This Privacy Statement explains how, when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Privacy Statement from time to time so please check this page or our website occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Privacy Statement. It is important that you read this privacy statement together with any other privacy notice or fair processing notice we may provide on specific occasion’s when we are collecting or processing personal data. This Privacy statement supplements the other notices and is not intended to override them.
Our website is not intended for use by those under 18 years of age, if you have any concerns regarding data collected from anyone under this age please contact DPO@arifleet.co.uk so that it can be removed.
Please refer to our cookie section for information on what type of cookies are used on our website.
Any questions regarding this Privacy Statement and our Fair Processing Notices should be sent by email to DPO@arifleet.co.uk or by writing to ARI Fleet UK, Methuen Park, Chippenham, Wiltshire SN14 0GX.
Who are we?
ARI is the world’s largest privately held family-owned fleet management company, and one of the UK’s largest independent funding and fleet management providers. Founded in 1948 by the Holman Automotive Group, and with offices in the UK, Germany, North America, Mexico and Canada, our global focus remains on family values with a passion for customer service and satisfaction.
Our parent company Holman are committed to investing in ARI for the long-term and our organisational principles have been designed to serve as a compass to navigate our future and ensure success for generations to come. These principles, named the ‘The Holman Way’, guarantee that our people are in a position to win, our company is focused and ready for what our customers need tomorrow, and that we can create raving fans and exceed our customers’ expectations again and again. By investing in our people, our processes and our technology we can deliver real value to our customers by combining business insight and optimal lifecycle analysis, sustainable fleet practices, best-in-class services and high-powered technology to drive vehicle fleet efficiency up and costs down.
We deliver a fully outsourced fleet management solution, with services including finance lease vehicle funding, maintenance and accident management, compliance and driver risk management and more, providing our customers with a complete end-to-end solution that has transparency and cost control at its heart. This extensive range of services signifies our ability to deliver a uniquely tailored solution for each of our customers’ differing operational needs and strategic requirements. Available 24 hours a day and 365 days a year shows our commitment to supporting our customers and their drivers to reduce the administrative burden and simplify the processes associated with funding and fleet management.
How do we collect information from you?
Our websites are being hosted by our parent company Automotive Rentals, Inc. In New Jersey, USA (“ARI US”), acting as data processor in accordance with Art. 28 GDPR, on servers in the USA. ARI US has subcontracted the hosting to Media Temple, Inc., 6060 Center Drive, 5th Floor, Los Angeles, CA 90045, USA. In the USA no adequate level of data protection is available within the meaning of GDPR. However, we have a Data transfer Agreement with ARI US which contains the standard data protection clauses, within the meaning of Article 46 GDPR.
We obtain information direct from forms on our website when you apply for a job, subscribe to our services, access ARI Insights or request marketing publications to be sent to you.
When you visit our websites, the web servers of our website temporarily store every access of your device in a log file. The following data is collected and stored until deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved data
- Transmitted amount of data
- Message if the retrieval was successful
- Used browser, browser language and Browser version, operating system and information about the surface
- Name of the Internet access provider
- Website from which access takes place (referrer-URL)
The processing of this data is for the following purposes:
- Enabling the use of the website (connection establishment)
- Administration of the network infrastructure
- Appropriate technical and organisational measures for IT system and information security taking into account the state of the art
- Ensure user-friendliness
- Optimisation of the Internet
- Marketing incl. direct mail (through the use of tracking devices), like the Pardot services
Legal basis for the above processing are:
- processing visits to the website referred to in above bullet points 1-2: Article 6 paragraph 1 letter b GDPR (fulfillment of the website usage contract relationship),
- for the processing referred to in bullet point 3: Article 6 (1) (c) of the GDPR (legal obligation to implement technical-organisational measures to safeguard data processing under Article 32 GDPR) and Article 6 (1) (f) GDPR (legitimate data processing interests for network and electronic data processing, Information Security) as well as for;
- processing referred to in above bullet points 4-6: Article 6 (1) (f) GDPR (legitimate interests). The legitimate interests of our data processing are to optimise our website and make it user-friendly. Within the legitimate interests, we can also deliver direct mail, and
- As part of the data processing for the purpose of advertising according to bullet point 6, we can also deliver personalised direct mail with the aid of tracking mechanisms. In this case, the legal basis is Article 6 (1) (a) GDPR (consent). Details can be found below in the section on web analysis using Pardot and Google Analytics (see below).
b) Use of ARI Driver Insights ® or the ARI Car configurator
If you use our web applications “ARI Driver Insights ® or “ARI Car Configurator”, then we collect and process for the purposes referenced above under paragraph a) our website, we collect the following additional personal data:
- Name of the user
- E-mail address of the user
- Mobile phone number
- Telephone number
- Private and employer address
- Location data (only ARI Driver Insights®)
This data is processed for the following purpose:
- Provision of fleet management services in accordance with Framework contract (regarding ARI Driver Insights ® and / or the ARI vehicle configurator)
- The legal basis for the above processing is:
- Article 6 paragraph 1 letter b GDPR (required for the fulfillment of a framework agreement for fleet management).
