Call Us
  • About Us
  • Latest News
  • Careers
  • Find Us
  • Call Us

 John Banks Privacy Policy April 2018 onwards


The Internet is an amazing tool. It has the power to change the way we live, and we're starting to see that potential today. With only a few mouse-clicks, you can follow the news, look up facts, buy goods and services, and communicate with others from around the world.

 It's important to John Banks Group to help our customers retain their privacy when they take advantage of all the Internet has to offer.

We believe your business is no one else's. Your privacy is important to you and to us. So, we'll protect the information you share with us. To protect your privacy, John Banks Group follows different principles in accordance with worldwide practices for customer privacy and data protection.

  • We won’t sell or give away your name, mail address, phone number, email address or any other information to anyone unless you purchase a vehicle from us and then we will only share your information with those you opt in to do so which will be our Manufacturer partners under our Duty of Care Policy and in line with GDPR as information about your car is important to you as well as the manufacturer.

  • We’ll use state-of-the-art security measures to protect your information from un-authorised users.

The aim of this policy is to comply with relevant legislation regarding the keeping of employment records and all data relating to customer and data. The Company requires personal information relating to customers  to manage its business in an efficient and effective manner; this data is subject to the Data Protection Act 1998 and updated Act 2018. The Company wishes to act and comply with the principles of this Act and has used information from the Information Commissioner's Office (ICO) to establish the guidance and significance of new legislation from 25th May 2018 to enhance and deal with new transparency and individuals' rights provisions.


Data: includes computerised data, manual data and any other form of accessible record that includes personal information held by the Company.

Personal data: is that which relates to a living individual who could be identified by the data.

Data Subject: A data subject is an individual that is the subject of any personal data.

PCI Data: Payment Card Industry Data Security.


It is the intention of this Company to adhere to the latest principles of the Data Protection Act.

Therefore, the data protection policy applies to all employees and to any other party that handles data for or on behalf of the Company whether taken over the phone, by email or directly by transfer from our website and from our showroom activity.

Any personal data collected will:

  • Be used by the Company in accordance with the Data Protection Act.

  • Be obtained and processed fairly and lawfully and shall not be processed unless specific conditions are met and confirmed by the data subject.

  • Be relevant and not excessive in relation to the purpose for which it was collected.

  • Be accurate and where necessary be kept up to date.

  • Not be kept for longer than necessary for the specified purpose.

  • Be processed in accordance with the rights of the data subject in accordance with the Act.

  • Be stored safely to avoid unauthorised access, loss and/or damage.

  • Not be transferred to a country outside the European Economic Area unless it ensures an adequate level of protection for the rights of the data subjects.

The Company will inform any data subjects:

  • What information the Company holds about them.

  • How to gain access to the data.

  • How to keep data held up-to-date.

Process and Notice:

We will ask you when we need information that personally identifies you (personal information) or allows us to contact you.

Generally, this information is requested when you create a Registration ID on the site, visit our showrooms, enter a contest, order, email, newsletters or join us as a customer. We use your Personal Information for four primary purposes:

  • To make the site easier for you to use by not having to enter information more than once.

  • To help you quickly find products, services or information.

  • To help us create content most relevant to you.

  • To alert you to product upgrades, special offers, updated information and other maintenance based services from John Banks Group.

It is the intention of the Company that we MUST follow this policy in the collection of data:  At introduction and as a pre-cursor to the sale of goods or vehicles within the Company John Banks Group requires:

  1. Title

  2. Full Name

  3. Address

  4. Telephone Number

  5. Mobile Number

  6. Email address

In the event of requiring Finance as an intermediary we also require:

  • Bank Details for Direct Debit purposes

  • Age for reference to finance restrictions and for AFRL registration

  • Payment Deposits

    • these may be taken in store or by way of Worldpay Payment link - we are able to input payment in to a secure Worldpay link or to send our customers a payment link to pay securely via Worldpay - no card data will be stored manually in any form.

    • Employment History and name of employer

    • Driving Licence details

What do we do with data?

  • Store it on secure systems

    • For use against the vehicle details for customer loyalty bonus,

    • For reminders for safety and security

    • For warranty issues relating to the manufacturer vehicles.

  • We pass the details on to finance providers to gain finance on behalf of the customer

  • We take payments in order to both finalise invoices and to order vehicles as well as reserving vehicles and products.

  • We have to provide finance houses with address and employment history – we do not keep a record of employment on our own files.

We try to ensure that we are PCI compliant as follows:

We and our partners have the ability to record calls for training and monitoring purposes using our call products (Mediahawk). 

Calls are automatically recorded so you can listen back to them anytime you choose within the designated call portal. However, this recording facility does not detect and stop recording if a customer wishes to make a payment using their card over the phone. To be compliant with the Payment Card Industry (PCI), our staff must not record customer’s payment card details. 

How do we ensure we are compliant?

We utilise Worldpay Card services technology in order to take payment from customers in line with Distance Selling we will send a payment request link with the reference of the deal to the customer who will input card payment directly in to a secure Worldpay link with payments via Visa, Mastercard, JCB, Debit and Maestro. 



 If you choose not to register or provide personal information, you can still use most of our website at But you will not be able to access areas that require registration.

 John Banks Group occasionally allows other closely associated companies to offer our registered customers information about their products and services, using email and telephone only. If you do not want to receive these offers, you may select the option stating that you do not wish to receive marketing materials from third parties.


