Privacy policy
This policy explains how we collect, use and protect personal data when you visit our website, contact us, or take part in a test drive programme.
Welcome
We take your privacy seriously. We want to be clear about how and why we use personal data. We only use personal data for the purposes described in this policy and in line with your data protection rights.
Who we are
This Privacy policy describes how FAGAN CONSULTING LIMITED (trading as Fagan & Company) uses personal data. For data protection purposes, we are the data controller for the personal data described in this policy, unless we explain otherwise.
We are registered in England and Wales with company number 16917087. Our registered office is 3rd Floor, 66 Paul Street, London, EC2A 4NE, United Kingdom.
ICO registration number: ZC068544.
How this policy applies
This policy covers personal data we process when you:
- visit our website;
- contact us or ask for information;
- engage our services, including as a representative of an employer or partner;
- request or take part in an OEM test drive programme arranged via our website.
Personal data we collect
The personal data we collect depends on how you interact with us. This may include:
- Identity and contact details, such as name, job title, employer, email address, telephone number, and business address.
- Enquiry and communication information, such as messages you send us, meeting notes, and related correspondence.
- Programme request information (for example, test drive model preference, preferred dates or locations, and any information you include in an optional notes field).
- Website usage information, such as pages viewed, device information, and approximate location derived from IP address, collected via cookies or similar technologies where applicable (see Cookie policy).
- Compliance and security information, such as logs needed to protect our website, prevent misuse, and maintain security.
Test drive programmes: how the data flow works
When you request a test drive using our website, your request is typically fulfilled by a third-party programme operator, and may also involve an OEM retailer (dealership) for collection and return. We keep the request process simple on our site, but we want you to understand what happens next.
In most cases, the process works like this:
- You submit your details and a test drive request on our website.
- We share the information needed to progress your request with the relevant programme operator (and where applicable a retailer), so they can contact you, confirm availability, and arrange insurance and booking logistics.
- The programme operator (and or retailer) may ask you for additional information directly, such as driving licence details or other information needed for insurance eligibility and vehicle handover. This information is handled under their own privacy information and programme terms.
We aim to share only the minimum information needed to arrange your test drive. We do not sell your personal data.
How we use personal data and our legal bases
UK GDPR requires us to have a lawful basis for using personal data. Depending on the context, we may rely on one or more of the following:
- Contract: where we need to take steps at your request or provide services.
- Legitimate interests: to operate our business, respond to enquiries, maintain relationships with employers and partners, and keep our website secure. We balance these interests against your rights.
- Consent: where required, for example for certain cookies or similar technologies.
- Legal obligation: where we must comply with applicable law.
We typically use personal data for the purposes below:
- Responding to enquiries and communicating with you.
Legal basis: legitimate interests, and or contract where you request a service. - Arranging a test drive request and passing your request to the relevant programme operator (and where relevant, a retailer).
Legal basis: legitimate interests, and steps at your request. - Providing and improving our services, including scheme governance and advisory work for employers and partners.
Legal basis: contract and legitimate interests. - Website operation and security, including preventing misuse and protecting our systems.
Legal basis: legitimate interests and legal obligation where applicable. - Compliance, including accounting and record-keeping.
Legal basis: legal obligation and legitimate interests.
Sharing personal data
We may share personal data with trusted third parties where it is necessary to provide the website and services, or to progress a request you have made.
Depending on your interaction with us, recipients may include:
- Test drive programme operators and, where relevant, OEM retailers (dealerships), to arrange booking, logistics, and insurance eligibility checks.
- Technology suppliers used to run our website and manage enquiries, for example web hosting, form handling, customer relationship management, email, and analytics tools.
- Professional advisers, such as accountants, insurers, and legal advisers, where needed.
- Regulators and law enforcement, where required by law or to protect rights and safety.
We require suppliers to handle personal data securely and only for the services they provide to us.
How we obtain your personal data
We obtain personal data directly from you when you contact us, submit a form, or request a test drive. In some situations, we may also receive personal data from an employer, a partner, or a programme operator when coordinating a request or service.
International transfers
Some of our suppliers may process personal data outside the UK. Where this happens, we use appropriate safeguards such as UK-approved transfer mechanisms and contractual protections.
How long we keep personal data
We keep personal data only for as long as needed for the purposes described in this policy, including legal, accounting, and compliance obligations. Retention periods vary depending on context; typical examples include:
- Enquiries and test drive requests: typically up to 12 months, unless we need to keep records longer for audit, dispute handling, or compliance.
- Client and partner records (including contracts and project files): typically up to 7 years.
- Website logs and security records: retained for a limited period appropriate to security needs.
- Cookies and analytics: as described in our Cookie policy.
Your rights
You have rights under UK GDPR, including the right to:
- request access to your personal data;
- request correction of inaccurate personal data;
- request deletion of personal data in certain circumstances;
- object to processing or ask us to restrict processing in certain circumstances;
- request portability of personal data in certain circumstances;
- withdraw consent at any time where consent is the basis.
To exercise your rights, please contact us. We may need to verify your identity before responding.
Cookies
We use cookies and similar technologies on this website. Please see our Cookie policy for details.
Security
We use appropriate technical and organisational measures to protect personal data, including secure hosting, access controls, and reputable suppliers. No method of transmission over the internet is completely secure, and you submit information at your own risk.
Links to other websites
This website may link to third-party websites. We are not responsible for their content or privacy practices. Please review their policies separately.
Complaints
If you have concerns, please contact us first so we can try to resolve the issue. You can also complain to the Information Commissioner’s Office (ICO).
Information Commissioner’s Office (ICO)
Changes to this policy
We may update this policy from time to time. The latest version will always be published on this page.
Last updated: 10 February 2026.
