General Data Protection Regulation (GDPR) Privacy Notice

This Privacy Notice describes the way in which Roanza Ltd will deal with the information and data you provide to us to enable us to manage your relationship with Roanza Ltd (“the Company”). 

Protecting the confidentiality, security and integrity of the personal data that we process is of paramount importance to our business operations and the purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information.

The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018.  

This privacy notice applies to all contractors, consultants, clients, customers, suppliers and other third parties.  It applies to all personal data that we process, regardless of the media on which those personal data are stored, e.g. electronically, on paper or on other materials.  The Company will process personal data relating to you in accordance with this Privacy Notice, the data protection legislation and the Company’s GDPR Data Protection Policy.

Who we are

Roanza Ltd is a franchised Mercedes-Benz dealer across the North-West and North Wales.  We have dealerships at Warrington, Deeside, East Manchester, Liverpool, Doncaster, Bootle, Stoke-on-Trent and Trafford Park providing our customers a one stop shop for sales, service, maintenance and supply of parts.

Protecting Your Personal Data

Your Personal Data isn’t just protected by the quality, commitment and high standards of Roanza Ltd, your privacy is also protected by law.  The law states that we can only process your Personal Data when there is a genuine reason to do so and it must be one of the following:

  • To fulfil any contract that we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you have consented to it.

A legitimate interest is when we have a business or commercial reason to use your information.  Your data is still protected and we must not process it in a way that would be unfair to you or your interests.  If we rely on our legitimate interest as a reason to process your Personal Data, we will tell you what that is.

To update your data preferences click here


The types of personal information we collect, the purpose and the lawful basis or bases for processing it

What we use your Personal Information for Our Reasons Our Legitimate Interests
  • Manage our relationship with you or your business.
  • Develop new ways to meet our customers’ needs and to grow our business.
  • To develop and carry our marketing activities.
  • To learn how our customers use our products and services from us and other organisations.
  • To provide advice, guidance and support for our products and services.
  • Your Consent.
  • Fulfilling contracts.
  • Our Legitimate interests.
  • Legal Obligations.
  • Maintaining and Keeping our records up to date.
  • Working out which of our products and services may interest you and telling you about them.
  • Developing products and services, and what we charge for them.
  • Defining types of customers for new products or services.
  • Seeking your consent when we need it to contact you.
  • Being efficient about how we fulfil our legal and contractual duties.
  • Develop and manage our brand, products and services.
  • To test new products, systems or services.
  • To manage our relationship with and the performance of other companies that provide services to us and our customers.
  • Fulfilling contracts.
  • Our Legitimate interests.
  • Legal Obligations.
  • Developing or improving products or services, and what we charge for them and who may be interested in them.
  • Being efficient about how we fulfil our legal and contractual duties.
  • Conducting brand image and reputation protection activities to support and grow the business.
  • Deliver products and services.
  • Create and manage customer accounts, payments, charges and fees.
  • To collect and recover money that is owed to us.
  • Respond to any customer complaints and seek to resolve them.
  • Prevent and detect improper use of our systems.
  • Fulfilling contracts
  • Our Legitimate interests.
  • Legal Obligations.
  • Being efficient about how we fulfil our legal and contractual duties.
  • Complying with laws or regulations that apply to us.
  • To detect, investigate, report and seek to prevent crime.
  • To manage risk for us and our customers.
  • To comply with any laws and regulations that apply to us.
  • Fulfilling contracts.
  • Our Legitimate interests.
  • Legal Obligations.
  • Developing and improving how we deal with crime and attempted crime.
  • Protecting our customers and ourselves from the impacts of crime.
  • Complying with laws or regulations that apply to us.
  • Being efficient about how we fulfil our legal and contractual duties.
  • Manage and run our business to efficiently and effectively provide quality products and services.
  • Manage our finances.
  • Ensure corporate governance and compliance to all legal and regulatory obligations.
  • To run our business in an efficient and proper way.
  • Fulfil our obligations as an accountable and responsible organisation.
  • To exercise our rights set out in agreements or contracts.
  • Our Legitimate interests.
  • Legal Obligations.
  • Fulfilling contracts.
  • Complying with laws or regulations that apply to us.
  • Being efficient about how we fulfil our legal and contractual duties.
  • To exercise our rights set out in agreements or contracts.
  • Fulfilling contracts.

