main logo

Privacy Policy

Read the terms of the TyresOnTheDrive privacy policy

1. Introduction


Tyres on the Drive – a trading name of Halfords Autocentres Limited (“Halfords”) – provides an expert mobile tyre replacement service which saves customers time, hassle and money.

As an essential part of our business, we collect and manage customer data. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting customers’ privacy and rights. Specifically, we act as “Data Controller” in respect of the information gathered and processed by this website.

In order that you are reliably informed about how we operate, we have developed this Privacy Statement which describes the ways in which we collect, manage, process, store and share customer data. It also provides you with information about how you can control our use of your data.

If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer by email at dataprotectionofficer@halfords.co.uk or by post at Data Protection Officer, Halfords, Icknield Street Drive, Washford West, Redditch B98 0DE. 

2. What information do we collect about you?


In general terms, we seek to collect information about you so that Halfords can:

  • provide services to you at a convenient time and location;

  • ensure high levels of customer care and support;

  • communicate with you effectively, whether this is about your booking, or so that you don’t miss out on great promotions, offers and helpful reminders.

 

The information that we need for these purposes is known as your “personal data”. This includes your name, home address and e-mail address. We collect this in a number of different ways. For example, you may provide this data to us directly when filling in forms on this website, or when corresponding with us by telephone, e-mail or letter. If you are making a booking with us, we may also take your credit card details: however, please be assured that we do not save this information on any of our systems.

 

Additionally, we collect limited information about your vehicle from a third-party provider – HaynesPro – which allows us to identify the make, model and age of your car using your Vehicle Registration Number, and enables us to validate your order prior to sending a technician to fit your tyre(s). Additionally, we use this information to provide you with relevant messages regarding your car’s safety, maintenance and upkeep.

Please be advised that we do not collect any special categories of data about you (i.e. information about your ethnicity, religion, health etc).

Please also be advised that when you visit this website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the internet, and information about your visit such as the pages you viewed or searched for, page response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third party organisations. You can control this by adjusting your cookies settings as described in section 4 of our Cookies Policy here.

3. How will we use that information?


We use the data collected from you for the specific purposes listed in the table below. Please note that this table also explains:

  • the lawful basis for processing your data, linked to each processing purpose;
  • in what circumstances your data will be shared with a third party organisation; and
  • for how long we keep data collected by this website.

 

Data that is collected by cookies is not included in the table below, but is explained in section 3 of our Cookies Policy here.

Purpose for processing data Lawful basis for processing data Third party organisations with whom data is shared Data retention period
Data processing related to a purchase
To process any booking / order made via this website or through our contact centre To meet the requirements of contract law

Our primary customer services, booking and order management systems, as well as our website, are all managed internally. However, customer details are shared with Planning-Inc who manages Halfords’ marketing database. Vehicle data is also shared with HaynesPro in order to identify the make, model and age of a customer’s car, and thus validate their order.

Data regarding MOTs is legally required to be shared with the Driver and Vehicle Standards Agency

6 years following a customer’s final transaction
To collect information when fulfilling a booking / order at a customer location To meet the requirements of contract law Personal data, such as customer signature, is collected together with vehicle data using an app which is managed internally 6 years following a customer’s final transaction
To process customer requests for finance (please note that this includes processing for the purposes of fraud prevention) Customers will be asked to provide informed consent before their data is processed for the purposes of applying for credit Finance will be arranged on request through our appointed lender, PayPal Credit 6 months following expiry of the customer’s finance agreement
To process credit / debit card payments To meet the requirements of contract law Data is shared with Sage Pay and Braintree who provide our payment gateway Halfords does not retain credit / debit card information: however, anonymised token data is kept for 6 years

To communicate with you via email, text or telephone in order to update you about your booking

To meet the requirements of contract law Amazon Web Services send our operational emails and Dynmark send our operational text messages 6 years following a customer’s final transaction
After-sales data processing
To provide customer services support by telephone, email or letter: this includes the recording of telephone conversations for monitoring and quality purposes This is deemed legitimate as it is in customers’ interest that we can access their data in order to resolve any queries, questions, concerns or complaints

Customer services’ information is retained internally. However, customer services’ telephone recordings are stored by our partner, 8×8

