FRF (South Wales) Ltd.

Data Privacy Policy

This is the privacy policy for FRF (South Wales) Ltd. and its subsidiaries, hereby referred to in this document as FRF Group. FRF Group takes your privacy seriously and are fully committed to handling the information we collect from you in a secure and responsible manner and adheres to the guidelines published in the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679.

Any questions relating to this privacy policy should be sent to:

Please read this privacy policy, which explains how we use your personal information, in particular:

  • What information is collected from you through our website
  • How the information is used & stored
  • Your rights under the GDPR


What information is collected

Our website

When you send us an enquiry using our website form, you will be asked for the following details:

  • Name
  • E-mail address

We keep these details safe and do not sell or rent your details to third parties. The information you provide us is used strictly by us to respond to your enquiry and provide better customer service.


We use CCTV to monitor our premises. In this event your image and vehicle registration can potentially be stored for a period of up to 2.5 months.

Our services

At FRF Group we require your personal information in order to complete the services that we provide. The personal information that we may collect includes:

  • E-mail address
  • Contact telephone number(s)
  • Vehicle details (vehicle registration, make, model etc)
  • Details of your insurance company


How the information is used & stored

Examples of how your information may be used by us includes the following:

  • Provide you with a quotation for work to be performed
  • In order to liaise with your insurance company
  • To follow correct invoicing procedures
  • So we are able to contact you when necessary on issues relating to our products or services


Our legal basis for processing your data

Legitimate interest – the processing is necessary for your legitimate interests of a third party. In this instance, this would be your insurance company.

Consent – you have given clear consent for your personal data to be processed for a specific purpose.


Data Retention

Our data retention periods are reviewed on a regular basis and we will only hold your personal information as long as it is deemed relevant for the required activity, as required for legal reasons or as stated in any relevant contract that we have in place with you. Your data will be held for no longer than 7 years.

Data Security

Your data will not be shared by us with any third party organisations.

You should be aware that the transmission of information via the Internet is not completely secure. Although we will use our best endeavours to protect your personal data, we cannot guarantee the security of your data in transit.

After receiving your information, FRF Group will use clear procedures and security features to try to prevent unauthorised access.

We will never ask you to send us your bank details, usernames, passwords or ask you for personal banking information. If you suspect you have become a victim of fraud please report this incident to the police. We would also recommend contacting the Information Commissioners Office (ICO) via the website

Data Storage

FRF Group store your data on secured servers inside the EU. Most of our partner networks are mainly based within the EU but some are not.

We have a clear data policy in place regarding the submission of your personal information. This will cover consent to transfer, storing and processing your personal information and data. In the event of an incident, FRF Group will take steps to ensure that the required security measures are followed to protect data as per our Security Policy.


Your rights under the GDPR

You have the following rights under the GDPR:

Right to access – the right to request copies of the information we hold on you at any time

Right to correct – the right to have your data rectified if it is inaccurate or incomplete

Right to erase – the right to request that we delete your data from our systems

Right to restrict usage – the right to stop us from using your data or limit the way in which we can use it

Right to data portability – the right to request that we move, copy or transfer your data

Right to object – the right to object to our use of your data

In order to exercise the above rights, please contact FRF Group by sending an email to or a written request to:

The Data Manager

FRF Toyota

Neath Road

Morriston, Swansea



If there are any concerns that we are not using your information in accordance with their processes and with legal precedence or you are not satisfied with our response to your data request, you can refer to the Information Commissioners Office (ICO)