Site Background

PRIVACY POLICY

If you're an employee of EG On The Move or it's subsidiaries, view the Employee Privacy Notice on the Employee Policy Library

ABOUT US

This website is hosted and operated by (or on behalf of) EG On The Move Limited. Throughout this Privacy Notice, when we use terms like "we", "us", "our" or "EGOTM", we're referring to EG On the Move Limited.

We are the organisation that is responsible for the personal data processing that this Privacy Notice describes. We are described in data protection legislation as being the "controller" of your personal data.

There are a number of companies in our group. The primary operating companies are: EG Retail Services Limited, EG Property Limited, EG On The Move 2 Limited, M.P.K Garages Limited and Made To Order Limited. We refer to these companies collectively as the EGOTM Group. The general processing safeguards in this Privacy Notice apply to all of the EGOTM Group companies.

Our company registration

EG On The Move Limited is a company incorporated in England and Wales. Our company registration number is 14960308 and our registered office is Waterside Head Office, Haslingden Road, Guide, Blackburn, Lancashire, United Kingdom, BB1 2FA.

Our data protection registration

We are registered as a controller with the Information Commissioner's Office (the "ICO"). The ICO is the UK regulator of data protection law. Our ICO registration number is ZB639948.

How to contact us

If you ever have a query about how we're handling your personal data, or you want to exercise a right in relation to your personal data (including if you wish to make a data subject access request or if you wish to make a data protection complaint to us), there are a number of ways you can contact our team.

You can write to us at: DPO, EG On The Move, Waterside Head Office, Haslingden Road, Guide, Blackburn, Lancashire, United Kingdom, BB1 2FA.

If you prefer to email, you can contact us at dpo@eg-otm.com. Requests to obtain CCTV footage may be made via this link: https://forms.eg-otm.com/cctv.

OUR COMMITMENT TO YOU

We are committed to respecting and upholding your privacy rights. In this Privacy Notice, we describe how we collect, use, and share your personal data. We also explain what rights you have in relation to your personal data.

Privacy and data protection are ever changing and enhancing the rights of individuals. As such, we review how we use your personal data, and we may update this Privacy Notice from time to time to reflect this, and to reflect any changes in the law. The Privacy Notice displayed on this page is always the most up to date version. We would encourage you to re-visit our Privacy Notice from time to time so that you are aware of any relevant updates we have made.

Personal data belonging to children

Our websites and our services are not specifically intended for children and we do not knowingly collect data relating to children. If you are under the age of 16, please obtain consent from your parent or guardian before you submit any personal data to us. If you are a parent or guardian of a minor and you have reason to believe your child or ward has provided us with their personal data without your prior consent, please contact us to request the erasure of their personal data or for the minor to be unsubscribed from our mailing lists.

What do we mean by "personal data" and "data subject"?

We recognise that the law defines "personal data" very broadly, namely as being "any information relating to an identified or identifiable natural person (the 'data subject')".

A data subject is any living individual "who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

HOW DO WE CATEGORISE PERSONAL DATA?

To help explain the different types of personal data which we use, we have grouped personal data into categories as below. Some data, such as technical data, location data, CCTV data and transaction data, may be collected and processed by us automatically in the course of our business. Other data, such as identity data, contact data and marketing data, will only be processed by us if specifically given to us by you.

Identity data

Data specifically related to your identity, including: your full name, marital status, title, date of birth, national insurance details and other recognised official identity documents.

CCTV data

We operate CCTV at our sites, which records footage, from which still or moving images of you or from which you can be identified. (Please see the section labelled "Our use of CCTV" further below.)

Contact data

The contact data of you and others, including, email addresses and telephone numbers, postal address details and social media handles.

Technical data

Technical data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Marketing data

We'd like to develop lasting relationships and to help with this we might wish to collect information about your marketing preferences. We shall only send timely and relevant information about services and products we care about and that we think are relevant to you. You always have the option to decline this, or to opt out at any point. In addition, we may track when you like us or share our content through Facebook, Twitter, Instagram or other social networking platforms.

Location data

We may access and collect your geolocation data in order to facilitate our services, such as enabling the functionality of our websites to provide you with information about sites or stores near you. We may also use data about the location of the device you are using to help us understand how our website and other services and functionality are being used and to deliver more relevant advertising.

