Cycle2Work Email:  cycle2.work@halfords.co.uk


Monday to Friday 8.45am to 5.00pm

Login

Privacy Statement


For over 125 years, Halfords Group plc ("Halfords") has been making journeys better with our unrivalled expertise, services and an unbeatable range of motoring and cycling products. We are also one of the country’s leading providers of Employee Benefit Schemes such as cycle-to-work, as well as our new car maintenance and e-mobility salary sacrifice schemes.


As an essential part of our business, we collect and manage customer data. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting customers’ privacy and rights.


For the purposes of the Employee Benefit Schemes, we act in one of two ways:

  1. where you enter into a hire or service agreement directly with Halfords, we are the “Data Controller”; or

  2. where you enter into a hire or service agreement with your employer, we are the “Data Processor”, and the employer is the “Data Controller”.

Note: these agreements are separate to the salary sacrifice agreement you will sign with your employer.

Whichever of these two scenarios applies, this Privacy Statement serves to describe the ways in which we collect, manage, process, store and share information about you. It also provides you with information about how you can have control over our use of your data.

If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer by email at dataprotectionofficer@halfords.co.uk or by post at Data Protection Officer, Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch B98 0DE (please note that where a customer’s employer is classed as Data Controller, they may be best placed to answer any questions).



The information that we collect about you in order to administer the Employee Benefits Schemes includes your name, address, date of birth, e-mail address and a unique identifier (which may be, for example, your employment Payroll Number or your National Insurance Number). This is referred to as your “personal data”. We collect this data in a number of different ways. For example, you may provide this data to us directly when filling in forms on this website, or when corresponding with us by telephone, e-mail or letter. Alternatively, this information may be collected by a Benefit Provider, acting on behalf of your employer.


Please also be advised that when you visit this website, cookies will be used to collect information about you. For more information, see our Cookies Policy here .



We use the data collected from you for the purposes listed in the table below. Please note that this table also explains:

  • the lawful basis for processing your data, linked to each processing purpose;
  • in what circumstances your data will be shared with a third party organisation; and
  • for how long we keep data collected by this website.

Data that is collected by cookies is not included in the table below, but is explained in section 3 of our Cookies Policy here .


Purpose for processing data Lawful basis for processing data Third party organisations with whom data is shared Data retention period
To administer the Employee Benefit Schemes including the sending of hire / service agreements, or reminders about services for which customers are entitled To fulfil contractual obligations Salesforce, which is the IT system we use to hold customer data. We are supported in our use of Salesforce by Brightgen, an authorised Salesforce Platinum Partner (note: where Halfords is the Data Processor, customer data is also shared with Docusign in order to facilitate electronic signature to the Hire Agreement)

Specifically for the Cycle2Work scheme, customers can redeem their Letter of Collection from Halfords* or any of 800+ independent bike dealers. Where a customer wishes to use an independent bike dealer, basic details will be shared with them to aid customer authentication at time of collection 		6 years after the customer’s hire or service agreement expires. However, where Halfords is the Data Processor, customer data will usually be destroyed or returned as soon as the contractual relationship between Halfords and the customer’s employer ends
To contact customers regarding their application This is deemed legitimate as it is in customers’ interest to resolve any queries that they have made about the application process and/or Employee Benefit Scheme Salesforce, which is the IT system we use to hold customer data, and which is supported by Brightgen 6 years after the customer’s hire or service agreement expires, unless Halfords is the Data Processor as explained above
Where Halfords is Data Controller only, to send emails about relevant special offers and promotions as well as helpful reminders. In some cases, this may involve profiling as described in section 5.8 below Customers will be asked for their consent before any marketing communications is sent Customer details will be held within Saleforce, which is supported by Brightgen 6 years after the customer’s Hire Agreement expires

*Please note that if a Cycle2Work customer chooses to redeem their Letter of Collection from a Halfords store, their data will be processed as per any other customer and as described in the Halfords’ Privacy Statement, available at www.halfords.com/privacy


None of the information that we collect, process or store about you in order to administer the Employee Benefits Schemes is transferred outside the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described in section 3 of this Privacy Statement.



