Reference Agencies and Fraud Prevention Agencies, including details of your rights in relation to your information, or you would like to obtain contact details of the Credit Reference and Fraud Prevention Agencies, please: visit www.experian.co.uk/crain or www.onfido.com/privacy. We may also provide your information to the following fraud prevention agencies to prevent or detect fraud and money laundering, and to verify your identity: National Hunter Limited, PO Box 4744, Stone, ST15 9FE, https://nhunter.co.uk/privacy-policy and https://nhunter.co.uk/; CIFAS, 6th Floor, Lynton House, Tavistock Square, London, WC1H 9LT, https://www.cifas.org.uk/website-privacy-notice and https://www.cifas.org.uk/. If you give us false or inaccurate information or we suspect or identify fraud, we will record this and may also pass this information to our Group Companies, fraud prevention agencies and other organisations involved in fraud prevention to detect, investigate and prevent crime. Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years. A record of any fraud or money laundering risk will be retained by the Fraud Prevention Agencies, and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact the Fraud Prevention Agencies on the details above.
Alphabet uses automated decision-making tools to help it to decide whether to offer you finance. Based on the information you provide us, we will compare this against different metrics to determine whether you meet the eligibility criteria for finance or to determine whether you will be able to make repayments on a vehicle without difficulty. If your application for finance is rejected using automated means alone, you will be given the opportunity to ask for the decision to be reviewed manually. This does not mean that the decision will be changed.
Alphabet will also use your personal information to manage the contractual obligations and to enforce its rights under the finance agreement. Full details of how Alphabet processes your personal information is set out in the “Use of Your Information” clause in your finance agreement.
To respond to enquiries and to bring you news and offers.
Alphabet uses your personal data for customer care and for personalised communication of Alphabet's product and service information, where necessary with your consent. For example, Alphabet will have a legitimate interest in passing on your contact details and your agreement details (term, monthly payment, rate, mileage, final payment, and agreement number and vehicle details) to authorised Alphabet Retailers and Partners to discuss your end of contract options or, if you have given us your consent, to tell you about other products and services that may interest you. Alphabet may also pass on your contact details to other BMW Group companies and other third parties that we select to provide our products and services for marketing purposes. We will only pass on your details to third parties for marketing purposes if we have your consent to do so.
To process your sale, configure and service your vehicle.
Alphabet will obtain contact details, vehicle configuration details, vehicle technical information and sales and services information when you service or repair a vehicle with them as part of the contract or service. They will use the information you give them to provide the services you request and to notify you of any issues in relation to your vehicle. This information may be accessed by Alphabet and its service partners to troubleshoot technical or other issues relating to the delivery of these services.
To provide digital services in the vehicle.
Where you use a connected drive in your vehicle the vehicle manufacturer receives Contact Information, Vehicle Location Information as well as Device and Service Usage Information which they use in accordance with the detailed service descriptions for each element of the services set out in the relevant privacy policy. The detailed service descriptions also set out any disclosures to third parties.
Where you use a third party application, for example Spotify in conjunction with an in car entertainment system, you will be presented with their terms of service and privacy policy before you are able to use that application. The operator of that third party application will be the data controller of any of your information that is accessed or input through that application. It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application. We are not responsible for that use.
To provide digital services relating to the vehicle through a mobile device.
Where you use a connected App the vehicle manufacturer will obtain Contact Information, Device and Vehicle Location Information as well as Device and Service Usage Information through the provision of the Connected App. You will be presented with the Connected App terms of service and privacy policy before you use the Connected App. The operator of the Connected App will be the data controller of any of your information that is obtained. It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application. We are not responsible for that use.
Where you use a third party application within the Connected App, for example Amazon Echo or Spotify, you will be presented with their terms of service and privacy policy before you are able to use that application. The operator of that third party application will be the data controller of any of your information that is accessed or input through that application. It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application. We are not responsible for that use.
To improve our products and services.
Alphabet may use any of the information that it receives through the provision of services for product and service quality assurance and development purposes. Before any such use is undertaken your information will be anonymised so it cannot be directly linked back to you.
If you respond to a customer survey, we will use your personal information for internal research purposes only. If we do this we may not anonymise your information.
To comply with our legal obligations to law enforcement, regulators and the court service.
We may be legally required to provide your information to law enforcement agencies, regulators, insurers and courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Alphabet may transfer your personal information to a third party if it is in its legitimate interest or if there is a contractual obligation to do so. For example, Alphabet may pass on your contact and agreement details (term, monthly payment, rate, mileage, final payment, and agreement number and vehicle details) to a supplier to service your vehicle or to a debt recovery agent if you fail to make the payments due under your finance agreement or to a vehicle recovery agency to collect your vehicle at the end of your agreement. Full details of how Alphabet uses and shares your personal information are set out in the “Use of Your Information” clause in your finance agreement.
Alphabet provides Fleet Reporting as a contracted service to our customers.
Alphabet will use your contact data (e.g., your first and last name, and email address) for identity and access management for Fleet Reporting services, to ensure that only authorised persons will have access to your fleet management data.
When you choose to interact with our Alphabet AI based digital Assistant, the following personal data may be processed to improve your user experience by simplifying your report-building and for Alphabet to optimisze the operation and performance of the Assistant:
- User query input: Your submitted prompt, which could include, e.g., driver name, customer cost centre, contract number, customer employee number, VIN, etc.
- Result storage: Your prompt history and validated search results will be saved anonymously for future reference and to improve our AI Assistant’s performance.
- User feedback: You can rate the quality of the answer which is recorded anonymously to further refine the AI Assistant’s accuracy and effectiveness.
Additionally, the following personal data may be included in the existing fleet reporting data, used for providing you with the requested information through the AI based Assistant.
- Contract Data (e.g., Customer name and ID, driver’s full name, Alphabet contract number, lease asset details (like make/model, engine, fuel type, etc.), contracted lead time and mileage, CO2 emissions, IFRS 16 required data)
- Account Data (e.g., Customer cost centre, customer employee number, vehicle identification number, license plate)
- Customer Transaction Data (e.g., Actual mileage including deviations, expected contract expiration, fuel consumption (expected versus actual), fines statistics, damage statistics, service & maintenance, repairs, and tyre transactions)