Privacy and Data Protection

Home » Privacy and Data Protection

Welcome to ITAS’privacy policy.

We are International Technical Automotive Systems Ltd, (“ITAS”, “we”, “us”, or “our”). Our company registration number is 04534677 and our registered address is 1 Tanners Drive, Blakelands, Milton Keynes, Buckinghamshire, England, MK14 5BU.

For the purposes of UK laws regarding data protection, the data controller is ITAS, and we are registered with the UK Information Commissioner’s Office (ICO) under registration number Z3158531.

This privacy policy applies to: (i) individuals who visit our websites at www.itasworld.com, www.itassystems.com or www.itascapture.com (the “Websites”), or engage with us via our Websites, online portals, products or services or social media platforms; (ii) individuals we engage with in connection with any products, services, contracts or related matters; (iii) individuals we deal with in their business capacity, such as representatives of our suppliers or investors; (iv) individuals that apply for work with us; and (v) our clients’ customers or their employees who use our online portals, products or services (“you”, “your”).

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

The types of personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

We may collect and use the following information about you:

  • Identity Data including your first name and surname, title, and caller line identification information.
  • Contact Data including your billing address, residential address, email address, and telephone numbers.
  • Business Data including the name of the organisation you represent, your position, department and business ID numbers.
  • Financial Data including bank account and payment card details.
  • Transactional Data including information about our dealings, transactions and interactions with you.
  • Portal Data including information about bodyshop approval programmes, accident repair, auditing and reporting for and on behalf of our clients and their employees.
  • Vehicle Data including information regarding vehicle owner, vehicle registration number (VRN) and vehicle model.
  • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our Websites.
  • Usage Data including information about how you use or search our Websites and your behaviour patterns, including any user preferences and how you interact with our online portals, products and services.
  • Survey Data including data from surveys that we may, from time to time, run on the Websites for research purposes, if you choose to respond to, or participate in, them.
  • Marketing and Communications Data including your preferences in receiving marketing from us, your communication preferences and your language settings.
  • Investor Data including information about your investments with us and any background checks we carry out on you.
  • Recruitment Data including within your resume/CV or provided by recruitment agencies, information held on your social media accounts such as LinkedIn and any other information that is shared with us throughout the application process including information about your employment history, education history and references, criminal records check (if applicable), any relevant recruitment test results (if applicable), third party references or health information to make reasonable adjustments.
  • Qualifications Data including information about your professional qualifications, licensing certificates and any relevant insurance coverage.

We will indicate where any personal data we have requested is mandatory. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to provide you with certain products or services.

If you fail to provide your personal data

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Lawful basis for processing

We will only process your personal data where we have a lawful basis to do so. The lawful basis will depend on the purposes for which we have collected and use your personal data. In almost every case, the lawful basis will be one of the following:

  • Our legitimate business interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example, to supply our products and services to our customers, prevent fraud and enable us to give the best and most secure customer experience.
  • Performance of an agreement with you (or in order to take steps prior to entering into an agreement with you): For example:
  • where you have provided your information in order to receive details in relation to our products and services;
  • to provide customer support and ensure we provide a good level of customer service; and
  • to employ or engage you as an employee or contractor of our business.
  • Compliance with the law: Where we are subject to a legal obligation and need to use your personal data in order to comply with that obligation.
  • Consent: Where you have given consent for us to process your personal data for a specific purpose.

Purposes for which we may use your personal data

We collect most categories of personal data from you directly or when you use our Websites, online platforms, products or services or engage with us via social media. We may also collect your personal data from various third parties (such as Google Analytics, as further described below), or when we act as a data processor on behalf of a third party, such as our clients.

Please find a table which sets out each category of personal data we collect below, and the lawful basis for processing it.

 

Purpose of processing Category of personal data Lawful bases
To respond to queries Identity data

Contact Data

Business Data

 Our legitimate interests to respond to queries
To enter into, fulfil and manage contracts with customers including managing payments, fees and charges and collecting and recovering money owed to us Identity data

Contact Data

Financial Data

Transactional Data

Portal Data

Vehicle Data

Marketing and Communications Data

Business Data

 Performance of an agreement with you

Our legitimate interests for conducting our business operations, providing our products and services and recovering debts due to us

 
To provide our Websites, online portals, products and services and social media accounts Identity Data

Contact Data

Transactional Data

Portal Data

Vehicle Data

Technical Data

Usage Data

Survey Data

Marketing and Communications Data

Business Data

 Our legitimate interests for conducting our business operations and developing our business
To manage and improve our Websites, online portals, products and services and social media accounts, including by using data analytics Technical Data

Usage Data

Survey Data

 

 Our legitimate interests for conducting our business operations and improving our product and service offerings
To set and operate cookies and similar technologies on our Websites Technical Data