Customer records will be retained for 6 years. However, telephone calls are only retained for 180 days.
To enable you to LiveChat with customer services teams: this includes the recording of LiveChat conversations for monitoring and quality purposes This is deemed legitimate as it is in customers’ interest to resolve any queries, questions, concerns or complaints that they may have LiveChat is a function of our customer services system, and is therefore managed internally 6 years following a customer’s final transaction
To communicate with you via email, text or telephone in respect of a product recall or other safety information about a purchase which you have made from us This is deemed legitimate as it is in customers’ interest to be alerted about any safety issues which may affect a product which they have purchased Amazon Web Services send our operational emails and Dynmark send our operational text messages 6 years following a customer’s final transaction
To contact you via email or text in order to reminder you about the need for an annual MOT or Service This is deemed legitimate as it is in customers’ interest to be reminded about their MOT or Service Customer details are held in Halfords’ marketing database which is managed on our behalf by Planning-Inc. Reminder emails and texts are sent by Cheetah Digital 6 years following a customer’s final transaction Campaign data sent by email or text will be retained by Cheetah Digital for 19 months
To send you emails asking you to complete a survey based on your shopping experience This is deemed legitimate, as it enables customers to provide feedback and resolve queries in as non-intrusive a manner as possible Emails are sent by Amazon Web Services. Please note that personal data will only be shared with our research partner (Trustpilot) if customers choose to complete the survey 6 years following a customer’s final transaction
Data processing for marketing
To send emails about special offers and promotions that are relevant to you, as well as helpful reminders. In some cases, this requires us to profile you as described in section 5.8 below Customers will be asked for their consent before we send marketing communications Customer details are held in Halfords’ marketing database which is managed on our behalf by Planning-Inc. Emails are sent by Cheetah Digital 6 years following a customer’s final transaction
To deliver relevant targeted advertising using various online marketing platforms (e.g. Google, Facebook) This is deemed legitimate as advertising is only delivered in respect of messages which are in a customer’s direct interest (i.e. reminders about due repairs) Customer data is shared with various advertising partners; however, in all instances, this data is anonymised before sharing 6 years following a customer’s final transaction
Other data processing
To process competition entries and inform winners Customers give consent when they submit competition entries: this is separate to consent for marketing purposes Details are held in Halfords’ marketing database which is managed on our behalf by Planning-Inc (NB where a competition is run by a third party, for example a newspaper or radio station, any subsequent data sharing with us will be made clear within the competition terms & conditions) 6 years following a customer’s final transaction
To match data that we hold in order to acquire improved insight about our customers both individually and at aggregate level: this requires us to profile you as described more fully in section 5.8 below. This is deemed legitimate as it is in customers’ interest that we understand their preferences and buying behaviours so that the information we provide, is tailored to them Customer details are held in Halfords’ marketing database which is managed on our behalf by Planning-Inc 6 years following a customer’s final transaction

4. Overseas transfers


Customer data is retained within the European Economic Area (“EEA”) with the exception of where this is processed by Cheetah Digital who send customer emails and texts on our behalf, and who provides us with technical support from Costa Rica, Malaysia and India.

In this instance, we ensure that the relevant third party observes appropriate technical and organisational security measures in order to protect the data against unauthorised access, disclosure, alteration or destruction. In doing so, we are assured that this third party operates equivalent data protection and security practices as organisations based within the EEA.

5. Your rights


Under the terms of data protection legislation, you have the following rights as a result of using this website:

 

5.1 Right to be informed

This Privacy Statement, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using this website.

  

5.2 Right to access

You have the right to ask us, in writing, for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.

 To make a Subject Access Request, please write to our Data Protection Officer at Halfords, Icknield Street Drive, Washford West, Redditch B98 0DE. 

 

5.3 Right to rectification

If any of the information that we hold about you is inaccurate, you can either:

  • visit the “My Account” section of the website where you can make changes to some of the information that we hold about you;
  • contact our Data Protection Officer at dataprotectionofficer@halfords.co.uk. Any corrections that you request will be made as soon as possible, and certainly no later than 30 days following your notification.

 

5.4 Right to be forgotten

You can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. For further information, please contact our Data Protection Officer at dataprotectionofficer@halfords.co.uk.

 

5.5 Right to object

You have the right to object to:

  • the continued use of your data for any purpose listed in section 3 of this Privacy Statement for which consent is identified as the lawful basis of processing (i.e. you have the right to withdraw your consent at any time);

  • the continued use of your data for any purpose listed in section 3 of this Privacy Statement for which the lawful basis of processing is that it has been deemed legitimate.

