Car Wash International Group
We’ll never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or IMO, it refers to Anduff Car Wash Ltd (a company registered in England & Wales under company number 00974889). Anduff Car Wash Ltd operates under the brands IMO Car Wash and ARC in the UK. Anduff Car Wash Ltd is the data controller and is responsible for this website.
Anduff Car Wash Ltd is part of the Car Wash International division of Driven Brands Holdings Inc. We own car wash sites and equipment across Europe and Australia, including over 200 car wash sites in the UK. In Europe and Australia, we engage independent individuals or third-party companies to run our car wash sites as independent operators.
What personal data do we collect?
We collect personal data in connection with specific activities such as registration on our app or car wash requests, placing an order, bookings, insurance claims, conducting research, ordering an image, administering promotions, complaints and feedback etc.
You may give us your personal data by filling in forms on our website or app, by registering to use our website or app, purchasing products or services on our website or app, participating in discussions, subscribing to take part in research on our website or other social media functions on our website or app, entering a competition, promotion or survey or by corresponding with us (by phone, email or by joining as a member/supporter/customer).
This personal data you give us may include your name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, car registration, photographs, CCTV images, attitudes, opinions, usernames and passwords.
Personal data provided by you
You may also provide information when interacting with us. For example:
- Personal details (name, date of birth, email, address, telephone) when you join a programme, purchase products or services on our website or app, provide feedback or make a complaint by phone, email or via our online form(s) or participate in promotional activity.
- Financial information (payment information such as credit or debit card or direct debit details) when you place an order for products or services from our website or app such as pre-paid vouchers or join a subscription scheme.
- Your opinions and attitudes about IMO car wash, activities and interests, and your experiences of the car wash when you respond to customer surveys or provide feedback to customer services or otherwise.
We may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier.
- Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information about your purchases including but not limited to revenue figures and the types of products purchased.
- The terms that you use to search our website or app.
Please note that certain services on our website or app won’t be available to you until you’ve registered to use our website or app.
Personal data created by your involvement with us
Your activities and involvement with us may result in personal data being created. This could include details of how you’ve responded to a customer survey related to your experience in one of our car washes or the process to purchase vouchers online.
Our offices and some of our car wash locations have Closed Circuit Television (CCTV) and you may be recorded when you visit them.
CCTV is used to provide security and protect both customers and IMO operators. CCTV will only be viewed when necessary (e.g. to detect or prevent crime or investigate a complaint) and footage is stored for no longer than 3 months after which it is recorded over, unless it is being retained for the purposes of an investigation or court case or at the formal request of a public body (subject always to data protection laws). IMO complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices, so you know when CCTV is used.
Some of our car wash locations have automatic number plate recognition (ANPR) fitted. This is a technology for automatically reading vehicle number plates.
We use this information to understand how often a vehicle is washed. We do not use this information with any other data in most of our car washes. The information allows us to understand the usage without knowing any other information about the customer.
If a customer signs up for the subscription club, we will be able to understand the wash frequency where ANPR is installed and where the subscription club is operating. As part of the process for joining the subscription club, the customer will give their number plate. This information can be cross referenced with ANPR data. Not all sites operate this club. We will not use this combined information for any purposes other than understanding how our subscription club is performing.
Information we generate
We conduct research and analysis on the information we hold, which may in turn generate personal data. For example, by analysing your responses, we may be able to build a profile which helps us decide which of our communications are likely to interest you. The section below on Research and Profiling gives more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content.
Information from third parties
We sometimes buy anonymous external data (e.g. census data, Experian MOSAIC, TGI) and combine it with your personal data at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.
We may also receive information about you from our independent car wash operators, for example, in the event of customer complaints, car damage and customer queries or feedback.
Sensitive personal data
Data protection laws recognise that certain categories of personal data are more sensitive than others. Such ‘special categories’ of personal data include, for example, information your race or ethnicity, religious or philosophical beliefs, political opinions, health, sex life or sexual orientation.
We will not collect sensitive personal data other than for Equal Opportunities monitoring, but this is only ever analysed at an aggregate level.
Under 17’s personal data
We do not knowingly collect or maintain the personal information of children under the age of 17. If you are under the age of 17, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 17.
How we use your personal data
We’ll only use your personal data when the law allows us to and for the purposes listed below either on the basis of:
- performance of your contract with the operator and the provision of the operator’s services to you; and/or
- performance of your contract with us, for example where you are a member of the subscription programme or you have purchased vouchers via our app; and/or
- your consent (where we request it); and/or
- where we need to comply with a legal or regulatory obligation; and/or
- our legitimate interests or those of a third party.
Personal data provided to us will be used for the purpose or purposes outlined in a transparent manner at the time of collection or registration and where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide them with your personal data.
Your personal data may be collected and used to complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites, apps and activities.
We’ll use your personal data for the following purposes:
To provide access to our website and app: to provide you with access to our website and app in a manner convenient and optimal for you and with personalised content relevant to you including sharing your personal data with our website and app hosts and developers (on the basis of our legitimate interest to ensure our website and app are presented in an effective and optimal manner);
To register your account: when you sign up to use our website and/or app, we will use the details provided on your account registration form (on the basis of performing our contract with you);
To process and facilitate transactions with us and with website and app users: we will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
User and customer support: to provide customer service and support (on the basis of our contract with you if applicable, or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the website or app and share your personal data with our website or app developer, IT support provider, payment services provider and car wash operators as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services and to comply with our legal obligations, and on the basis of the independent car wash operators’ legitimate interest in providing customer service (including complaints handling));
Recruitment: to process any job applications or application to become a car wash operator you submit to us, whether directly or via an agent or recruiter including sharing this with our third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
Analytics: to use data analytics to improve our website or app, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website and app updated and relevant, to develop our business and to inform our marketing strategy);
Suggestions and recommendations: to share your information with selected third parties such as suppliers and partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and operators and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
As outlined above, in certain circumstances we may use your personal data to pursue legitimate interests of our own or those of third parties. Where we refer to using your personal data on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
- personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
- detecting and preventing fraud and operating a safe and lawful business; and
- improving security and optimisation of our network, sites and services.
