Privacy and Cookies

Privacy and Cookies Notice

1. Introduction

This Privacy and Cookies Notice explains how Rivervale Cars Limited and Rivervale Minibus Limited collect, use, store and protect personal data. It also explains your rights under UK data protection law and how you can exercise them.

We are committed to processing personal data fairly, lawfully and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Rivervale Cars Limited
Registered in England and Wales (Company No. 04898201)

Rivervale Minibus Limited
Registered in England and Wales (Company No. 03723474)

VAT number: 429 276 374

We trade under a number of business names including (but not limited to): Rivervale, Rivervale Leasing, Rivervale Vehicle Contracts, Rivervale Contract Hire and Leasing, Rivervale Cars Prestige, Business Car Contracts, Rivervale Fleet Management, Rivervale Minibus, Rivervale Finance, Rivervale Approved Used, Rivervale Maxus, Castle Vehicle Leasing, Castle Minibus, OSV, 1st Choice Vehicle Finance, Concept Vehicle Leasing and Concept Fleet Solutions.

3. Data Protection Officer

If you have any questions about this notice or how we handle your personal data, you can contact our Data Protection Officer:

By post:
Data Protection Officer
Rivervale Cars Ltd
Rivervale House
50 Victoria Road
Brighton and Hove
East Sussex
BN41 1XB

By email: dataprotection@rivervale.co.uk

4. Personal Data We Collect

Depending on your interaction with us, we may collect and process the following categories of personal data:

• Name
• Contact details (email address, telephone number, postal address)
• Job title and business details
• Bank and payment details
• Credit or hire application information
• Call recordings, emails and other communications
• Website usage data, including cookies and similar technologies

5. How We Use Your Personal Data

We use personal data for the following purposes:

• To provide quotations, products and services
• To administer leasing, finance, purchase or service agreements
• To manage customer accounts and records
• To communicate with you, including responding to enquiries
• For training, quality assurance, compliance and dispute resolution
• To prevent fraud and comply with legal and regulatory obligations
• To send marketing communications where permitted by law

Where processing is based on contract, the provision of personal data is necessary in order for us to enter into and perform our agreement with you.

6. Legal Basis for Processing

We process personal data only where we have a lawful basis to do so, including:

• Performance of a contract
• Compliance with a legal obligation
• Legitimate interests (where these are not overridden by your rights)
• Your consent, where required

7. Telephone and Email Monitoring

We record and monitor telephone calls, emails and other electronic communications for training, compliance, quality assurance and customer service purposes.

8. Sharing Your Personal Data

We may share your personal data with:

• Companies within the Rivervale group for internal administrative purposes.
• Finance, leasing, maintenance and insurance providers, including vehicle insurance, GAP insurance, warranty and maintenance providers, battery cover providers, and alloy wheel, tyre and cosmetic insurance providers.
• Vehicle dealers, manufacturers and delivery agencies, including dealerships, to progress your order and arrange delivery and/or collection.
• Credit reference and fraud prevention agencies, for example to assess your credit application and help prevent fraud.
• Service providers acting on our behalf (such as IT, payment and communications providers).
• Professional advisers and regulators, where required.
• Other relevant third-party partners connected to your contract, such as electric vehicle charging partners and charger installation providers, MOT and servicing providers, safety inspection providers, and vehicle or fleet management providers.

We may share your details with these parties where needed to assess your application, set up and manage your agreement, and progress and support your order. This includes contacting you about the details and status of your vehicle, charger, delivery, collection, servicing, maintenance, insurance, or fleet management.

We only share personal data where necessary and ensure appropriate safeguards are in place. You have the right to withdraw your permission to share your data with any third party.

9. International Data Transfers

9.1 We may transfer your personal data to service providers who carry out certain functions on our behalf. This may involve transferring personal data outside the United Kingdom to countries which have laws that do not provide the same level of data protection as the UK law.

9.2 Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

9.2.1 We may use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement.

9.3 Further details of the safeguards we use, including copies of relevant contractual terms, are available on request by contacting us using the details set out in this notice.

10. Marketing Communications

You may receive marketing communications from us where:

• you are a current or former customer;
• you have requested information or a quotation; or
• you have opted in to receive marketing communications.

You can opt out of marketing at any time by using the unsubscribe link in our communications or by contacting marketing@rivervale.co.uk.

