Halfords Group PLC ("Halfords") is the UK's leading retailer of car parts, car enhancement, camping and touring equipment and bicycles, and the UK’s largest independent operator in garage servicing and auto repair. We are also one of the country’s leading providers of cycle-to-work schemes.
As an essential part of our business, we collect and manage customer data. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting customers’ privacy and rights.
For the purposes of the Halfords’ Cycle2Work scheme as described within this website, we act as “Data Processor”, with customer employers serving as “Data Controller”. Therefore, customers should direct any query about the use of their data to their own employer unless the query relates specifically to any of the processes described in section 3 of this Privacy Statement below in which case, you can contact our Data Protection Officer by email at: firstname.lastname@example.org or by post at: Data Protection Officer, Halfords, Icknield Street Drive, Washford West, Redditch, B98 0DE.
Notwithstanding, in order that you are reliably informed about how we operate, we have developed this Privacy Statement. Together with any additional Privacy Notices which you may see as you navigate around this website, this Privacy Statement describes the ways in which we collect, manage, process, store and share information about you as a result of you visiting this site. This Privacy Statement also provides you with information about how you can have control over our use of your data.
The information that we collect about you in order to administer the Cycle2Work scheme includes your name, address, date of birth, e-mail address and telephone number. This is referred to as your “personal data”. We collect this data in a number of different ways. For example, you may provide this data to us directly when filling in forms on this website, or when corresponding with us by telephone, e-mail or letter. Alternatively, this information may be collected by a Benefit Provider, acting on behalf of your employer.
Please also be advised that when you visit this website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the internet, and information about your visit such as the pages you viewed or searched for, page response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third party organisations. You can control this by adjusting your cookies settings as described in section 4 of our Cookies Policy here .
We use the data collected from you for the purposes listed in the table below. Please note that this table also explains:
the lawful basis for processing your data, linked to each processing purpose;
in what circumstances your data will be shared with a third party organisation; and
for how long we keep data collected by this website.
Data that is collected by cookies is not included in the table below, but is explained in section 3 of our Cookies Policy here .
Purpose for processing data
Lawful basis for processing data
Third party organisations with whom data is shared
Data retention period
To administer the Halfords’ Cycle2Work scheme
To fulfil contractual obligations
Salesforce, which is the IT system we use to hold customer data. We are also supported in our use of Salesforce by Brightgen, who is an authorised Salesforce Platinum Partner. Additionally, data is shared with Docusign which enables customers to provide evidence of their agreement to our terms via their electronic signature
This is dependent upon the agreement we have with each customer’s employer. Whilst we are actively working with an employer, a customer’s data will usually kept for 6 years after their hire agreement has expired. However, where an employer chooses to no longer provide the Halfords’ Cycle2Work scheme, data is usually destroyed or returned to that employer immediately
To send Letters of Collection (LoC) to customers approved for the Halfords’ Cycle2Work scheme
To fulfil contractual obligations
Customers can choose to redeem their LoC from Halfords or any of our 800+ independent bike dealers. Where a customer wishes to use an independent bike dealer, basic details will be shared with them to aid customer authentication at time of collection
To contact customers in order to remind them about Letters of Collection they may have forgotten to use
This is deemed a legitimate interest in that it is clearly to the benefit of customer to remind them about a bike for which they may be paying but which they have not yet collected
To arrange transfer of ownership or collection of a bike at the end of the hire period
To fulfil contractual obligations
We work with the customer’s employer at the end of the hire agreement to decide next steps
None of the information that we collect, process or store about you in order to administer the Cycle2Work scheme is transferred outside the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described in section 3 of this Privacy Statement.
Under the terms of data protection legislation, you have the following rights as a result of using the Halfords’ Cycle2Work scheme:
Right to be informed
This Privacy Statement, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using the Halfords Cycle2Work scheme. Alternate websites specific to other divisions within the Halfords Group provide information relevant to the ways in which they collect and use personal data.
Right to access
You have the right to ask us, in writing, for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.
To make a Subject Access Request, please write to our Data Protection Officer at Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch B98 0DE.
Right to rectification
If any of the information that we hold about you is inaccurate, you can contact our Data Protection Officer at email@example.com Any corrections that you request will be made as soon as possible, and certainly no later than 30 days following your notification.
Right to be forgotten
From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. However, please note that for the period during which you are covered by a hire agreement, we will not be able to erase your data. For further information, please contact our Data Protection Officer at firstname.lastname@example.org.
Right to object
By choosing to submit your details to us, you understand that your data will be processed for the reasons given in section 3 of this Privacy Statement.
However, where a legitimate interest applies to the use of your information (i.e. in circumstances where we wish to remind you that you have an unspent Letter of Collection), you have the right to ask us not to process your data for this purpose: for further information, please contact our Data Protection Officer at email@example.com.
Right to restrict processing
If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Protection Officer at firstname.lastname@example.org.
Right to data portability
If you would like us to move, copy or transfer the data that you submit to us via this website to another organisation, please contact our Data Protection Officer at: email@example.com.
Rights related to automated decision-making
Please be advised that no automated decisions are made about you as a result of you using this service, and therefore this right is not applicable.
At Halfords, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold customers’ personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
protect against potential breaches of confidentiality;
ensure all IT facilities are protected against damage, loss or misuse;
increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
ensure the optimum security of this website.
We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that all connections to secure parts of the website (such as when you login) are encrypted and authenticated using strong protocols, key exchanges and ciphers.
This website uses geo-location tracking, which shows us where you are in the UK, to support the Store Locator, which enables you to search for your local Halfords. Your permission is always sought before geo-tracking is used, and then, it serves only to personalise your experience.
Every effort is made to ensure that the information provided on this website, and in this Privacy Statement, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.
We cannot accept liability for the use made by you of the information on this website or in this Privacy Statement, nor do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.
This Privacy Statement applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.
We are committed to providing a website in which content is accessible to everyone. We therefore update our website regularly in order to make it as adaptable as possible.
For example, users can control the text size of each page within their browser. On a PC, holding the “Ctrl” key while pressing the “+” (plus) key will increase text size, and holding the “Ctrl” key while pressing the “-“ (minus) key will decrease the text size.