×
Business Driver is a leading UK global provider of Practical Driver Training & Risk Management Solutions

Privacy Policy

TTC Group EXTERNAL general Privacy Notice

 

GENERAL

TTC Group are committed to complying with data privacy legislation, including the UK General Data Protection Regulation and the Data Protection Act 2018. Looking after the personal information you share with us is very important to us, and we want you to be confident that your personal information is kept safely and securely. We also want you to understand how we may use personal information we collect before, during and after your relationship with us, how we comply with the law on data protection and what your rights are.

WHO THIS NOTICE APPLIES TO

This privacy notice applies to you if you are external to our business and if we process your personal information. You may be, for example, a driver of a vehicle covered by our products and/or services, an attendee of one of our courses, an individual that works at a supplier or customer of ours, an individual which accesses or uses our website, platforms, applications, products and/or services, another organisation that we deal with, an individual whose activities are captured on a CCTV system that we operate or an individual who is affected by our activities or otherwise has a relationship with us. This privacy notice does not cover you to the extent that you are an officer, employee or worker of ours, a prospective candidate officer, employee or worker of ours, a shareholder of ours or an individual to whom we have provided a different specific privacy notice.

Please note that not all parts or content of this privacy notice may relate to you, as this will depend on your relationship with us. For example, aspects only relevant to a driver of a vehicle covered by our products and/or services or an attendee of one of our courses would not apply to a contact at a supplier of ours, provisions relating to CCTV would not apply to you unless you visit premises where we operate CCTV and aspects relevant to users of our website or applications would not apply to you unless you visit or use our website or applications. However some parts of this privacy notice will always apply to you, for example the section on your rights and how to make a complaint.

References to you, your and yourself in this privacy notice are to either you as an individual or any organisation that you work for.

We may make changes to this notice from time to time, and if we do make changes, we will update this page with the new version. Therefore, please check this page occasionally to ensure that you’re happy with any changes. For significant changes to this notice, we will try to give you reasonable notice unless we are prevented from doing so or unable to do so.

This notice was last updated on 30 September 2022.

WHO WE ARE

References to we, our or us in this privacy notice are to the TTC Group (being TTC Group (UK) Limited, a limited company incorporated in England and Wales with registered number 06214074 and with its registered office at TTC Hadley Park, Telford, Shropshire, TF1 6QJ and each of its direct and indirect subsidiaries, trading under the "TTC” brand). Details of our main trading subsidiaries are as follows:

TTC 2000 Limited, a limited company incorporated in England and Wales with registered number 08446911 and with its registered office at TTC Hadley Park, Telford, Shropshire, TF1 6QJ; and

Licence Bureau Limited is a limited company incorporated in England and Wales with registered number 4819897 and with its registered office at TTC Hadley Park, Telford, Shropshire, TF1 6QJ; and

Business Driver Fleet Risk Management Limited, a limited company incorporated in England and Wales with registered number 07078081 and with its registered office at TTC Hadley Park, Telford, Shropshire, TF1 6QJ; and

Balanceability Limited, a limited company incorporated in England and Wales with registered number 06120118 and with its registered office at TTC Hadley Park, Telford, Shropshire, TF1 6QJ.

We have appointed a Data Protection Officer to oversee our compliance with data protection laws. Contact details for our DPO are set out in the “Contacting us” section at the end of this privacy notice.

For the purposes of data protection, except where we act as a processor only, the company in our Group which is processing your personal information will be the controller of your personal information. However, please note that in some circumstances, we may act as a joint controller of your personal information with other organisations (for example our customer) and where this is the case, we have entered into agreements with these organisations which determine our respective rights and responsibilities in relation to your personal information, including in relation to the exercise of your rights as a data subject and the requirement for you to be provided with all prescribed information. Please also note that we also carry out processing activities on behalf of our customers and therefore we may act as a processor. Where this is the case, our customer will be the controller in respect of your personal information processed by us to the extent that we act as a processor and will decide why and how your personal information is processed for these purposes. Please refer to the relevant controller (which may be your employer) for further details in this regard. It is also possible for us to be acting as both a controller and processor in relation to the same personal information.