Transaction data

We may collect data relating to the products you buy, billing address, method of payment, and payment details.

Communications data

We collect data from you when you engage with us. This might occur if you submit a review, comment or other content to our websites or on our social networking pages, and when you contact us or correspond with us.

Special category data

The law provides higher protection to specific types of personal data, known as "special category" data. This includes data relating to health, ethnicity and religion. We are required to comply with a number of additional conditions if processing any special category of data. For the purpose of employment and assessing the working capabilities of job applicants, we may receive and process health data. There may be other instances where other special categories of personal data are disclosed to us, but this is incidental and not part of an organised processing activity.

Criminal offence data

There may be instances where we process criminal record checks, but this is only done where necessary for job applicants, in accordance with applicable legal requirements. Access to this type of data is strictly limited to specific people in our teams, on a "need to know" basis.

You can, of course, always browse our websites without registering or submitting your personal information to us.

HOW WE COLLECT YOUR PERSONAL DATA

Personal data you voluntarily provide to us

We only collect personal data that is relevant to our relationship with you, for example:

  • when you subscribe to our mailing lists;
  • when you attend events or meetings organised by us, or conducted at our offices or sites, for example, sales events, promotional and marketing events, training sessions and social events;
  • when your images are captured by us via CCTV cameras while you are within or in the vicinity of properties which we operate and use, or when photographs or videos of you are taken when you attend events, meetings or training sessions organised by us;
  • when you use our services or enter into transactions with us, or express an interest in doing so, including services, products and transactions in person at one of our many locations or electronically;
  • when you communicate with us by telephone, email, via our website or through other communication channels, for example, through social media platforms;
  • when you submit an employment application to us or when you provide documents or information including your CV in connection with such applications;
  • when you make a purchase through our websites and/or mobile applications; and/or
  • when you submit your personal information to us for any other reason.

Personal data that has been provided by others

Depending on your relationship with us, we may also collect your personal data from third party sources, for example:-

  • from your referees, educational organisations or previous employers (if you have applied to us for a job);
  • from your family members, friends or colleagues who provide your personal information to us on your behalf; and/or
  • from public agencies or other public sources.

HOW AND WHY WE PROCESS YOUR PERSONAL DATA

Lawful basis

There are specific reasons set out in data protection law that ensure personal data processing is fair and lawful, each of which is known as a "lawful basis". We are legally required to ensure that we always have a lawful basis for processing personal data, and we have methodically assessed the purpose of our processing to ensure we have this. We have summarised these lawful bases as follows:

  • Legitimate Interest: where processing is necessary for the purpose of pursuing our, or a third party's, legitimate interest (as detailed in the table below), and that interest is not overridden by your own interests.
  • Recognised Legitimate Interest: where processing is necessary for a purpose recognised by law as being a legitimate business interest, specifically including the detection, investigation and prevention of crime, and prosecution of offenders.
  • Contractual Obligation: where our processing is necessary to perform a contract with you.
  • Legal Obligation: where our processing is necessary for us to comply with a legal obligation to which we are subject.
  • Consent: where you have consented to our processing. Your consent is only valid if it is freely given, specific, informed and unambiguous.

In addition to the above, in respect of our processing of any of your special category data, we must also be able to rely on one of the following conditions:

  • Employment & Social Security Condition: where our processing is necessary for the purposes of carrying out our legal obligations under employment and social security law.
  • Substantial Public Interest Condition: where our processing is necessary for reasons of substantial public interest.
  • Legal Rights Condition: where our processing is necessary to establish, exercise or defend our legal rights or claims.

We have set out in the table below the ways in which we process your personal data, our lawful basis for doing so, and how we try to ensure your data and rights are respected. Please let us know if you would like more information.

