John Clark BMW | Aberdeen & Tayside

John Clark Motor Group Privacy Policy

8th April 2026

1) Who we are and how to contact us

For all customer-facing activities across our group, the data controller is John Clark (Holdings) Limited (Company No. SC098411), Alliance Centre, Greenwell Road, Aberdeen, AB12 3AX. You can contact us at crm@john-clark.co.uk. This notice applies to all of our UK trading names and subsidiaries. John Clark (Holdings) Limited is responsible for deciding how and why your personal data is used.

2) When this notice applies and how it links to our websites

This notice applies when you visit our websites (including www.john-clark.co.uk and sub-domains), contact us by phone or online (including social media/live chat), visit our dealerships, request information, make a purchase or use aftersales services.

We process your data as described in this notice. We rely on contract, legal obligation or legitimate interests for most operational activities and use consent only where the law requires it or where the activity is genuinely optional (for example, certain email/short message service (SMS) marketing and non-essential cookies).

For information about cookies, please see our Cookie Notice (Section 7).

3) What personal data we collect

Depending on your interactions with us we may process:

identification and contact details
date of birth
vehicle details (registration, vehicle identification number, service/mileage/warranty data)
transaction and ownership records
service/MOT history
communications and preferences
payment details (we do not retain full card primary account number/card verification code)
call recordings (for training/dispute resolution)
live-chat records
IP address and device/browser details (see Cookie Notice)
marketing interactions

Special-category data. We do not routinely collect special-category data. If a particular scheme (for example, Motability) or a vulnerability flag requires it, we will obtain your explicit consent or rely on another applicable condition and apply additional safeguards.

Criminal-offence data. We do not record endorsements or conviction data from your driving licence. If we must share keeper/driver details with authorities or private enforcement bodies in connection with an offence, we only do so under a relevant legal obligation.

Biometric data. Any biometric feature offered to customers (for example, app-based recognition used to uniquely identify you) will only operate with your explicit consent and can be switched off at any time. We also process your data by onsite CCTV for safety and security purposes under Legitimate Interests.

4) Where your data comes from

The data we gather comes from:

you and your devices/interactions
manufacturers and their dealer systems
finance and insurance partners where you ask us to introduce you
vehicle provenance data providers
our IT, telephony and CRM suppliers
public sources

5) Why we use your data and our lawful bases

We use your personal data on the following legal bases:

Consent – for direct marketing by email or SMS from us or third parties. You can withdraw at any time.
Contract – to fulfil obligations under contracts with you (e.g., sales, service plans).
Legitimate Interest – for customer support, marketing relevant to your relationship with us, service reminders, fraud prevention, analysis to improve services, competitions, promotions, and system security.
Legal Obligation – e.g., to register your car with the DVLA.
Vital Interest – in urgent safety or product recall situations.

Purpose	Examples	Lawful basis
Enquiries and quotations	Responding to web/phone/dealership enquiries; preparing quotes; arranging viewings or vehicle transfers	Consent; contract; legitimate interests
Vehicle sale and handover	Orders and payments; pre-delivery inspection; delivery/collection; warranty registration; DVLA registration	Contract; legal obligation
Aftersales and service	Bookings; service/MOT/repairs; parts; warranty/recall admin; goodwill	Contract; legal obligation; legitimate interests; vital interest
Finance introductions	Gathering application details and passing to selected providers you choose	Contract; legitimate interests
Insurance mediation and add-ons	Introducing regulated insurance; arranging non-regulated add-ons	Contract; legal obligation financial conduct authority (FCA); legitimate interests
Customer support and dispute resolution	Handling queries/returns; training and quality assurance	Legitimate interests; legal obligation
Safety and security	CCTV at premises; fraud prevention; system security	Legitimate interests; legal obligation
Marketing our own products and services	Email/SMS/post/phone about similar products/services	Consent; legitimate interests
Third-party marketing	Sharing details with associated partners so they can market to you	Consent
Analytics and non-essential cookies	Audience measurement; ad tech	Consent
Corporate governance/compliance	FCA/His Majesty’s revenue and customs (HMRC)/Information Commissioner’s Office (ICO) compliance; audit; responding to lawful requests; enforcing rights	Legal obligation; legitimate interests

6) Marketing, PECR and your choices (Article 21 UK GDPR)

You have an absolute right to object at any time to our use of your personal data for direct marketing, including any related profiling. If you object, we will stop without delay.

We send our own marketing by email/SMS either with your consent or, where lawful, under the Privacy and Electronic Communications Regulations soft opt-in for existing customers in relation to similar products and services. You may unsubscribe at any time and all our SMS have a “STOP” functionality. Finally, you can change preferences or object at any time in the Customer Data Hub, by emailing crm@john-clark.co.uk, or by writing to us.

We action all opt-outs promptly and, in any event, within five working days, though complete cessation across all systems may take slightly longer.

We screen live and automated marketing calls against the Telephone Preference Service (TPS) and Corporate TPS (CTPS) and do not call numbers registered on those services unless you have expressly asked us to call. If you ask us not to call again, we will add your number to our internal do-not-call list.

Changing marketing preferences will not affect service communications (for example, order updates, Service/MOT reminders, invoices, warranty information or safety recalls).

