Cazoo Privacy Policy

Cazoo Ltd (“Cazoo”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.

If you visit our website, buy any of our products or services, or contact us, then this policy is for you. It tells you how we protect your data and respect your privacy.

We last updated this policy on 20 May 2021. We update it when we improve our services or when laws change. You should check back regularly so you know how we’re using your data.

The basics

Cazoo is the controller and is responsible for your personal data.

If you are a Drover customer, you should also read the section below that applies to you.

We have a data protection officer (“DPO”) who is responsible for overseeing privacy matters at Cazoo. If you have questions about this policy or about how Cazoo uses your data (including to exercise your legal rights), you can contact us:

Post: Cazoo, Imperial House, Botleigh Grange Campus, Southampton, SO30 2AF

Email: [email protected]

Phone: 020 3901 3488 (8am-8pm, 7 days a week)

You can complain at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We’d prefer to have the chance to address your concerns before you approach the ICO, so please contact us first if you can.

Information we collect about you

When you visit our website, buy any of our products or services, visit one of our Customer Centres, or contact us, we collect information about you.

This section explains what information we collect, how we use it and our legal reason for doing so.

Information about you

Contact details

Examples: Your address, email address and phone number

How we use it: We use this information to identify you, contact you and to fulfil your purchases from Cazoo.

Legal basis: Legitimate interests: We have a legitimate interest in providing and improving our services and personalising your experience of our services. This interest isn’t outweighed by your rights or any negative impacts on you.

Contract: We need to use this information to perform our contract with you when you buy any of our goods or services. If you are entering into a contract with someone else (for example, your finance provider), we need to use this information at your request to take steps to enable you to enter that contract.

Consent: When you opt in for email marketing, you allow us to use your data for that purpose. You can withdraw your consent at any time using the ‘unsubscribe’ link in our emails or by contacting us.

Purchase details

Examples: Information about what you bought from Cazoo and information you provide to complete your purchase (like payment details, identity documents and information needed by finance providers or insurers). This also includes information about your credit score.

In some cases, this information includes special categories of personal data like biometric data (for identity verification), and information about your medical history and criminal record (for insurance). This information has special protections under the law.

We also take a picture of you to prove that you have received your car or handed it back to us. We won’t use this for any other purpose (for example, marketing or social media posts), unless you give us your consent to do so.

How we use it: We use this information to fulfil your purchase from Cazoo, to improve our services and to personalise your Cazoo experience.

Sometimes, you give this information directly to a third party (for example, our identity verification platform or to your finance provider). When that happens, we don’t necessarily receive your information and the third party’s privacy policy applies instead.

Legal basis: Legitimate interests: We have a legitimate interest in providing and improving our services and personalising your experience of our services. This interest isn’t outweighed by your rights or any negative impacts on you.

Contract: We need to use this information to perform our contract with you when you buy any of our goods or services. If you are entering into a contract with someone else (for example, your finance provider), we need to use this information at your request to take steps to enable you to enter that contract.

Consent: If you consent to us using your picture for marketing purposes or on our social media accounts, you allow us to use your data for that purpose. You can withdraw your consent at any time by contacting us. It might take us a few days to remove your image from our website or from our social media accounts, and we can’t guarantee that others haven’t shared or copied that image in the meantime.

Preventing fraud: When we use special category data to confirm your identity, we do so also because it is necessary for reasons of substantial public interest in preventing fraud, and using biometrics is proportionate for this.

Insurance: When we use special category data to assess your eligibility to benefit from our insurance policies when you use one of our courtesy cars or subscription cars, we do so also because it is necessary for reasons of substantial public interest in assessing insurance risk to allow our insurers to provide insurance for our cars.

Marketing preferences

Examples: Your email marketing preferences

How we use it: We use this information so we can encourage you to use Cazoo.

Legal basis: Consent: When you opt in for email marketing, you allow us to use your data for that purpose. You can withdraw your consent at any time using the ‘unsubscribe’ link in our emails or by contacting us.

CCTV

Examples: Video and audio recordings of you when you visit one of our Customer Centres

How we use it: We use this information to protect you, other customers, our property and our team. If something goes wrong (for example, there is an accident or a crime), we might view the footage to investigate, and share it with relevant authorities.

Legal basis: Legitimate interests: We have a legitimate interest in protecting you, other customers, our property and our team. This interest isn’t outweighed by your rights or any negative impacts on you.

Information about how you use Cazoo

Online behaviour

Examples: Information about your device and how you use our website

How we use it: We use cookies and similar technologies to collect information about your device (including device type and location) and how you use our website to make sure our website works for you, to understand how you use our services so we can improve them, and to help us present relevant advertising to you elsewhere on the internet or social media. Sometimes we need your consent to use these technologies. You can find out more in our Cookie Policy.

