This is the Privacy Statement of DAF Distributors Ireland Limited (“DDI”). In this statement we use the
terms “we”, “our” and “us” to refer to DDI.
The purpose of this Privacy Statement is to outline DDI position concerning the collection, use, retention, disclosure, and transfer of Personal Data which is gathered and processed by DDI. This Privacy Statement also sets out the DDI information management practices.
DDI respects the privacy of all those individuals whose Personal Data it encounters, which in particular includes the following:
a) All users of the DDI Website, Social Media Pages or Apps;
b) DDI employees and contractors (including applicants for employment with DDI);
c) All members (including former employees) of DDI on sponsored pension schemes;
d) DDI business contacts and suppliers;
e) All Customers or prospective customers of DDI.
For each of these categories of individuals, this Privacy Statement will explain why DDI collects and how DDI uses the Personal Data it collects. DDI will ensure that it keeps all Personal Data provided to it in accordance with DDI obligations under applicable data protection laws. DDI will update this Privacy Statement from time to time to reflect any material changes in technology, legislation or DDI data use practices which may materially affect the way in which DDI processes Personal Data.
This is not an exhaustive statement of all DDI data protection practices and DDI may apply specific policies within certain environments. DDI might include a separate privacy notice at the point of capturing data on a new service and any specific consents obtained or information provided in this way will apply specifically to that service and will supplement this Statement.
1. What is Personal Data?
Personal Data is any information relating to a living individual that allows for the identification of that individual. Personal Data can include a name, address, contact details, an identification number, IP address, CCTV footage, accesses cards/co-tags, fobs, audio-visual or audio recordings of a person, details about an individual's location or any other detail(s) specific to that individual such in certain cases special category data such as (Biometric).
2. Who we are and how to contact us?
In circumstances where DDI controls Personal Data by deciding why and how that Personal Data is processed, DDI will be a "Data Controller". Any entity that processes Personal Data controlled by DDI and does so on behalf of DDI, is a "Data Processor". Data Processors may include third party service providers engaged by DDI (for example communications providers, fleet tracking, payroll and marketing or recruitment agencies). As required by applicable data protection law, when DDI appoints a Data Processor, we will ensure that appropriate contractual protections are in place.
If you have any questions about this data protection statement, including any request to exercise your legal rights, please contact us by writing to our Data Compliance Officer, OHM Group, Clonlara Rd, Baldonnell Business Park, Dublin, D22 or emailing us at firstname.lastname@example.org.
3. Categories of personal data and how we use it.
We also collect, use, and share aggregate data such as statistical or demographic data. Aggregate data is information gathered and expressed in a summary form for purposes such as statistical or demographic analysis. Aggregate data may be derived from your personal data but is not data that directly or indirectly reveals your identity. For example, we may aggregate your usage data of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregate data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this data protection statement.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (apart from consented employees). Nor do we collect any information about criminal convictions and offences. However, if it is necessary to collect special categories of personal information and/or criminal conviction information, we will only do so with your explicit consent and we will explain the purpose for which the information will be used at the point when we ask for your consent.
4. How we obtain your information?
We may collect your information though our website or social media platforms where you provide it to us, such as where you enter competitions with us, fill out forms, request a service from us such as a brochure or booking a vehicle test drive or contact us communication. We may also collect information from you at events and brand displays, such as at conferences etc.
DDI is not responsible for the privacy practices of any external websites, manufacturers or platforms which may be accessed or used in connection with a person’s use of the DDI website or DDI social media pages. They are subject to their own privacy statements which may materially differ from those of DDI so users should review them for further information.
