Privacy Policy
The data Bumper uses and how we keep it safe and secure
Privacy policy
Introduction
This privacy statement describes Bumper’s use of your personal data. We at Bumper are committed to respecting your online privacy and recognize your need for appropriate protection and management of any personal data collected by or submitted to us (or carefully selected third parties acting on our behalf).
Below we explain in more detail how we process your personal data. For purposes of this privacy statement, "personal data" means any information that relates to you and identifies you personally, either alone or in combination with other information available to us.
This privacy statement applies to all personal data that is collected and used by us through our "services", meaning through our products and services, apps, websites (including www.bumper.co and www.bumper.co.uk) and when you interact with us through social media or otherwise.
Who we are
Bumper is a peace-of-mind car servicing platform. Bumper International Ltd. is "controller" for all processing of your personal data, unless specified otherwise. Bumper International Ltd. is referred to in this privacy policy as "Bumper", "we" or "us".
What personal data do we collect?
We collect personal data when:
you purchase our services
you request support for our services
you request information or materials (e.g. newsletters)
you apply for a job or submit your resume
you submit questions or comments to us
you visit and interact with our websites
The types of personal data collected include:
first and last name
date of birth
full address
how long you have been registered at an address
payment card details
vehicle registration number
current location
credit history details
e-mail address
telephone number
for job applicants submitting electronic information: your educational background, employment experience, and job interest
any other identifier that permits Bumper to make physical or online contact with you
your online behaviour, device type, operating system type, browser type, device ID, IP address and other software and hardware information including type, version, language, settings, and configuration
website and app usage data
your marketing preferences, including any consents you have given us
any other information that you provide to us when you are communicating with us.
We may also record or monitor calls for the purpose of quality checks and staff training. These phone records may also be used to help us combat fraud.
We also collect information on the use of our services via cookies. Please view our Cookie Policy for more information about the use of cookies.
Whenever we collect personal data directly from you, we will indicate whether the provision of personal data is mandatory. Such will be the case where we require personal data to comply with legal or contractual obligations: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet the obligations placed on us. In all other cases, the active provision of requested personal data is optional.
We also receive data on you from Credit Reference Agencies (CRAs) and/or Fraud Prevention Agencies (FPAs) if you apply for Bumper’s Paylater service.
The CRA we use in the UK is TransUnion Limited (see https://www.transunion.co.uk/crain for more information) and the FPA that we use in the UK is CIFAS (see https://www.cifas.org.uk/contact-us for more information).
In Germany we use Schufa (see https://www.schufa.de/ for more information) and in Spain we use Equifax (see here for more information).
How do we use your personal data?
The purpose and legal basis of processing
When you access and use the services, we will only collect personal data for the following purposes:
To establish and fulfil a contract with you, for example if you make a purchase from us. This may include assessing your eligibility, verifying your identity, taking payments, communicating with you, providing customer services and arranging the provision of products or services
As required by Bumper to enable our business and pursue our legitimate interests. In particular:
we may use your personal data for service calls via the use of an AI dialer
we will use your personal data to provide services you have requested, and respond to any communications you may send us
we monitor use of our services, and may use your personal data to help us monitor, improve and protect our products, content, website and other services
we may use personal data you provide to personalize our services for you
we may use your personal data for the purposes of ensuring network and information security, including preventing unauthorized access to electronic communications networks and stopping damage to computer and electronic communication systems
we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law
we may use your personal data for market research and marketing purposes.
For compliance with applicable laws and protection of our legitimate business interests and legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation).
In addition, we will send you, based on your consent (if required), direct marketing communication in relation to our relevant services, or other products and services provided by us, our affiliates and carefully selected partners.
More information about how we have balanced our legitimate interest with your privacy interests can be obtained upon request via support@bumper.co
Furthermore, we may process your personal data, based on your consent, to personalize our editorial content based on your navigation and to display personalized ads based on your navigation and your profile and provide social media features by the means of cookies.
You can withdraw your consent at any time ("opt out"); see the section "What rights do you have in relation to your data?" below. In case of electronic direct marketing you can opt out by following the instructions in the communication. With regards to cookies, you can withdraw your given consent at any time and manage your cookie preferences by clicking on Cookie Settings.
Click here to learn more about our legal bases for collection and processing personal information.
Who will we share this data with?
We may share your personal data with third parties, as necessary to provide services to you or for the internal operations of Bumper.
Personal data may be shared with government authorities and/or law enforcement officials for the purpose of prevention of fraud or other crime, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data may also be shared with third party service providers, who will process it on behalf of Bumper for the purposes above. Such third parties include, but are not limited to, payment service providers and technical providers.
Personal data may also be shared with others in connection with, or during negotiations of any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Click here to learn more about the parties that we may share information with and why.
Where will we send your data?
Personal information provided to Bumper may be transferred across state and country borders e.g. to perform a service you request from us to follow-up on your enquiries, for the purposes of data storage and simplified information management.
Where personal information of EU respectively UK data subjects is transferred outside the European Economic Area (EEA) respectively the UK, and where this is to a service provider in a country that is not subject to an adequacy decision by a relevant body such as the European Commission (read more here), data is adequately protected by approved standard contractual clauses such as those approved by the European Commission (read more here) or a vendor's Binding Corporate Rules (read more here).
We may transfer your personal data to third parties (e.g., service providers) overseas, which may involve the transfer of personal data to countries outside the EEA or the UK which have different data protection standards to those which apply in the EEA or the UK.
You can ask us for a copy of the safeguard used by contacting us via support@bumper.co.
How long do we store your data?
Our general policy is that we will only retain your information for as long as we need it to do the relevant job, including to meet legal, accounting or reporting requirements. After that time your personal data will be erased (unless we have the statutory right or obligation to further keep this data).