Where we use your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer of the “Your data protection rights” section below.
Disclosing and sharing information
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:
- Our independent car wash operators for the purposes of complaint handling and damage reports;
- Third parties who provide support to us on marketing activities, including data analytics, running promotions or competitions, undertaking customer research and obtaining and responding to customer feedback;
- Third party cloud hosting and IT infrastructure providers who host the website and our app and provide IT support in respect of the website and our app;
- Our various service providers;
- Other companies within the Driven Brands group;
- Any selected third party that you consent to our sharing your information with for marketing purposes;
- Prospective sellers and buyers of our business.
When we allow third parties acting on behalf of IMO to access to your information, we will always require them to maintain appropriate security to protect your personal data from unauthorised access or processing.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter or be of interest to you.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like. We may also show you relevant content online. This might be about visiting our sites, membership or events.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside Driven Brands for inclusion in their marketing. (We may however share cookie data with third parties to help with our own advertising targeting). If you agree to receive marketing information from us, you can change your mind later.
However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.
Personal data provided to us may also be profiled to help us with advertising targeting. For example, your membership data may be used to ensure we don’t contact you online. Or we may use your personal data to find online users with a similar profile to yourself who may be interested in our products or services.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the GDPR.
We may share your personal data within the Driven Brands Group. This will involve transferring your data outside the European Economic Area (EEA).
Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
We have in place a contract with our US affiliates in a form approved by the European Commission which allows us to transfer personal data to that affiliate on the basis that the personal data has the same level of protection as it has in the EEA. These affiliates are as follows: Boing US Holdco, Inc., Driven Brands Inc., Driven Investor LLC, Driven Brands Holdings Inc., and Driven Brands Shared Services LLC.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The countries to which we transfer your personal data have been deemed to provide an adequate level of protection for personal data by the European Commission;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe;
- The transfer is made from the EEA to the UK during a period when the EEA has granted a temporary relief from data export restrictions to the UK (known as “the bridge”); and
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How Can I Change My Contact Preferences?
We’d love to stay in touch, but we don’t want to out–stay our welcome. Choose how you would like us to get in touch with you by registering or signing in to http://www.imocarwash.com/gb/contact-imo and we’ll keep you updated on news relevant to you – straight into your inbox. We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send.
Your data protection rights
You have certain rights in respect of the information that we hold about you, including:
- the right to ask us not to process your personal data for marketing purposes;
- the right to request access to the information that we hold about you;
- the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
- the right to object to our using your personal data on the basis of our legitimate interests (or those of a third party)) where there is something about your particular situation which makes you want to object to processing on this ground;
- the right to receive a copy of any information we hold about you (see below the section on data subject requests);
- in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.
Please note that we may need to retain certain information for our own record-keeping and research purposes.
How to exercise your rights
We want you to remain in control of your personal data. If, at any time, you wish to action any of your rights we will comply with your requests unless we have a lawful reason not to do so. If you want to update, amend access, or delete your personal data or marketing preferences please contact us in one of the following ways:
- Email us: email@example.com your full name and address. If you have a membership number, please state this as additional information.
- Call us: +44 1494 897410
- Write to us: Customer services, IMO Car Wash, 35-37 Amersham Hill, High Wycombe, Bucks HP13 6NU
We will aim to respond to your request as soon as possible on receipt of your request. We try to respond to all legitimate requests in respect of personal data within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
What to do if you’re not happy
In the first instance, please talk to us directly by contacting us at firstname.lastname@example.org so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Cookies are small amounts of information that are sent to and stored on your computer’s hard drive. They are used to identify you when you visit the website, and to make your use of the website more convenient for you. Cookies are used to remember usernames, passwords and preferences and to deliver a faster and more personalised service.
IMO websites and services only use first party cookies to gather analytics and usage data for our website, with the aim of improving the experience for our users.
Using “cookies” the service may automatically collect some technical information which is not personally identifiable. Examples of this may include the type of Internet browser you are using and the domain name of the web site from which you linked to our site. We may aggregate this type of information for market research purposes and to improve our website.
Many Internet browsers allow you to set them to warn you before a cookie is stored or to block cookies altogether.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may find that certain sections of our website, do not work. For example, you may have difficulties logging in or purchasing items.
Links to other websites
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected or for as long as we reasonably require to retain the information for our lawful business purposes. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements. We will however not keep your personal data for longer than 3 years, unless it is held for current, ongoing claims and statutory purposes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping customers and members safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. In addition to this, we use appropriate technological and operational security measures to protect your personal data, including but not limited to, following a defencein depth security model, which means that your personal data is protected by multiple layers of security.
When you trust us with your data, we will always keep your information secure to maintain your confidentiality. By utilisingstrong encryption when your information is stored or in transit, we minimise the risk of unauthorised access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
Storage of information
IMO operations are based in the UK and we store most of our data within UK. Some organisations which provide services to us may transfer data outside the European Economic Area, but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA. However, we only allow this when we are certain it will be adequately protected. (e.g. US Privacy Shield or Standard EU contractual clauses).
If we discover that there has been a breach of related personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner within 72 hours of discovery. We will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures we have taken.
Payment card Security
IMO has an active PCI-DSS compliance program in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example, the full 16-digit number on the front of the card or the security code on the back.
Our online payment solutions are carried out using a 'payment gateway' (e.g. Sage pay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.