PistonHeads Privacy Statement

September 13, 2021

This statement is designed to help you understand what we do with information about people, referred to as “personal data”.

We are CarGurus UK Limited, c/o Legalinx Limited, 3rd Floor, 207 Regent St, London W1B 3HH, United Kingdom, and we are an indirect subsidiary of CarGurus, Inc., of 55 Cambridge Parkway, 6th Floor, Cambridge, Massachusetts 02142, USA. Either we, or one of our parents or subsidiaries, is the data controller of your personal data. If you have any questions or concerns about the information presented here, or about what we do with personal data, you should email us at privacy@cargurus.com or write to us at either of the above addresses, to the attention of our General Counsel.

From time to time we update this Privacy Statement so we encourage you to refer back to this page regularly.

Our sites are not intended to be used by children.

In summary, we use personal data:

  • to connect consumers interested in listed vehicles with the dealerships and private sellers that are advertising them for sale
  • to operate the interactive features of our websites and mobile applications, such as the discussion forums, saved searches and pricing alerts
  • to promote our services, and to help our advertisements appear to people who are more likely to be interested in them
  • to refer consumers to third party businesses related to our industry
  • to manage our customer relationships, handle queries and complaints, prevent fraud and otherwise operate our business

The rest of this statement provides further details. In order to help you reach the information you want quickly, we have divided this page into different sections according to your different potential interactions with us. You can get to the section you want by following the links below.

What would you like to know more about?

When you ask to be put in touch with a dealership or private seller

You can use our website to be put in contact with a dealership or private seller that has a vehicle for sale that you are interested in buying. Our websites have a form for that purpose. We then pass the information that you provide to the dealership or private seller so they can follow up with you directly.

When we pass on your details, the dealership or private seller receiving the information is then the controller of their copy of your personal data, and they are responsible for what, if anything, they do with it. Typically, we would expect them to contact you by email or phone to see if you wish to take things forward (arrange a test drive, for example).

Alternatively, you can call the number for a dealership or private seller provided on our website to connect that way. If you do, we will have a record that the call took place, but we do not record the calls themselves and we will not know what was discussed. The dealership or private seller is responsible for what they do with any information you give them on the phone. We use the call records that we have only for customer service purposes and to keep dealerships and private sellers informed of which calls they have received through us.

You can also, if you wish, choose to receive email alerts from us about vehicles listed on our websites.

We will retain this information for up to 10 years, in case of disputes. Of course, if you have created an account with us, then we will also continue to hold the account information you provided for that reason. You can learn more about that below.

We do these things either on the basis that they are necessary in order to provide our service, or on the basis of our legitimate interest in promoting vehicles listed on our websites.

When you buy a vehicle that you found through PistonHeads

Some dealerships report sales back to us. We ask dealerships who do that to tell you first, and to give you the opportunity to object. The information they give us will typically be restricted to the vehicle registration number, the date of the sale and your postcode. We use that information together with our records of searches on our website to produce reports showing correlations between referrals to dealerships from our website and sales for dealerships, in order to help us to demonstrate the value of our paid services to dealerships. We do this on the basis of our legitimate interest in understanding sales conversion rates and promoting our paid services.

Browsing our website, creating accounts, and advertising on our website

Our website sets certain “cookies” in your browser and other similar technologies like “beacons”. Some are simply used for statistical analysis (e.g. how many people looked at a particular page), or as a technical mechanism to let you log in to your account or to allow you to use certain interactive features (like alerts or saved searches) without logging in.

For statistical analysis we use the Google Analytics service, which collects this information anonymously, allowing us to see trends without identifying individual users. You can learn more about Google Analytics here.

Cookies and adverts

We also use cookies and other similar technologies in order to identify your browser or device to our advertising partners. We do that to help our advertising partners to target advertisements for our service to you when you are browsing on other websites. In a nutshell, the effect of these cookies is that, if you have looked at vehicles on our site, it is more likely that adverts for PistonHeads or CarGurus will appear when you are browsing on other websites.

We use targeting and advertising cookies to provide adverts on our sites that we believe are more relevant to you. The third party adverts which appear on our own sites are chosen according to the content of the pages you view on our sites and information about your browsing habits already known to our third party advertising partners; for example, if you are looking at a page showing vehicles made by a particular manufacturer, it is likely that the adverts appearing on that page will be for that manufacturer. We do not share information about you with the third parties who advertise on our site.

We keep the information we gather from analytics cookies for up to 10 years. How long gathered advertising data is retained by our advertising partners is determined by them. We can provide further information on request.

For our login and session cookies, we do this on the basis that it is necessary to provide the features of our websites that require it.

For our analytics cookies, we do this on the basis of our legitimate interest in understanding how people use and interact with our websites.

For our advertising cookies, we do this on the basis of our legitimate interests; the quality content and information we provide to you depends on the revenue we generate from advertising. However, you always have a choice with respect to your advertising preferences, and you can review and opt out of certain cookies in your advertising preferences .

Accounts

Certain features of our websites, such as the forums, require you to create an account with us. When you do so, we will use the information you provide when you create the account in order to administer it, and to give you access to those features.

When you have an account with us, you will also have the option to subscribe to a range of email alerts relating to your interactions with us, such as new inventory matching search criteria you specify, and new posts in discussion threads that you have followed or replied to. You can stop emails at any time using the unsubscribe link or following the instructions in the emails.

We will keep your account information for as long as your account is active, and for up to 10 years afterwards.

We do this on the basis that it is necessary to provide those features of our websites.

Using message boards and forums

Any information you choose to voluntarily post to message boards and other interactive forums is by its very nature being made publicly available to other users who have access to that portion of the website or service. We would encourage you not to share your personal data, and we are not responsible for any information you choose to provide or communicate in such forums. Any disclosures you make are at your own risk.