For example, Bumper retains contact and communication information following an enquiry for one year from the individual’s last communication with Bumper (assuming they do not then become a customer of Bumper). If you are a customer of Bumper, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, technical necessities. Laws may require us to hold certain information for specific periods.
What rights do you have in relation to your data?
You have the right to ask us:
- for access to and a copy of your personal data that we hold on you
- for a copy of the personal data you provided to us and to provide it to you or send to a third party in a commonly used, machine readable format
- to update or correct your personal data in order to make it accurate
- to delete your personal data from our records in certain circumstances
- to restrict the processing of your personal data in certain circumstances
and you may also:
- object to us processing your personal data in certain circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing
- withdraw your consent at any time where we are using your personal data with your consent. This will not affect our use of your personal data prior to the withdrawal of your consent.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
We use automated decision making as part of our loan assessment process, where this is necessary for the entering into a contract with you or where you have provided your explicit consent. You have the right to object to such automated decisions if such automated decision produces legal effect or otherwise significantly affects you and ask for an actual person to make the decision instead. For further information on our use of automated decision making and the logic involved, please contact support@bumper.co. We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of marketing, you can always contact support@bumper.co. When addressing us, please always provide your name, address and/or email address (ideally using the one you are registered with) as well as information about your request.
In the event you have unresolved concerns, you also have the right to complain to a data protection authority in the country of the local Bumper entity with whom you may interact. If you are based in the EU, you can find the contact details of your local data protection authority here, and if you are in the UK you can find the contact details of your local data protection authority (the Information Commissioner’s Office) here. We hope this will not be necessary and would like to assure you we will do our best to resolve any dissatisfaction you may have.
Links on our Website and Social Media Buttons
This Bumper Privacy Policy does not apply to external parties or external web areas and any processing of personal data by parties outside Bumper will not be covered by this Privacy Policy. We encourage you to review the Privacy Policy of any company or website before submitting any personal data.
On our website we use the following social media plug-ins: Facebook, Instagram, LinkedIn and Twitter. The plug-ins can be identified by the social media buttons marked with the logo of the provider of the respective social media networks.
Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection, including:
Facebook and Instagram plugins as provided by Meta Platforms Ireland Ltd. See here for more information.
LinkedIn plugin as provided by LinkedIn Corporation. See here for more information.
Twitter plugin as provided by Twitter, Inc. See here for more information.
Google Analytics
Our website uses Google Analytics, which is a web analytics service provided by the third party provider Google, Inc. (“Google”). Google Analytics is used for the purpose of evaluating your use of our website, compiling reports on website activity and other services relating to website activity and internet usage. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Standard Contractual Clauses approved by the European Commission (see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc) and a separate data processing agreement that we have concluded with Google.
On this website we have also activated the IP anonymisation tool provided by Google to help protect your privacy. This means that your IP address will automatically be shortened after it is collected so it can no longer be connected to you (see here). For more information see here (information on Google Analytics and data privacy).
Changes
Bumper may change this Privacy Policy from time to time by updating this page. This Privacy Policy was last updated in February 2023. Each time we change this Privacy Policy, we will post the changes in a revised Privacy Policy as it appears on our website. We will notify you if there are material updates to this Privacy Policy and where this is required by law.
If you have any questions about your data
If you have any questions about the processing of your personal data, please feel free to contact us at:
Bumper International Ltd. TOG, 1 Lyric Square London W6 0NB 01 5719328 support@bumper.co
If you are based in the EEA, you may also contact our EU representative at: GDPRLocal.com
We will address your possible concerns and attempt to resolve any problem.
Overview of recipients
* We have also extended Google Analytics on this website with the code „anonymizeIP“. This guarantees the masking of your IP address so that all data is collected anonymously.
operating system used
referrer URL (the page previously visited)
host name of the accessing computer (IP address) time of server request
language settings
screen resolution of the browser
browser version and browser name
The use of our LiveChat is in the interest of direct communication with our customer service team.
Application details
Name
Email address
Vehicle registration number
Telephone number
Legal basis for processing your data
Art. 6 (1) (b) UK GDPR/GDPR
date of birth
full address
how long you have been registered at an address
payment card details
vehicle registration number
credit history details
e-mail address
telephone number
Art. 6 (1) (b) UK GDPR/GDPR
payment data
vehicle details
MOT history
address
location Data
Art. 6 (1) (f) UK GDPR/GDPR
usage data
Art. 6 (1) (f) UK GDPR/GDPR
usage data
Art. 6 (1) (f) UK GDPR/GDPR
educational background
employment experience
job interest
Art. 6 (1) (f) UK GDPR/GDPR
information that you provide to us when you are communicating with us
Art. 6 (1) (a) UK GDPR/GDPR
user data
usage data
Art. 6 (1) (f) UK GDPR/GDPR
Credit and fraud prevention information, incl. details of previous applications and the status of any account you and your financial associates have.
Art. 6 (1) (b) UK GDPR/GDPR
usage data
payment data
Art. 6 (1) (f) UK GDPR/GDPR
usage data
survey data
Art. 6 (1) (f) UK GDPR/GDPR
location data
usage data
payment and purchase data
Art. 6 (1) (f) UK GDPR/GDPR
usage data
survey data
This might be:
• an obligation under the law of the country / region you are in
• UK law (because Bumper is based is established in the UK)
• EU law that applies to us
Art. 6 (1) (c) UK GDPR/GDPR
street address data
usage data
payment and purchase data
survey and research data
Art. 6 (1) (f) UK GDPR/GDPR
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
the user's operating system
the user's internet service provider
the IP address of the user
date and time of access
websites from which the user's system accesses our website
websites that are accessed by the user's system via our website