Haynes Group Customer Privacy Policy

The following document is designed to outline the approach adopted by Haynes Brothers Ltd for the handling of the GDPR legislation, brought into law on May 25th 2018.

It outlines the options available and the general approach supported.

Haynes Brothers Ltd (“Haynes Group”) take the privacy of our customers, visitors and employees very seriously and to help you understand what we do with the information you provide to us we have compiled this Privacy Policy statement.

Personal data

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

What lawful grounds do we rely on when we use your personal information?

There are different lawful grounds that we rely on to use your personal information and we will collect and use your personal information in the following situations:

  • where our use of your personal information is necessary to perform a contract or contracts that you are a party to or to take steps that you request before entering into a contract. These contracts could include the conditions on which you enter a competition or agreements you enter into for service products, for example;
    • where our use of your personal information is within our legitimate interests or the legitimate interests of the organisation with which we have shared your personal information and we have made sure that your personal information, and your rights concerning that information, are protected. For example, we may rely on this legal ground if we and/or the companies within the Haynes Group use your personal information to: understand and improve our (or their) products, services and/or marketing strategies; for research purposes; to manage and improve our relationship with you and for administrative purposes; to help find out what information, products and services are most likely to interest you and to send or show you information, offers, and online advertisements for these products or services; to personalise your experience of our products and services; to ensure that our products and services are delivered and used in accordance with the law and the terms and conditions that apply to them; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues,
  • where we believe it is necessary to use your personal information to comply with a legal or regulatory obligation to which we are subject,
  • in limited circumstances where we believe it is necessary to protect someone's safety or vital interests,
  • where we have your consent. We will rely on your consent to, for example, collect technical information such as data from cookies and similar technologies as we describe in the Haynes Group Cookie Policy and to use your personal information for marketing communications to you. Where we rely on consent to use your personal information, you have the right to withdraw that consent at any time.

Sensitive personal data

The GDPR refers to sensitive personal data as “special categories of personal data”

The special categories specifically include genetic data and biometric data where processed to uniquely identify an individual.

Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.

Online at haynesgroup.co.uk

When someone visits one of our company websites we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

IP addresses

To understand how users use the Haynes Group Websites and our services and the things they are interested in, we may collect your Internet Protocol addresses (also known as IP addresses). Your IP address is a unique address that computer devices (such as PCs, tablets and smartphones) use to identify themselves and to communicate with other devices in the network.

Security and performance

Haynes Group uses a third-party service, Aptus based in the United States, to help maintain the security and performance of the Haynes Group website. To deliver this service it processes the IP addresses of visitors to the Haynes website.

Haynes Group conducts 3-monthly Penetration Testing to its own IP addresses. Typically, penetration tests are used to identify the level of technical risk emanating from software and hardware vulnerabilities. Penetration Testing is an appropriate method for identifying the risks present on a specific, operational system consisting of products and services from multiple vendors. It is also applied to systems and applications developed 'in-house'.

Links to other websites

Please note, our company websites may contain links to other websites (such as those of our manufacturers and suppliers) that are not controlled by us or our service providers. These links are provided for your convenience. We are only responsible for our own privacy practices and our security of Haynes Group Websites. We recommend that you check the privacy and security policies and procedures of every other website that you visit.


In common with many other website operators, we may use standard technology called 'cookies' on our Haynes Group Websites. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate the Haynes Group Websites on each visit. Our cookies are used to enable us to develop Haynes Group Websites and to enable you to properly navigate them. We use cookies to collect personal information to enable us to reflect our user’s interests and by noting who has seen which pages, properties and advertisements (including ‘click throughs’ from emails), how frequently particular pages are visited and to enable us to determine the most popular areas of Haynes Group Websites. We may use cookies to enrich your experience by allowing us to tailor what you see to what we have learned about your preferences during your visits to our sites. Sometimes we may use the services of third parties and they may use cookies on our behalf to provide their services. The cookies we use can be found in our Cookie Policy.

Preventing the use of cookies

Most browsers automatically accept cookies but you can usually change your browser to prevent cookies from being stored. With experience, you can usually choose to switch off all cookies or to allow only certain ‘trusted’ sites to place cookies. For further information on cookies and Flash cookies and how to switch them off see the Information Commissioner’s website at www.ico.gov.uk or visit www.allaboutcookies.org or www.aboutcookies.org.


People who contact us via social media

If you send us a private or direct message via social media the message will be only be stored by Haynes for the duration of the query and then deleted. It will not be shared with any other organisations. Haynes operate and manage our own social media accounts and no other third parties are involved.

People who call our telephone number

When you call the Haynes, tracked telephone lines will collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. Recorded calls are retained for twelve months. Call Recording is switched off when taking financial information over the phone.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

People who use our online Service Booking facility

If you use our online service booking form we will collect your name, email address, phone number and details of your car and request. This information will be transferred to our DMS system and will be retained following their policies.

Auto Responses

We may use auto-responders to communicate with you by e-mail. To protect your privacy, we use a verified opt-in system for such communications and you can always opt-out of such communications using the links contained in each auto-responder message. If you have difficulties opting out, you may contact us by email, using a website contact form, or in writing by mail at the details at the bottom of this policy.

User Names and Passwords

Your access to certain parts of our website may be protected by a user name and a password. Do not give your password to anyone. If you enter a section of our website that requires a password, you should log out when you leave. As a safety precaution, you should also close out of your web browser completely and re-open it before viewing other parts of the Internet.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for up to seven years and typically three years from the conclusion of any relevant contract. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

If we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually, we do not identify any complainants unless the details have already been made public.