Processing typeData categoryOur lawful basisSpecific purpose, and the respect of your information rights
Marketing communicationsIdentity, Contact, Communications & Marketing dataConsent; Legitimate InterestWhen you've asked us to, or if you are an existing customer, we'll use your information to contact you with details of our products, events and services and to facilitate our relationship with you, your business or colleagues. You have the right to opt-out of email marketing at any time, and to object to marketing in any form. Our legitimate interest in relation to this processing is to promote our business products and services to you.
Customer relationship managementIdentity, Contact, Marketing & Transaction dataLegitimate InterestWe organise our customer records within customer relationship management (CRM) systems. We securely store, access, and analyse the information that we have in our CRM systems. The use of our CRM systems helps us ensure the smooth operation of our businesses, plan effectively and it helps us analyse our business. Our legitimate interest in relation to this processing is to manage our customer data and accounts efficiently and responsibly, and to enable us to optimise our products and services.
Customer serviceIdentity, Contact, Technical, Communications & Transaction dataContractual Obligation; Legitimate InterestWe keep and maintain records of any enquiry or complaint made by you (which may include customer service tickets). Our legitimate interest in relation to this processing is to manage our customer service processes efficiently and to improve our future services.
Training and other corporate eventsIdentity & Contact data (including Special Category data)Contractual Obligation; ConsentThe information you provide will be used to communicate with you about your attendance at the event and to follow-up on your experience post-event. The personal information we may process could include your name, job title and employer, address and phone number, email address, dietary and access requirements. We will ask for your consent to process any health data.
Promotional images and footageIdentity dataConsentWe may take photographs and / or video footage at our offices or an event we host, which could capture personal information of staff, customers, visitors and other third parties. We will always notify participants when a photographer or filmmaker is present at our offices or events. Written consent will always be obtained, and we will respect the wishes of anyone who signals their desire not to have their image taken and will always ask for consent where photos are to be published alongside a name or other personal identifier.
Disclosure to regulators and government bodies, and to our professional advisersIdentity, Contact Transaction data & CCTV data (including special category data)Legal Obligation; Legitimate Interest; Recognised Legitimate Interest

Substantial Public Interest Condition; Legal Rights Condition
We are subject to reporting, filing and (in some cases) audits and assessments to or by regulators, government entities (such as HMRC or Companies House) and industry standard bodies. In this context, we may be required to share information with disclose your personal data either to comply with the law or in the protection of our business interests. We may also share your data voluntarily with law enforcement and/or advisers in some circumstances; in these cases our legitimate interest for doing so is to assist in any criminal investigation, and to defend or enforce our legal rights.
Administrative and business purposesAll categoriesLegitimate Interest

Legal Rights Condition
We may disclose your personal information to other EGOTM Companies, our investors and third parties who provide services to us, including our service providers and data processors (providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing, human resources, professional services, tracing services and when we investigate suspected theft) and our consultants and professional advisors (such as accountants, compliance, lawyers, auditors). Our legitimate interest in relation to this processing is to ensure the efficiency and resiliency of our business operations.
RecruitmentIdentity and Contact data (including special category data)Legitimate Interest

Employment & Social Security Condition
If you apply for a job with us, we shall maintain a record of your application and associated information during the recruitment process and (if you are unsuccessful) for a short period of time thereafter. We also maintain a restricted list of unsuccessful job applicants. We may pass your personal information to other departments within EGOTM companies, for the purpose of offering alternative or additional employment opportunities. Our legitimate interest in relation to this processing is to ensure efficiency of recruitment processes in the normal course of our business.
Security & SafetyIdentity, Contact, Technical & CCTV data (including special category and/or criminal offence data)Legal Obligation; Legitimate Interest; Recognised Legitimate Interest

Substantial Public Interest Condition
We may process personal data for the specific purposes of security and safety. This is in connection with the buildings that we own and/or rent, or events organised by us or conducted at the buildings we own and/or use; and through the systems that we operate throughout the organisation. We use CCTV in and around our sites, and we also use cameras that will automatically recognise your vehicle registrations, known as ANPR. We use these technologies for your security and safety, and to prevent and detect crime. CCTV and ANPR images may be disclosed by us to police forces (or other UK law enforcement agencies) from time to time in connection with criminal investigations they are pursuing. (Please see section headed "Our Use of CCTV" for further details.) Our legitimate interest in relation to this processing is to protect our assets and staff, and to deter and detect criminal acts affecting our business.
Investor relationsIdentity, Contact, Technical & Communications dataLegitimate interestWe like to build lasting relationships with our investors, and in addition to any registering your contact details with any investor or incentives portal we may provide, we'll also use your information to invite you to press releases, presentations and other investor relations events. Our legitimate interest is to maintain appropriate investor relations in the normal course of our business.
Personalise contentContact, Technical &
Location data
ConsentTo make recommendations, promotions and offers to you about our products and services; to tailor the information that we send or display to you; to offer customisation, based on your location; and to otherwise personalise your experiences based on your purchase history and your interactions with our websites, and social networking pages.
TestimonialsIdentity dataConsentTo publish your user experience on our websites or social networking pages.

