Skip to main content

Which Company is Covered by this Policy

Alphabet (GB) Limited is covered by this policy and will be referred to throughout this policy as Alphabet.  References to “us,” “our” or “we” are references to Alphabet. Alphabet (GB) Limited is registered at:

 

Alphabet House
Summit Avenue
Farnborough
Hampshire
GU14 0FB

 

Alphabet (GB) Limited is authorised and regulated by the Financial Conduct Authority for the purpose of consumer credit business.

Alphabet is a leading provider of business mobility. 

 

Alphabet is a financial services company which provides regulated and unregulated motor finance products (e.g. Credit Sale, Hire Purchase, Personal Contract Purchase, Contract Hire, Salary Sacrifice) and services to customers through Retailers of BMW Group and non BMW Group motor dealerships, independent credit brokers and directly to corporate customers.

 

Alphabet also provides mobility services, fleet funding and fleet management.

Alphabet is responsible for, and is the Data Controller of, your personal information that it receives via Alphabet.co.uk, Alphabet Connect accounts, from Retailers, Brokers, Partners and Customers.  Alphabet is also the Data Controller of the information which is used to grant and provide finance to you.

 

BMW AG is the parent company of the BMW Group UK (including Alphabet) and provides much of the IT infrastructure to Alphabet in its capacity as a service provider or Data Processor in relation to the information you provide to us.

 

Retailers, Brokers, Partners and Corporate Customers are Data Controllers in relation to the information they process for their own purposes.

 

If you have any queries regarding the use of your information by these companies you can either contact them directly or visit the privacy policy on their website.

 

Click here for the contact details of Alphabet’s Data Protection Officer.

We may modify or update this privacy policy from time to time, we recommend that you regularly visit this page, and always in the event if you provide Alphabet with your personal data. 

 

Where changes to this privacy policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have under local law (e.g. you have the right to access the information we hold about you).

How we collect your personal information

These are the main ways we collect your information.

 

  • If you contact us directly via our websites or via our customer hotlines to request information about our products and services. 
  • If you buy a product or service directly from us.
  • If you buy a product or service from us via the Broker channel, or from one of our Partners or Retailers.
  • If you reply to our direct marketing campaigns (e.g. filling out a response card).
  • If, with your permission where necessary, your contact details are passed to us by a Retailer, Partner or other third party.
  • If you enter a competition or promotion.
  • When you report a problem with our website.
  • When you contact us or we contact you, we may keep a record of that correspondence (e.g. telephone calls and written communication).
  • We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • If, with your permission where necessary, other BMW Group legal entities or business partners transfer your personal data to us.
  • From third party suppliers with whom we have a contract to supply services.
  • If we acquired your personal data from other sources (such as private companies or institutions, public registers, social media sites).

 

If you authorise someone to manage your account/information, or on your behalf, you must ensure that they have been provided with this Privacy Policy before doing so.

 

Please help us to keep your information up to date by informing us of any changes to your contact details or marketing preferences.  

 

You may review or change your preferences. Read the 'How to change your privacy preferences' section detailed below for information on how to do this. 

What information may be collected about you

The following types of information about you may be collected:

 

Contact Details ►

  • Name
  • Address
  • Phone numbers
  • Email address

 

 

Interests ►

  • Information you provide us about your interests
  • Including the type of vehicles you are interested in.

 

 

Website and Communication Usage ►

  • How you use our website and whether you open or forward our communications, including information collected through cookies and other tracking technologies (click here for our Cookies Policy for further details).
  • Details of transactions you carry out through our site and of the fulfilment of your orders

 

Sales and Services Information ►

  • Relating to purchases and services, including complaints and claims.

 

 

Credit and Anti-Fraud Information ►

  • Information which establishes your identity, such as driving licences, passports and utility bills
  • Information about transactions, requests for credit and non-payment of debts with us and third parties and credit ratings from credit reference agencies
  • Fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included.
  • Employment history and information
  • Your date of birth
  • Bank details
  • Financial transactions
  • Alphabet may also ask you to provide information about your health if it becomes aware of a condition that might affect your ability to repay the finance without difficulty.

 

 

Device and Service Usage ►

  • How you use your device (mobile or vehicle) and services offered on the device.

 

 

Vehicle Technical Information ►

  • About how the engine and systems within the vehicle perform and servicing notifications.

 

Vehicle / Device Location Information ►

  • Your vehicle’s or mobile device’s location and vehicle mileage data. If you have chosen services that disclose your location or the location of your vehicle, we take the confidentiality of that information very seriously. 

The following safeguards are applied to Location Information (including information accessed as part of the vehicle service process): 

 

·    It is only kept for as long as necessary to fulfil the service or to enforce our rights under the finance agreement, for example, if you have an agreement with us we may need to locate the vehicle if you fail to return the vehicle to us when required or to remind you of your maximum mileage allowance to help prevent excess mileage charges. 

