Xcite Car Leasing is a trading name of Wessex Fleet Solutions Limited
1. Introduction
This Privacy Policy sets out how Wessex Fleet Solutions Ltd ("Wessex", "we", "us", "our") collects, uses, stores, and protects personal data. We are deeply committed to maintaining the confidentiality and security of our clients' and users' personal information.
This policy applies universally to all operations within Wessex Fleet Solutions, including Directors, Partners, permanent, temporary, agency, or contract staff, and any third parties or subsidiaries associated with us, regardless of their location.
Any personal data provided to or collected by us will only be processed in accordance with this Privacy Policy, the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018. This document should be read in conjunction with our internal Data Retention Policy and IT Security Policy.
2. What Personal Data We Collect and Process
To provide vehicle leasing brokerage services, process finance applications, supply quotations, and administer service agreements, we must collect and process specific personal data. This includes, but is not limited to:
- Identity Data: Full name, job title, and date of birth.
- Contact Data: Personal or professional email addresses, physical addresses, address history, and telephone numbers.
- Financial & Employment Data: Employment history, income and expenditure details, and bank account information.
- Verification Data: Any additional documentation requested by credit underwriters to support a credit or finance application.
Lawful Basis for Processing: The collection and processing of this data is primarily a contractual requirement or necessary to take steps at your request prior to entering into a contract. Where required by law, we will obtain your explicit consent.
3. Telephone, Email, and AI Quality Monitoring
We record and monitor telephone calls and email communications to ensure the highest standards of customer service, compliance, and staff training.
Use of Artificial Intelligence (AI)
To maintain regulatory compliance (including FCA expectations) and continuous quality assurance, we utilise a secure, AI-powered, quality monitoring platform.
- Purpose: The AI system reviews and analyses call recordings and text-based transcripts to detect compliance risks, ensure best practices, and evaluate team performance.
- Data Security & Isolation: Your call recordings and transcripts are processed within a highly secure, multi-tenant cloud environment hosted in Microsoft Azure UK data centres. Your data benefits from strict logical segregation, meaning it is completely isolated from other users.
- No AI Model Training: We strictly protect your privacy. Neither Wessex nor our AI provider uses your voice recordings, transcripts, or personal data to train, tune, or improve Large Language Models (LLMs) or AI algorithms. Your data is used solely to evaluate your specific interaction.
- Encryption & Sovereignty: All data transmitted to and from the AI platform is encrypted using TLS 1.2+ in transit and AES-256 at rest. All AI processing and data storage remain strictly within regional UK/EEA boundaries.
4. Cookies and Online Tracking
A cookie is a small text file placed on your device when you visit our website. Cookies help us track website traffic flows and recognise your device on return visits to improve user experience.
- Anonymity: Standard cookies compile anonymous statistics regarding browser type, screen resolution, and geographic location; they do not identify you personally.
- Invoice Payment Areas: The Wessex website uses session-based cookies strictly within invoice payment zones. This saves you from re-entering information at each stage of a transaction. Only partial form data is temporarily held, and the cookie is wiped automatically as soon as you close your browser.
- Control: You can choose to accept or decline cookies. While most web browsers accept cookies by default, you can modify your browser settings to decline them if preferred.
5. Marketing Communications and Tracking Technologies
If you explicitly opt-in to receive our direct marketing, we will periodically send you communications regarding relevant products, services, and exclusive offers.
To maximize the relevance of our marketing, we track interaction analytics via:
- Email Opens: We utilise a "clear image" (transparent GIF) pixel to track open rates. You can disable this tracking by turning off automatic image loading in your email client.
- Click Tracking: Links clicked within our emails (including the date and time of the click) are recorded by our analytics platform.
- Unsubscribes: Clicking an "Unsubscribe" link automatically removes your email address from our active marketing database and places it onto a suppression list to prevent future contact.
Your Right to Opt-Out: You maintain the right to withdraw marketing consent at any time. You can opt-out by clicking the Unsubscribe link at the bottom of any email, or by contacting us directly via phone, email, or letter.
6. Google’s Advertising Consent Mode V2
In compliance with regional privacy mandates (including the EU/UK User Consent Policies), our website utilizes Google’s Consent Mode V2. This mechanism securely transmits user consent choices from our cookie banner directly to Google's tracking tags.
