Privacy Policy

Privacy Notice

I.M. Group Privacy Notice

Last updated December 2019.

This is the Privacy Notice made on behalf of the following companies which are members of the I.M. Group:


Name of Entity



ICO Registration

I.M. Group Limited England Parent ZA064998
I.M. Facilities Limited England Automotive ZA064848
International Motors Limited England Automotive ZA064994
Subaru (UK) Limited England Automotive ZA064991
Isuzu (UK) Limited England Automotive ZA064988
I.M. Parts and Service Limited England Automotive ZA064937
Daihatsu Vehicle Distributors Limited England Automotive ZA064936
I.M. Trade Assist Limited England Automotive Z9070441
Great Wall Motor Distributors (UK) Limited England Automotive ZA064932
I.M. Insurance Limited Guernsey Automotive ZA064925
International Motors Finance Limited (49%) England Automotive Z5090378
I.M. Automotive Limited Ireland Automotive ZA064929
I.M. European Motors Limited Ireland Automotive N/A
I.M. Properties PLC England Property Z6543744
I.M. Properties (Coleshill) Limited England Property Z6543835
I.M. Properties Development Limited England Property Z6543749
I.M. Properties Finance Limited England Property Z9790240
Spitfire Bespoke Homes Limited England Property ZA237204

I.M Properties (Bvp 1) Limited

England Property


I.M Properties (Mell Square 1) Limited 

England Property



(hereinafter “the I.M. Companies”)


Identity and contact details of the data controller / DPO
Kevin Cahill
Data Protection Officer
Telephone: 0121 730 8079

I.M. Group Ltd
The Gate
International Drive
West Midlands
B90 4WA

What Information do we collect?
The I.M. Companies operate in various different markets including mainly Automotive and Property. As a generality, we hold basic personal details about our customers’ and prospective customers’ contact details and address (as well as sometimes telephone numbers, date of birth, gender and marital status) so that we can communicate with them when necessary. Very occasionally, we also hold details of our customers financial arrangements where there is a business-related need for us to do so. From time to time we also hold marketing and analytical data, relating to our customers including history of those communications, whether our customers open them or click on links, and information about products or services we think our customers may be interested in, and analytical data to help target offers to our customers that we think are of interest or of relevance. (This may include insights about customers or potential customers gained from analysis or profiling of customers). We also hold electronic copies of our correspondence sent to or received from our customers and any contractors and suppliers who work with us. This correspondence is primarily in email format. Our Automotive businesses hold extensive data relating to the vehicles owned by customers who purchased them from a member of our nationwide dealer networks. (“The Personal Data”)

How do we collect Personal Data?
We use a variety of sources including:-

information about you that you give to us by entering information via our websites or our social media pages or by corresponding with us by phone, email or otherwise. The information you give to us includes your name, contact details (such as phone number, email address and address), enquiry details and your opinion of our products;
we may automatically collect the following Personal Data: our web servers store as standard details of your browser and operating system, the website from which you visit our websites, the pages that you visit on our websites, the date of your visit, and, for security reasons, e.g. to identify attacks on our websites, the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see our Cookies Policy for further information;
we may also collect Personal Data which you allow to be shared that is part of your public profile on a third-party social network;
we may obtain certain Personal Data about you from sources outside our business which may include our dealer networks or other third-party companies, such as estate agents.
How will your information be used?
The I.M. Companies will only use the Personal Data for the benefit of its customers or for some other lawful purpose. For example, we may use your Personal Data:

for analysis, and profiling to inform our marketing strategy, and to enhance and personalise your customer or visitor experience;
for market research in order to continually improve the products and services that we and our authorised dealers and agents deliver to you;
to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes;
for marketing activities e.g. to tailor marketing communications or send targeted marketing messages via social media and other third-party platforms;
for client entertainment (including staff parties and dealer conference, or similar events);
to ask you to provide your opinion or participate in surveys about our vehicles, products services, and dealerships;
for the prevention of fraud and other criminal activities;
to undertake credit checks for finance;
to correspond and communicate with you;
to create a better understanding of you as a customer or visitor;
for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
for the purposes of corporate restructure or reorganisation or sale of our business or assets;
for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
for general administration including managing your queries, complaints, or claims, and to send service messages to you.
for direct marketing communications and related profiling to help us to offer our customers relevant products and service, including deciding whether or not to offer our customers certain products and service. We’ll send marketing to our customers by SMS, email, phone, post, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services as well as to any other offers and advice we think may be of interest
to provide personalised content and services to our customers, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show our customers on our digital channels
In particular, it will never sell the Personal Data to a third party. We will only pass the Personal Data to third parties where there is a business driven need to do so and where we have an Article 28 Agreement in place with them.

Our legal basis for processing your data
Where we do not have your consent pursuant to Article 6 1. (a) of GDPR, we always have a legitimate interest pursuant to Article 6 1. (f). In addition, or alternatively from time to time we process Personal Data pursuant to lawful bases contained in other provisions of Article 6 such as the performance of a contractual obligation.

Consent: there may be circumstances where we hold Personal Data with your consent, such as when you provide it to us through online forms or an Events registration system.
Contractual Obligations: we often have a duty to process Personal Data as part of a contractual obligation. In these circumstances we will only retain Personal Data for as long as is necessary to fulfil that obligation.
Legitimate Interest: to enable us to carry on our various businesses we inevitably need to process Personal Data in a vast variety of situations. Where we rely on Legitimate Interest we will always carry out, beforehand, a Legitimate Interest Assessment to ensure that our use of Personal Data does not exceed that which is strictly necessary to perform the job in hand, nor that it unnecessarily infringes the rights and expectation of privacy of the Data Subject.
Some Examples: in some cases, we may have multiple legal bases for processing your data. For example, if we need to notify vehicle owners of a safety recall campaign initiated by the manufacturer, we may need to contact all current vehicle owners which will include not only our direct customers but also people who purchased their vehicle second hand. Accordingly, we have to obtain a list of all current keepers from DVLA and use it to contact the current keepers so as to direct them to their nearest authorised dealer
Whatever the legal basis upon which our processing rests we always aim to practise data minimisation so as to ensure that we only hold that Personal Data which is necessary for the task in hand and that we only retain that data for as long as necessary to fulfil our legal obligation or legitimate business interest. We never transfer Personal Data to third parties unless we have a proper reason for doing so and where we have an Article 28 agreement (or equivalent) in place. Privacy by Design is the principle we follow whenever we gather, use or process Personal Data.
Legitimate Interest is also the basis of some of our Direct Marketing communications and related profiling to help us to offer our customers relevant products and services, including deciding whether or not to offer our customers certain products and services. We will send marketing to our customers by SMS, email, phone, post and social media and digital channels for example, using Facebook Custom Audiences and Google Custom Match. (In some cases, however, we will also have consent of our customers for direct marketing communications).
Who receives your information
As well as the I.M. Companies, we often share the Personal Data with third parties who carry out processing on our behalf pursuant to the terms of an Article 28 agreement. Such processing is necessary for the I.M. Companies to do their job properly and to service the needs of its customers throughout its various businesses. As a generality, such third parties fall into the following main categories:

Car Dealerships within our dealer networks
Roadside Assistance Providers (e.g. AA and RAC)
Holders of the Vehicle Safety Recall Databases (e.g. SMMT and SIMI)
Insurance Companies
Accident Management and Repair Service Providers
Estate Agents
Fraud Prevention Agencies
Credit References
Agents and Advisers who we use to help us carry out our business
Where your information is stored and how it is kept secure
On our secure computer systems and in some cases in hard form in our offices or in our onsite storage facility. We have invested in state of the art technical and organisational security measures to safeguard the Personal Data.

