Privacy Statement

This Privacy Statement explains how, when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Privacy Statement from time to time so please check this page or our website(s) occasionally to ensure that you’re happy with any changes. By using our website(s), you’re agreeing to be bound by this Privacy Statement. It is important that you read this privacy statement together with any other privacy notice or fair processing notice we may provide on specific occasion’s when we are collecting or processing personal data.
This Privacy statement supplements the other notices and is not intended to override them.

Our website(s) is not intended for use by those under 18 years of age, if you have any concerns regarding data collected from anyone under this age, please contact [email protected] so that it can be removed.

Please refer to the relevant cookie policy for information on what type of cookies are used on our website(s). Any questions regarding this Privacy Statement and our Fair Processing Notices should be sent by email to [email protected] or by writing to Holman Fleet Limited, Methuen Park, Chippenham, Wiltshire SN14 0GX.

Holman Fleet Limited is the world’s largest privately held family-owned fleet management company, and one of the UK’s largest independent funding and fleet management providers. Founded in 1948 by the Holman Automotive Group, and with offices in the UK, Germany, North America, Mexico and Canada, our global focus remains on family values with a passion for customer service and satisfaction.

Our parent company Holman are committed to investing in Holman UK for the long-term and our organisational principles have been designed to serve as a compass to navigate our future and ensure success for generations to come. These principles, named the ‘The Holman Way’, guarantee that our people are in a position to win, our company is focused and ready for what our customers need tomorrow, and that we can create raving fans and exceed our customers’ expectations again and again. By investing in our people, our processes and our technology, we can deliver real value to our customers by combining business insight and optimal lifecycle analysis, sustainable fleet practices, best-in-class services and high-powered technology to drive vehicle fleet efficiency up and costs down.

We deliver a fully outsourced fleet management solution, with services including finance lease vehicle funding, maintenance and accident management, compliance and driver risk management and more, providing our customers with a complete end-to-end solution that has transparency and cost control at its heart. This extensive range of services signifies our ability to deliver a uniquely tailored solution for each of our customers’ differing operational needs and strategic requirements. Available 24 hours a day and 365 days a year shows our commitment to supporting our customers and their drivers to reduce the administrative burden and simplify the processes associated with funding and fleet management.

a) Our website

Our websites are being hosted by our parent company Automotive Rentals, Inc. In New Jersey, USA (“t/a Holman”), acting as data processor in accordance with Art. 28 GDPR, on servers in the USA. In the USA the adequacy level of data protection is less than within GDPR. However, we have a Data transfer Agreement which contains the relevant security measures required, within the meaning of Article 46 GDPR.

We obtain information direct from forms on our website when you apply for a job, subscribe to our services, access Holman Insights or request marketing publications to be sent to you.

When you visit our websites, the web servers of our website temporarily store every access of your device in a log file. The following data is collected and stored until deletion:

• IP address of the requesting computer
• Date and time of access.
• Name and URL of the retrieved data.
• Transmitted amount of data
• Message if the retrieval was successful.
• Used browser, browser language and Browser version, operating system and information about the surface.
• Name of the Internet access provider
• Website from which access takes place (referrer-URL)

The processing of this data is for the following purposes:

• Enabling the use of the website (connection establishment)
• Administration of the network infrastructure
• Appropriate technical and organisational measures for IT system and information security taking into account the state of the art
• Ensure user-friendliness
• Optimisation of the Internet
• Marketing incl. direct mail (through the use of tracking devices), like the Pardot services

Legal basis for the above processing is:

• processing visits to the website referred to in above bullet points 1-2: Article 6 paragraph 1 letter b GDPR (fulfilment of the website usage contract relationship),
• for the processing referred to in bullet point 3: Article 6 (1) (c) of the GDPR (legal obligation to implement technical-organisational measures to safeguard data processing under Article 32 GDPR) and Article 6 (1) (f) GDPR (legitimate data processing interests for network and electronic data processing, Information Security) as well as for;
• processing referred to in above bullet points 4-6: Article 6 (1) (f) GDPR (legitimate interests). The legitimate interests of our data processing are to optimise our website and make it user-friendly. Within the legitimate interests, we can also deliver direct mail, and
• As part of the data processing for the purpose of advertising according to bullet point 6, we can also deliver personalised direct mail with the aid of tracking mechanisms. In this case, the legal basis is Article 6 (1) (a) GDPR (consent). Details can be found below in the section on web analysis using Pardot and Google Analytics (see below).

b) Newsletter

If you have expressly and voluntarily provided your consent, in accordance with Article 6 paragraph 1 letter a. of the GDPR (Consent to Use), we will use your e-mail address to send you our newsletter on a regular basis. For the receipt of the newsletter the indication of an e-mail address is sufficient.