We also share personal data with third parties who need it in order to provide services to us, including using external providers to assist in administering and overseeing our forums.

The personal data of private sellers or of people working at dealerships

We can come into possession of the personal data of private sellers or of people working at dealerships in a few ways.

For all of our customers, private sellers, and dealerships whose inventory we host, we will have the contact details of the people we work with to manage that relationship. We will also have contact details of anyone who has attended or enrolled in one of our events or webinars intended for car sellers or created an account to interact with our tools or services.

In addition, some dealerships provide automated feeds of their inventory via various third party inventory syndicators that we subscribe to. As well as details about the available vehicles, those feeds will typically contain basic contact details for the dealerships, which can in some circumstances include names and work email addresses of individuals at the dealerships whom the dealerships have nominated as sales contacts for the listed vehicles.

We use the provided contact details to connect sellers with consumers making enquiries about the vehicles they have listed. We also use them to promote our events and webinars and our products to car sellers, via mail, email and phone, and to manage our relationships with them.

We will always remove you from our marketing lists if you ask us to. Typically, the best way to do that is to use the link at the bottom of our emails (for marketing emails).

We keep the details of our private sellers and contacts at dealerships for as long as their inventory is on our site, and for up to 8 years afterwards.

We do this on the basis of our legitimate interest in connecting consumers looking to buy cars with individuals and dealerships that have cars for sale, in providing our services to dealerships and private sellers, in promoting our events and product offerings, and in managing our business.

Other providers of products and services

Users of our site may find links to other businesses who provide products and services related to our industry (e.g. insurance, servicing, warranties). We also have links on our website to a shop, operated by Push Merchandising Limited, where you can buy PistonHeads-branded products.

When you click on those links, you are taken to the other provider's website, where you can decide whether to provide your personal data in relation to those other products and services. We will also provide information to these businesses to let them know that you navigated to their site from ours. You can learn more about the privacy practices of these businesses by reviewing the policies and notices on their websites.

We do this on the basis of our legitimate interest in promoting our business and connecting consumers with businesses to which they show interest.

The personal data of people working at other organisations

When we work with other businesses and organisations, such as our advertising customers, we will have the business contact details of the relevant people who work there, and we will use them to manage our relationship with those businesses and (where relevant) to promote our services to them.

We will also receive the work contact details of people working at actual or potential customers if they attend or enrol in an event or webinar that we host. If they are not already customers, we will use those details to provide the event or webinar, and to promote our services to them.

We keep information about people working and customers or suppliers for as long as the relevant businesses are customers or suppliers (as applicable), and for up to 8 years afterwards, in case of issues or disputes. We also keep the information about people working at a prospective customer for as long as that business is a realistic prospect, and for up to 8 years afterwards, again in case of issues or disputes.

Other uses of personal data at PistonHeads

Fraud prevention

We process personal data ourselves, and share certain personal data with our third party fraud prevention partners, in order to detect and reduce fraud. We do that on the basis of our legitimate interest in preventing fraud and increasing the reliability of our websites. We will share information on suspected fraud and illegal activities with the relevant authorities when we consider it appropriate.

Third party service providers

We also share personal data with third parties who need it in order to provide services to us in support of the purposes described above. For example, we use external providers to host our websites and databases, and to operate our email alerts and marketing communications. We also use an external data warehouse provider to store and manage for us the data gathered by our advertising cookies.

International transfers of personal data

In addition to our operations in the United Kingdom, we also have operations based in the USA, and so we do transfer your personal data to the USA for processing when the relevant business function resides there. In order to safeguard your rights and freedoms, we have put in place contracts with our European subsidiaries in the form approved by the European Commission for these kinds of transfers. We can provide you with a copy of those contracts on request.

We have also taken steps to ensure that suppliers to us who handle personal data, especially suppliers of online services like hosting, are bound to us by contracts which comply with European data privacy standards, and we fully intend to enforce those contracts if necessary to safeguard your rights.

Your rights and how to exercise them

European and/or UK privacy laws give you certain rights in respect of the information that we hold about you. Below is a short overview of those rights.

  • With some exceptions, you have the right to have a copy of the personal data that we hold about you. We may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs. For data that you have given to us, you have the right to receive your copy of it in a common electronic format, and to provide copies of it to other people if you wish.
  • You have the right to have the personal data we hold about you corrected if it is factually inaccurate.
  • In some circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). This right is not generally available when we still have a valid legal reason to keep the data.
  • You have the right to require us to stop using your personal data for marketing purposes.
  • You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, for example, if we are processing it on the basis of our legitimate interest, and you contest our assessment that our interest is not overridden by your fundamental rights and freedoms.
  • If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue.

If you want us to stop sending you marketing emails, the quickest and most efficient way is to use the provided links in our emails (although you can also contact us directly if you prefer). Otherwise, if you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email at privacy@cargurus.com or to write to us at the address above to the attention of the General Counsel. In order to protect your privacy, when you contact us, we may ask you to prove your identity before we take any steps in response to such a request.

In some cases, typically for people who work at dealerships who pay for our products, the actual controller of your personal data might be one of our local subsidiaries, but you can always contact CarGurus, Inc. for help or if you want to exercise your rights, regardless of which of our group companies is technically the controller.

When CarGurus, Inc. itself is the data controller, CarGurus Ireland Limited of Charlemont Exchange Charlemont Street Dublin, Ireland D02VN88 is our representative in Europe for data privacy purposes, and you can also contact them if you have questions or concerns.

You also have the right to lodge a complaint about our handling of your personal data with your local data protection authority, which in the UK is the Information Commissioner's Office (http://ico.org.uk).