If you are a user based in the UK or EEA, your explicit consent is required before we can deploy cookies or tags for ad personalization, remarketing, and advanced measurement features within Google Analytics and associated Google marketing services.
7. Sharing Data with Third-Party Data Controllers
To deliver our services and fulfil our contractual obligations, we partner with external organisations. We will share your personal information with other data controllers only when necessary. These entities include:
- Finance Providers & Lenders: To generate, underwrite, and manage your vehicle finance agreement.
- Supplying Dealer Groups & Manufacturers: To order, deliver, or arrange the collection of your vehicle, or to notify you of safety recalls.
- Insurance Entities: GAP insurance providers and specialist brokers.
- Regulatory & Legal Entities: Fraud prevention agencies, claims handlers, professional legal/financial advisers, or government bodies when legally mandated or required to protect public safety.
8. Credit Reference and Fraud Prevention Agencies
When you apply for vehicle finance, lenders will perform credit and identity checks with Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs).
Credit Reference Checks
- Lenders will search CRA records regarding your financial history. A footprint of this search will be visible to other organizations making subsequent checks.
- If you are a Director or Partner of a firm applying for credit, your personal file may also be searched. Multiple searches may be executed if your application is submitted to more than one finance provider.
- Joint Applicants: If you submit a joint application, you declare that you have the authority to disclose information about your joint applicant or fellow directors, and authorize searches to link your financial records.
- Lenders report payment histories, defaults, and account management details back to CRAs. This data can impact your ability to secure future credit.
Fraud Prevention
If false or inaccurate information is provided and fraud is identified, details will be passed to FPAs and law enforcement agencies. This information may be accessed and used globally to prevent fraud, money laundering, and to verify job applications or insurance claims.
9. Data Security
Wessex employs stringent technical and organisational measures to safeguard your personal data. All internal networks, databases, and systems are password-protected, subjected to role-based access controls, and monitored in line with our internal data security policies.
While we take maximum precautions, no transmission of data over the internet can be guaranteed as entirely secure. Consequently, any digital transfer of data to or from Wessex via the internet is performed at your own risk.
10. Data Retention and International Transfers
- Retention Period: We will not store your personal data for longer than is necessary to fulfil the purposes for which it was collected. Generally, we retain core contract data for a period of seven (7) years following the termination of your agreement to satisfy legal, regulatory, statutory obligations, and to handle potential legal claims.
- International Transfers: Your data is predominantly processed inside the UK and EEA. If any third-party supplier requires your data to be processed outside these zones, we guarantee that legally recognised safeguards (such as Standard Contractual Clauses or UK International Data Transfer Agreements) are enforced to protect your privacy rights.
11. Your Data Protection Rights
Under data protection legislation, you possess comprehensive rights regarding your personal information:
- Right of Access (Subject Access Request): You have the right to request a copy of the personal data we hold about you. This is provided free of charge, though we reserve the right to charge a reasonable fee or refuse requests that are manifestly unfounded, repetitive, or excessive.
- Right to Rectification: You can request that we correct or complete any inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data where there is no overriding legitimate or legal reason for us to continue processing it.
- Right to Restriction & Objection: You have the right to 'block' or restrict the processing of your data under specific circumstances, or object to direct marketing.
Note: In instances where data deletion is blocked by statutory, regulatory, or contractual retention periods, the data will be securely isolated and restricted from further processing instead of being permanently erased.
12. Social Media and Third-Party Links
Wessex interacts with clients across various social media platforms to promote services and offers. By interacting with us on these platforms (e.g., liking, following, or messaging), you become subject to the respective platform's privacy policy, not ours. We advise checking their privacy settings prior to engagement.
13. Complaints and Regulatory Contacts
If you are dissatisfied with how we handle your personal data, we encourage you to contact us directly so we can resolve the matter immediately.
- Wessex Contact: Please contact your Account Manager or our Compliance Team via phone, email, or post. We will investigate promptly and provide a comprehensive written resolution. View our complaints policy here.
- Regulatory Authority: You also have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
14. Policy Review and Updates
This policy is subject to review at least annually to align with changing statutory, legal, and operational frameworks. Any material updates will be clearly highlighted on our website to ensure our clients remain fully informed.
Last updated June 2026.