If you have expressly and voluntarily provided your consent, in accordance with Article 6 paragraph 1 letter a. of the GDPR (Consent to Use), we will use your e-mail address to send you our newsletter on a regular basis. For the receipt of the newsletter the indication of an e-mail address is sufficient.
You may unsubscribe from the newsletter at any time, via a link at the end of each newsletter. Alternatively, you can also request to unsubscribe at any time by emailing the Data Protection Officer DPO@arifleet.co.uk or Marketing@arifleet.co.uk. Unsubscribing will also revoke your consent
d) Use of the Contact Form
For inquiries we ask you to contact us via a form provided on the website. This requires an e-mail address. Other information, e.g. your name may be required. If you do not provide this information, we may not be able to respond to your inquiries.
The data processing for the purpose of contacting ARI takes place according to Article 6 paragraph 1 letter a GDPR (consent). The personal data collected by us via the contact form will be deleted after completion of the request or after completion of the business resulting from it.
e) No further processing activities
In addition to the aforementioned cases, personal data will not be processed unless you expressly provided consent in advance, for example to receive a newsletter or a product offer.
Please see our cookie section for further details on managing your preferences on the website.
What type of information is collected from you?
The personal information we may collect for our fleet management services, might include:
- Driver licence details
- Personal contact details
- Employee details and other related records
CATEGORIES OF DATA SUBJECT:
- Drivers family
- Drivers line manager
- Third Parties
- Prospective clients
- Recruitment candidates
How is your information used?
We may use your information to provide the following services
- Accident Management
- Commercial Vehicle Management
- Risk Management
- Fringe (BIK and Mileage capture)
- License Distribution
- Rental Management
- Roadside Assistance
- Maintenance Management
- Tyre Management
- Vehicle Acquisitions (including funding)
- Vehicle Remarketing
- Marketing purposes (if consent is provided)
How long is your information kept?
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract we hold with you or which governs your data, e.g. a contract with your employer.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the mandates for Riskmaster Program are held for 7 years).
For recruitment, we hold your application data on your personnel file if you are successful in your job application. Otherwise, data will be securely disposed 1 year after the application process in complete.
Who has access to your information?
A transmission of your personal data to third parties, i.e. other natural or legal persons other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or processor to process the personal data shall only be used for the following purposes:
- You have given your express and voluntary consent under Article 6 (1) (a) GDPR,
- Disclosure is required under Article 6 (1) (b) of the GDPR with regard to the performance of contractual relationships with you, for example to suppliers or recipients of a good or service whom you have mentioned.
- There is a legal obligation for disclosure under Article 6 (1) (c) GDPR, for example to financial or law enforcement authorities.
- Disclosure is required under Article 6 (1) (f) GDPR to assert, exercise or defend legal claims, and there is no reason to believe that you have an overriding legitimate interest in not disclosing your information; such disclosure could be, for example, in the case of attacks on our IT systems, to state institutions and law enforcement agencies
How you can access and update your information
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you via our Insights platform. In the meantime, if the data we hold about you is inaccurate contact your employer, account manager or if you wish to make a Subject Access Request this can be done by emailing DPO@arifleet.co.uk
Subject Access Requests can cover any of the data subject rights below:
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Transferring your information outside of the UK
As part of the services offered to you, the information which you provide to us may be transferred our parent company in USA : Automotive Rentals, Inc., t/a ARI, a New Jersey, US corporation and affiliate of ARI (“ARI US”) under our Data Transfer Agreement containing the Standard Contractual Clauses
Job applications are transferred under appropriate safeguards (Standard Contractual Clauses) to our contracted supplier, Workday Inc. in the USA.
Please refer to our cookie section for information on third party cookies
Security precautions in place to protect the loss, misuse or alteration of your information
The security of your personal information is important to us. ARI is certified to ISO 27001 in US, Canada and UK
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it, these standards include the use of encryption. If you have any questions about security on our web site, you can contact us at firstname.lastname@example.org.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
In addition, we also use tracking cookies that are stored in the web browser of your device for a defined period of time to optimise and ensure usability. If you visit our site again, it will automatically be recognised that you have already visited our web pages and what settings you have made in order not to have to make them again. Furthermore, we use tracking cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our service. These tracking cookies also enable us to automatically recognise your used device when visiting our site again.
