This privacy notice explains how the driveJohnson’s Marketing Hub accesses,
uses, stores and protects information obtained from connected marketing,
advertising, analytics and website platforms.
This notice applies specifically to the Marketing Hub. General information
about how driveJohnson’s handles personal information is available in our
main Privacy Policy.
Marketing Hub Privacy Notice
The driveJohnson’s Marketing Hub is a restricted internal application used
by authorised driveJohnson’s employees and approved contractors.
It brings together data from approved marketing and reporting services so
that our team can review performance, process authorised marketing
enquiries, plan activity and make informed business decisions.
Last updated: 17 July 2026
Who operates the Marketing Hub?
The Marketing Hub is operated by driveJohnson’s for its own internal
business purposes.
It is not offered as a public service and is not available to customers or
members of the general public.
Who can access the Marketing Hub?
Access is restricted to authorised driveJohnson’s employees and approved
contractors who require the application for their work.
Users must sign in and may only access the information and features allowed
by their assigned role.
Access may be changed or removed when it is no longer required, when a
person changes role or when they stop working with driveJohnson’s.
Connected services
The Marketing Hub may connect to services used by driveJohnson’s, including:
- Google Ads;
- Google Analytics;
- Google Search Console;
- Google Ads Keyword Planner;
- Meta advertising, Page, lead-generation and business services; and
- other approved marketing, reporting or website platforms.
The platforms connected to the Marketing Hub may change as the application
develops. We will update this notice where a new connection materially
changes how data is accessed or used.
Information we may access
Depending on the connected service and the permissions granted, the
Marketing Hub may access information including:
- advertising account, campaign, ad group, ad set, advertisement and keyword
data; - advertising spend, impressions, reach, clicks, conversions, leads and
other performance metrics; - information submitted through authorised Meta Instant Forms or Lead Ads,
such as a person’s name, contact details, postcode, enquiry information
and any other fields included in the relevant form; - Facebook Page, Meta Business Account and advertising-account information
needed to identify and access business assets authorised by
driveJohnson’s; - website traffic, landing-page, acquisition and engagement information;
- search queries, website pages, clicks, impressions, click-through rates
and average search positions; - historical keyword search volumes, competition levels and estimated bid
ranges; - account identifiers, property identifiers and connection status;
- browser, server, synchronisation, error and usage information generated
when authorised users operate the Marketing Hub; - authentication information needed to maintain authorised connections; and
- internal notes, tasks, reports and settings created by authorised users.
Google account information
Where an authorised user connects a Google account, the Marketing Hub may
receive limited account information needed to identify the connected account
and confirm that the user has permission to access the relevant Google
services.
The Marketing Hub does not request access to personal Gmail messages,
personal Google Drive files, Google Photos, contacts or calendars unless a
separate feature is introduced, clearly disclosed and specifically
authorised.
Meta Platform Data
Where authorised by a driveJohnson’s administrator, the Marketing Hub may
connect to Meta business services, including Meta Ads, Facebook Pages, Meta
Business Accounts and Meta Lead Ads.
Depending on the permissions granted, information obtained from Meta may
include:
- Meta advertising accounts and authorised business assets;
- campaign, ad set and advertisement information;
- campaign performance information, including spend, impressions, reach,
clicks, leads, results and related reporting metrics; - information submitted by prospective customers through authorised Meta
Instant Forms or Lead Ads; - Facebook Page information needed to identify and access authorised
business assets; - business, Page, advertising-account and form identifiers; and
- connection, permission and synchronisation information required to operate
the integration.
Meta Platform Data is used only for authorised driveJohnson’s internal
business purposes, including advertising reporting, campaign analysis,
processing and managing enquiries, comparing marketing performance and
maintaining the Marketing Hub.
We do not sell Meta Platform Data or use it for unrelated purposes.
How we use connected platform data
Information obtained through connected services may be used to:
- produce internal marketing and advertising reports;
- monitor campaign performance and advertising spend;
- retrieve, process and manage enquiries submitted through authorised Meta
Instant Forms or Lead Ads; - analyse website traffic and visitor engagement;
- review organic search performance;
- research keywords and content opportunities;
- compare performance across reporting periods and platforms;
- identify technical, marketing or content issues;
- plan and prioritise internal marketing activity;
- support internal tasks, notes and approvals; and
- maintain, secure and improve the Marketing Hub itself.
Connected platform data is used only for legitimate driveJohnson’s internal
business purposes.
Google Ads access
The Marketing Hub may use the Google Ads API to retrieve advertising,
campaign, keyword and performance information belonging to driveJohnson’s.
The current Google Ads integration is intended for reporting, analysis and
keyword research.
It does not currently:
- create Google Ads accounts;
- change billing information;
- publish or remove campaigns;
- alter campaign budgets or bids; or
- create, edit or remove advertisements.
If write-access features are introduced in future, this notice and the
relevant application permissions will be updated before those features are
made available.
Meta advertising and Lead Ads access
The Marketing Hub may use approved Meta APIs to retrieve advertising,
campaign, Page, business-asset and Lead Ads information belonging to or
administered by driveJohnson’s.
The current Meta integration is intended for internal advertising reporting,
analysis and the retrieval and processing of enquiries submitted through
authorised Meta Instant Forms.
The Marketing Hub does not use Meta permissions to access information
unrelated to the business assets and functions authorised by
driveJohnson’s.
Authentication and access tokens
Connected services may issue access tokens or refresh tokens that allow the
Marketing Hub to retrieve authorised data without requiring a user to sign
in for every request.
Tokens and other sensitive credentials are stored within protected
server-side systems and are not intentionally exposed through public pages
or browser-side source code.