7) Cookies and similar technologies

We use essential cookies for security and core site functions. We use non-essential analytics and advertising cookies only with your consent, collected through our cookie banner.

8) Credit broking – roles and responsibilities

When you ask us to introduce you to a finance provider, we act as a broker and share relevant application data with selected providers. Those providers are independent controllers for their own decisions and checks (including credit-reference and fraud-prevention agency searches) and will give you their own privacy notices.

9) Who we share your data with

We do not sell your personal data.

We share it only as necessary, under contract and with appropriate safeguards, with:

vehicle manufacturers
finance and insurance providers/brokers where you ask for introductions
payment processors
IT, hosting, CRM/Dealer Management Systems (DMS) and communications suppliers
analytics and online advertising processors (with consent)
professional advisers
authorities and regulators
other companies within our group for administrative purposes.

We share personal data, where necessary, with vehicle manufacturers, finance companies, warranty and insurance providers, dealer management system (DMS) providers, IT and hosting providers, payment processors, marketing agencies, and our professional advisers (including legal, audit and accounting services).

We will only share information that is necessary for the relevant purpose. A current list of our data processors and key partners is available on request.

10) International data transfers

Some suppliers are located or process data outside the UK. Where the destination benefits from a UK adequacy regulation, we rely on that. Otherwise, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, complete transfer risk assessments and apply measures such as encryption at rest and in transit.

11) How long we keep your data

We apply storage-limitation principles with objective retention triggers. We delete or irreversibly anonymise data once the relevant period expires.

Vehicle sales and aftersales records (including invoices, warranties, service/MOT records): up to 7 years from last transaction for tax/accounting and product-liability purposes.
Complaints and dispute files: 6 years from closure (longer if litigation is reasonably contemplated).
CCTV footage: approximately 30 days unless needed for an incident.
Call recordings: 60 days unless needed for training/disputes, then retained with the case file.
Enquiry records (no subsequent transaction): 36 months from last meaningful interaction, then deletion/anonymisation, unless you withdraw your consent.
Marketing profiles and preferences: Where you have opted in to receive marketing from us, we may contact you with relevant offers, products or services

We review retention periods periodically and may hold data longer where required to establish, exercise or defend legal claims. We recognise the tension between the data protection principle of storage limitation and various statutory obligations that impose significant retention periods. To resolve this, we retain data for longer durations only when specific UK legislation—such as that governing tax, product liability, or financial regulation—strictly requires us to do so. We prioritise the deletion of data as soon as these statutory time horizons expire.

12) Automated decision-making and profiling

We do not make decisions about you solely by automated means that have legal or similarly significant effects. We do, however, use limited profiling to tailor what we send you, including using automated means. You can object at any time via the Customer Data Hub. Finance providers may use automated decision-making in their credit processes and will explain this in their own notices.

13) Security

We use strict security measures and limit access to authorised staff. We have procedures for managing suspected breaches and in the unlikely event will notify you and the ICO where legally required. While no system is perfectly secure, we work to prevent unauthorised access, use, disclosure, alteration or loss.

14) Your rights

You have rights under data protection law, including to:

be informed
access
rectify
erase
restrict processing
data portability
object (including an absolute right to object to direct marketing)
rights relating to automated decision-making

You can exercise these rights via the Customer Data Hub, by emailing crm@john-clark.co.uk, or by writing to us.

We ordinarily respond within one month and may request identification where necessary. You can complain to the Information Commissioner’s Office (www.ico.org.uk) if you are unhappy with how we handle your data.

15) Links to other websites

Our websites may link to partners, advertisers or affiliates. Their privacy policies apply to their sites—please review them before submitting any personal data.

16) Changes to this notice

We will update this notice from time to time. The version and effective date are shown at the top. For material changes we will provide a prominent update and, where appropriate, contact you directly.

Our Partners & Accreditations

Contact Info

With over 60 businesses, representing 21 leading brand across Scotland, our experienced sales and service teams are waiting to hear from you!

Do You Have A Question?

Quick Links

Corporate Links

Financial Disclosure

John Clark (Aberdeen) Limited, Clark Commercials (Aberdeen) Limited, Morrisons (Land Rover) Limited, Motorchoice (Scotland) Limited, Pentland Motor Company, Specialist Cars (Aberdeen) Limited, Hawco & Sons Limited is an appointed representative of ITC Compliance Limited which is authorised and regulated by the Financial Conduct Authority (their registration number is 313486). Permitted activities include advising on and arranging general insurance contracts and acting as a credit broker not a lender.

We can introduce you to a limited number of finance providers. We do not charge a fee for our Consumer Credit services. We do not act as a financial adviser, or fiduciary. We act in our own interest, whichever lender we introduce you to, we will typically receive commission from them based on either a fixed fee or a fixed percentage of the amount you borrow. Any and all commission amounts will be fully disclosed to you as part of your sales journey. You will be required to give your fully informed consent to our receipt of this commission. By doing this, you acknowledge that you understand our role as a credit broker, and that we will receive a financial incentive if you take out a loan from a lender that we introduce you to.

All finance applications are subject to status, terms and conditions apply, UK residents only, 18s or over, Guarantees may be required.