11. Cookies and Website Tracking

Our websites use cookies and similar technologies to ensure they function correctly, to analyse usage and to support marketing activities.

Cookies may be categorised as:

• Essential cookies – required for the operation and security of our websites
• Analytical cookies – help us understand how visitors use our websites
• Functional cookies – remember preferences and settings
• Targeting/advertising cookies – used to deliver relevant advertising

You can manage or disable cookies through your browser settings. Further detailed cookie information is available within our cookie management tool.

12. Credit and Hire Applications

Where you apply for credit or hire, we and/or the relevant finance provider may carry out searches with credit reference and fraud prevention agencies. Information about agreements, payments and defaults may be shared with those agencies in accordance with applicable law.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure. All staff are trained on data protection and confidentiality obligations.

While we take reasonable steps to protect personal data transmitted via our websites, no internet transmission is completely secure and you use our websites at your own risk.

14. Your Rights

You have rights under UK data protection law, including the right to:

• access your personal data
• request correction of inaccurate data
• request erasure or restriction of processing
• object to processing in certain circumstances
• request data portability

To exercise your rights, please contact our Data Protection Officer.

15. Complaints

If you have concerns about how we use your personal data, please contact us first so we can address them. You also have the right to complain to the Information Commissioner’s Office (ICO):

www.ico.org.uk

16. Changes to This Notice

We may update this Privacy and Cookies Notice from time to time to reflect changes in law, regulation or our practices. The latest version will always be published on our website.

17. Information about our use of Cookies

Our website deploys small text files known as cookies onto your device when you browse our site. These cookies are crucial for enabling the site to function effectively and efficiently, in addition to providing us with valuable insights about site usage.

We employ cookies for the following reasons:

• Essential/Necessary Cookies: These cookies are indispensable for our website's operations. They play a key role in ensuring our website's security and the privacy of visitors.
• Analytical/Performance Cookies: These cookies help us identify and tally the number of site visitors while tracking how they navigate our site during their visit. The insights gained allow us to enhance site functionality and examine your interaction with our website following our communications.
• Functional Cookies: Upon your return to our site, these cookies aid in your recognition. They facilitate the customisation of our content to suit your preferences (such as content tailored to your region) and remember your specified preferences (like language or regional settings).
• Targeting/Advertising Cookies: Aimed at providing you with advertisements that align more closely with your interests, these cookies are installed by entities like Google, Facebook, LinkedIn, and Microsoft under our authorisation. They track your visit to our website and share this information with these platforms to deliver personalised advertising content.

For detailed information about each cookie we use and their specific purposes, please see the section below.

=== ESSENTIAL / NECESSARY ===

__cf_bm
atcdn.co.uk
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
HTTP Cookie | 1 day

XSRF-TOKEN
cdn.imagin.studio
Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
HTTP Cookie | 1 day

__cf_bm
feefo.com
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
HTTP Cookie | 1 day

m
m.stripe.com
Determines the device used to access the website. This allows the website to be formatted accordingly.
HTTP Cookie | 400 days

_ab
m.stripe.network
This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.
HTML Local Storage | Session

_mf
m.stripe.network
This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.
HTML Local Storage | Session

id
m.stripe.network

HTML Local Storage | Session

JSESSIONID
ots.webtrends-optimize.com
Preserves users states across page requests.
HTTP Cookie | Session

__stripe_mid
www.rivervale.co.uk
This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.
HTTP Cookie | 1 year

__stripe_sid
www.rivervale.co.uk
This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information.
HTTP Cookie | 1 day

CookieConsent
www.rivervale.co.uk
Stores the user's cookie consent state for the current domain
HTTP Cookie | 1 year

XSRF-TOKEN
www.rivervale.co.uk
Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
HTTP Cookie | 1 day

ucData
web.cmp.usercentrics.eu
Stores the user's cookie consent state for the current domain
HTML Local Storage | Persistent

ucString
web.cmp.usercentrics.eu
Necessary for the correct implementation of the websites Consent Management Platform (CMP)
HTML Local Storage | Persistent

=== ANALYTICAL / PERFORMANCE ===

uct
uct.service.usercentrics.eu
Part of third-party consent management platform (CMP) – The cookies gather data on the user’s interaction with the website’s consent tool, in order to present the best version of the consent-tool.
Pixel Tracker | Session