5. What Personal Data does DDI collect and use online?
DDI collects various types of Personal Data when a person uses the DDI website or DDI social media. The following are examples of Personal Data collected by DDI:
i. Competitions: When a person enters a competition , DDI may collect and use the entrant’s
name and contact details (including postal address, email address, telephone number) in
connection with the competition (including mobile competitions). Where DDI operates
competitions in conjunction with a third-party commercial partner, subject to the
competition rules and notices, that partner may collect and use the data.
ii. Social Media Pages: Content such as messages and photographs, that are posted on social
media pages on which DDI has a presence may be made publicly available and may be used
in connection with the operation and promotion of DDI social media pages, services, and the
policies operated by such websites or social media platforms, such content may be removed
by or at the request of DDI or the operators of those social media websites. If such inappropriate content is posted to a social media page that DDI controls, you can report it at
the following address email@example.com and DDI will endeavor to ensure that appropriate action
is taken in accordance with the DDI policies and the policies of the relevant social media
iii. DDI may record which users opened and clicked any embedded links in communications
device identifiers, social plugins, tracking pixels, etc. “Cookies” are small pieces of
information stored by your internet browser that collect data such as your browser type,
your operating system, web pages visited, time of visits, content viewed, advertisements
needs, to deliver a better, more personalised service and to remember certain choices you
have made so you do not have to re-enter them. Cookies also enable us to identify traffic to
our website including pages visited, visitor numbers and traffic paths taken. DDI does not
use deploy un-necessary cookies, such as analytics, marketing, targeting, or profiling
iv. DDI may use advertising networks to help present advertisements or other content on our
website and other websites that display DDI advertisements .Advertising networks use
cookies, web beacons, or similar technologies on your computer or mobile or other device to
serve you advertisements or content tailored to interests you have shown by building a
profile of your internet browsing on this website and other websites you have visited.
6. The purpose and legal basis for processing your information.
DDI collects and processes the Personal Data described below for a variety of purposes. As required by data protection laws, below is a summary of these purposes and the lawful justifications that support them:
a) To enter into and perform a contract with you.
We may process your information in order to enter into a contract with you or to provide you
with a service which you have requested from us. For example, we need to process your
personal information in order to enable you to purchase a vehicle or book a vehicle service or
to provide you with a brochure or information about a product or service where you have
b) To comply with our legal obligations
We are required to process your personal information to comply with certain legal and
regulatory obligations to which we are subject. For example, we are required to obtain certain
business records in accordance with company and revenue law which may include your
personal information or for the registration of your vehicle.
c) For our legitimate business interests
We may use your personal information for the purposes of carrying out activities that are in
our legitimate interests (or those of a third party). Where we process your information for our
legitimate interests, we ensure that there is a fair balance between our legitimate interest and
your fundamental rights and freedoms.
If you are a business customer of DDI, we may use your information to send you
communications on products and services that may interest you and that you would
reasonably expect to receive, you can at any stage easily opt out of these communications by
contacting us on firstname.lastname@example.org
We may use your personal information to manage our everyday business needs, including
accounting, internal reporting needs, and market research, to progress and respond to legal
claims, security of our premises and staff through use of CCTV, to process claims, to ensure
appropriate IT security and to prevent fraud, to monitor and audit warranty claims. Our
legitimate interest is the effective management of our business.
We may use your personal information to send you notifications on your order and delivery
dates , in our legitimate interest. Our legitimate interest is connecting with our customers.
We may use your personal information in an aggregate form to classify our customers and to
acquire an aggregated overview of our customer base in our legitimate interest. Such
processing does not assess individual characteristics. Our legitimate interest is to grow our
business, understand our customer base and provide products and services of interest to our
customer base as a whole.
We may use your information which we collect, including personal information we obtain from
publicly available sources such as social media, to help us understand our customers and
provide products or services which may be of interest to you, in our legitimate interest. You
have the right to object to this at any time by contacting us on email@example.com
We may acquire your contact data from reputable marketing agencies, which may include your
personal data with the intention to provide you with information on products or services
which may be of interest to you, in our legitimate interest. We will notify you of any such
acquisition and you have the right to object to this at any time by contacting us on firstname.lastname@example.org
We may also contact you in the event of updates about our business such as opening hours,
change in address, updates about our site etc. We do this in our legitimate interest in order to
keep our customers updated of changes within our organisation.