We control our GDPR opt in’s via our Pinnacle Dealer Management System from Pinewood Techologies and follow their process of customer opt in where the customer selects what product information they require via email notification.

 Therefore, we will provide you with the means to ensure that your personal information is correct and current. You may review and update this information at any time at any of our sites. There, you can:

 View and edit personal information you have already given us.

  • Tell us whether you want us to send you marketing information, or whether you want third parties to send you their offers by postal mail.

  • Sign up for electronic newsletters about our services and products.

  • Register. Once you register, you won't need to do it again. Wherever you go on, your information stays with you.


John Banks Group has taken strong measures to protect the security of your personal information and to ensure that your choices for its intended use are honoured. We take strong precautions to protect your data from loss, misuse, un-authorised access or disclosure, alteration, or destruction.

We guarantee your e-commerce transactions to be 100% safe and secure. When you place orders or access your personal account information, you're utilising secure server software SSL, which encrypts your personal information before it's sent over the Internet. SSL is one of the safest encryption technologies available.

John Banks Group strictly protects the security of your personal information and honours your choices for its intended use. We carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration, or destruction.

Your personal information is never shared outside the company without your permission, except under conditions explained above. Inside the company, data is stored in password-controlled servers with limited access. Your information may be stored and processed in the United Kingdom or any other country where John Banks Group, its subsidiaries, affiliates or agents are located.

You also have a significant role in protecting your information. No one can see or edit your personal information without knowing your user name and password, so do not share these with others


If for some reason you believe John Banks Group has not adhered to these principles, please notify us by email at, and we will do our best to determine and correct the problem promptly. Be certain the words Privacy Policy are in the Subject line.


As mentioned above, every registered customer has a unique personal profile. Each profile is assigned a unique personal identification number, which helps us ensure that you have a secure profile in line with GDPR (General Data Protection Regulations).

When you register, we create your profile, assign a personal identification number, then send this personal identification number in the form of a cookie, which is a very small bit of code. This code is uniquely yours. It is your passport to seamless travel across allowing you to download free information, order free newsletters, and visit without having to fill out registration forms with information you've already provided. 


When you join us, you provide us with your contact information, including your name and email address. We use this information to send you updates about your order, questionnaires to measure your satisfaction with our service and announcements about new and exciting services that we offer. When you order from us, we ask for your deposit or payment information and billing address. We use this information only to bill you for the product(s) you order at that time. For your convenience, we do save billing information in case you want to order from us again, but we don't use this information again without your permission.

We occasionally hire other companies to provide limited services on our behalf, including service reminders, e-mailing and delivering purchases, answering customer questions about products or services, sending postal mail and processing event registration. We will only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose. 

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

DPP Marketing, Mediahawk, Call It Automotive and Interactive Marketing as well as the manufacturers.

John Banks Group will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:

(a) conform to the edicts of the law or comply with legal process served on John Banks Group or the site; (b) protect and defend the rights or property of John Banks Group and its family of Websites, and,

(c) act in urgent circumstances to protect the personal safety of users of John Banks Group, its Websites, or the public under the law in England and Wales and in line with GDPR.

Companies Linked with our Website

The following Companies are linked with our website and provide information as follows:

Bluesky Interactive – Secure Server Based Web hosting and website construction

Pinewood Technologies – Pinnacle DMS – Feed for Used and New Car Stock

Mediahawk – Call Monitoring and logging

Call It Automotive – Live Chat

Interactive Marketing – Links with our website on providing information to customers on the telephone in relation to service maintenance schedules and calls to customers

DP Publicity – Marketing visuals

Renault UK 

Honda UK – Visuals of vehicles and marketing information

Suzuki UK – Visuals of Vehicles and marketing information

Dacia UK – Visuals of vehicles and marketing information

CAP – HPI – Valuations and Experian for vehicle look ups.

 Blue Sky Interactive

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. You can find out more about PCI standards here.

By following these standards we trade as a healthy and trustworthy company.

Non Compliance

All employees have a role to play in enforcing the policy and are required to deal with any observed or reported breaches.

Should employees feel apprehensive about their own safety regarding addressing any breach, they should seek senior management support.

Failure to comply with this policy may lead to a lack of clarity over job role, learning needs or expected standards of performance, resulting in reduced effectiveness or efficiency, underperformance and putting service delivery at risk.

Any member of staff refusing to observe the policy will be liable to disciplinary action in accordance with the Company’s Disciplinary Policy up to and including dismissal.

Implementation of the Policy

Overall responsibility for policy implementation and review rests with the Company senior management. However, all employees are required to adhere to and support the implementation of the policy. The Company will inform all existing employees about this policy and their role in the implementation of the policy. They will also give all new employees notice of the policy on induction to the Company.

This policy will be implemented through the development and maintenance of procedures for appraisals and one-to-one meetings, using template forms, and guidance given to both managers and employees on the process.

This Policy was approved & authorised by: Melanie Banks-Browne, Chief Executive and Data Protection Officer - Olivia Tombs - March 2018 

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes, alternatively you can ask for your details to be updated in our Pinnacle DMS system and we will send you an automated link to update your own contact preferences for security - this will occur each time your preferences are altered on our website and will be changed over the course of your visits to our dealerships or placing of orders.

  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at 

  • Please note - should you opt out you will receive a further communication detailing the change to your information.
  •  Should you no longer own a vehicle purchased at John Banks or from one of our manufacturers, we will annually cleanse our data to update with Experian and should you no longer own any of these vehicles you will be deleted from our systems after 12 months. 




 Email :