PRIVACY POLICY

1.  WHAT IS THIS? 

2.  WHO WE ARE 

3.  HOW WE COLLECT YOUR PERSONAL INFORMATION 

We may collect and process the following information about you:

 

Personal information you give to us: this is information about you that you give to us by entering information via our company website (including via our portal) or on the site of one of our partners, when completing a quote request on behalf of an organisation. It may also come from the completion of a Fair Processing Declaration provided to you on behalf of an organisation, entering answers into an audit or risk excellence questionnaire, making a vehicle declaration, providing an insurance certificate, or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give us may include your name, home address, email address, telephone number, driving licence details, vehicle details, employer details, general driving information and health information.

 

Personal information we collect about you We may automatically collect the following information: with regard to each of your visits to our site we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and in addition, if you make use of our Compliance Management System (“CMS”) we will collect username details and information regarding your use of the CMS which will be used for statistical analysis, troubleshooting and compliance auditing.

 

Personal information we may receive from other sources: We collect the following personal information about you from the following sources, which we use in the way described in the section below:

 

Source of personal information

 Privacy policy    

 The categories   of   personal information we obtain from these sources

 

Driver and Vehicle Licensing Agency

(“DVLA”)

 https://www.gov.uk/government/organisations/driver-and-vehicle-licensing-agency/about/personal-information-charter

 Driving licence details for DVLA issued Licence plus any convictions held:

  • Name
  • Address
  • Licence categories
  • Licence codes
  • Expiry dates
  • Unspent convictions
  • CPC dates
  • Tachocard dates

 this is information that we process on behalf of our clien Please see Where acting as a DATA PROCESSOR for our clients for more details. 

Driver and Vehicle Agency Northern Ireland

(DVANI)

 https://www.nidirect.gov.uk/articles/your-privacy

 Driving licence details DVANI Ireland driving licences only: 

      • Name
      • Address
      • Licence categories
      • Licence codes
      • Expiry dates
      • Unspent convictions

 this is information that we process on behalf of our clients. Please see Where acting as a DATA PROCESSOR for our clients for more details.

Driver

Vehicle Standards Agency

( DVSA )

 

https://www.gov.uk/government/organisations/driver-and-vehicle-standards-agency/about/personal-information-charter

 Vehicles registered in the UK

  • Vehicle registration details,
  • MOT expiry
  • VED expiry

Your

Organisation

Please contact your organisation to obtain a copy

Organisation may provide any of

the following:

  • Name
  • Address
  • Email address
  • NI Number
  • Employee ref
  • Date of Birth
  • Incident data
  • Courses undertaken

Our partners

(third parties that act as resellers of our services)

Please contact your organisation to obtain a copy (they will be able to provide a copy of the partner’s privacy policy)

Partner may provide any of the following:

  • Name
  • Address
  • Email address
  • Employee ref
  • Date of Birth
  • Incident data
  • Courses undertaken

In vehicle driver training provider

Please contact your organisation to obtain a copy

The provider will supply 

  • Certificate of training completion
  • Report on training performance

 

Please see How we use your personal information for details of the purposes for which we use the personal information we obtain from these sources, and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources. 

4.  WHAT TYPE OF PERSONAL INFORMATION DO WE PROCESS ABOUT YOU 

We may process a range of personal information about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers. 

We process the following types of personal information about you:

 

Category

Personal information included in this category

Behavioural

your activities, actions and behaviours

Biographical

your life experiences

Contact

information which can be used to address, send or otherwise communicate a message to you

Geo-location

information which contains or reveals the location of your electronic device or your vehicle

Identification

information contained in a formal identification document or social security or other unique reference relating to you

Sensitive

your racial or ethnic origin or any genetic or biometric data about you

Monitoring

information relating to the surveillance or monitoring of your activities

Employment

your previous, current or future employment details

Fraud

information relating   to the   occurrence,   investigation   or prevention of fraud

Insurance

your insurance applications and any information relating to your insurance claims, including vehicle details associated with the insurance

Legal

information relating to legal claims made by you or against you or the claims process

Correspondence

information contained in our correspondence or other communications with you about our products, services or business

 

5.  HOW WE USE YOUR PERSONAL NFORMATION 

Where you have provided CONSENT 

5.1 We may use and process your personal information where you have consented for us to do so for the following purposes: 

5.2 You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent for further details.

Where there is a LEGITIMATE INTEREST 

5.3 We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes: 

Where there is a LEGAL REQUIREMENT 

5.4 We will use your personal information to comply with our legal obligations: (i) to assist the DVLA and/or DVANI or any other public authority or criminal investigation body; (ii) to identify you when you contact us; (iii) to verify the accuracy of data we hold about you; and/or (iv) to assist any third party with whom we have shared your personal information in accordance with this policy (please see Others who have receive or have access to your personal information) where necessary to assist these third parties to comply with their legal requirements 