Haynes tries to meet the highest standards when collecting and using personal information. For this reason, we take any questions we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

People who use Haynes services

We have to hold details of persons who have requested a service to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes about our legitimate interests in informing customers of expiry dates for items such as (but not limited to ) MoT tests, finance expiration dates.

Access to personal information

Haynes tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to;
  • let you have a copy of the information

To make a request to Haynes for any personal information we may hold you need to put the request in writing addressing it to our Data Protection Officer at Haynes Group using the address provided below. This request will be free and information will be made available by the Haynes Group within 31 days.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting Haynes.

Disclosure of personal information

In many circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. You can also get further information on:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on personal data without consent, for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date.

The information you provide to us will be held on our server in the United Kingdom and may be accessed by or given to our staff.

We are registered as a data controller in the United Kingdom with the Information Commissioner’s Office under registration number Z5658230.

To provide our products and services, we may, occasionally, appoint other organisations to carry out some of the processing activities on our behalf. These may include, for example, our web-hosting company, mailing vendors, our design agency, printing companies, event hosting services and mailing houses. In these circumstances, we will ensure that personal information is properly protected and that it is only used per this Privacy Policy and that the company has in place appropriate and lawful policies for the processing of data

We may pass your data onto any law enforcement agency, court, regulator, government authority or other third parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you before collecting your information if we intend to use or disclose it for such purposes. If you do not want us to use your information for marketing purposes the latest communication received will have an opt-out avenue. You can also email us by Clicking Here and asking for your data to be removed or you can write to us at the address below.

Other examples

Our Site uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use our Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of our Site, compiling reports on website activity for internet operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held.

By using our Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Manufacturer Data

As part of our relationship with our manufacturers we provide and send data to them for contractual purposes, research and development, financial reasons and also for diagnostic work. A list of our manufacturers and their subsidiary companies are available in Appendix A at the end of this Privacy Policy.

Customer Reviews

We take the business of reviews seriously and use a company called Judge Services to conduct our after-sales reviews for our Used Vehicle departments. Judge Services adhere to the UK’s Consumer Protection from Unfair Trading Regulations (CPRs) and advertising rules. They also follow the Competition and Markets Authority guidance for online reviews and endorsements.

They are also compliant with the Privacy and Electronic Communications Regulations – a guide for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

They work under the Information Commissioner’s Office, which regulates these laws and publish marketing guidance, to understand what is needed to be legally compliant. Should you wish to find out more about Judge Services please contact them at:

11 Cardale Court


North Yorkshire


How to contact us

If you wish to request information about our privacy policy please write to:

Data Protection Officer

Haynes Brothers Ltd

23 Ashford Road,


Kent. ME14 5DQ

Or email us by Clicking Here.

Updates to this Privacy Policy

We may amend this Policy from time to time. If we make substantial or material changes in the way we wish to use your personal information we will communicate by providing a prominent notice on the Website or by contacting you directly. If you do not agree with these changes, please do not continue to use our company Websites.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Haynes collection and use of personal information. This Privacy Notice will be reviewed again on the 31st of May 2023.

This privacy notice was last updated on February 20th, 2023.

Appendix A

List of Manufacturers and Subsidiary Companies that Haynes Group provide information to, alongside reputable third parties used for relevant processing:

Ford Motor Company, Eagle Way, Brentwood, Essex. CM13 3BW.

FCE Bank PLC, Manchester Business Centre, Number One 1 Tony Wilson Place, Manchester M15 4FN.

Ford Lease, Oakwood Drive, Emersons Green, Bristol, United Kingdom. BS16 7LB.

ALD Automotive, Oakwood Drive, Emersons Green, Bristol, United Kingdom. BS16 7LB.

IVECO Ltd, Cranes Farm Road, Basildon, Essex. SS14 3AD

FCA Italy S.P.A., Corso G. Agnelli 200, 10135 Turin, Italy.

Case IH, CNH Industrial N.V., Corporate Office, 25 St. James's Street, London, SW1A 1HA

JCB Finance Limited Ltd, The Mill, Rocester, Staffordshire ST14 5JW

1. J.C. Bamford Excavators Limited (company number 00561597)

2. JCB Sales Limited (company number 0792807)

3. JCB Service (company number 0564955)

4. JCB Landpower Limited (company number 2321141)

5. JCB Earthmovers Limited (company number 0934508)

6. JCB Heavy Products Limited (company number 2517503)

7. JCB Access Limited (company number 03943798)

8. JCB Power Products Limited (company number 5846086)

9. JCB Power Products Broadcrown Limited (company number 09783957)

10. JCB Compact Products Limited (company number 1980852)

11. New Holland Agriculture, Cranes Farm Road, Basildon, Essex. SS14 3AD

List of our current reputable Third Parties used for reviews and marketing events in consultation and accordance with Haynes Group policies and procedures:

WillCreate Media, Suite 3, The Thorne Estate Business Park. Ashford, Kent. TN26 3AF

JudgeService, 12 Cardale Ct., Cardale Park, Harrogate. HG3 1RY

IDoMarketing, Canterbury Innovation Centre, 4a University Road, Canterbury, CT2 7FG

Rhino Design (Manchester) Ltd, Monaghan House, Clarendon Street, Hyde, Cheshire, SK14 2EP