Tokens are used only to access the services and information for which
permission has been granted.
How information is stored
Data retrieved from connected services may be stored or cached in the
Marketing Hub database.
This allows us to:
- reduce unnecessary API requests;
- display reports more quickly;
- compare current and previous reporting periods;
- maintain historical performance records;
- process authorised marketing enquiries; and
- diagnose failed or incomplete data synchronisations.
Stored information may include aggregated reporting data, advertising and
business-asset identifiers, authorised lead information, synchronisation
logs and internal user activity.
Our lawful bases
Where information processed through the Marketing Hub is personal data,
driveJohnson’s will normally rely on one or more of the following lawful
bases:
- Legitimate interests: operating, securing and improving
our marketing, reporting, enquiry-handling and business-management
processes. - Contract: where processing is necessary to take steps at
a person’s request, provide services or manage an employment, contractor,
supplier or other business relationship. - Legal obligation: where information must be processed or
retained to meet a legal requirement. - Consent: where a person or authorised user has
specifically consented to an optional use of their information or
authorised a platform connection.
Sharing and disclosure
Data accessed through the Marketing Hub is not sold, resold, rented or made
available to external customers.
Information may be accessed or processed by:
- authorised driveJohnson’s employees;
- approved contractors working on behalf of driveJohnson’s;
- hosting, database, authentication and technical service providers needed
to operate the application; - professional advisers where access is reasonably necessary; and
- regulators, courts or law-enforcement bodies where disclosure is required
by law.
Service providers and contractors are expected to use information only for
the agreed purpose and to protect it appropriately.
Information obtained through Meta APIs is not shared with third parties
except where this is necessary to operate and secure the Marketing Hub,
process an authorised enquiry, provide driveJohnson’s services or comply
with a legal obligation.
International data transfers
Some connected platforms and technology providers may process information
outside the United Kingdom.
Where personal data is transferred internationally, driveJohnson’s will use
an appropriate legal safeguard where required, such as an adequacy
regulation, approved contractual protections or another lawful transfer
mechanism.
How long we retain information
Connected platform data is retained only for as long as reasonably
necessary for reporting, analysis, enquiry handling, security,
troubleshooting and legitimate business record-keeping.
Retention periods may vary depending on:
- the type of data;
- the reporting period involved;
- the purpose for which the data is stored;
- whether an account remains connected;
- whether an enquiry or customer relationship remains active;
- technical, security or audit requirements; and
- any applicable legal or contractual obligations.
Information that is no longer required will be deleted, anonymised,
aggregated or securely archived as appropriate.
Disconnecting a service
An authorised administrator may remove or revoke a connected platform
account from the Marketing Hub.
Google account access can also be reviewed or revoked through the security
and third-party access settings of the relevant Google account.
Meta access can be reviewed or revoked through the relevant Facebook or Meta
Business settings, including the settings used to manage business
integrations and authorised applications. An authorised driveJohnson’s
administrator may also request that the connection be removed from the
Marketing Hub.
Disconnecting an account prevents future API access but may not
automatically delete reporting or enquiry data that was previously imported
and is still required for legitimate business records or legal purposes.
Requests concerning previously imported personal data can be made using the
contact details below.
Data deletion requests
To request the deletion of personal information processed through the
Marketing Hub, including information obtained through Meta Platform services
or Google services, please contact:
info@drivejohnsons.co.uk.
Please state that your request relates to the driveJohnson’s Marketing Hub
and provide enough information for us to identify the relevant account,
platform connection, enquiry or data.
We will review the request and, where legally required or otherwise
appropriate, delete or anonymise the relevant information. We may need to
verify the requester’s identity before acting.
Some information may need to be retained where required for legal,
regulatory, security, fraud-prevention, dispute-resolution or legitimate
business record-keeping purposes.
Security
We use appropriate technical and organisational measures designed to
protect the Marketing Hub and the information it contains against
unauthorised access, loss, misuse, alteration or disclosure.
These measures may include:
- secure authentication;
- role-based access controls;
- protected server-side credentials;
- database access controls;
- encrypted connections;
- logging and monitoring;
- secure backups; and
- restricted access to development and production systems.
No online application can be guaranteed to be completely secure. We
regularly review the application and take reasonable steps to reduce
security risks.
Google API Services User Data Policy
The Marketing Hub’s use and transfer of information received from Google
APIs will comply with the
Google API Services User Data Policy
,
including the Limited Use requirements where applicable.
Meta Platform Terms
The Marketing Hub accesses and uses Meta Platform Data in accordance with
the applicable
Meta Platform Terms
and only through permissions and business assets authorised for the
application.
Your data-protection rights
Where information processed through the Marketing Hub relates to you
personally, you may have rights including the right to:
- request access to your personal data;
- ask us to correct inaccurate or incomplete information;
- ask us to delete information in certain circumstances;
- ask us to restrict how information is used;
- object to certain uses of your information;
- receive certain information in a portable format; and
- withdraw consent where processing is based on consent.
These rights are subject to legal conditions and exceptions. We may need to
verify your identity before responding to a request.
How to contact us
To ask a question about this notice, exercise a data-protection right or
request the removal of information associated with the Marketing Hub,
please contact:
Email:
info@drivejohnsons.co.uk
Please include enough information for us to identify the relevant account,
connection, enquiry or data.
Complaints
If you are concerned about how information has been handled, please contact
us first so that we can investigate.
You also have the right to complain to the Information Commissioner’s
Office, the UK regulator for data protection:
Make a complaint to the Information Commissioner’s Office
Changes to this notice
We may update this notice as the Marketing Hub develops, new services are
connected or our legal and technical requirements change.
The latest version will always be published on this page with its most
recent update date.