We are delighted that you are interested in our business. Dragon2000 Limited is a leading dealer management system and website provider, registered as a limited company in England and Wales, number 03337148.
This Privacy Notice explains what to expect when Dragon2000 collects and uses any personal information when you use this website and our wider services. We encourage you to read this notice carefully and if you’d like further clarification, please contact our team using the details below and we will be happy to assist.
Data Protection Officer
The Old Mill
Blisworth Hill Business Park
Phone: 01327 222333
Dragon2000 is committed to respecting your privacy and ensuring the personal information you have entrusted to us is held securely. This policy has been written in accordance with the General Data Protection Regulation (GDPR) and the advice and guidance as set out on the website of the Information Commissioners Office (ICO). The GDPR strengthens your rights to privacy and gives you control over the personal information that organisations hold about you.
How we collect personal information
We may collect personal information in the following ways when you:
Contact us with an enquiry by telephone, email or social media;
Submit information via enquiry forms on this website;
Enter into a contract for our products and services;
Register to attend events at our offices;
Apply for a job to join our team.
The personal information we collect
We only provide business-to-business products and services.
When you enquire about our services on behalf of your company, we will collect information from you to enable us to respond to your enquiry. This will include your name, company name, position within the business, business address, a contact email address and a contact telephone number.
Any information which identifies you as an individual will be treated as personal data in accordance with the General Data Protection Regulation. We also collect other information you supply that is relevant to your enquiry, and will maintain records of your contact with us.
When you apply for a job with us, we will collect information from your application such as your name, address, email address and another other personal data you have supplied, typically within your own CV.
What we use your personal data for
We may use your name and contact telephone number and/or email address which identifies you as an individual, to enable us to respond to any enquiry you have made on behalf of your company about our products and services; to assist with a support request; to deliver training, workshops or other events; or to keep you informed of updates to your products and services. The lawful basis of contract applies to our processing and use of your personal data for these purposes.
If you apply for a job within our company, we will use the personal information you have supplied to enable us to be able to contact you to progress your application, which falls under the lawful basis of contract, as you would be taking initial steps to enter into a possible employment contract.
If you become an employee, we will collect and process information for the purpose of the ongoing administration of your employment and meeting our legal obligations regarding employees. This information will be processed and used under the lawful bases of both contract and legal obligation.
Direct business-to-business marketing communications will only be sent to contact methods that identify you as an individual if you have given your consent, and we will seek to refresh that consent at appropriate intervals.
Who we share your personal data with
We do not share your personal data with any other third parties except if you have given your consent, or if it is necessary to facilitate the provision of third party services you have requested on behalf of your company, or if we are required to do so by law.
Any personal data we collect relating to directors and employees of companies we do business with, or those who have enquired about our products and services, along with the details of job applicants and employees, is stored securely within our organisation. It is accessed only by appropriate Dragon2000 employees and used only for the purposes we have explained in the section above.
How long we keep your personal data
We may keep data that identifies you as an individual that relates to companies that we do business with. Information will be kept for the length of the contract, for as long as you are an appropriate contact at that company.
Personal data processed under consent and used for direct marketing purposes will be kept for as long as you consent to its processing. We will seek to refresh your consent at appropriate intervals, to ensure you are still happy for us to receive communications from us.
Your rights regarding your personal data
You have the right to request access to, rectification or erasure of that data, and to object to its processing. You can also withdraw direct marketing consent at any time if the contact details we hold for your business identifies you as an individual. If you wish to make any such requests please contact us in writing using the contact details at the top of this page.
Data Processing on your behalf
Dragon2000 software products and website services are all business-to-business. If you are a user of our services, the following explains how we look after the data you collect and input into our products:
When personal data is entered into our software products or websites we provide to you, with regard to the processing of personal data under the General Data Protection Regulation, you are the Controller of that data and Dragon2000 is the Processor. You have given us consent to act for you in providing our software and services.
Data will be processed on your behalf for the duration of our contract with your business. The nature of the processing is to collect, store and use the data for the purposes of enabling the software to operate, to enable you to administer the provision of vehicles, goods and services and maintaining relationships with your customers.
Names, addresses, contact details and notes you make about data subjects (prospects, customers and employees) that are input into our software products by you, relies on you, as a Data Controller, obtaining appropriate consent from those data subjects or using some other lawful basis.
We will treat all personal data as confidential information and any processing of that data is in accordance with, and ancillary to our contract with you (including for a reasonable period after its termination). We can act upon other reasonable written instructions provided by you, unless by law we are required to act without such instructions.
Where appropriate, there may also be legitimate reasons for maintaining personal data and in its role as the processor, Dragon2000 aims to process all data applicable to the provision of the software, mobile app services and managed website services by taking appropriate measures to ensure the security of processing.
Data processed by us is stored in our cloud platform provider Rackspace’s data centres located in the UK, which all hold the certification ISO/IEC 27001 Information Security Management, which is a recognised international standard in security. We have a contract in place with them which contains the same data protection obligations that we have with you under GDPR, and they have their own responsibilities as a data processor on our behalf. We will assist you in meeting your Data Controller obligations under the GDPR, specifically in relation to the security of processing and the notification of personal data breaches, as well as assisting you with subject access and allowing data subjects to exercise their rights.
Data transfer to sub-processors outside the EEA may be necessary for the purpose of providing email delivery and storage services, if required. Such transfers will be made in accordance with GDPR, only using sub-processors who are certified under the EU-US Privacy Shield framework. This is permitted under GDPR as the framework provides adequate protection for individuals’ rights and freedoms for their personal data.
We shall also provide you with any necessary information you need regarding our role as a data processor to ensure you are meeting your obligations.
Privacy-related android permissions
Our mobile application APPraise, accesses the device camera, microphone and storage for the sole purpose of creating images and videos of vehicles to upload them to secure servers via HTTPS protocol, after validation of the user.
Camera – Used for permissions that are associated with accessing the camera or capturing images/video from the device. This permission allows this application to capture images and videos of vehicles by motor trade businesses in order for them to be uploaded and viewed on their customer-facing web pages and within the separate desktop software application DragonDMS.
Microphone – Used for permissions that are associated with accessing the microphone to capture audio for a video recording from the device. This permission allows this application to capture accompanying audio for videos of vehicles by motor trade businesses in order for them to be uploaded and viewed on their customer-facing web pages, and within the separate desktop software application DragonDMS.
Storage – Used for permissions that are associated with accessing the storage of images/video from the device. This permission allows this application to store images and videos of vehicles by motor trade businesses in order for them to be uploaded and viewed on their customer-facing web pages, and within the separate desktop software application DragonDMS.
Personal Information – The APPraise mobile application does not process any user data, or gather any of your personal information while you are using the application.
Reporting concerns or compliments
If you wish to raise a concern about handling of your personal information by Dragon2000 or compliment what you think we have done well, please contact us using the details at the top of this page.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) about how we manage your data. Our ICO registration number is Z9646895, which we have held since 2006.
Dragon2000 will review our privacy notice regularly and, where necessary, update our privacy information. This notice was last updated in May 2018.