Privacy policy according to the GDPR

We attach a great deal of importance to protecting your personal data. Personal data processing therefore takes place in compliance with the applicable European and national legislation.

You may naturally revoke your declaration(s) of consent at any time with effect for the future. Please contact the controller according to § 1 to do so.

The following policy provides an overview of what type of data is collected, how it is used and disclosed, what security measures we take to protect your data, and how you can obtain information about the information we gather.

Legal basis for personal data processing
Insofar as we obtain the data subject’s consent to process their personal data, Art. 6, Para. 1, Clause 1, lit. a) of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis.
In the event of personal data which is necessary to fulfilling a contract, the contracting party for which is the data subject, being processed, Art. 6, Para. 1, Clause 1, lit. b) of the GDPR shall apply as the legal basis. This also applies to processing which is required to carry out pre-contractual measures.
If personal data needs to be processed to fulfil a legal obligation to which we are subject, Art. 6, Para. 1, Clause 1, lit. c) of the GDPR shall apply as the legal basis.
If processing is necessary to protecting a legitimate interest on the part of our company or a third party, and if the data subject’s interests, fundamental rights and fundamental freedoms do not take precedence over the former interest, Art. 6, Para. 1, Clause 1, lit. f) of the GDPR shall apply as the legal basis for processing.

Deletion of data and duration of storage
The data subject’s personal data shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also take place if this was stipulated by the European or national legislator in Union regulations, legislation or other specifications to which we are subject. Blocking or deletion of the data also takes place if a storage period stipulated by the aforementioned standards elapses, unless the data must be stored for longer to conclude or fulfil a contract.

§ 1 The controller and the data protection officer

(1) Name and address of the controller
The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:

Accident Express Direct Ltd
Westwood Avenue
Tyseley
Birmingham
B11 3RF

Phone: +44 (0)121 7668100
Email: compliance@accidentexpress.com
Website: https://www.accidentexpress.com

(2) Name and address of the data protection officer
The controller’s data protection officer is:

Bethany Drust
Accident Express Direct Ltd
Westwood Avenue
Tyseley
Birmingham
B11 3RF

Phone: +44 (0)121 7668100
Email: bethany@accidentexpress.com
Website: https://www.accidentexpress.com

§ 2 Definitions

The privacy policy is based on the terms used by the European regulatory authority when adopting the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”). The privacy policy should be easy to read and understand. To ensure that this is the case, explanations of the most important terms are provided below:

a) Personal data means all information which relates to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified either directly or indirectly, particularly by means of assignment to an identifier such as a name, to an ID number, to location data, to an online ID or to one or several particular features which are an expression of this natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.

b) Data subject means any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.

c) Processing means any listed operation carried out with or without the help of automated methods or any such series of operations associated with personal data such as collection, recording, organisation, arrangement, storage, adaptation or modification, reading, querying, use, disclosure through transfer, dissemination or provision in another way, comparison or linking, restriction, deletion or destruction.

d) Profiling means any kind of automated personal data processing which is characterised by the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, and particularly to analyse or predict aspects concerning job performance, economic situation, health, personal preferences, interests reliability, behaviour, location or movements.

e) Pseudonymisation means personal data processing in such a way that the personal data can no longer be assigned to a specific data subject without the help of additional information, provided that this additional information is stored separately and subject to technical and organisational measures which guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

f) Controller, or controller responsible for processing means the natural or legal person, authority, establishment or other body which, either alone or together with others, decides on the purposes and means of personal data processing. If the purposes and means of such processing are stipulated by Union or member state law, the controller and the specific criteria of their appointment may be provided for under Union or member state law.

g) Processor means a natural or legal person, authority, establishment or other body which processes personal data on the controller’s behalf.

h) Recipient means a natural or legal person, authority, establishment or other body to whom personal data is disclosed, regardless of whether or not it is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or member state law are not considered to be recipients.

i) Third party means a natural or legal person, authority, establishment or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

j) Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a declaration or another clear and affirmative act, by which the data subject signifies agreement to the processing of the personal data concerning them.

Providing the website and creating log files

(1) When you are merely using the website for information purposes, i.e. if you do not register or otherwise transfer information to us, each time our website is accessed we automatically collect the following data and information from the accessing computer’s computer system:

a) Date and time of access
b) Content of hits (specific pages)
c) The names of downloaded files
d) The user’s IP address
e) Information about the browser type and the version used
f) The language and version of the browser software
g) The amount of data transferred

The data is also stored in our system’s log files. This data is not stored together with other personal data belonging to the user.

(2) The legal basis for the temporary storage of the log files is Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.
(3) The temporary storage of the IP address by the system is necessary to

a) enable delivery of the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
b) optimise the contents of our website and advertising for the same
c) guarantee the functionality of our IT systems and our website’s technology
d) provide law enforcement authorities with necessary information in the event of a cyber attack

Storage in log files is carried out to guarantee the functionality of the website. Additionally, we also use the data to optimise the website and to ensure the security of our IT systems. Evaluation of data for marketing purposes does not take place in this regard.

In these purposes, we also have a legitimate interest in data processing according to Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.

(4) The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected – in this case, when the usage process ends.

If data is stored in log files, this is done seven days afterwards at the latest. Extended storage is possible. In this case, the IP addresses are deleted or anonymised so that they can no longer be allocated to the accessing client.

(5) Data must be recorded under all circumstances to provide the website and store the data in log files for the purpose of operating the website, which is why there is no opportunity to object.

4 Use of cookies

(1) This website uses “cookies”. Cookies are small text files which, as soon as you visit a website, are sent to your browser by a web server and are saved locally on your terminal device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and allow the user (i.e. us) to receive certain information. Cookies are used to make the website more customer-friendly and secure, and particularly to collect usage-related information such as frequency of use and the number of page visitors, as well as website activity. Cookies do not damage the computer in any way and do not contain any viruses.

This cookie contains a characteristic character string (“cookie ID”), which enables unique identification of the browser the next time the website is called up.

(2) We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also be identifiable after a page change. The following data is stored and transferred in the cookies:

• Language settings
• Session information
• Login information

The legal basis for personal data processing using cookies is Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.

(3) The purpose of using technically necessary cookies is to simplify use of the website for you. Some functions of our website cannot be offered without the use of cookies. To this end, the browser must be recognised even after a page change.

We need cookies for the following applications:

• Application of language settings
• Adoption of login information

The user data collected by technically necessary cookies is not used to create user profiles.

(4) Cookies remain stored even if the browser session is ended and can be called back up the next time you visit a web page. However, cookies are stored on your computer and transmitted to our site by it. You therefore have full control over the use of cookies. If you do not want data to be collected by cookies, you can make settings in your browser using the menu under “Settings” to ensure that you are informed about cookies being set, can categorically refuse the setting of cookies, or can also delete cookies on an individual basis. However, deactivating cookies may impair the functionality of this website. If the cookies are session cookies, they are automatically deleted once the user leaves the website anyway.