Gold Trusted Service
All Cars Less Than 3 Years Old
and less than 25,000 miles

Data subject access request policy

Guidance and Information on how to submit a Data Subject Access Request to Motorpoint Article 15 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) grants you the right to access your personal data held by MOTORPOINT, including the right to obtain confirmation that we process your personal data, receive certain information about the processing of your personal data, and obtain a copy of the personal data we process.

How you can submit your request

By obtaining our template request form from our website and submitting the completed form to us:

  • In writing to our head office: Customer Care Team, Motorpoint Derby, Chartwell Drive, Derby, DE21 6BZ.
  • By email at dpo@motorpoint.co.uk.

We expect to respond to your request within one month of receipt of a fully completed form and proof of identity.

In addition to exercising your access right, the GDPR also grants you the right to:

  • Request correction or erasure of your personal data;
  • Restrict or object to certain types of data processing; and
  • Make a complaint with the local data protection authority.

Proof of data subject's identity

To help us establish your identity, you must provide 2 pieces of identification that clearly show your name, date of birth, and current address.

  • We accept a photocopy or a scanned image of one of the following as proof of identity: passport or photo identification such as a driver’s license, national identification number card, or birth or adoption certificate.
  • To confirm your address please also attach a copy of a bank or credit card statement or utility bill showing your current address and dated within the last three months.
  • If you have changed your name, please provide the relevant documents evidencing the change.
  • If you do not have any of these forms of identification available, please contact dpo@motorpoint.co.uk and we will provide advice on other acceptable forms of identification.
  • We may request additional information from you to help confirm your identity and your right to access, and to provide you with the personal data we hold about you. We reserve the right to refuse to act on your request if we are unable to identify you.

Requests made on a data subject's behalf

In some situations, an individual may submit an access request on someone else’s behalf. For third-party requests, we require proof of:

  • The data subject’s identity;
  • The requester’s identity; and
  • The requester’s legal authority to act on the data subject’s behalf, such as:
    • written consent signed by the data subject;
    • a certified copy of a Power of Attorney; or
    • evidence of parental responsibility if the data subject is a child.

Information requested

To help us process your request quickly and efficiently, please provide as much detail as possible about the personal data you are requesting access to. Please include time frames, dates, names, types of documents, file numbers, or any other information to help us locate your personal data.

For example, you may specify that you are seeking:

  • Employment records or personnel records.
  • Personal data held by [DEPARTMENT].
  • Medical records.
  • E-mail or other electronic communications between us (specify the dates and times).
  • Billing information.
  • Photographs.
  • User activity logs.
  • Transaction histories
  • Correspondence between [NAME] and [NAME] between [DATE] and [DATE].

We will contact you for additional information if the scope of your request is unclear or does not provide sufficient information for us to conduct a search (for example, if you request “all information about me”). We will begin processing your access request as soon as we have verified your identity and have all the information we need to locate your personal data.

If the information you request reveals personal data about a third party, we will either seek that individual’s consent before responding to your request, or we will redact third parties’ personal data before responding. If we are unable to provide you with access to your personal data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

For more information on your rights under the GDPR, see our Privacy Notice available at: https://www.motorpoint.co.uk/privacy.