We may provide your personal information from contact forms collected via our websites to
other OHM organizations which are listed below. We do this in our legitimate interest to keep
our customers supported by directing their requests or interests to their preferential vehicle
service and parts center. You have the right to object to this at any time by contacting us on
d) With your consent
We will request your consent for the use of all cookies on our websites outside of strictly
necessary. You can withdraw this consent at any time by clicking “cookie settings” at the
e) To protect your vital interests
We will in certain circumstances use your personal information to protect your vital
interests, for example we may contact you in the event of a significant recall or safety issue
with your vehicle.
|Purpose||Description||Lawful Basis for Processing|
|Purchasing a Vehicle||We will process your personal data to order a Vehicle , and we will contact you to inform you that your vehicle is available.||The processing is necessary for the performance of a contract to which the data subject is party.|
|Vehicle Financing / Leasing||We may assist you in obtaining vehicle financing and / or leasing from PACCAR Financial PLC||The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract to which the data subject is party.|
|Service and warranty reminders||We may use your personal information to remind you when your service is due or to advise you when your warranty is due to expire.||We rely on our legitimate interest to connect with our customers.|
|Marketing to Potential Customers and Customers||Information is collected by our Sales, and/or Marketing staff when any customer, or potential customer, contacts us.||Where you are a Business Prospect or Customer The processing is in our legitimate interests to develop our business by providing information that is relevant and where the data subject has not opted out of the processing|
|Customer Satisfaction Survey||We carry out customer satisfaction surveys, by post, phone, and email to ensure we are providing a good service to customers and potential customers.||The processing is in our legitimate interests to ensure the quality of services provided by our staff.|
|Vehicle Tracking||We operate vehicle telematics on our Fleet Vehicles. The vehicle is tracked via GPS and location data is retained. We operate vehicle telematics on our rented vehicles. The vehicle is tracked via GPS and location data is retained.||The processing is necessary for our Legitimate Interests in protecting our employees and business assets. The processing is necessary for our Legitimate Interests in protecting our business assets|
|Quality Improvement / Staff Training||All, written communications, and communications received through the web are stored by us.||The processing is in our legitimate interests in providing a high standard of services to our customers, by assessing the ongoing development and identifying areas for improvement.|
|CCTV||We operate a CCTV system on our premises to protect the safety and security of our staff and property and for health and safety purposes.||The processing is in our legitimate interests as a private company regarding Health, Safety and Security.|
|Anti-Money Laundering||We use your personal data to comply with anti-money - laundering regulations.||The processing is necessary for compliance with a legal obligation to which the controller is subject.|
|Safety Incidents / Product recall||We may use your personal data to contact you regarding an urgent safety measure and / or a product recall.||The processing is necessary compliance with a legal obligation to which the controller is subject. The processing may be necessary to support your vital interests.|
|Legal obligation||We may use your personal information to comply with various legal obligations to which we are subject including. Making a payment of VAT or in respect of the sale of a vehicle or vehicle parts or service. COVID 19 Contact Tracing Logs COVID 19 Return to work Safely Forms.||The processing is necessary for compliance with a legal obligation to which the controller is subject|
|Dealing with sales and other enquiries||To respond to correspondence, you send to us and fulfil the requests you make to us (for example brochure requests or information about specific vehicles or vehicle parts;)||To takes steps prior to the entry into a contract with you and for our Legitimate Business Interests|
|To understand our customer base||We may use your personal information on an aggregate basis for market research purposes to help us understand our customer base||We rely on our legitimate interest in order to understand our customer base.|
|Business needs||We may also use your personal information to manage our everyday business needs, including accounting, sharing your information within our company group for administrative purposes, and to prevent fraud.||We rely on our legitimate interest in the effective management of our business|
|Website Security||To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) (b) Necessary to comply with a legal obligation|
|Website analytics||To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||With your consent where your data has been collected through our website. We use the data to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy|
7. Who do we share information with?
Third party service providers
DDI discloses Personal Data to third parties in certain instances. For example, DDI uses third party service providers for the processing of Personal Data for a number of purposes, including, security service providers, consultant advisors, IT service providers, printers, debt collection agencies, valuers, marketing companies who carry out marketing campaigns, market research or customer satisfaction surveys on our behalf and providers of security and administrative services. We share your information with organisations who provide services in order for you to avail of roadside assistance. These service providers are subject to a contractual obligation to only process Personal Data obtained from DDI for purposes to which it was obtained and in accordance with DDI instructions.
