Privacy Policy

Cookies on cvaauctions.co.uk

This site, like many others, uses small files called 'cookies' to help customise your experience.

What are 'cookies'?

'Cookies' are small text files that are created by the browser (e.g. Internet Explorer, FireFox, Google Chrome, Safari) and sit on your computer. They allow our website to recognise who you are when you login, or anonymously track website usage statistics.

Third Party 'cookies'

Below are the only thid party 'cookies' which cvaauctions.co.uk store.

Google Analytics

_utma, _utmb,_utmc, _utmz

The purpose of these 'cookies' is to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visitied.

How do I turn 'cookies' off?

It is usually possible to stop your browser accepting 'cookies', or to stop it accepting 'cookies' from a particular website. If you were to do this on the cvaauctions.co.uk website, we would no longer be able to tell if you are signed in, so you would not be able to use our website properly.

All modern browsers allow you to change your 'cookie' settings. For more information about these settings, please read the information from the below websties:

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari

Group Privacy Policy Statement

1 The Controller - Who we are
1.1 Ballyvesey Holdings Limited. See section 11 for a list of individual Trading Companies.
2 Data Protection
2.1 Data Protection in the Ballyvesey Business Units administered by the Data Protection
Committee (DPC).
• James Darragh (BVH Board Member & Legal Advisor)
• Gordon Willis (Head of Security & Governance)
• David Andrews (Data Protection Policy & Legislation)
• Darren Ward (Head of IT)
2.2 All members of the DPC have received training on data protection, Cyber Security and
information security relating specifically to their responsibilities. In addition, at least one of
the members of the DPC, will hold, or be working towards a General Data Protection
Regulations Practitioner Certificate and at least one will hold, or be working towards a Certified
Information Security Manager (CISM) Certificate.
2.3 The DPC can be contacted by emailing dataprotection@ballyvesey.com or by writing to:
Data Protection
Ballyvesey Holdings Limited
607 Antrim Road
Mallusk
Newtownabbey
BT36 4RF
3 Categories of Data Collected
3.1 To engage in a business relationship with our customers it is necessary to collect data. The
data we collect may include, Public Data, Company Data, Third Party Data and Personal Data.
Personal Data is protected in law by the General Data Protection Regulations (EU 2016/679),
the General Data Protection Regulations (UK 2020), and The Data Protection Act (UK 2018).
4 Processing of Data
4.1 Customer & Third party data is collected if required in the performance of our duties to meet
the legitimate business interests of the divisions of Ballyvesey Holdings Limited. Customer and
or Third Party data may also be collected to meet any legal obligation place upon the controller
by a statutory provision. These purposes may include, but are not limited to, the raising of
orders, invoices and accountable record keeping, the supply of goods and services, to satisfy
the interests of the business, statutory taxation, prevention of fraud, or criminal offences and
protecting the company assets and revenues. All legal basis for processing personal data will
meet the requirements of Article 6 of the General Data Protection Regulations.