You may unsubscribe from the newsletter at any time, via a link at the end of each newsletter. Alternatively, you can also request to unsubscribe at any time by emailing the Data Protection Officer [email protected] or [email protected]. Unsubscribing will also revoke your consent.

c) Use of the Contact Form

For inquiries we ask you to contact us via a form provided on the website. This requires an e-mail address. Other information, e.g. your name may be required. If you do not provide this information, we may not be able to respond to your inquiries.

The data processing for the purpose of contacting Holman takes place according to Article 6 paragraph 1 letter a GDPR (consent). The personal data collected by us via the contact form will be deleted after completion of the request or after completion of the business resulting from it.

d) No further processing activities

In addition to the aforementioned cases, personal data will not be processed unless you expressly provided consent in advance, for example to receive a newsletter or a product offer.

e) Use of Holman Driver Insights ®, the Holman Car configurator or the Holman Driver App

If you use our web applications “Holman Driver Insights ®, “Holman Car Configurator” or the “Holman Driver App”, then we collect and process for the purposes referenced above under paragraph a) our website, we collect the following additional personal data:

Holman Insights

• User (the person using Holman Insights)
  • Name
  • Email address
  • IP address
  • Date and time of access
  • Name and URL of the retrieved data
  • Transmitted amount of data
  • Message if the retrieval was successful
  • Browser, browser language, browser version, operating system, information about the display
  • Name of internet access provider
  • Website from which access takes place (referrer-URL)
• Driver Records (created or edited by the user)
  • Title
  • Name
  • Email address
  • Address (Home and Work)
  • Home phone number
  • Work phone number
  • Mobile phone number
  • Employee ID
  • Job Title
  • Job Grade
  • VIP / Executive flag
  • Hire Date
  • Termination Date
  • Driver’s Manager
  • Comments about a driver
  • Documentation about the driver
  • Assigned Vehicle including trade up contributions
  • Vehicle Location (usually an address)
  • Data fields defined by the user’s organisation (Homan’s Customer)
• Riskmaster Driver Records (created or edited by the user)
  • Driving licence number
  • Driver qualification card number
  • Tachograph card number
  • LGV expiry date
  • PCV expiry date
  • Tachograph card expiry date
  • Date of last company eye check
  • Notes about risk events
  • Decisions related to driver risk events
  • Driver training records
  • Driver negative encounters

Holman Driver Insights

• User / Driver (the user / driver using Holman Driver Insights)
  • Title
  • Name
  • Date of Birth
  • Home Email
  • Office Email
  • Home Phone
  • Office Phone
  • Mobile Number
  • Address (Home and Work)
  • IP address
  • GPS Location
  • Date and time of access
  • Name and URL of the retrieved data
  • Transmitted amount of data
  • Message if the retrieval was successful
  • Browser, browser language, browser version, operating system, information about the display
  • Name of internet access provider
  • Website from which access takes place (referrer-URL)
• Vehicle Ordering (records created or edited by the user)
  • Saved vehicle choices
  • Vehicle order including options
  • Estimated annual mileage (business and personal)
  • Address
  • Additional instructions / information
• Riskmaster Driver (the user/driver using Holman Driver Insights)
  • Driving licence number
  • Date of Birth
  • Address on driving licence
  • Employee Number
  • Types of vehicles driven
  • Estimated annual mileage (business and personal)
  • Maximum journey duration and distance
  • Date of last eye test
  • Confirmation that any relevant health conditions have been declared to the licensing authority
  • Additional driving qualifications (Expiry, Organisation, Qualification name)
  • Driver training results
  • Skills assessment results
  • Accidents (Date, Cost, Blame, Description)
  • Thefts from vehicle (Date, Description, Fault, Cost)
  • Motoring offences (Date, Conviction Date, Endorsement Code, Disqualification Period, Points on Licence)
  • Own vehicles (Registration, Make, Model, Type, Engine Capacity, Fuel Type, Colour, Registered country, Registration date, Current odometer, Insurance policy number, Insurer, Issued date, Expiry date, Class of
    insurance, Insurance cover)
  • Vehicle maintenance records (Date, Registration, Description, Cost)
  • Agreement documents have been read flag
  • Agreement to Riskmaster declaration statements flag
  • Nominated driver details (Title, Name, Relationship, Date of Birth, Home Email, Office Email, Address)

Holman Driver App (iOS, Andriod,Web)