 

·    It is only obtained or accessed in that form where necessary to provide the service requested or where we are obliged to retain and/or provide the information by law (and where we are required to provide the information to law enforcement or any other third party, we will - notify you unless to do so would prejudice the prevention or detection of a crime or we are not permitted to do so).

 

·    Vehicle Location Information and Device Location Information are not linked unless necessary to provide the service requested.

 

·    Any other use of Location Information for analytics purposes will be undertaken on irreversibly anonymised data.

 

We and BMW AG will have access to Device Location Information through the services they provide (e.g. ConnectedDrive).

 

 

You will have been provided with a detailed description of the Location Information obtained to provide a Location Information dependent service when you initially purchased the vehicle or activated or configured the service or application (e.g. ConnectedDrive or Connected App). You can control whether we continue to hold or collect that information through the vehicle, service or application (e.g ConnectedDrive) so future location information ceases to be collected. Please note that we may not be able to provide certain features of our services to you if you limit the collection of your Location Information. 

How your personal information is used

Use of personal information under the data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy.  An explanation of the scope of the grounds available can be found in the ‘use of your information’ section in your finance agreement.

The main uses of your information are:

To assess your eligibility for finance, to comply with legal obligations and for legitimate interests. Eg. to ensure that Alphabet offers the most appropriate offers of finance to you, to ensure that the services function correctly, to prevent fraud and money laundering and to ensure that your records are accurate and up to date.

 

When you apply for finance from Alphabet you must provide certain personal information.  Alphabet will share the information with Credit Reference and Fraud Prevention Agencies to help us decide whether to offer you finance. Using information about you in this way is necessary for Alphabet to make this decision and if you do not provide it Alphabet may not be able to offer you finance. Your information will be used by Alphabet and these agencies as follows:

  • Alphabet will check records about you and others held by them and by Credit Reference and Fraud Prevention agencies, for example to assess your application for credit and verify identities to prevent and detect crime and money laundering. The Credit Reference Agencies will place a search footprint on your credit file that may be seen by other lenders. They will supply public information (for example information held on the electoral register) as well as shared credit and fraud prevention information. The Fraud Prevention Agencies will use your personal information to prevent fraud and money-laundering and to verify your identity.
  • If you are making a joint application, e.g., if you advise Alphabet of a director or that you have a spouse or financial associate, they will link your records together so you must be sure that you have their agreement to disclose information about them. Credit Reference Agencies also link your records together and these links will remain on your and their files until such a time as you, a director or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.
  • If you give Alphabet false or inaccurate information or Alphabet suspects or identifies fraud, it will record this and may also pass on the information to Fraud Prevention Agencies and other organisations involved in crime prevention. Law enforcement agencies may also access and use this information. If fraud is detected, you could be refused certain services, finance or employment.
  • Alphabet and other organisations may access and use from other countries the information recorded by Fraud Prevention Agencies, which may be publicly-available sources.
  • Your data may also be used for other purposes for which you give your permission or, in limited circumstances, when required by law or where permitted under the terms of relevant data protection and privacy law.

 

If you would like full details about how your information will be used by us, Credit Reference Agencies and Fraud Prevention Agencies, including details of your rights in relation to your information, or you would like to obtain contact details of the Credit Reference and Fraud Prevention Agencies, please: visit www.experian.co.uk/crain or www.onfido.com/privacy.  We may also provide your information to the following fraud prevention agencies to prevent or detect fraud and money laundering, and to verify your identity: National Hunter Limited, PO Box 4744, Stone, ST15 9FE, https://nhunter.co.uk/privacy-policy and  https://nhunter.co.uk/; CIFAS, 6th Floor, Lynton House, Tavistock Square, London, WC1H 9LT, https://www.cifas.org.uk/website-privacy-notice and https://www.cifas.org.uk/. If you give us false or inaccurate information or we suspect or identify fraud, we will record this and may also pass this information to our Group Companies, fraud prevention agencies and other organisations involved in fraud prevention to detect, investigate and prevent crime. Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years.  A record of any fraud or money laundering risk will be retained by the Fraud Prevention Agencies, and may result in others refusing to provide services or financing to you.  If you have any questions about this, please contact the Fraud Prevention Agencies on the details above.

 

Alphabet uses automated decision-making tools to help it to decide whether to offer you finance. Based on the information you provide us, we will compare this against different metrics to determine whether you meet the eligibility criteria for finance or to determine whether you will be able to make repayments on a vehicle without difficulty.  If your application for finance is rejected using automated means alone, you will be given the opportunity to ask for the decision to be reviewed manually. This does not mean that the decision will be changed.

 

Alphabet will also use your personal information to manage the contractual obligations and to enforce its rights under the finance agreement. Full details of how Alphabet processes your personal information is set out in the “Use of Your Information” clause in your finance agreement.