Usage Data

 Consent

Our legitimate interests for conducting our business operations and ensuring a user-friendly experience on our Websites
To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you Identity Data

Contact Data

Transactional Data

Marketing and Communications Data

Business Data

 Consent

Our legitimate interests for conducting direct marketing, developing our products/services and growing our business
To handle complaints and disputes All data types Our legitimate interests for conducting our business operations and providing you with a positive customer or user experience
To comply with the law and to enforce our legal rights All data types To comply with our legal obligations

Our legitimate interests for protecting our business and enforcing our rights
To perform our day-to-day business operations including business development All data types Our legitimate interests for conducting our business operations and growing our business
To manage our relationship with you including notifying you about changes to our terms or privacy policy and dealing with your requests Identity Data

Contact Data

Business Data

Marketing and Communications Data

Transactional Data

 Our legitimate interests for conducting our business operations, keeping our records updated and maintaining our relationship with you
To administer and manage our relationships with our investors Identity Data

Contact Data

Business Data

Financial Data

Investor Data

 Performance of an agreement with you

 
To consider your application to work with us (including as an employee of ITAS) and to allow you to participate in our recruitment processes Identity Data

Contact Data

Recruitment Data

Qualifications Data

 Our legitimate interests for recruiting new staff and growing our business
To administer and protect our Websites and online portals (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity Data

Contact Data

Technical Data

Usage Data

 Our legitimate interests for running and protecting our business and our Websites and online portals, provision of administration and IT services and network security

Use of cookies

We may automatically collect and obtain personal data about your general internet usage by using cookies. A cookie is a small file of letters and numbers which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. We use cookies to distinguish you from other users of our Websites and online platforms. They help us to improve our Websites, and to deliver a better and more personalised service when you browse our Websites and online platforms.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our Websites and online platforms. They include, for example, cookies that enable you to log into secure areas of our online platforms.
  • Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Websites and online platforms when they are using it. This helps us to improve the way our Websites and online platforms work, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our Websites and online platforms. This enables us to personalise our content for you, greet you by name and remember your preferences.
  • Targeting cookies. These cookies record your visit to our Websites and online platforms, the pages you have visited and the links you have followed.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Title Purpose
iTas Used for authorisation
iTasTVer Used for version tracking
iTasVer Used for authorisation
AspNet.ApplicationCookie Used to define the user’s identity and authentication in the ITAS Capture Application
AspNetCore.Identity.Application Used to define the user’s identity and authentication in the ITAS Capture Application
AMCV_8AD56F28618A50850A495FB6%40AdobeOrg Used by cloudflare
ASP.NET_SessionId Used to track a user’s session across multiple page requests
ApplicationGatewayAffinity Used for maintaining user sessions
ApplicationGatewayAffinityCORS Used for maintaining user sessions
CF_VERIFIED_DEVICE_3a5b8d79d0a4780182b3b3c24142452d2cc368c89f7373a4f7b140f3d08d604c Used by cloudflare
CaptureAuth Used for maintaining user sessions
SAML_SessionId Single sign on session for multiple applications within the same domain
__RequestVerificationToken Used for web application security
dont-subscribe Enables or disables push notifications to the user’s browser
kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity Used by cloudflare
saml-session Single sign on session for multiple applications within the same domain
AEC Used for Google Analytics
APISID Used for Google Analytics
DV Used for Google Analytics
HSID Used for Google Analytics
NID Used for Google Analytics
SAPISID Used for Google Analytics
SEARCH_SAMESITE Used for Google Analytics
SID Used for Google Analytics
SIDCC Used for Google Analytics
SSID Used for Google Analytics
__Secure-1PAPISID Used for Google Analytics
__Secure-1PSID Used for Google Analytics
__Secure-1PSIDCC Used for Google Analytics
__Secure-1PSIDTS Used for Google Analytics
__Secure-3PAPISID Used for Google Analytics
__Secure-3PSID Used for Google Analytics
__Secure-3PSIDCC Used for Google Analytics
__Secure-3PSIDTS Used for Google Analytics
__Secure-ENID Used for Google Analytics
_ga Used for Google Analytics
_ga_0NR313W8M8 Used for Google Analytics
_gat_gtag_UA_51796594_1 Used for Google Analytics
_gid Used for Google Analytics
cookie_notice_accepted Used to determine if the user understands the cookie notice
wordpress_test_cookie Used to determine if the browser accepts cookies

 

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse

the setting of cookies, or to alert you when websites set or access cookies. However, if you select this setting you may be unable to access certain parts of our Websites or online platforms.

We do not share the information collected by the cookies with any third parties.

Visitors to our websites

When someone visits our Websites, we use third-party service providers, such as Google Analytics, to collect Technical Data such as standard internet log information and Usage Data such as details of visitors’ behaviour patterns. We do this to find out information such as the number of visitors to our Websites.