Legal basis: Legitimate interests: We have a legitimate interest in making sure our service is available to you and other customers and in personalising your Cazoo experience. This interest isn’t outweighed by your rights or any negative impacts on you.

Consent: Where our use of cookies and similar technologies is not essential, your consent allows us to use these technologies for that purpose. You can manage your consent using our cookie banner tool when you first visit our website, and otherwise as set out in our Cookie Policy.

Telematics

Examples: Information gathered by telematics devices in our courtesy cars and subscription cars (including information about acceleration, deceleration, braking, speed, cornering style, car health and maintenance, fuel or charge levels, mileage, time of use, location and CO2 emissions). The telematics device also detects tampering.

Telematics can reveal information about criminal activity (for example, if a car is committing a traffic offence or being used in connection with crime). This information has special protections under the law.

How we use it: We use this information to identify maintenance requirements for our cars, to assist law enforcement authorities, to locate the car so we can provide help or guide emergency services and to identify breaches and enforce the terms of our agreements with you. If you are a subscription customer, we also use this information to give you insights into your driving style and monitor your mileage allowance. We share this information with our insurers, and it helps us save money on insurance to keep our pricing competitive.

Legal basis: Legitimate interests: We have a legitimate interest in monitoring our fleet of cars for maintenance requirements, helping the emergency services, protecting the driver and our car, and in enforcing the terms of our agreements with you. This interest isn’t outweighed by your rights or any negative impacts on you.

Preventing or detecting unlawful acts: When we use information about criminal activity, we do so because it is necessary for reasons of substantial public interest to prevent or detect unlawful acts and can’t be done with your consent because that consent would prejudice those purposes.

Communications with us

Phone calls

Examples: Recordings of our phone calls with you

How we use it: To train and improve our team, improve our services, and to investigate and establish facts when something goes wrong.

We’ll always tell you if we’re recording a call with you. If you don’t want to be recorded on the phone, please contact us by email or post instead.

Legal basis: Legitimate interest: We have a legitimate interest in monitoring and improving the standards of our call centre team, and in investigating and establishing facts when there is a complaint, or if something goes wrong. This interest isn’t outweighed by your rights or any negative impacts on you.

Emails, chats, and letters

Examples: Your contact details and the contents of your emails, letters, texts, social media messages, and chats with us

How we use it: To communicate with you and to improve our services, and to send marketing to you.

Legal basis: Legitimate interest: We have a legitimate interest in communicating with you about our services and in improving them. We also have a legitimate interest in marketing our services to you. These interests aren’t outweighed by your rights or any negative impacts on you.

Consent: When you opt in for email marketing or another form of marketing that needs your consent (like SMS marketing), you allow us to use your data for that purpose. You can withdraw your consent at any time using the ‘unsubscribe’ link in our emails, following the ‘STOP’ instructions in our texts, or by contacting us.

Surveys and responses

Examples: Your responses to surveys that we send you or ask you to fill in when you’re on our website or at one of our Customer Centres

How we use it: To find out if we did a good job, to improve our services and to back up our marketing claims.

Legal basis: Legitimate interest: We have a legitimate interest in analysing and improving our services and making marketing claims about our customers’ experiences with Cazoo. This interest isn’t outweighed by your rights or any negative impacts on you.

Competitions

Examples: Your entries into competitions run by us or our partners, including your contact information and any images or videos we might take of you if you win a prize or take part in a competition

How we use it: To administer competitions and prizes, and to support our marketing.

Legal basis: Legitimate interest: We have a legitimate interest in running competitions to promote Cazoo. This interest isn’t outweighed by your rights or any negative impacts on you.

Other purposes

We also use the personal data described above:

  • to comply with our legal and regulatory obligations;
  • for security purposes;
  • to investigate fraud; and
  • to protect ourselves, others, and property.

Credit checks and identity verification

If you buy or subscribe to a car from us, you must confirm that you hold a valid driving licence that meets our requirements. Before completing the transaction, we will use a third party to confirm that your driving licence is valid. When we do this check, we’ll get information about any driving convictions you have.

If you’re buying a car on finance or if you’re subscribing to a car, we might use the information you provide to run a credit check. The results of this check will affect whether you can complete the transaction.

Job applicants

This privacy policy is aimed mainly at Cazoo’s customers and website users. If you apply for a job at Cazoo, we’ll also collect and use your personal data to assess your suitability for the position you have applied for and for other roles in the future. We also monitor diversity and equal opportunities data in our recruitment process. We might also get information about you from third parties (for example, recruiters, referees, or from publicly available resources like LinkedIn). You can find out more about how we use your personal data in our recruitment process by contacting [email protected].