 

In some circumstances (i.e. consent to marketing communications), you can exercise your objection by updating your preferences within the “My Account” section of this website. For all other circumstances, you can contact our Data Protection Officer at dataprotectionofficer@halfords.co.uk.

Please note that you can also exercise your right to object to our use of cookies by following the guidance in section 4 of our Cookies Policy here.

 

5.6 Right to restrict processing

If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Protection Officer at dataprotectionofficer@halfords.co.uk.

 

5.7 Right to data portability

If you would like us to move, copy or transfer the data that we hold about you to another organisation, please contact our Data Protection Officer at dataprotectionofficer@halfords.co.uk.

Please be advised that this only applies to certain data which has been submitted by you electronically for specific purposes only. Our Data Protection Officer can provide further advice.

 

5.8 Rights related to automated decision-making

In order that we can understand your interests and preferences – and deliver communications that will be most of interest to you where you have consented to receive these – we employ profiling techniques (which include automated decision-making) based upon the information that you have provided to us, as well as your purchasing history and engagement with us. We do not believe that these processes have any potential to significantly or negatively affect you i.e. they will not lead to any form of discrimination against you or impact your legal rights.

 

Examples of how we use profiling are as follows:

  • if you repeatedly look at certain areas of our website, we are more likely to send you information about the associated products and services;

  • if you do not engage or interact with special offer emails that we send you (even though you will have consented to receive these), we are likely to send you fewer emails than customers who are more actively involved with us.

Where we hold a customer’s details, we will also seek to ensure that, as far as possible, we maintain a single composite record of their interactions with us, which may require us to match their different activities. Where customers have indicated that they do not want us to us their data for receiving communications (other than those deemed legitimate), we will use this information purely for anonymised internal analytics and reporting, for example, looking at sales trends which does not identify individual customers.

 

If you do not want us to undertake profiling or matching, you may either:

  • object to the processing of your data (see section 5.5 of this Privacy Statement above); or

  • request that we erase all personal data about you (see section 5.4 of this Privacy Statement above).

6. Data privacy and security


At Halfords, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold customers’ personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.

 

We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:

  • protect against potential breaches of confidentiality;
  • ensure all IT facilities are protected against damage, loss or misuse;
  • increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
  • ensure the optimum security of this website.

 

We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that all connections to secure parts of the website (such as when you login) are encrypted and authenticated using strong protocols, key exchanges and ciphers.

7. Location tracking


This website only uses geo-location tracking, which shows us where you are in the UK, for specific situations. Please note that we will always seek your permission before geo-tracking is used, and then, it is used only to personalise your experience.

8. Disclaimers


Every effort is made to ensure that the information provided on this website, and in this Privacy Statement, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.

 

We cannot accept liability for the use made by you of the information on this website or in this Privacy Statement, nor do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.

 

This Privacy Statement applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.

9. Accessibility


We are committed to providing a website in which content is accessible to everyone. We therefore update our website regularly in order to make it as adaptable as possible.

 

For example, users can control the text size of each page within their browser. On a PC, holding the “Ctrl” key while pressing the “+” (plus) key will increase text size, and holding the “Ctrl” key while pressing the “-“ (minus) key will decrease the text size.

10. General


Questions and comments regarding this Privacy Statement are welcomed, and should be sent to our Data Protection Officer at dataprotectionofficer@halfords.co.uk.

 

You can also contact our Data Protection Officer if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using this website.

 

Alternatively, you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk.

SPEND £99 OR MORE AND ENJOY 0% INTEREST FOR 4-MONTHS ON YOUR PURCHASE

Need your tyres replacing, but don’t fancy spending all your cash in one go? If so, then we can help you spread the cost, covering spends over £99. Choose PayPal Credit at checkout and get 0% interest for 4-months!
Representative Example
Representative 19.9% APR (variable)
Purchase rate 19.9% p.a (variable)
Assumed credit limit £1,200
Halfords Autocentres Limited (Tyres on the Drive) is authorised and regulated by the Financial Conduct Authority (“FCA”) for the purposes of credit broking. Ref 755309.
Registered office: lcknield Street Drive, Washford West, Redditch, Worcestershire, B98 ODE United Kingdom. Company number: 04050548.

Terms and Conditions apply. Credit subject to status. UK residents only.

Credit is provided by PayPal Credit, a trading name of PayPal (Europe) S.à r.l. et Cie, S.C.A. Société en Commandite par Actions Registered Office: 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 349.