DDI will not provide your Personal Data to third parties who may contact you for direct marketing or promotional purposes unless you have consented to DDI disclosing your Personal Data to such third parties for that purpose.
In certain circumstances DDI will disclose personal data to other external third parties such as its professional advisors as necessary in the context of the performance of their services. Such recipients may include external legal advisors, auditors, actuaries, pension and tax advisors, pension administrators and other professional advisors.
Disclosure of such data will take place for a variety of reasons including in order to ensure that DDI meets its tax and other statutory obligations.
DDI may also disclose personal data to its insurance providers in connection, with legal claims and prospective legal claims or proceedings.
OHM Group and other OHM Group entities: DDI are part of the OHM Group. Where we convert your information, such as information you provide during a customer satisfaction survey, into statistical or aggregate data in such a way as to ensure that you are not identified or indefinable from it, we may pass this information on to OHM Group and other OHM Group entities, for fulfillment of a contract and for analytical and statistical purposes.
Insurance Companies: We may pass your information to insurance companies and/or any motor assessor appointed by you or an insurance company, where any portion of the cost of the repairs or work being carried out by us on your vehicle is being covered under an insurance policy. We may disclose personal data to our insurance providers in connection, with legal claims and prospective legal claims or proceedings.
Manufacturer of Your Vehicle & Their Distributor: We may pass on your information to the manufacture of your vehicle and their distributors where you have requested a specific vehicle or where we are ordering specific parts that you have requested . See below details of a selection of manufacturers and distributors that we may provide your information to. Please note this list is not exhaustive and may vary based on your specific requirements:
Potential sale or merger
If we sell any part of our business and/or integrate it with another organisation, your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs, the new owners of the business will only be permitted to use your information in the same or similar way as set out in this data protection statement.
8. What type of information is collected?
As a vehicle parts reseller we need to collect many categories of personal data (about you and other parties) for the purposes set out in this Privacy Statement. The following table is a non-exhaustive list and provides an indication of the categories and types of personal data we use to perform our duties.
|Purpose||Type of Data|
|Sales of Products||Name, Contact Details, Vehicle Details, Bank Details, Service History, Gender|
|Customer Care||Name, Contact Details, Vehicle Details, Phone Calls|
|Finance||Bank Details - Visa/Debit Card Details|
|Marketing||Name, Contact Details, Occupation, Vehicle Details, Gender, Purchase History, I.P Address, Cookie Preferences, Contact Forms|
|Security||CCTV Footage, I.P Address, Geo Location Data (Vehicle Tracking/Telematics)|
|IT Information||We collect information about your internet activity using technology known as cookies. Your consent will be required for certain cookie types. See our cookies policies on our websites for further information.|
9. Storage Periods
The period for which we will keep your personal information will depend on the service you have requested from us. The retention period may be longer than the period for which we are providing services to you where, for example, we have a legitimate interest in retaining such information that is not outweighed by your fundamental rights and freedoms, or where we have statutory or regulatory obligations to retain personal information for a longer period, or where we may need to retain the information in the event of a legal claim.
DDI endeavors to ensure that Personal Data is retained for an appropriate period and no longer than necessary. Retention of data is detailed in our Data Retention Policy.
10. Transfers outside the European Economic Area
We may transfer, store, or process your personal information to countries outside the European Economic Area. Where the laws of such countries do not afford an equivalent level of protection of personal information as the laws of Ireland, we take specific steps in accordance with data protection law to protect your personal information.
We will use one of these safeguards:
11. How we use automated processing
We may analyse your personal information by automated means for the purposes of market research, analysing our customer database and for our marketing activities. You have the right to object to this at any time by emailing email@example.com.
12. Marketing communications
If you are a customer or prospective business contact, we may use your name, address, email address, postal address and/or telephone number for marketing communications. DDI will ensure that a legitimate interest assessment has been conducted to ensure there is an appropriate balance between our interests and your rights and freedoms.