Under the terms of data protection legislation, you have the following rights as a result of using the Halfords’ Employee Benefit Schemes:

  1. Right to be informed

    This Privacy Statement fulfils our obligation to tell you about the ways in which your data is used as a result of you using the Halfords’ Employee Benefit Schemes.

  2. Right to access

    You have the right to ask, in writing, for a copy of any personal data held about you. Except in exceptional circumstances, this information will be provided at no cost and will be sent within 30 days of request. Customers wishing to make a request should write to: Data Protection Officer, Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch, Worcestershire B98 0DE.

    To make a Subject Access Request, please write to our Data Protection Officer at Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch B98 0DE.

  3. Right to rectification

    If any of the information we hold about you is inaccurate, you should contact dataprotectionofficer@halfords.co.uk. Corrections will be made as soon as possible, and certainly no later than 30 days following notification.

  4. Right to be forgotten

    You can ask that all personal information about you is erased. Where it is appropriate to comply, requests will be fully actioned within 30 days. However, for the period during which you are covered by a hire or service agreement, we will not be able to erase your data. For further information, please contact dataprotectionofficer@halfords.co.uk.

  5. Right to object

    By submitting your details to us, your data will be processed for the reasons given in section 3 of this Privacy Statement. However, where consent or legitimate interest applies to the use of your data, you have the right to ask to not have your data processed for that purpose: for further information, please contact dataprotectionofficer@halfords.co.uk.

  6. Right to restrict processing

    If you wish to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe the data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, you should contact dataprotectionofficer@halfords.co.uk.

  7. Right to data portability

    If you want to have your personal data moved, copied or transferred to another organisation, you should contact dataprotectionofficer@halfords.co.uk.

  8. Rights related to automated decision-making

    In order that we can best understand your interests and preferences - and deliver marketing communications that will be of most interest to you where you have consented to receive these - profiling techniques are used (which include automated decision-making) based upon the information provided to us. These processes will not significantly or negatively affect you i.e. they will not lead to any form of discrimination or impact your legal rights.

    Additionally, where we hold your details, we will seek to ensure that, as far as possible, we maintain a single composite record of your interactions, which may require us to match your different activities. Where you have indicated that you do not want your data to be used for marketing, this information will be used purely for anonymised internal analytics and reporting, for example, looking at sales trends which does not identify individual customers.

    Any customer that does not want us to undertake profiling or matching, may either object to the processing (see section 5.5 above) or request that we erase all personal data held about them (see section 5.4 above).



At Halfords, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold customers’ personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.


We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:


  • protect against potential breaches of confidentiality;
  • ensure all IT facilities are protected against damage, loss or misuse;
  • increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
  • ensure the optimum security of this website.

We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that all connections to secure parts of the website (such as when you login) are encrypted and authenticated using strong protocols, key exchanges and ciphers.


This website uses geo-location tracking, which shows us where you are in the UK, to support the Store Locator, which enables you to search for your local Halfords. Your permission is always sought before geo-tracking is used, and then, it serves only to personalise your experience.


This service is supported by Google Maps. Users are bound by the Google Maps / Google Earth Additional Terms of Service (https://maps.google.com/help/terms_maps.html) . which includes the Google Privacy Policy (https://www.google.com/intl/ALL/policies/privacy/index.html).



Every effort is made to ensure that the information provided on this website, and in this Privacy Statement, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.


We cannot accept liability for the use made by you of the information on this website or in this Privacy Statement, nor do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.


This Privacy Statement applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.



We are committed to providing a website in which content is accessible to everyone. We therefore update our website regularly in order to make it as adaptable as possible. .


For example, users can control the text size of each page within their browser. On a PC, holding the “Ctrl” key while pressing the “+” (plus) key will increase text size, and holding the “Ctrl” key while pressing the “-“ (minus) key will decrease the text size.



Questions and comments regarding this Privacy Statement are welcomed, and should be sent to our Data Protection Officer at dataprotectionofficer@halfords.co.uk.


You can also contact our Data Protection Officer if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using this website.


Alternatively, you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk. .

Copyright © Halfords - All rights reserved