Where it is required to complete a CONTRACT

We may use and process your personal information where it is necessary to fulfil a contract we have with you, or because you have asked us to take specific steps before entering into a contract. This will include information that we process in order to enable you to make use of our site and the services we provide through it, or to complete a contract for services that we have entered into with you including without limitation: 

Where acting as a DATA PROCESSOR for our clients 

5.5 We will often carry out processing activities on behalf of our clients, such as when we perform driving licence checking services utilising information provided by our clients’ employees on D906 Fair Processing Declarations. This processing will be governed by our clients’ privacy policies. If we are carrying out driving licence checking services with your personal data, please contact your employer/ the organisation for whom you work to obtain a copy of the relevant privacy policy. 

6.  OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION

6.1 Our suppliers and service providers

We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management), the DVLA or DVANI, DVSA, address matching service providers, training organisations, our partners, or other third parties who provide services to us. 

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions. 

6.2. Your employer 

We may disclose personal information to your employer when we have entered into a contract to provide services to them. This may be when we report on audits and/or risk assessments carried out in relation to your driving.  

6.3. Our partners (third parties that act as resellers of our services) 

We work with a number of third party partners who act as resellers of our services. We may disclose personal information to one of our partners if they have a contract with your employer who has entered into a contract with this partner to provide our services to them. This may be when we report on audits and/or risk assessments carried out in relation to your driving. 

6.4. Other ways we may share your personal information 

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. 

However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.  

7. WHERE WE STORE YOUR PERSONAL INFORMATION

 7.1 All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).

7.2 If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA].

7.3 If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services. 

8. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR 

8.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. 

8.2 We do not retain personal information in an identifiable format for longer than is necessary. 

8.3 We will retain your personal information as set out in the table below, except where: 

 8.4 We retain your personal information as follows:

Data category/document

Retention period/criteria

Consent Forms/Fair

Processing Declarations for processing of driving licence details (hard copy and electronic):

For 7 years from the date the form is received by

us, as mandated by the DVLA, in case the information is needed to establish, defend or bring legal claims.

Personal data collected from you in the provision of our services, including Audit, vehicle declaration and insurance certificate.

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Reports generated as part of the services we provide

For 3 years. This enables organisations to run athree year cycle Health and Safety Programme to establish continued improvement.

Incident

management data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Vehicle data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Driving licence data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Cookies data

As per the Cookies Policy.

Contact details

For 7 years from the date the data is received by us

if provided as part of a Consent Form/Fair Processing Declaration as mandated by the DVLA, in case the information is needed to establish, defend or bring legal claims.

 

9. YOUR RIGHTS

 9.1 Your (data subject) rights:

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where not required, after we have received your request. 

9.2. Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

9.3.  Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.

9.4. Withdrawing your consent 

Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by

contacting us at the contact details set out below (Contact us). If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our Unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful. 

9.5. Objecting to our use of your personal information and automated decisions made about you 

Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. 

You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our Unsubscribe tool. 

You may also contest a decision made about you based on automated processing by contacting us at the contact details set out below (Contact us).

9.6. Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request. 

You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings. 

9.7. Transferring your personal information in a structured data file 

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. 

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information. 

9.8. Complaining to the UK data protection regulator

You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.

10. SECURITY / COOKIES / LINKS

10.1 Security measures we put in place to protect your personal information

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access. 

 

Where we collect any sensitive personal information about your ethnic background, sex life, political opinions, religion, trade union membership or criminal record, we will apply additional security controls to protect that data.

 

Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

10.2 Use of 'cookies'

Like many other websites, our websites use cookies. 'Cookies' are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit. 

It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit our Cookies Policy.

10.3 Links to other websites

Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using links that we provide. 

In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website. 

11. MARKETING

11.1 We may collect your preferences to receive marketing information directly from us in the following ways:

 11.2 We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless you object.

 11.3 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

 11.4 You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see Withdrawing your Consent and Objecting to our use of your personal information and automated decisions made about you above for further details on how you can do this.

12. CONTACT US 

Our Data Protection Officer is Adele Batsford. Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using our contact details below. 

The ADRRESS If you wish to write to us: Attention of Compliance officer, Licence Bureau Ltd,

5 Amberside House, Wood Lane,

Hemel Hempstead, HP2 4TP 

Our email address for data protection queries is consentquery@licencebureau.co.uk 

If you would prefer to speak to us by phone, please call 01442 430980

+