If you provide consent to processing

If you have given us your consent to process your personal data, you may withdraw your consent at any time. When seeking your consent, we shall provide clear and specific information to you about what you are consenting to, in a transparent and unambiguous way.

Use permitted under applicable laws

We may also collect, use, disclose and process your personal data, without your knowledge or consent, where we are required to so by law.

OUR USE OF CCTV

We have installed CCTV cameras throughout our sites and premises, including fuel filling stations, restaurants and stores. Our use and operation of these systems is necessary for the legitimate purposes of our business. Some CCTV operates using "Automatic Number Plate Recognition" (ANPR) systems. Specifically we operate CCTV for the following purposes:

  • to deter, prevent, detect, record and allow investigation and analysis of any type of incident, primarily including malicious or criminal acts. This description includes theft, vandalism and property damage to our goods, fuel, premises, vehicles and equipment. It also covers acts of violence or assaults against our staff, visitors or customers;
  • to support police forces, and other law enforcement agencies, in investigating crimes or suspected crimes and in prosecuting offenders. In this respect we routinely share CCTV footage with police forces in response to their requests, in connection with investigations or enquiries being pursued by them;
  • to assist in resolving disputes which arise in the course of disciplinary or grievance proceedings with members of staff. This may include action taken by us against a member of staff for actions which, whilst not being criminal in nature, amount to misconduct or gross misconduct. Staff images will only be accessed if an event occurs that we cannot be expected to ignore, such as criminal activity, fraud, gross misconduct, or behaviour that puts others at risk;
  • to assist in the defence of any civil litigation, including employment tribunal proceedings.

In operating CCTV, we recognise the need to balance an individual's right to privacy with the need to ensure the safety and security of our employees, customers, visitors and corporate assets. We will not employ CCTV equipment in private areas, such as restrooms, toilets or changing rooms, or otherwise deploy covert CCTV technology. Where CCTV is deployed externally, we will only capture images of public streets and buildings, where permitted. Our CCTV does not record any audio.

Our CCTV footage is subject to a maximum 30 day retention period. This means that the footage on each day is automatically overwritten on or before 30 days after the date of first being recorded, unless it has been specifically downloaded and set aside by us.

Only authorised personnel have permission to operate the CCTV systems and view the images, including security teams and appropriate management, internal and external legal advisors, and police, law and regulatory enforcement authorities.

SHARING OF YOUR PERSONAL DATA

Sharing with our service providers

In the normal course of our business, we may share your personal data with other businesses who provide services to us, and who process that data for us and on our behalf. When disclosing personal information to third parties, we have contracts with these third parties to protect your personal information, which ensures we are compliant with the law and so that they only process your personal information in accordance with our instructions. This includes sharing with vendors and service providers, who are engaged to provide business, support, operational and/ or administrative functions such as IT support, auditing, legal, marketing, website maintenance, payment, fulfilment and delivery of orders. It might also include sharing of data with credit reference agencies, debt collection and tracing agencies.

Sharing with other businesses

We may also share your personal data with other businesses, who use that data for their own purposes (and as independent 'data controllers'). Examples of this are as follows:-

  • if our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business;
  • data may be shared to other EGOTM companies, where necessary or desirable for centralised management purposes, including operations, marketing, IT, HR or finance functions, and this may include sharing with international entities or colleagues;
  • data may be shared with regulatory authorities, statutory bodies or public agencies, including to support their investigations or enquiries;
  • data including CCTV footage may be shared with government or law enforcement authorities, in connection with their discharge of their public duties (such as the prevention and detection of crime).
  • we may also share data with businesses with whom we work (such as fuel loyalty card providers), who need to have that data in order to provide services to you whilst engaging with us or whilst visiting our sites or stores.

International transfer of your personal data

In the provision of our websites and services to you, we may from time to time need to transfer data to other entities which are based outside of the UK. The UK General Data Protection Regulation has strict rules about data transfers to international organisations and so, where this occurs, we shall ensure we have put in place all safeguards required by the law. This may include specific rules around how and where data is transferred, and entering into contracts with them which have been approved by the UK or EU authorities as providing an appropriate level of protection for your data.