=== FUNCTIONAL ===

1
m.stripe.network
This cookie is used in conjunction with the payment window - The cookie is necessary for making secure transactions on the website.
HTML Local Storage | Session

=== TARGETING / ADVERTISING ===

NID
google.com

HTTP Cookie | 6 months

feefoUserId
register.feefo.com
Used in context with SEO and conversion optimisation. Gathers any user reports or behavioral data into reports for the website operator. This service is provided by a third-party analysis-service.
HTML Local Storage | Persistent

_wt.mode-#
www.rivervale.co.uk

HTTP Cookie | Session

_wt.user-#
www.rivervale.co.uk

HTTP Cookie | 3 months

#-#
youtube.com
Used to track user’s interaction with embedded content.
HTML Local Storage | Session

__Secure-ROLLOUT_TOKEN
youtube.com

HTTP Cookie | 180 days

iU5q-!O9@$
youtube.com
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
HTML Local Storage | Session

LAST_RESULT_ENTRY_KEY
youtube.com
Used to track user’s interaction with embedded content.
HTTP Cookie | Session

LogsDatabaseV2:V#||LogsRequestsStore
youtube.com
Used to track user’s interaction with embedded content.
IndexedDB | Persistent

remote_sid
youtube.com
Necessary for the implementation and functionality of YouTube video-content on the website.
HTTP Cookie | Session

ServiceWorkerLogsDatabase#SWHealthLog
youtube.com
Necessary for the implementation and functionality of YouTube video-content on the website.
IndexedDB | Persistent

TESTCOOKIESENABLED
youtube.com
Used to track user’s interaction with embedded content.
HTTP Cookie | 1 day

VISITOR_INFO1_LIVE
youtube.com

HTTP Cookie | 180 days

YSC
youtube.com

HTTP Cookie | Session

ytidb::LAST_RESULT_ENTRY_KEY
youtube.com
Used to track user’s interaction with embedded content.
HTML Local Storage | Persistent

YtIdbMeta#databases
youtube.com
Used to track user’s interaction with embedded content.
IndexedDB | Persistent

yt-remote-cast-available
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Session

yt-remote-cast-installed
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Session

yt-remote-connected-devices
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Persistent

yt-remote-device-id
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Persistent

yt-remote-fast-check-period
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Session

yt-remote-session-app
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Session

yt-remote-session-name
youtube.com
Stores the user's video player preferences using embedded YouTube video
HTML Local Storage | Session

=== UNCLASSIFIED ===

rivervale_session
cdn.imagin.studio

HTTP Cookie | 1 day

algoliasearch-client-js-#.#.#-01234VWXYZ
www.rivervale.co.uk

HTML Local Storage | Persistent

comm100_session_85000375
www.rivervale.co.uk

HTTP Cookie | Session

comm100standby_session_85000375
www.rivervale.co.uk

HTTP Cookie | Session

listingViewOption
www.rivervale.co.uk

HTML Local Storage | Persistent

rivervale_session
www.rivervale.co.uk

HTTP Cookie | 1 day

uit
www.rivervale.co.uk

HTTP Cookie | 400 days

chatServerUrls
vue.comm100.com

HTML Local Storage | Persistent

Our organisation utilises Force24’s marketing automation platform. Force24 cookies are first party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:

• F24_autoID
• F24_personID

They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.

f24_autoId – This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 1 year, persistent.

f24_personId – This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 1 year, persistent.

The information stored by Force24 cookies remains anonymous until:

• Our website is visited via clicking from an email or SMS message, sent via the Force24 platform and cookies are accepted on the website.
• A user of the website completes a form containing email address from either our website or our Force24 landing pages.

The Force24 cookies will remain on a device for 1 year unless they are deleted.

Other Tracking 

We also use similar technologies including tracking pixels and link tracking to monitor your viewing activities

Device & browser type and open statistics 

All emails have a tracking pixel ( a tiny invisible image ) with a query string in the URL. Within the URL we have user details to identify who opened an email for statistical purposes. 

Link Tracking 

All links within emails and SMS messages sent from the Force24 platform contain a unique tracking reference, this reference help us identify who clicked an email for statistical purposes. 

Changes to this Policy

Further developments and government regulations mean this policy will change from time to time.

Last updated: February 2026