• User / Driver (the user/driver using the Holman Driver App)
  • Email address
  • Vehicle registration
  • GPS Location
  • Notification read status
  • Notification confirmation status
  • Maintenance booking (issues with vehicle, workshop, preferred dates, vehicle location, odometer, delivery preference)
  • Maintenance booking cancellation request
  • Not my vehicle (Date of return, New driver, Last location)
  • Vehicle inspection (odometer, date, item status, safety issue defect, defect comment, photo of defect, roadworthiness)
  • Rectified defect (defects rectified, photo, signature of technician, technician name, technician role, technician workshop)
  • Emission zone record (date, zone)
  • Fuel card cancellation request
  • Odometer reading
  • Reallocation record (Reason, justification, job category, job skill, requested specification, comments)
  • Feedback (topic, type, satisfaction rating, comments, response required flag)
  • Parking fine (Photo of fine, photo of appeal evidence, reason for appeal)
  • CSAT feedback
  • Mobile device token
  • IP address
  • Date and time of access
  • Name and URL of the retrieved data
  • Transmitted amount of data
  • Message if the retrieval was successful
  • Website from which access takes place (referrer-URL)

The processing of this data is for the following purposes:

• Provision of fleet management services
• Monitor that the solution is operating correctly
• Help detect fraudulent and suspicious activity
• Identify the end-user as being logged into the solution
• Enable content to be delivered reliably and efficiently
• Help improve the solution by measuring any errors that occur
• Provide help and support to end-users

The legal basis for the above processing is:

• Article 6 paragraph 1 letter b GDPR (required for the fulfilment of a framework agreement for fleet management).
• Article 6 paragraph 1 letter b GDPR (fulfilment of the website usage contract relationship),
• Article 6 (1) (c) of the GDPR (legal obligation to implement technical-organisational measures to safeguard data processing under Article 32 GDPR) and Article 6 (1) (f) GDPR (legitimate data processing interests for network and electronic data processing, Information Security) as well as for;
• Article 6 (1) (f) GDPR (legitimate interests). The legitimate interests of our data processing are to optimise our website and make it user-friendly.

This data is processed for the following purpose:

• Provision of fleet management services in accordance with Framework contract (regarding Holman Insights ®, Holman Driver Insights ®, and / or the Holman vehicle configurator and/or the Holman Driver App)

Please see our cookie policies on the above website(s) for further details on managing your preferences.

The personal information we may collect for our fleet management services, might include:

• Driver licence details
• Personal contact details
• Employee details and other related records

Categories of data subject:

• Driver
• Drivers’ family
• Drivers line manager.
• Witnesses
• Passengers
• Third Parties
• Prospective clients
• Clients
• Recruitment candidates

We may use your information to provide the following services.

• Accident Management
• Commercial Vehicle Management
• Risk Management
• Fringe (BIK and Mileage capture)
• Licence Distribution
• Rental Management
• Roadside assistance
• Telematics
• Maintenance Management
• Tyre Management
• Vehicle Acquisitions (including funding)
• Vehicle Remarketing
• Violations
• Marketing purposes (if consent is provided)
• Recruitment

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract we hold with you or which governs your data, e.g. a contract with your employer.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the mandates for Riskmaster Program are held for 7 years).

For recruitment, we hold your application data on your personnel file if you are successful in your job application. Otherwise, data will be securely disposed 1 year after the application process in complete.

A transmission of your personal data to third parties, i.e. other natural or legal persons other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or processor to process the personal data shall only be used for the following purposes:

• You have given your express and voluntary consent under Article 6 (1) (a) GDPR,
• Disclosure is required under Article 6 (1) (b) of the GDPR with regard to the performance of contractual relationships with you, for example to suppliers or recipients of a good or service whom you have mentioned.
• There is a legal obligation for disclosure under Article 6 (1) (c) GDPR, for example to financial or law enforcement authorities.
• Disclosure is required under Article 6 (1) (f) GDPR to assert, exercise or defend legal claims, and there is no reason to believe that you have an overriding legitimate interest in not disclosing your information; such disclosure could be, for example, in the case of attacks on our IT systems, to state institutions and law enforcement agencies

The accuracy of your information is important to us. If the data we hold about you is inaccurate contact your employer, account manager or if you wish to make a Subject Access Request this can be done by emailing [email protected]

Subject Access Requests can cover any of the data subject rights below:

• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing.
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.

As part of the services offered to you, the information which you provide to us may be transferred our parent company in USA: Automotive Rentals, Inc., t/a Holman, a New Jersey, US corporation and affiliate of ARI (“ARI US”) under our Data Transfer Agreement containing the Standard Contractual Clauses and IDTA.

Job applications are transferred under appropriate safeguards (Standard Contractual Clauses and EU-US Data Privacy Framework) to our contracted supplier, Workday Inc. in the USA.

Please refer to our cookie policy for information on third party cookies

The security of your personal information is important to us. Holman is certified to ISO 27001 in US, Canada and UK.

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it, these standards include the use of encryption. If you have any questions about security on our web site, you can contact us at [email protected].

Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

David Hunt

Managing Director