5 Who will receive the data
5.1 In most cases the data will only be processed by the Business Unit engaged by the Customer
in the course of their business operations. For accountable record keeping and statutory
obligations, some data may be shared throughout other parts of Ballyvesey Holdings Limited
wherein they process parts of the data on behalf of their subsidiaries. Data will only be
provided to third parties where there is a legal obligation to do so, or the Customer requires
us, in order to fulfil their operational requirements. Information may be provided to a Credit
Reference Bureau when processing a credit history check.
6 International Transfer
6.1 Ballyvesey Holdings Limited, on rare occasions may be legally obliged to provide some
information to other countries within EEA, such as Republic of Ireland etc. for border / custom
controls and inter-state taxation. No data is transferred out of EEA at this time, if we facilitate
a client request which requires this, we will discuss those obligations at that time. Some data
may be processed on cloud based servers which have storage facilities outside the EEA, but
the data is encrypted and protected by International Standard Contract Clauses and Treaties
which prevent the data being accessed or further processed outside the EEA.
6.2 Customer visits outside of the EEA may require the transfer of personal data to a third party
country to facilitate this.
7 Retention Period
7.1 In order to comply with the legal obligations of statutory provisions for taxation we will retain
relevant records for a period of seven years. In doing this we will practice data minimisation
and only retain the actual data we will need to meet this requirement.
8 Your Rights
8.1 Ballyvesey Holdings Limited undertakes to protect the rights and freedoms of all individuals
whose data we process. We will uphold the principles in Article 5 of the General Data
Protection Regulations, and the rights provided under statute by any Act of the UK
Government. We respect any individual’s right to:
• Submit a Subject Access Request for their personal data (Article 15 GDPR)
• Request correction and/or deletion of inaccurate or incorrect personal data (Article 16
GDPR)
• Object to our processing of their personal data, if our processing is not lawful, fair, nor
transparent (Article 18 GDPR)
• Have us explain to you the impact of failing to provide, withdrawing consent, or objecting
to our processing of your personal data and the effects that may have (Article 13 GDPR)
• The right to request erasure of your data, if it has been collected in error, no longer needed,
unnecessary, unlawfully processed, or obtained (Article 17).

8.2 If an individual is unhappy about the way the Data Protection Committee deal with their rights
and freedoms, they can complain in writing to:
Chief Executive Officer
Ballyvesey Holdings Limited
607 Antrim Road
Mallusk
Newtownabbey
BT36 4RF
8.3 The Chief Executive Officer or his nominated deputy will conduct an investigation and review
of the circumstances and advise them of the findings along with any recommended actions
within one month.
8.4 If the individual is still unsatisfied with the response of the Chief Executive Officer, or in fact at
any other prior stage of the process, they can submit a report to the Information
Commissioner’s Office.
9 Automated Systems
9.1 To protect the legitimate business interests of Ballyvesey Holdings, the results of a credit
history check may be determined by automated decision making processes provided by the
Credit Reference Bureau. If you disagree with the result, you can request that we humanly
review that decision. Price comparison and limited customer profiling processes may be used
to determine the best value for our customers and to maintain competitiveness in the market.
We will endeavour to inform you as and when any further automated processes, other than
those already stated, are used within the operation parameters of our business.
10 Biometric Data
10.1 CCTV is in use throughout various areas of Group property, to detect and assist in the
prosecution of crime, security of the company assets and defence of legal claims. Individuals
making deliveries and, or collections on behalf of a customer to our premises may be recorded
by CCTV systems. Where this is taking place appropriate signage will be displayed.

11 Trading Companies
Ballyvesey Industries Limited Ballyvesey Holdings Limited
Ballyvesey Properties Limited Ballycraigy Properties Limited
Ballycraigy UK Properties Limited Mallusk Business Park Limited
Montgomery Developments Limited Montgomery Transport Limited
Montgomery Transport (Ireland) Limited Montgomery Distribution Limited
Montgomery Freight Management Limited Montgomery Tank Services Limited
MTG Customs Limited Major Freight Limited
Sleator Plant Limited Sleator Plant & Machinery (Ireland) Limited
Norwest Plant Limited Eurofleet Rental Limited t/a Contract Plant
Rental
Construction Equipment Distribution Limited
t/a TDL Equipment
Genesis Equipment Sales Limited
DGC Limited DMC Trailers Limited
Centurion Truck Rental Limited Falcon Vehicle Solutions Limited
Sapphire Vehicle Solutions Limited Rockmount Vehicle Maintenance Limited
Montracon Limited Commercial Vehicle Auctions Limited
Midlands Truck & Van Limited Midlands Warehousing Limited
Intercounty Truck & Van Limited Heathrow Truck Centre Limited
West Pennine Trucks Limited
Document Control
The Data Protection Committee is the document owner and responsible for ensuring this policy
remains current and up to date.
A current version of this document is available to all members of staff on the Security and Governance
SharePoint site and is published by the Security and Governance function.
This policy was approved by the Data Protection Committee and is issued on a version controlled basis.
Representative of the DPC signature: Date: 02/04/2024x