We are only required to set out in this privacy notice details in relation to when we are acting as a controller of your personal information. However, in the interests of providing you with greater transparency as to what we do or may do with your personal information, this privacy notice also covers circumstances where we may be acting as a processor only.

Personal information we collect

We may collect the following types of personal information about you:

Contact details: information that allows us to identify and contact you directly such as your name, address, email address, telephone number and addresses.

Identification information: driving licence, identity cards, information from a third party money laundering check provider, Companies House information, national insurance number and membership of relevant schemes.

Vehicle and driving information: including driving licence details, licence categories, licence date formats, licence status codes, ADD message codes, entitlement information codes, endorsement offences codes, disqualifications, driver number, vehicle details and vehicle registration details, vehicle serial number or any other unique identifier of the vehicle (for example, vehicle licence plate number), vehicle condition, general driving information including the duration of journeys, speed, acceleration/de-acceleration, cornering, braking, routes, driver behaviour and other telematics data and individual driver activity, driver ID data and individual driver mileage, usage, maintenance and other technical information, risk scores, driver offence codes, associated reference numbers, Certificate of Professional Competence (CPC) number and card start/expiry dates, tachocard number, dates and card status code, incident data, MOT expiry and VED expiry.

Details of your work or course history: this may include positions, roles, responsibilities, professional qualifications, courses undertaken and employer details.

Training information: this includes certificates of training completion and records/reports on training performance.

Personal history and information: this includes date of birth, hobbies, interests, marital status, family/next of kin contact details and dietary requirements.

Details of advisors appointed by you: including lawyers, accountants, financial advisors, consultants and other advisors.

Business information: including transactions, business relationships and amounts paid or owed.

Financial and payment information: including bank details, credit card or other payment details for the purpose of you making payments to us for our products and/or services or us making payment to you for your products and/or services.

Account information: such as your email address, username and password when you set up an account with us.

Insurance information and information relating to collision investigations: for example, your insurance applications and any information relating to your insurance claims, including vehicle details associated with the insurance, such as vehicle registration, make, model, type, mileage at incident, ownership type, claim reference, incident type, date, category, location and circumstances, reported date, insurer reference, driver name, driver date of birth, driver type, fault type, whether the vehicle is driveable, purpose of use, speed, weather conditions, damage notes, injuries sustained, third party(s) involved, replacement type, booking in date, vehicle off road time, repairs and repair status, settlement type, repairs supplier, original repair estimate, agreed repair estimate, actual repair cost, body repairs total, salvage total, hire total, glass total, recovery total and other total.

Responses to surveys and promotions: we keep records of any surveys you respond to or your entry into any promotions that we run.

Creditworthiness: we may undertake investigations into your creditworthiness in order to establish whether to enter into or continue a business relationship with you.

Details of your performance: when working with or for us or in relation to any project or work we are engaged in.

How you use our website and applications: we collect information about the pages you look at and how you use our products and/or services, including our website and applications.

IP address and other technical information: this includes your computer's or device’s IP address which allows us to track your usage of our website or applications, anonymous data collected by the hosting server for statistical purposes, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and other cookie data.

Usage data: we collect this if you use our driver application programming interface made available through our customer support portal, subject to you agreeing to our Driver API Licence Agreement and includes the names and passwords of authorised users and information about how such authorised users use our driver application programming interface.

API data: this includes all data published or made available by us through our driver application programming interface or other application programming interfaces, along with any related metadata, and may include driver data such as driving licence status, licence categories, criminal offence data and data captured by our telematics (hardware) devices, such as drivers’ activity, mileage and individual driver behaviour.

Videos and photographs: which you or other people take or make and provide to us or we take or make ourselves or which are taken or made on our behalf, for example of online driver CPC courses, meetings, events and driving activity.

Audio recordings: which you or other people take or make and provide to us or we take or make ourselves or which are taken or made on our behalf, for example voicemails or recordings of conversations or meetings.

Geo-location: this includes information which contains or reveals the location of electronic devices (such as telematics devices) or vehicles.

Monitoring data: this includes information relating to the surveillance or monitoring of your driving activities.

CCTV images: if you visit areas of any of our premises covered by our CCTV system.