Customers can opt-out of receiving direct marketing communications from DDI by following the unsubscribe link in the relevant marketing message.
DDI will not provide any personal information to third parties or partners for direct marketing purposes unless the users have consented to DDI giving their Personal Data to third parties or partners for that purpose.
If a user opts-out from receiving communications from third parties or partners, DDI will no longer share that user’s contact details with our partners or third parties. However, users will still need to directly opt-out from communications from the partners to whom we have already given their information.
DDI uses third party service providers to help deliver its marketing communications. Those thirdparty data processors are subject to contractual and legal restrictions in relation to any unauthorised use of your information.
13. Processing for Security Purposes
DDI has closed circuit television cameras ("CCTV") located throughout its premises covering buildings, internal spaces, car parks, roads, pathways, and grounds. DDI CCTV system is implemented in a proportionate manner as necessary to protect DDI property against theft or pilferage and for the security of employees, customers, and visitors to DDI premises (to protect their vital interests). Whilst CCTV footage is monitored by DDI, senior management, security staff or contractors, access to recorded footage is strictly limited to authorised personnel. Footage is retained for 60 days, except where incidents or accidents have been identified in which case such footage is retained specifically in the context of an investigation of that issue. CCTV footage may be used in the context of disciplinary proceedings involving DDI employees and to detect, establish and/or defend legal proceedings (to protect the vital interests of DDI, staff and affected individuals). CCTV footage is not disclosed to third parties except where disclosure is required by law (such as for the purpose of preventing, detecting, or investigating alleged offences) and in such instance’s disclosure is based on a valid request. Signage indicating that CCTV is in use is displayed throughout DDI premises. DDI uses vehicle tracking in all its fleet vehicles and rental vehicles, the purpose of installing and using telemetric tracking systems includes assisting the business in the efficient management of business assets and ensuring the security and safety of employees, the public, and the assets of our business.
14. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a test drive). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
15. Information Security
In accordance with applicable laws, DDI ensures that all Personal Data controlled by DDI is held
securely using appropriate security measures including the following:
a. Encryption on DDI laptops/portable devices; and
b. Logging mechanisms to record certain access to Personal Data and alteration and other
processing of Personal Data.
In the event of a personal data breach, DDI will comply with applicable reporting and notification obligations under data protection law. DDI has in place a Breach Notification Policy.
16. Your Rights
In certain circumstances, you have the following rights under data protection law in relation to your
A right to access Personal Data held by DDI.
(a) Any individual has a right to make an access request, in writing, under data protection law for
a copy of their Personal Data held by DDI. DDI may ask for further identification details to
confirm your identity before the relevant information is provided.
(b) It should be noted that there may be specific exemptions relating to accessing Personal Data. If
we utilise any of the exemptions, we will provide you with details and our justification for their
Other data protection rights
(a) Rectification of inaccurate personal data;
(b) Erasure of personal data (also known as the "right to be forgotten");
(c) Restriction of processing of persona data;
(d) Right to data portability;
(e) Right to object to processing of personal data.
However, under data protection law, these rights are available only in certain circumstances. If you wish to exercise any of your data protection rights, please contact firstname.lastname@example.org . Please provide as much detail as possible to enable us to respond to your request and to locate relevant personal data about you. If you wish to exercise any of these rights, please contact us using the contact details below. We will endeavor to respond to your request within a month. If we are unable to deal with your request within a month, we may extend this period by a further period of two months and we will explain why.
By Post: DCO, OHM Group, Clonlara Rd, Baldonnell Business Park, Dublin, D22 WIH9
By Email: email@example.com
By Phone: + 353 (0) 1 4034100
You also have the right to lodge a complaint to the Office of the Data Protection Commission. For further
information please see www.dataprotection.ie
This policy [“version 2”] was updated and deemed effective on the 4th of February 2021. We will update this data protection statement from time to time. Any updates will be made available on our website at https://www.daf.ie/privacy-policy/ and, we would ask that you check regularly.