For over 125 years, Halfords Group plc ("Halfords") has been making journeys better with our unrivalled expertise, services and an unbeatable range of motoring and cycling products. We are also one of the country’s leading providers of Employee Benefit Schemes such as cycle-to-work, as well as our new car maintenance and e-mobility salary sacrifice schemes.
As an essential part of our business, we collect and manage customer data. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting customers’ privacy and rights.
For the purposes of the Employee Benefit Schemes, we act in one of two ways:
where you enter into a hire or service agreement directly with Halfords, we are the “Data Controller”; or
where you enter into a hire or service agreement with your employer, we are the “Data Processor”, and the employer is the “Data Controller”.
Note: these agreements are separate to the salary sacrifice agreement you will sign with your employer.
Whichever of these two scenarios applies, this Privacy Statement serves to describe the ways in which we collect, manage, process, store and share information about you. It also provides you with information about how you can have control over our use of your data.
If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer by email at email@example.com or by post at Data Protection Officer, Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch B98 0DE (please note that where a customer’s employer is classed as Data Controller, they may be best placed to answer any questions).
The information that we collect about you in order to administer the Employee Benefits Schemes includes your name, address, date of birth, e-mail address and a unique identifier (which may be, for example, your employment Payroll Number or your National Insurance Number). This is referred to as your “personal data”. We collect this data in a number of different ways. For example, you may provide this data to us directly when filling in forms on this website, or when corresponding with us by telephone, e-mail or letter. Alternatively, this information may be collected by a Benefit Provider, acting on behalf of your employer.
Please also be advised that when you visit this website, cookies will be used to collect information about you. For more information, see our Cookies Policy here .
We use the data collected from you for the purposes listed in the table below. Please note that this table also explains:
the lawful basis for processing your data, linked to each processing purpose;
in what circumstances your data will be shared with a third party organisation; and
for how long we keep data collected by this website.
Data that is collected by cookies is not included in the table below, but is explained in section 3 of our Cookies Policy here .
Purpose for processing data
Lawful basis for processing data
Third party organisations with whom data is shared
Data retention period
To administer the Employee Benefit Schemes including the sending of hire / service agreements, or reminders about services for which customers are entitled
To fulfil contractual obligations
Salesforce, which is the IT system we use to hold customer data. We are supported in our use of Salesforce by Brightgen, an authorised Salesforce Platinum Partner (note: where Halfords is the Data Processor, customer data is also shared with Docusign in order to facilitate electronic signature to the Hire Agreement)
Specifically for the Cycle2Work scheme, customers can redeem their Letter of Collection from Halfords* or any of 800+ independent bike dealers. Where a customer wishes to use an independent bike dealer, basic details will be shared with them to aid customer authentication at time of collection
6 years after the customer’s hire or service agreement expires. However, where Halfords is the Data Processor, customer data will usually be destroyed or returned as soon as the contractual relationship between Halfords and the customer’s employer ends
To contact customers regarding their application
This is deemed legitimate as it is in customers’ interest to resolve any queries that they have made about the application process and/or Employee Benefit Scheme
Salesforce, which is the IT system we use to hold customer data, and which is supported by Brightgen
6 years after the customer’s hire or service agreement expires, unless Halfords is the Data Processor as explained above
Where Halfords is Data Controller only, to send emails about relevant special offers and promotions as well as helpful reminders. In some cases, this may involve profiling as described in section 5.8 below
Customers will be asked for their consent before any marketing communications is sent
Customer details will be held within Saleforce, which is supported by Brightgen
6 years after the customer’s Hire Agreement expires
*Please note that if a Cycle2Work customer chooses to redeem their Letter of Collection from a Halfords store, their data will be processed as per any other customer and as described in the Halfords’ Privacy Statement, available at www.halfords.com/privacy
None of the information that we collect, process or store about you in order to administer the Employee Benefits Schemes is transferred outside the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described in section 3 of this Privacy Statement.
Under the terms of data protection legislation, you have the following rights as a result of using the Halfords’ Employee Benefit Schemes:
Right to be informed
This Privacy Statement fulfils our obligation to tell you about the ways in which your data is used as a result of you using the Halfords’ Employee Benefit Schemes.
Right to access
You have the right to ask, in writing, for a copy of any personal data held about you. Except in exceptional circumstances, this information will be provided at no cost and will be sent within 30 days of request. Customers wishing to make a request should write to: Data Protection Officer, Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch, Worcestershire B98 0DE.
To make a Subject Access Request, please write to our Data Protection Officer at Halfords’ Cycle2Work, Icknield Street Drive, Washford West, Redditch B98 0DE.
Right to rectification
If any of the information we hold about you is inaccurate, you should contact firstname.lastname@example.org. Corrections will be made as soon as possible, and certainly no later than 30 days following notification.
Right to be forgotten
You can ask that all personal information about you is erased. Where it is appropriate to comply, requests will be fully actioned within 30 days. However, for the period during which you are covered by a hire or service agreement, we will not be able to erase your data. For further information, please contact email@example.com.
Right to object
By submitting your details to us, your data will be processed for the reasons given in section 3 of this Privacy Statement. However, where consent or legitimate interest applies to the use of your data, you have the right to ask to not have your data processed for that purpose: for further information, please contact firstname.lastname@example.org.
Right to restrict processing
If you wish to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe the data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, you should contact email@example.com.
In order that we can best understand your interests and preferences - and deliver marketing communications that will be of most interest to you where you have consented to receive these - profiling techniques are used (which include automated decision-making) based upon the information provided to us. These processes will not significantly or negatively affect you i.e. they will not lead to any form of discrimination or impact your legal rights.
Additionally, where we hold your details, we will seek to ensure that, as far as possible, we maintain a single composite record of your interactions, which may require us to match your different activities. Where you have indicated that you do not want your data to be used for marketing, this information will be used purely for anonymised internal analytics and reporting, for example, looking at sales trends which does not identify individual customers.
Any customer that does not want us to undertake profiling or matching, may either object to the processing (see section 5.5 above) or request that we erase all personal data held about them (see section 5.4 above).
At Halfords, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold customers’ personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
protect against potential breaches of confidentiality;
ensure all IT facilities are protected against damage, loss or misuse;
increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
ensure the optimum security of this website.
We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that all connections to secure parts of the website (such as when you login) are encrypted and authenticated using strong protocols, key exchanges and ciphers.
This website uses geo-location tracking, which shows us where you are in the UK, to support the Store Locator, which enables you to search for your local Halfords. Your permission is always sought before geo-tracking is used, and then, it serves only to personalise your experience.
Every effort is made to ensure that the information provided on this website, and in this Privacy Statement, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.
We cannot accept liability for the use made by you of the information on this website or in this Privacy Statement, nor do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.
This Privacy Statement applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.
We are committed to providing a website in which content is accessible to everyone. We therefore update our website regularly in order to make it as adaptable as possible.
For example, users can control the text size of each page within their browser. On a PC, holding the “Ctrl” key while pressing the “+” (plus) key will increase text size, and holding the “Ctrl” key while pressing the “-“ (minus) key will decrease the text size.