Your usage of the IT systems we make available to visitors to our premises: for example our internet and Wi-Fi facilities.

Details of the correspondence (including e-mail correspondence) you send to and receive from us and details of any claims: this includes letters and emails, SMS, MMS and other electronic communications.

Your marketing preferences: so that we know whether and how we should contact you and what is most likely to interest you.

SPECIAL CATEGORIES OF PERSONAL INFORMATION AND CRIMINAL OFFENCE INFORMATION

We may collect, store and use the following “special categories” of more sensitive personal information about you:

information about your race or ethnicity or your religious or philosophical beliefs;

information about your sex life or sexual orientation;

information about your political opinions or trade union memberships;

information about your health, including any medical condition (including mental health conditions), health and sickness records, medical records and health professional information; and

genetic information or biometric information about you.

We may also collect and process certain criminal offence information in relation to you. This includes driving offence codes, endorsement information offence information, drink driving offence information (including alcohol readings), disqualifications, unspent convictions and any previous or pending prosecutions, offences, convictions, cautions and binding over orders.

Sources we collect your personal information from

We will collect personal information from a number of sources. These may include the following:

Directly from you: via hardware such as telematics sensors and devices used for the purpose of facilitating our provision of certain services to our customers (which may be your employer), when you complete forms we provide to you (including quote requests, audit or risk excellence questionnaires, vehicle declarations and/or forms provided on our behalf, such as data protection declarations), provide insurance certificates, when you or our customer receive, use or interact with our products and/or services or use our website, driver application programming interface or other applications (including other application programming interfaces) or provide information to us through our website (including via our portals) or applications or on the site of one of our partners, register on one of our client management systems, enter our promotions, make a claim, make a complaint, provide money laundering information to us, contact us by phone, email or communicate with us directly in some other way or you enter an area covered by a CCTV system that we operate.

From referrals and recommendations: usually given by other people who know you or have a working relationship with you.

Our website and applications: this includes personal information collected through our driver application programming interface, other application programming interfaces and our database management system and also includes websites or other applications which provide us with information about how you use them and the devices that you use to connect to them.

Providers of information: which may include professional bodies or trade associations, money laundering check providers, suppliers of business leads, expo database providers (such as expo event organisers), Companies House, the Land Registry, LinkedIn and other web platforms and driving and police authorities, such as United Kingdom Road Offender Education (UKROed), the National Driver Offender Retraining Scheme (NDORS) (including where you have yourself submitted your personal information to UKROed/NDORs, which is then provided to us), UK police forces, Magistrates Courts, the Driver and Vehicle Licensing Agency (DVLA), the Driver and Vehicle Agency Northern Ireland (DVANI), the Driver and Vehicle Standards Agency (DVSA).

Credit reference and other identification agencies: for example, Experian.

Journalists or other investigators: they may provide us with details or make enquires about you or matters concerning you or ourselves.

Our partners (third parties that act as resellers of our services): they will transfer to us information which you have provided to them or they have obtained.

Training providers: they will provide us with personal information such as certificates of training completion and reports on training performance.

Your employer or the organisation you work for or authorised users of our products and/or services: they may provide us with your name, position contact details and background information about you, including courses undertaken, as well as certain special categories of personal information and criminal offence information, in connection with us providing our products and/or services to them or you.

Our professional advisors: such as lawyers, accountants, financial advisors, planning consultants, surveyors, consultants and other advisors.

Your professional advisors: such as lawyers, accountants, financial advisors, planning consultants, surveyors, consultants and other advisors.

The Government, local authorities or relevant regulators: usually to assist with investigations, for example the Information Commissioner's Office.

The police, security services and other law enforcement agencies: usually to assist with the investigation and prevention of crime and the protection of national security.

We will also collect additional personal information throughout the period of our relationship with you.

If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us.

If you are providing us with details about other individuals, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in the “Your rights in relation to personal information” section below.

OUR LAWFUL BASES FOR PROCESSING YOUR PERSONAL INFORMATION

We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:

  • Where we need to perform the contract we have entered into with you or to take steps to enter into that contract.

  • Where we need to comply with a legal obligation which applies to us, for example complying with health and safety laws for visitors to our premises or events, data protection laws, money laundering laws or financial regulation that applies to our activities.

  • Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. This for example will cover use of your personal information if you are a user of or are monitored by our products and/or services or if you work for a supplier or customer of ours, and we need to use your details to contact the supplier or customer you work for or to perform a contract with them. It would also cover our interest in managing our business, for example, to allow us to provide products and/or services to our customers and to obtain products and/or services from our suppliers and would cover our use of your personal information to assist third parties (such as our customers or suppliers) to comply with their legal obligations. It also covers our monitoring and facilitating your use of our products/and or services, including for security reasons. Our need to monitor and manage our relationship with you (including contacting you, carrying out certain checks on you, responding to your queries or complaints and (if applicable) obtaining referrals from other organisations you have worked for or with) is also covered, as is carrying out data analytics and market and/or product research. Legitimate interests also covers most CCTV systems as it is a legitimate interest to protect against crime and other misconduct. It is also a legitimate interest to process your personal information in order to build and develop a profile for you as a customer, potential customer or a user of our products and/or services to personalise your experience and to carry out marketing activities, though we generally ask for your permission before we send you any marketing materials. Using your personal information in order to hold or conduct events, promotions or campaigns and to manage your attendance or involvement with them and to help train our staff is also in our legitimate interests.

  • Where you have given your consent. For example, you may expressly provide your consent or your consent may be given due to you having signed up to take part in one of our courses.

In some cases more than one legal basis may apply to our use of your personal information.

Where we are processing any sensitive special category personal information about you (which covers personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information, information concerning health or information concerning your sex life or sexual orientation) then we also need to have one or more of the following legal bases for using your personal information.

  • Where we have your explicit consent to do so.

  • Where it is necessary for us to comply with our obligations and exercising our rights in the field of employment law, social security law and social protection law.

  • Where we need to protect your vital interests (or someone else's vital interests).

  • Where you have already made public the personal information.

  • In establishing, exercising or defending legal claims, whether those claims are against us or by us.

  • Where it is necessary in the public interest, including to prevent, detect or prosecute criminal activity.

As stated in the “Special Categories of Personal Information and Criminal Offence Information” section above, we may collect and process information certain special category personal information in relation to you. Generally we will process this personal information for the purpose of delivering specific customer solutions or for addressing your specific requirements, for example, to ensure that any special arrangements are provided for when you attend a training course. We generally rely on consent as a basis for processing such special category personal information, however we may also rely on the basis of complying with our legal obligations, in establishing, exercising or defending legal claims or in protecting your vital interests (or someone else’s vital interests).

As stated in the “Special Categories of Personal Information and Criminal Offence Information” section above, we may collect and process certain criminal offence information in relation to you in connection with certain products and/or services that we provide to our customers. We normally rely on consent as a basis for processing such criminal offence information, however we may also rely on complying with legal obligations such as those in relation to social protection, as well as conditions of substantial public interest such as preventing or detecting unlawful acts and protecting the public against dishonesty.

What we use your personal information for

The points below describes the main purposes for which we may process your personal information and we have also indicated the main applicable legal basis for processing in relation to each purpose. Which purpose applies to you will depend upon the nature of your relationship and interactions with us and our products and/or services.

  • We will process your personal information to perform our relationship with you, including where you are or work for our customer (or potential customer), our supplier (or potential supplier) or you are a user of or are monitored by our products and/or services or to perform our relationship with third parties (such as our suppliers and customers), including where necessary to assist such third parties to comply with their legal requirements.

  • We will process your personal information to provide any products and/or services you have asked to receive from us or to receive any products and/or services we have asked to receive from you.

  • We will process your personal information in order to provide products and/or services to our customers (for example, your employer) and to enable our customers to receive, use and interact with our products and/or services, or to monitor (for example, compliance with our terms and conditions) and/or facilitate your use of our products and/or services. This includes for example, preparing risk assessments or audit reports in relation to your driving safety/compliance, contacting you or our customer to take any actions found in these reports to be required (including notifying when renewal of motor insurance is required), registering and enrolling you in e-learning or training courses, providing you with associated certifications, updating your qualification and/or training records, managing your use of your own vehicle for business purposes in connection with our Grey Fleet Management services provided to our customers, to ‘”de-activate” your record (for example, if you have left the employment of our customer, but your personal information is still within the retention period for us keeping your personal information).