  1. To respond to enquiries and to bring you news and offers.

     

    Alphabet uses your personal data for customer care and for personalised communication of Alphabet's product and service information, where necessary with your consent.   For example, Alphabet will have a legitimate interest in passing on your contact details and your agreement details (term, monthly payment, rate, mileage, final payment, and agreement number and vehicle details) to authorised Alphabet Retailers and Partners to discuss your end of contract options or, if you have given us your consent, to tell you about other products and services that may interest you.  Alphabet may also pass on your contact details to other BMW Group companies and other third parties that we select to provide our products and services for marketing purposes.  We will only pass on your details to third parties for marketing purposes if we have your consent to do so.

     

  2. To support the management of customer interactions and enable us to manage enquiries more effectively, we may use technologies such as artificial intelligence (AI). In doing so, the AI used may process personal data, in particular the following data categories:

     

    - Communication contents (e.g. voice and chat interactions)
    - Contact details related to your inquiry

     

    Fully automated decisions as outlined and described in GDPR Article 22 are not made, as they would have legal consequences or have a significant impact on our customers.

To process your sale, configure and service your vehicle.

 

Alphabet will obtain contact details, vehicle configuration details, vehicle technical information and sales and services information when you service or repair a vehicle with them as part of the contract or service.  They will use the information you give them to provide the services you request and to notify you of any issues in relation to your vehicle.  This information may be accessed by Alphabet and its service partners to troubleshoot technical or other issues relating to the delivery of these services.

To provide digital services in the vehicle.

 

Where you use a connected drive in your vehicle the vehicle manufacturer receives Contact Information, Vehicle Location Information as well as Device and Service Usage Information which they use in accordance with the detailed service descriptions for each element of the services set out in the relevant privacy policy.  The detailed service descriptions also set out any disclosures to third parties.

 

Where you use a third party application, for example Spotify in conjunction with an in car entertainment system, you will be presented with their terms of service and privacy policy before you are able to use that application.  The operator of that third party application will be the data controller of any of your information that is accessed or input through that application.  It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application.  We are not responsible for that use.

To provide digital services relating to the vehicle through a mobile device.

 

Where you use a connected App the vehicle manufacturer will obtain Contact Information, Device and Vehicle Location Information as well as Device and Service Usage Information through the provision of the Connected App.  You will be presented with the Connected App terms of service and privacy policy before you use the Connected App.  The operator of the Connected App will be the data controller of any of your information that is obtained.  It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application. We are not responsible for that use.

 

Where you use a third party application within the Connected App, for example Amazon Echo or Spotify, you will be presented with their terms of service and privacy policy before you are able to use that application.  The operator of that third party application will be the data controller of any of your information that is accessed or input through that application.  It will set out how it uses your information in its privacy policy and other notices as well as consents that it provides or obtains through the application. We are not responsible for that use.

A tool to conduct comprehensive assessments of your fleet’s emissions to develop strategic initiatives designed to reduce environmental impact and to support your regulatory reporting obligations.

 

The tool uses your user log-in information but does not handle any further personal data.  No vehicle registration numbers or driver details exist in the tool.

To improve our products and services, including digital tools.

 

Alphabet may use any of the information that it receives through the provision of services for product and service quality assurance and development purposes.  Before any such use is undertaken your information will be anonymised so it cannot be directly linked back to you.

 

If you respond to a customer survey, we will use your personal information for internal research purposes only. If we do this we may not anonymise your information.

To comply with our legal obligations to law enforcement, regulators and the court service.

 

We may be legally required to provide your information to law enforcement agencies, regulators, insurers and courts and third party litigants in connection with proceedings or investigations anywhere in the world.  Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Alphabet may transfer your personal information to a third party if it is in its legitimate interest or if there is a contractual obligation to do so.  For example, Alphabet may pass on your contact and agreement details (term, monthly payment, rate, mileage, final payment, and agreement number and vehicle details) to a supplier to service your vehicle or to a debt recovery agent if you fail to make the payments due under your finance agreement or to a vehicle recovery agency to collect your vehicle at the end of your agreement.  Full details of how Alphabet uses and shares your personal information are set out in the “Use of Your Information” clause in your finance agreement.

Alphabet provides Fleet Reporting as a contracted service to our customers.

 

Alphabet will use your contact data (e.g., your first and last name, and email address) for identity and access management for Fleet Reporting services, to ensure that only authorised persons will have access to your fleet management data.