If you would like any more information, please contact our Data Protection Officer, the details of whom can be found at the end of this Privacy Notice.

Third-party links

Our websites may contain links to third-party websites. Any access to and use of these linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites. Please read their respective privacy policies for information about how these third parties handle the processing of personal information and other information.

AUTOMATED DECISION MAKING

When we refer to "Automated Decision Making", we mean a decision which is made about you by a computer system, without any meaningful human involvement, and which has a legal or similarly significant effect on you.

We will not undertake any Automated Decision Making about you which is based on any of your Special Category Data (as defined earlier in this Notice), unless either (a) we have your explicit consent to do so, or (b) it is necessary to do so in order to enter into or perform a contract with you (or else is required or authorised by law), and it is in addition necessary for us to do so for reasons of substantial public interest.

If we undertake any other Automated Decision Making about you, which is based on your personal data, we shall provide you with information about the automated decisions taken, and we shall enable you to make representations to us, and obtain human intervention, about those decisions, and to contest those decisions.

THE SECURITY OF YOUR PERSONAL DATA

Unauthorised access

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Specific access

We limit access to your personal data to those employees, agents, contractors and other third parties who have been authorised to access it.

Vulnerabilities

We have put in place procedures to deal with any suspected personal data breach. We will notify you and the appropriate supervisory authority of a breach where we are legally required to do so.

We cannot guarantee that our systems or applications are invulnerable to security breaches, or that your use of our systems or applications is safe and protected from viruses or other vulnerabilities.

Also we cannot guarantee the security of information that you choose to send us electronically. Sending data to us electronically is entirely at your own risk.

HOW LONG WE KEEP YOUR PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available on request from our DPO's office at dpo@eg-otm.com.

YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

At any point while we are processing your personal data, you may exercise certain rights against us, known as 'data subject rights'. These rights differ depending on your location, but we have set out below a short explanation of your rights which apply if you live in the UK.

Right of access

You have the right to request a copy of the information that we hold about you. Access to a copy of your personal information is often known as a Subject Access Request, and is usually free of charge. We have a one-month time period with which to respond; however, if your request is complex then we may extend that limit by up to two further months. We may also ask for a reasonable administration fee if your request is manifestly unfounded or excessive in nature, or if further copies of data are requested.

Right of rectification

You have a right to review and correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten

In certain circumstances you can ask for the data we hold about you to be erased from our records. As detailed within data protection law, a request to be forgotten is not an absolute right and will be assessed on its merits.

Right to restriction of processing

Where certain conditions apply, you have a right to restrict our processing. In particular, if we do not need to process your data in order to meet a contractual or other legal requirement, or if we are using your data only for direct marketing, then you may be entitled to restrict our further usage of it.

Right of portability

You have the right to have the data that you have provided to us, for the fulfilment of a contract or where you have provided your consent, transferred in a structured and machine-readable format to another organisation.

Right to object

You have the right to object to certain types of processing. In particular you have a right to object to our processing of your personal data for direct marketing purposes (including profiling in relation to that direct marketing). You will be able to object to or opt out of any marketing message we send you.

Right to complain to us

You have the right to complain to us directly in connection with any aspect of our processing of your personal data. To do so, please contact us at dpo@eg-otm.com or alternatively you can complete an online complaint form available at https://forms.eg-otm.com/data_protection_complaints. We shall acknowledge receipt of your complaint within 30 days, and we shall take appropriate action in response to your complaint (including informing you of the outcome) without undue delay.

Right to complain to the ICO

You also have the right to complain directly to the UK regulator, the Information Commissioner's Office (the "ICO"). Details of how to contact them may be found at https://ico.org.uk/make-a-complaint/.

HOW TO CONTACT US

If you have any queries about this Privacy Notice, or would like us to contact us for any reason in connection with your privacy rights or your personal data, please get in touch with our Privacy & Data Protection team, by emailing us at dpo@eg-otm.com. Alternatively, you may write to us at DPO, EG On The Move Ltd, Waterside Head Office, Haslingden Road, Guide, Blackburn, Lancashire, United Kingdom, BB1 2FA.

This Privacy Notice is effective from 19 June 2026.