top of page
1727793338298_RN_Roadside_Retail_positive_CMYK_300.jpg

Privacy Policy

1. INTRODUCTION

Rontec Watford Limited (“Rontec”, “we”, “our”, “us”) respects your privacy and is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use our website(s), interact with us, submit a request, query, complaint or visit our premises (including sites where CCTV is in use).

This Privacy Policy should be read in conjunction with our Data Protection Policy & Guidelines.

2. DATA CONTROLLER

Any personal data provided to or collected by Rontec is controlled by Rontec Watford Limited as the registered data controlled with the Information Commissioner’s Office (ICO).

This policy applies across all Rontec locations and affiliated group companies.

This Privacy Policy also applies to Rontec’s marketing content, including offers and advertisements for Rontec products and services, which we (or a service provider acting on our behalf) may send to you on third-party websites, platforms and applications based on your site usage information.

These third-party websites generally have their own Privacy Notice and Terms and Conditions. We encourage you to read them before using those websites.

3. PERSONAL DATA WE COLLECT

Personal data means any information that can be used to identify directly or indirectly a specific individual.

We may collect personal data from a variety of sources. This includes:

  • Personal data you give us directly;

  • Personal data we collect automatically; and

  • Personal data we collect from other sources.

We may collect the following categories of data:

  • Website data: IP address, browser type, browsing behaviour (via cookies);

  • Contact details: Name, email, phone number;

  • Transactional data: Orders, payments, service use;

  • Complaints data: Written complaints, recordings of calls, case resolution info;

  • CCTV footage: Video recordings at our forecourt sites (petrol station and stores), or office locations;

  • Photographs: still images captured at our forecourt sites (petrol station and stores), events or office locations;

  • Other: correspondence or data collected via online forms, customer surveys, or support requests.

4. HOW WE USE PERSONAL DATA

Rontec may share your personal data internally and with selected third parties in the following circumstances:

  • Internally: your personal data may be used by us or shared with Rontec’s group of companies for internal reasons, primarily for business and operational purposes such as:

o in order to respond to your requests, queries, complaints;

o provide services and process transactions;

o maintain and improve our website and services;

o protect site and premises security (via CCTV);

o Marketing campaigns and newsletters.

  • Third-party service providers: in order to make various services and materials available to you through our websites we may share your personal data with third-party service providers that perform functions on our behalf, such as companies that: host or operate Rontec’s website(s), process payments, analyse data, provide customer service, postal or delivery services, and sponsors or other third-parties that participate in or administer our promotions. They have access to personal data needed to perform their functions but may not use it for other purposes. Further, they must process this personal data in accordance with this Privacy Policy and as permitted by applicable data protection laws and regulations;

  • Other third parties: your personal data may also be used by us or shared with our sponsors, retail partners, advertisers, advertising networks, advertising servers, social media networks, and analytics companies or other third parties in connection with marketing, promotional, data enrichment and other offers, as well as product and or service information.

  • Legal disclosure: we may transfer and disclose your personal data to third parties:

o to comply with a legal obligation;

o when we believe in good faith that an applicable law requires it;

o at the request of governmental authorities conducting an investigation;

o to verify or enforce our “Terms of Use” or other applicable policies;

o to detect and protect against fraud, or any technical or security vulnerabilities;

o to respond to an emergency; or otherwise

o to protect the rights, property, safety, or security of third-parties, visitors to Rontec’s websites, Rontec or the public.

5. LEGAL BASIS FOR PROCESSING

Our processing is based on one or more of the following legal grounds:

  • Consent (e.g., for marketing);

  • Contractual necessity (e.g., order fulfilment);

  • Legal obligation (e.g., financial records);

  • Legitimate interests (e.g., CCTV for security, customer support).

6. CCTV MONITORING

We operate CCTV systems in all our sites for safety and security purposes. Signs are posted where CCTV is in use.

We operate CCTV at our sites for the purpose of:

  • Crime prevention and security;

  • Health and safety monitoring;

  • Incident Investigation and complaint resolution.

CCTV Data is:

  • Clearly signposted;

  • Accessed only by authorised personnel;

  • Retained for a maximum of 30 days, unless retained longer for investigations.

7. PHOTOGRAPHS & IMAGE CAPTURE

We may take photographs or capture images (e.g. at our petrol stations, during events) for:

  • Health and safety monitoring;

  • Marketing and promotional purposes (with appropriate consent);

  • Investigating incidents or managing premises security.

Images of individuals will only be retained where necessary for the stated purpose, and we will always obtain consent when using identifiable images for marketing, user profiles, or promotional materials.

8. CUSTOMER COMPLAINTS

When you contact us with complaint, we collect only the data necessary to:

  • Investigate and resolve your issue;

  • Maintain service records;

  • Comply with legal or regulatory obligations.

9. SHARING PERSONAL DATA

We may share your data with:

  • Service providers and IT support partners;

  • Delivery and payment processing providers;

  • Legal/regulatory bodies, courts or enforcement agencies (if required);

  • Other Rontec group entities for operational purposes.

We never sell personal data.

10. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the UK of EEA, we ensure safeguards are in place such as:

  • transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK and the European Commission, including the Privacy Shield in the US;

  • the use of Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) are in place.

11. DATA SECURITY

We use appropriate physical, digital and organisational safeguards to secure your data, including:

  • Encryption, firewall protection, and multi-factor authentication;

  • Secure storage for CCTV, complaints data;

  • Compliance with PCI-DSS and cybersecurity best practices;

  • Regular system monitoring, penetration testing, and access control.

12. DATA BREACH NOTIFICATION

In the event of a data breach that may risk your rights and freedoms, we will notify affected individuals and the ICO within 72 hours in accordance with our internal breach response procedures.

13. YOUR RIGHTS

Under the data protection law, you have the right to:

  • Access your data;

  • Request correction or deletion;

  • Restrict or object to processing;

  • Request portability of your data;

  • Withdraw consent where applicable;

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

14. DATA SUBJECT REQUESTS

You have the right to request access to your personal data held by us. This is known as a Data Subject Access Request (DSAR).

To make a DSAR, you should:

  • Submit your request in writing using the Data Protection Contact Us Form.

  • Include your full name, contact details, and a description of the data you wish to access Provide valid proof of identity (e.g., passport or driving licence).

We will:

  • Acknowledge your request within 3 working days;

  • Respond to your request within 30 calendar days (or inform you if more time is needed);

  • Inform you if we need to redact third-party data (with an associated potential cost); 

  • Restrict access based on lawful exemptions.

Should you have any questions please contact our Legal & Compliance Officer who acts as Rontec’s Data Protection Officer on dpo@rontec.uk.com

15. DATA RETENTION

We retain personal data only as long as necessary.

The table below outlines the recommended retention periods for different categories of data that may be processed by Rontec, including records of Data Subject Access Requests (DSARs). These retention periods are based on UK GDPR Principles, ICO guidance and operational best practices.

16. POLICY REVIEW & UPDATES

This policy will be reviewed and updated as necessary to ensure ongoing compliance with legal, regulatory, and operational change. The latest version will always be available on our website with the date of revision clearly stated.

bottom of page