Transfers to third countries and safeguards in place
The I.M. Companies operate in the following countries:

UK, Guernsey
Republic of Ireland
Sweden, Denmark, Finland, Estonia, Lithuania and Latvia
People’s Republic of China
United States
Generally, we are unlikely to transfer your Personal Data outside the EEA. We will only send your data outside of the European Economic Area (‘EEA’) to:

Follow your instructions.
Comply with a legal duty.
Work with our agents and advisers (including vehicle manufacturers) who we use to help run our businesses.
If we do transfer Personal Data to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.

Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.

Transfer it to Organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.

How long your information will be held
If we collect your Personal Data, the length of time we retain it is determined by a number of factors including the purpose for which we use that data and our obligations under other laws.

We do not retain Personal Data in an identifiable format for longer than is necessary.

We may need your Personal Data to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in How will your information be used? in paragraph 4 above.

The only exceptions to this are where:

the law requires us to hold your Personal Data for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this paragraph, or because we are required under the law (see further Erasing your Personal Data or restricting its processing in paragraph 12) below;
and in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
We may use your Personal Data to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.

The Personal Data we have for you is made up of what you tell us, and data we collect when you buy one of our products from us or one of our dealers. We may also collect digital data relating to your web browsing and your interactions with our marketing emails.

We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

We can only use your Personal Data to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right.

You can ask us to stop sending you marketing messages by contacting us at any time.

Whatever you choose, you’ll still receive details of product recalls, and other important information.

We may ask you to confirm or update your choices. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

If you change your mind you can update your choices at any time by contacting us or by utilising our Automotive Preference Centre.

We may use our customers’ home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to our customers’ marketing preferences.

‘Cookies’ are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit. These help us understand how you use our websites so that we can customise our marketing for you. It may also save you from having to re-enter information when you return to our websites. We will however, only ever use cookies when we have your permission to do so.

For more information on how the I.M. Group companies use ‘cookies’ see our Cookie Policy by visiting our websites and clicking on the “Cookie Policy” link.

Your rights as a Data Subject
a)     Your ‘data subject’ rights:
You have a number of rights in relation to your Personal Data under GDPR. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your Personal Data. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.

b)     Accessing your Personal Data
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address in paragraph 1 of this privacy notice. We may not provide you with a copy of your Personal Data if this concerns other individuals or we have another lawful reason to withhold that information.

c)     Correcting and updating your Personal Data
The accuracy of your personal data is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us.

d)     Withdrawing your consent
Where we rely on your consent as the legal basis for processing your Personal Data, as set out in paragraph 4 above, you may withdraw your consent at any time by contacting us using the details in paragraph 1 of the privacy notice.

e)     Objecting to our use of your Personal Data and automated decisions made about you.
Where we rely on our legitimate business interests as the legal basis for processing your Personal Data for any purpose(s), as outlined under paragraph 5, you may object to us using your Personal Data for these purposes by emailing or writing to us at the address in paragraph 1 of this privacy notice. Except for the purposes for which we are sure we can continue to process your Personal Data, we will temporarily stop processing your Personal Data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

You may object to us using your Personal Data for direct marketing purposes and we will automatically comply with your request.

f)      Erasing your Personal Data or restricting its processing
In certain circumstances, you may ask for your Personal Data to be removed from our systems by emailing or writing to us at the address in paragraph 1 of this privacy notice. Unless there is a reason that the law allows us to use your Personal Data for longer, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your Personal Data in the following situations:

where you believe it is unlawful for us to do so,
you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your Personal Data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

g)     Transferring your Personal Data in a structured data file
Where we rely on your consent as the legal basis for processing your Personal Data or need to process it in connection with your contract, as set out under paragraph 5 above, you may ask us to provide you with a copy of that information in a structured data file. We will endeavour to provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.


How to make a complaint to us and our supervisory authority
You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your Personal Data. Please visit the ICO’s website for further details.