  • We will need to process your personal information to send to you any direct marketing materials about our products and/or services that you have asked to be sent to you.

  • We will process your personal information to build and develop a profile for you as a customer or potential customer or a user of our products, services and applications to personalise your experience and to aim to send or show you content, advertisements or marketing materials which are most likely to be of interest to you.

  • We also need to monitor and manage our relationship with you, which may involve communications with you, decisions regarding your relationship with us and in some cases meeting with you. We also need to use your personal information in order to comply with a request from you in the exercise of your rights.

  • We may need to process your personal information in order to hold or conduct events, promotions, campaigns, and visits to our premises and manage your involvement in them.

  • We may need to process your personal information to manage our social media or online relationship with you.

  • We may need to process your personal information to help train our staff, and make sure they deliver the high standards expected in relation to our business.

  • In some cases, we may need to carry out background, identity, fraud prevention or other checks in relation to you to decide whether to enter into or to enforce a relationship we have with you and to verify the accuracy of the personal information that we hold in relation to you.

  • As a business we may have many legal obligations connected to our relationship with you or connected to visiting our premises which we need to comply with, for example, to comply with data protection laws or to comply with health and safety laws so we can ensure it is safe for you to visit our premises. Compliance with these legal obligations may require us to process your personal information.

  • We will also need to keep and maintain proper records relating to your relationship with us and information about you which is relevant to that relationship.

  • In some cases, we may need to process your personal information to prevent, detect or prosecute criminal activity (including the use of CCTV) or in order to assist the DVLA, DVANI, UKROEd, NDORS, police forces, security services, magistrates’ courts or any other public authority or criminal investigation body or law enforcement authority.

  • You may have contacted us about a query, complaint or enquiry and we need to be able to respond to you and deal with the points you have raised.

  • We may need to gather evidence for and be involved in possible legal cases.

  • To manage and keep a record of our relationship with you and any associated information.

  • To ensure effective general business administration and to manage our business.

  • To monitor any use you make of our website, applications and information and communication systems to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution and to protect your personal information.

  • To conduct data analytics and analysis studies to review and better understand trends and improve our business, use of our website and applications, and those same things in relation to our competitors. We may sometimes anonymise and aggregate personal information for insight and research purposes, but this information will not identify you.

  • To obtain referrals from other organisations you have worked for or with.

  • We may be carrying out market and/or product research, for example so that we can improve our offering (for example, to improve course and training quality and performance) and range of products or improve your use of our website and applications.

  • In exceptional circumstances, we process your personal information (including your special category personal information) for the purpose of sharing it with public health authorities when it is in your (or someone else’s) vital interests to do so.

For some of your personal information you may have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate our relationship. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our arrangements with you.

 

Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.

 

Please note however that the withdrawal of your consent will not affect any use of the personal information made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. However, in certain cases, we will not be permitted to process parts of your personal information without your consent, for example in relation to the driving licence checking services, where we must receive a signed data protection declaration from you. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide our customers with services which require your consent or provide marketing information to you.

 

We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymised and aggregated information for purposes that include providing certain products and/or services to our customers, testing our IT systems, research, data analysis, improving our site and developing new products and services.

 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or we are legally permitted to use it for another purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates.

Who we share your personal information with

We may share personal information with the following parties:

Internally with our staff: including with our managers, media, technical and legal teams and senior staff in the business area involved in your relationship with us, where access to your personal information is necessary for the performance of their roles.

Organisations in the same group as us: in relation to joint events or joint work.

Other companies in our supply chain: so that they can contact you about any issues in the supply chain or where your personal information is relevant to a subcontractor or party above us in the supply chain.

Credit reference and other identification agencies: so that we can assess your creditworthiness and to verify your identity. These agencies may retain a footprint that a search has been undertaken.

Third parties who ask for or want referrals: we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide or we may provide your details to third parties for the purposes of informing them that we provide or have provided products and/or services to you.