When you choose to interact with our Alphabet AI based digital Assistant, the following personal data may be processed to improve your user experience by simplifying your report-building and for Alphabet to optimisze the operation and performance of the Assistant:

 

  • User query input: Your submitted prompt, which could include, e.g., driver name, customer cost centre, contract number, customer employee number, VIN, etc.
  • Result storage: Your prompt history and validated search results  will be saved anonymously for future reference and to improve our AI Assistant’s performance.
  • User feedback: You can rate the quality of the answer which is recorded anonymously to further refine the AI Assistant’s accuracy and effectiveness.

 

Additionally, the following personal data may be included in the existing fleet reporting data, used for providing you with the requested information through the AI based Assistant.

 

  • Contract Data (e.g., Customer name and ID, driver’s full name, Alphabet contract number, lease asset details (like make/model, engine, fuel type, etc.), contracted lead   time and mileage, CO2 emissions, IFRS 16 required data)
  • Account Data (e.g., Customer cost centre, customer employee number, vehicle identification number, license plate)
  • Customer Transaction Data (e.g., Actual mileage including deviations, expected contract expiration, fuel consumption (expected versus actual), fines statistics, damage statistics, service & maintenance, repairs, and tyre transactions) 

How we keep your personal information safe

We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information.

 

Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:

 

  • Secure work areas
  • Information and data protection training for all staff
  • Tightly restricted personal access to your data on a “need to know” basis and for specified purposes only
  • Transfer of collected data only in encrypted form
  • Firewalled IT systems to prohibit unauthorised access e.g. from hackers

 

If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget that it is your responsibility to keep this password confidential.  We ask you not to share your password with anyone.

How long we keep your personal information for

We retain your information only as long as is necessary for the purpose for which we obtained it and any other permitted linked purposes.  If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

 

Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.

 

Use for marketing:
If we have obtained your consent to market our products and services to you we retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. For example, if you have obtained finance for the purchase of a vehicle through us, we will retain your personal data for the life of your finance product, so that towards the end of that period we can get in touch with you about your options at the end of the finance term. Further information can be found below on retention of your data, depending on the circumstances in which your data is collected. Please note that you may withdraw that consent at any time, by contacting us here.  If you do so, we will not send you any marketing information.

 

Use to provide a quotation:
In relation to your information used to provide a quotation for finance or vehicle purchase we may retain that data for 12 months following the quote where a legal contract is not entered into.

 

Use to perform a contract:
In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus 7 years to deal with any queries or claims thereafter.

 

ConnectedDrive and Connected App:
Retention periods for Vehicle Location Information and Device Information in relation to each service are provided in the relevant service descriptions.

 

Fleet Reporting tool:
Your personal data used for identity and access management will be kept as long as it is required to provide you access to our Fleet Reporting tool. Your user input (prompt) and AI Assistant responses are only stored during an active session.


Where claims are contemplated:
In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you or a third party, we may retain that data for as long as that claim could be pursued.

Who we share your personal information with

Alphabet, as part of the BMW Group, is a global company.  Your personal information may be accessed by our staff, agents or contractors from a country outside the United Kingdom (UK) or European Economic Area (EEA) for any of the purposes set out above.

 

Certain countries outside of the UK and EEA, such as Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required.  In countries which have not had such approval, we will transfer it subject to ensuring that appropriate legal safeguards, such as Standard Contractual Clauses (SCC’s)are in place, unless we are permitted under applicable data protection law to make such transfers without such formalities.

 

Alphabet will share your contract information with other Group Companies other than as specifically mentioned in this Privacy Policy or the Use of Information clause in the finance agreement. Please also see Transfer to 3rd Parties under the section “How your personal information is used”.  

 

Please contact us if you would like to see a copy of the specific safeguards applied to the export of your information outside the UK or EEA.

How to change your privacy preferences

You can change your preferences in relation to how Alphabet use your information by contacting us.  We cannot change preferences in respect of a Retailer or Partner’s use of information you have provided to them.  You must contact your Retailer or Partner directly in respect of any such changes or questions relating to their use of your information.

Contacting us, your data protection rights and your right to complain to the ICO

If you have any questions in relation to our use of your information you should first contact our customer support team by email: admin.support@alphabet.co.uk, or telephone: 0370 5050 100, or by writing to our Data Protection Officer via email at DataPrivacyOfficer@bmwfin.com or at the following address:

 

Alphabet (GB) Limited, Data Protection Officer, Alphabet House, Summit Avenue, Farnborough, Hampshire, GU14 0FB

 

Under certain conditions you have the right to require us to:

 

  • provide you with further detail on the use we make of your information
  • provide you with a copy of your information
  • update any inaccuracies in the information we hold about you
  • delete any information about you that we no longer have a lawful ground to use
  • remove you from any direct marketing lists when you object or withdraw your consent
  • provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability)
  • restrict our use of your personal information
  • cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.

 

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third parties.

 

If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office:

 

In Writing:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

By Telephone: 0303 123 1113
By Email: icocasework@ico.org.uk
Website: https://ico.org.uk/make-a-complaint/