If you choose not to give Personal Information

Not providing your Personal Data may prevent us from meeting legal obligations, fulfilling a contract, or performing services required and may mean we are unable to provide you with products or services.

Information Collected

The information and data about you which we may collect, use and process includes the following:

  • We will typically collect personal information (such as your name, email, postal address, telephone number, payment and service details) whenever you ask us to provide a product or service to you.
  • Your financial position, status and history.
  • Information that you provide to us by filling in forms on our website or any other information you submit to us via the website, telephone, post or email.
  • Records of correspondence, whether via the website, email telephone or other means.
  • Your responses to surveys or customer research that we carry out.
  • Details of the transactions you carry out with us and the products and services we provide you.
  • Details about how you use our products and services.
  • Details about you that are in public records such as the Electoral Register and information that is openly available on the internet.
  • Any permissions, consents or preferences that you give us. This includes how you want us to contact you.
  • Details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data.

Where we collect Personal Information from

We may collect Personal Information about you (or your business) from sources such as:

  • When you make enquiries about our products or services on the phone, email, letter, website or in person at one of our sites.
  • When you apply for our products or services.
  • When you register and set up an account with us.
  • Make a purchase from us.
  • Payment and transaction data.
  • Sign up to receive newsletter or other information.
  • Take part in a competition, promotions or survey we run.

Data from third parties we work with:

  • Information passed to us from Mercedes-Benz and other companies that introduce you to us.
  • Financial advisors, credit reference agencies, insurers, and other financial service providers.

Retention of Personal Information

The Company will generally hold personal data belonging to clients, customers and suppliers for the duration of our business relationship.

Once our business relationship with a client, customer or supplier has been terminated, we will generally hold their personal data for one year after the termination of the business relationship, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal data for up to eight years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a County Court or High Court.

Overall, this means that we will “thin” the file of personal data that we hold on clients, customers and suppliers one year after the termination of the business relationship, so that we only continue to retain for a longer period what is strictly necessary.

Who we share your Personal Information with

Your personal data may be shared with agencies and organisations such as:

  • HM Revenue & Customs, regulators and other authorities.
  • Credit Reference agencies.
  • Fraud prevention agencies.
  • A party linked with you or your business’s products or services.
  • Companies we have a joint venture or agreement to co-operate with such as Mercedes-Benz.
  • Organisations that introduce you to us.

We may need to share your personal information with other organisations to provide you with products or services:

  • If you use direct debits, we will share your data with the Direct Debit scheme.
  • Financial services organisations, such as companies which provide hire-purchase funding and banks providing such funding.  This is for the purpose of securing such funding on your behalf.  We may provide personal data to enable such financial services organisations to carry out necessary searches in order to enable them to make a funding decision for you and meeting their legal and regulatory requirements.

In addition, these funders may share your data within their group of companies who provide services to them and so that they and any other companies in their group can look after your relationship with us and them.

During any such process, we may share your data with other parties, we’ll only do this if they agree to keep your data safe and private.

Automated decision making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.

We do not envisage that any decisions will be taken about you based solely on automated decision-making, including profiling.

Transferring Personal Data outside the European Economic Area

The data protection legislation restricts transfers of personal data to countries outside the European Economic Area (EEA) in order to ensure that the level of data protection afforded to data subjects is maintained.  The Company does not transfer personal data to countries outside the EEA.


We may use your personal information to tell you about relevant products and offers.  This is what we mean when we talk about ‘Marketing’.

The personal information we have for you is made up of what you tell us, and data we collect when you buy our products, use our services or from third parties we work with.  We may study this to form a view on what we think you may want or need, or what may be of interest to you.  This is how we decide which products, services and offers may be relevant to you.

We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’.  That is when we have a business or commercial reason to use your information.  It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time on 01925 847100.

Whatever you choose, you’ll still receive correspondence, invoices and other important information such as changes to your existing products and services.

Your rights in connection with your personal information

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • Request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  • Request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
  • Request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing.
  • Restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
  • Object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
  • Data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our HR Manager. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our HR Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Changes to this privacy notice

The Company reserves the right to update or amend this privacy notice at any time. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.


If you have any questions about this privacy notice or how we handle your personal information, please contact our HR Manager as follows: Damian Holding, HR Manager, Roanza, Leacroft Road, Warrington WA3 6NN E-mail: Tel: 01925 847100.


Data controller (“the Company”): Roanza Ltd

Controller’s representative (if any): Damian Holding

Date 15 May 2018