You can also view our websites without cookies. However, most web browsers accept cookies automatically. You can set your web browser settings to prevent cookies from being saved, or you’ll always be warned before a new cookie is created. You can also delete cookies through your web browser. However, the deletion or deactivation of cookies may mean that you cannot use all the features of our website equally.
Our career-website can be found on the Holman-Enterprises USA-portal, which is being hosted by Workday Inc., 6110 Stoneridge Mall Road, Pleasanton, CA 94588, USA, On these sites necessary cookies as well as Google Analytics and JSESSIONID are being used, among other things, they enable the use of LinkedIn – Quick Apply function. Further information regarding Workday can be found at: https://www.workday.com/en-us/privacy.html
Web analysis via Pardot
We use the services of Pardot LLC (Member of the Salesforce-Group) with address 950 East Paces Ferry Rd. Suite 3300, Atlanta, GA 30326, , to distribute our newsletter and further mailings to manage marketing permissions and to analyse the use of our website by registered users and to optimise our website.
When you obtain a product or service from us, your email address will be transferred to Pardot so that we can send you information emails for similar goods or services in the future. The legal basis for this is Art. 6 Para. 1 (f) GDPR.
Pardot uses tracking cookies, as referenced in section 5 above. The information stored in the tracking cookie about your use of this website is transferred to a Pardot server in the USA and is being stored there. In the USA, there’s no adequate level of data protection, as referenced in GDPR, and no adequacy decision has been rendered. Pardot does use Binding Corporate Rules, in accordance with Sect. 47 GDPR. You can prevent the cookies storing by adjusting your browser settings accordingly.
On behalf of the operator of this website, Pardot uses this information to evaluate the use of the website by registered persons and to compile reports on website activity. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
Tracking pixels and how you can prevent them: We would like to point out that Pardot evaluates your user behavior on our behalf when sending the newsletter or other requested information. For this evaluation, the emails sent contain so-called web beacons, also known as tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behavior on a session-based basis. We record when you read our newsletters, which links you click in the newsletters and deduce from this your personal interests. The information collected in this way is saved by Pardot on its server in the USA.
Tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the tracking mentioned above takes place.
Further information regarding Pardot, its services and their data protection information can be found at: https://www.salesforce.com/eu/gdpr/pardot/ .
Google Analytics with anonymisation function
Our website uses Google Analytics, a web analysis service from Google Inc. (“Google”). A cookie (as already described above) is stored on your computer or mobile device in order to collect anonymised data about your visit to our website.
We use Google Analytics with the extension “anonymizeIp ()”. As a result, IP addresses are further processed in abbreviated form, so that personal references can be excluded.
The information stored in the cookie about your use of this website is transmitted to a Google server in the USA and stored there. Due to the IP anonymisation on this website, your IP address will be shortened beforehand. On our behalf, Google will use this information to anonymously evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet usage.
You can prevent the storage of cookies by setting your browser software accordingly.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google, by downloading and installing the browser plug-in available under the following link
You can also permanently object to the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following ink:
Information regarding this third party service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: https://marketingplatform.google.com/about/analytics/terms/gb/
Data Protection overview: Privacy & Terms – Google
On our websites, we also use social plug-ins from e.g. Google Inc., USA, Facebook, Twitter, Linked-In and You Tube, esp. integrated cards. These plug-ins are technically operated in the US or other countries outside the UK.
If you open a page of our website in your web browser that contains such a plug-in, your web browser will establish a direct connection to the provider’s servers in the respective country. By integrating the plug-ins, the provider at least receives the information that your web browser has visited a certain page of our website, possibly also other information revealed by your web browser or your used device. The content of the plug-in is downloaded from your web browser directly from the provider and integrated into our website. If you are registered and / or logged in with the provider in question, your visit can also be assigned to your user account. If you interact with a plug-in, for example, to get directions, this information is also transmitted from your web browser directly to the provider and stored there and, if necessary, continue to use. Purpose and scope of the described data collection and use are Marketing measures of the provider.
You can contact us by writing at the address below:
4001 Leadenhall Road
Mount Laurel NJ 08054
Or at the following address:
Data Protection Officer
ARI Fleet UK
Chippenham, Wiltshire SN14 0GX
Or emailing: DPO@arifleet.co.uk
If you wish to make a complaint or report a concern regarding the handling of your personal data you may do so by contacting DPO@arifleet.co.uk or through the Information Commissioners Office information Commissioners office.
Review of this Privacy Statement
We keep this Privacy Statement under regular review. This Privacy Statement was last updated 15 April 2021.
Should individual provisions of this data privacy statement be or become ineffective or unenforceable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the case of gaps.