This information is processed in a way which does not identify anyone. We do not allow our third-party service providers such as Google to make any attempt to find out the identities of those visiting our Websites.

Marketing

Where permitted by law or where we have asked for your consent, we may send you marketing materials which we believe may be of interest to you.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You may receive marketing communications from us if you have requested information from us or engaged with us and you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages by following the opt-out links within any marketing communications sent to you or by contacting us at dpo@itasworld.com at any time.

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example, relating to updates to our Terms and Conditions or checking that your contact details are correct.

Disclosure of your personal data to third parties

We may disclose personal data to the following categories of recipients:

  • to third-party suppliers, service providers and business partners where they are providing services to us, such as helping us to market, advertise or supply our products or services, for them to use for the purposes set out in this privacy policy. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, these third-party service providers may have their own privacy policies in respect of the information we are required to provide to them. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal data will be handled by them;
  • to a third party if ITAS or substantially all of our assets are acquired by that third party, in which case personal data held by us will be one of the transferred assets;
  • to any law enforcement body, regulatory, government agency, court or other third party where we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • to third parties (such as other companies and organisations) to protect our business, our clients or users, or others, and in order to enforce our rights or apply our terms of service or other agreements (including for the purposes of fraud protection and credit risk reduction); or
  • to any other person where you have consented to the disclosure.

If you are an employee or contractor, we may share your personal data with our clients as part of our efforts to win work and deliver our services to them.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Storage of your personal data

Your information is stored by a third-party provider on behalf of ITAS in the United Kingdom (“UK”), the European Economic Area (“EEA”), the United States of America and Canada.

International transfers of your personal data

We may transfer your personal data to service providers that carry out certain functions on our behalf (such as third-party data storage providers). This may involve transferring personal data outside the UK or EEA to countries which have laws that do not provide the same level of data protection as UK or EEA law.

Whenever we transfer your personal data out of the UK or EEA, we endeavour to ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

  • We will only transfer your personal data to countries that have been deemed by the UK or EEA to provide an adequate level of protection for personal data.
  • We may use specific standard contractual terms approved for use in the UK or EEA which give the transferred personal data the same protection as it has in the UK or EEA, namely the EU “Standard Contractual Clauses”, the UK “International Data Transfer Agreement” or the “UK Addendum”.

Your legal rights

ITAS takes your privacy very seriously and wants you to be aware of your rights, as follows:

  • you have the right to request (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
  • you have the right to have inaccurate personal data rectified, or completed if it is incomplete;
  • in certain situations, you have the right to have your personal data erased or transmitted directly to another company, where technically feasible;
  • where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time without impact to any data processing activities that have taken place before such withdrawal;
  • you have the right not to be subject to any decisions based solely on automated processing, including profiling, which has legal or other similarly significantly effects on you unless we have your consent, it is authorised by law or it is necessary for the performance of an agreement; and
  • in certain situations, you have the right to restrict or object to our processing of personal data regarding you.

Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you would like to exercise any of your rights, please send an email to the Data Protection Officer at dpo@itasworld.com.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We take steps to ensure that your information is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption or by using pseudonymisation in the case of credit card information on payment, we cannot guarantee the security of your information transmitted via the internet; any transmission is at your own risk.

We have appropriate technical and organisational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other individuals. We maintain these technical and organisational measures and will amend them from time to time to improve the overall security of our systems.

In addition, we limit access to your personal data to those employees and other third parties who have a business need to know.

We may, from time to time, include links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.

How long we keep your personal data

We retain your information for as long as it is necessary for the purposes for which it was collected and processed. Additionally, we retain data for the purposes of satisfying any legal, regulatory, accounting, finance, tax, reporting and insurance requirements after which we take steps to destroy or de-identify personal data when the information is no longer required for any purpose for which it may be used or disclosed by us and we are no longer required by law or regulation to retain the information. Please note that this will be assessed on a case-by-case basis.

After our agreement with you expires or terminates, or our relationship with you has otherwise ended, we may also store your information in an aggregated and anonymised format.

Complaints or queries

ITAS is committed to meeting the highest standards when collecting and using personal data. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

If you wish to make a complaint about the way in which we have processed your personal data, please contact our Data Protection Officer at dpo@itasworld.com, or alternatively use our “Contact Us” details on our Websites and we will endeavour to deal with your request.

You can also complain to the Information Commissioner’s Office, which is the UK’s independent regulator for data protection, if you are unhappy with how we have used your personal data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

Website: www.ico.org.uk.

Changes to this policy

We will generally notify you of any material changes to this privacy policy, through a notice provided via the Websites or otherwise supplied to you. However, you should look at this privacy policy regularly to check for any changes. We will also update the “Last Updated” date at the bottom of this policy, which reflects the effective date of such policy. Your continued engagement with us after the date of the updated policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop your engagement with us.

Request for further information

This field is for validation purposes and should be left unchanged.