Sharing your personal data with others

We share your personal information with third parties in the following situations:

Third-party providers: Some of the services at Cazoo are provided by third parties (for example, car finance, breakdown cover, subscription car insurance). We’ll pass your personal data to these providers to help them fulfil your service or interest in a service. Some of them will also tell us if you buy anything from them so that we can receive a commission for introducing you. These third-party providers process your personal data in accordance with their own privacy policies.

Our suppliers: We share your personal data with suppliers who provide services to us where we need to do so, and with our professional and legal advisors.

Fraud prevention and detection: If you buy, sell, or subscribe to a car with Cazoo, we’ll share your personal data with organisations that help us prevent and detect fraud. If we think we’ve detected fraud in one of your transactions, we’ll also share your information with law enforcement agencies.

Legal requirements: We’ll share your personal data with law enforcement, government, or regulatory authorities in response to lawful requests, legal obligations, or court orders. This includes requirements of any securities exchange (like a stock exchange where our group’s equities are listed).

Advertisers: We’ll share your personal data with advertising services and social media sites to help us market our services to you and to others who match the demographic profile of our users. In some cases, this involves sharing your email address so that the advertiser can identify you as one of our users.

Mergers, acquisitions, financings: If we’re involved in a merger, acquisition, sale of any business assets or financings, the personal data of our users and customers might be disclosed to a potential buyer, investor, or lender. If this happens, we’ll take reasonable steps to ensure that the potential buyer, investor, or lender is bound by the terms of this privacy policy.

Other: We might also disclose your personal data in other situations if we have your consent or are otherwise legally permitted to do so.

Where your personal data is stored

Our website and other services are hosted by trusted suppliers who have server infrastructure based around the world. As a result, your personal data is processed in countries outside the UK, including in countries where you have fewer legal rights relating to your personal data than you do in the UK. Where we transfer your personal data outside the UK, we will (as required by law) ensure that your privacy rights are adequately protected by appropriate safeguards, including by using the EU Standard Contractual Clauses. If you would like more information about these safeguards, please contact [email protected].

How long your personal data is stored

We keep a record of transactions on our website for up to seven years to protect us from legal claims and to meet our legal, regulatory, tax, accounting, and reporting obligations. We might keep your personal data for longer if we reasonably think that there is a prospect of litigation relating to our relationship with you.

If you unsubscribe from our marketing communications, we’ll keep a record of your email address to make sure that we don’t send you marketing in the future.

We keep other personal data only for so long as we need it for the purpose for which we collected it, considering the amount, nature, and sensitivity of the information.

Your rights

You have rights under the law relating to your personal data:

Erasure: You can ask us to delete your personal data in some situations. Find out more about the right to erasure.

Rectification: You can ask us to fix incorrect or incomplete information about you. Find out more about the right to rectification.

Access: You can ask us for a copy of your personal data. This right always applies but there are some exceptions. For security reasons, we don’t accept requests from other people (including service providers) on your behalf. Find out more about the right of access.

Restrict processing: You can ask us to restrict how we process your personal data in some situations. Find out more about the right to restrict processing.

Data portability: You can ask us to transfer personal data to you or another organisation in a machine-readable format. This only applies to information you give us and which we process in an automated way based on your consent or in relation to a contract. Find out more about the right to data portability.

Object: You can object to how we process your personal data in some situations, even if we think it’s in our (or someone else’s) legitimate interests. Find out more about the right to object.

You also have rights relating to automated decision-making, but we don’t currently make any decisions that have legal or similarly significant effects that are based solely on automated processing of personal data.

To exercise any of your rights in relation to your personal data, you should contact [email protected]. We might ask you to prove your identity for security reasons before we implement your request.

Users under 18

Our website isn’t intended for, and shouldn’t be used by, anyone under the age of 18. We don’t knowingly collect personal data about individuals under the age of 18.

Cookies

Our website uses cookies and similar technologies to provide features on the website, to understand and measure its performance, and to deliver targeted advertising. Please read our Cookie Policy for more information about how we use those technologies and how to change your cookie preferences.

Links to other websites

Some parts of our website link to websites not controlled by Cazoo (for example, those parts of our checkout journey provided by finance providers or identity verification service providers). This privacy policy doesn’t cover those other websites. Those other websites should have their own privacy policies, which we suggest you read. Cazoo isn’t responsible for the privacy or data protection practices of other websites.

Information for Drover customers

If you have an ongoing subscription with Drover, then Drover will continue to use your personal data to provide your subscription service to you until your subscription ends. Drover complies with this privacy policy in relation to your personal data (except that references to “Cazoo” are read as references to “Drover” instead).

Drover” refers to Drover Limited, a company registered in England and Wales with company number 09829742. Drover’s registered office is at 41 Chalton Street, London NW1 1JD. You can contact Drover using any of the Cazoo contact details in this privacy policy.