Privacy Policy

Protecting and respecting your privacy is very important to us and we want you to be confident that your information is in safe hands. Looking after the personal information that we collect about our customers is something we take very seriously. Our Privacy Notice lets you know;

  • who controls the personal information collected and how it is used
  • the lawful basis in order to process the data
  • what personal data is
  • how and why we need to collect and store it
  • when and why we share it with other organisations
  • how long we keep it for
  • your rights
  • how to contact us

Who controls the personal information collected and how it is used?

We are M4 Self Drive Ltd t/a Swindon Car & Van – Our website address is:

We will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR). The personal data we collect from you will be used for the following purposes:

  • The set up and day to day administration of your vehicle booking and sales requirements
  • Complying with our legal, regulatory and statutory obligations
  • Sharing your personal data with finance and insurance companies when required

What is the lawful basis in order to process the data?

We are required to establish the lawful basis we are relying on in order to process your data. The lawful basis we will be relying on is “performance of a contract”.  This lawful basis enables us to fulfill our contractual obligations agreed with you.

What is Personal Data?

Under the EU’s General Data Protection Regulation, Personal Data is defined as

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Why do we need to collect and store personal data?

In order for us to provide you with rental and sales services, we need to collect personal data for correspondence purposes and/or detailed service provision. Depending on the circumstances, the personal information we gather about you may include:

your name address date of birth national insurance number gender nationality spouse’s name spouse’s date of birthoccupation email address phone numbers financial information identity details, e.g. driving license or passport information bank details Debit or Credit Card details

This is not an exhaustive list but includes the main data items. Please contact us should you require a full list.

Personal information is collected through our website application forms, over the telephone and in person to enable us to verify your identity and allow your rental booking or finance application to be set up.

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


Sharing your personal information

We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We may pass your personal data on to the following providers in the course of dealing with you:

  • Finance Companies
  • Insurance Providers
  • Anti-money laundering service provider
  • Fraud prevention and enforcement agencies

These organisations are obliged to keep your details securely, and use them only to fulfil the service requested. Once your service need has been satisfied or the case has been closed, they will dispose of the details in line with our firm’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so.

Retention of personal information

We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases, we will use our discretion to ensure that we do not keep records outside of our normal business requirements.

We will normally retain your data for a minimum of 7 years after the cessation of your contract, or longer where the continued holding of it can be legally justified. The length of time that we hold such data will vary depending on the type of data and the reason it was collected. Once your data is no longer needed, it will be securely destroyed.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Your rights

In summary, the General Data Protection Regulation (GDPR) provides the following rights for individuals:

  • You have the right to be informed about the collection and use of your personal data. The details are contained in this Privacy Notice.
  • You have the right to access your personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing. You may make a request to access the information that we hold about you that personally identifies you and can request that it be sent in a structured, commonly used and machine readable format.
  • The right to data portability also allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • You also have the right to have your personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.
  • Depending on the circumstances, you may also have the right to “block” or suppress the processing of your personal data, this includes if you believe the data that we hold is not accurate.
  • In certain circumstances you can also request the erasure of personal information we hold about you. Please see the Contact Us section below for details.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


We may wish to contact you in the future regarding products and services that we think may be of interest to you. If we do, we will obtain your consent first before we contact you with any marketing material.


We are committed to ensuring your information is protected and held securely. However, the internet is not a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of that email. We have taken appropriate steps to protect personal information in electronic transfer, e.g. emails. As such please be advised that email attachments are encrypted.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Contact us

If you are concerned about our information rights practices you have the right to raise your concerns with us. You are able to complain about:

  • How your personal data has been processed
  • How your request for access to data has been handled
  • How your complaint has been handled
  • Appeal against any decision made following a complaint about our information rights practices

Upon receiving a complaint we will;

  • Clarify how we have processed your personal data
  • Explain how we have put right anything that has gone wrong

Any complaints regarding your personal data or our information rights practices should be addressed to:

The Compliance Department
Swindon Car & Van
1B Station Road

Telephone: 01793 533090
Email: [email protected]

If you are unhappy with how we have dealt with your complaint you can contact the Information Commissioners Office (ICO) on telephone 0303 123 1113 or