Anyone you ask us to pass or consent to us passing your information to: for example, your employer (see below).

Our partners: we work with a number of third party partners who act as resellers of our services and we may disclose personal information to one of our partners if they have a contract with your employer to provide our services to your employer.

Our customers (which may be your employer) and our suppliers: we may for example provide your personal information to your employer or your employer’s personnel (including personnel who are authorised to use, access and interact with our products and/or services on behalf of our customer) when we have entered into a contract to provide services to them (this may be, for example, when we report on audits and/or risk assessments carried out in relation to your driving). You may also have access to some of this information as part of the provision of our products and/or services to our customers.

Marketing and public relations companies: to help us to develop, carry out and assess marketing and PR campaigns, but we will only share your personal information with these third parties if we have your consent to do so.

Other service providers and advisors to us: such as companies or third parties that we engage for the purposes of providing our products and/or services to you or on our behalf, third party software providers, companies that support our IT or cloud service providers (such as hosting services providers), training organisations, course trainers and instructors, the UKROed, NDORS, DVLA, DVANI, DVSA or other public authority, companies that help us analyse, maintain and/or back-up the information we hold, process payments, send communications to our customers, provide us with legal, property or financial advice, to protect the safety of our visitors and customers and generally help us deliver our products and/or services to you or our customers or for us to purchase them from you.

Information providers: which may include UKROed, NDORS DVLA, DVANI, DVSA or other public authority, money laundering check providers, Companies House and the Land Registry.

Purchasers of our business: buyers or perspective buyers to whom we sell or negotiate to sell our business.

The Government, government departments, local authorities, public authorities, or relevant regulators: pursuant to a contract that we have entered into with them or where we are required to do so by law or to assist with their investigations, for example the Information Commissioner's Office.

Police, law enforcement agencies, security services and other criminal investigation authorities: usually to assist with the investigation and prevention of crime and the protection of national security.

Like many other websites, our website uses cookies. A cookie is a small file of letters and numbers put on your computer or device that you use to access our website. Cookies have many uses, for example to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and allows us to improve our website. We also use Google Analytics which sets cookies to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. Please also refer to our separate cookie policy at https://www.thettcgroup.com/media/2507/cookies-policy-ttc-group-v1-feb21.pdf for more details about how we use cookies on our website.

 

We may provide third parties with aggregate statistical information and analytics about users of our products and/or services but we will make sure no one can be identified from this information before we disclose it and that therefore none of your personal information is shared for these purposes.

 

In exceptional circumstances, we may share your personal information (including your special category personal information) with public health authorities when it is in your (or someone else’s) vital interests to do so.

 

We do not disclose personal information to anyone else except as set out above unless we have your consent or we are legally obliged to do so. We do not sell, rent or trade your personal information.

AUTOMATED PROCESSING AND DECISION MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention, which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decision-making in our business in relation to you. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.

 

However, as part of our processing of your personal information, your personal information may be processed using automated or partially automated means. For example, we use automated processing so that we can show you personalised advertisements whilst browsing our website or applications or those of other organisations. Any advertisements you see may relate to your browsing activity on our website or applications from your computer or other devices.

These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy at https://www.thettcgroup.com/media/2507/cookies-policy-ttc-group-v1-feb21.pdf. We may analyse your browsing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to decide what advertisements are suitable for you and to ensure that we draw to your attention to products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated processing. This allows us to provide a more personalised service and experience.

We may also review personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter, and Facebook.

We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal information by profiling and segmenting, identifying what our customers like and ensuring advertisements we show you are more relevant based on demographics, interests, previous order history or products and/or services requested from us, online web browsing activity and engagement with previous communications.

 

We may also process certain personal information shared between us and our customers by automated means for the following purposes:

  • to improve driving from a road safety perspective and for preventative or remote vehicle maintenance;

  • vehicle optimisation and improvement, including wear and tear affecting the vehicle’s parts based on the usage data of the driver in question;

  • accidentology studies performed by our customers or an agent on behalf of our customers;

  • geolocating vehicles for the purpose of combatting theft, providing breakdown assistance and for the other legitimate purposes pursued by the person receiving the relevant information;

  • commercial fleet management activities; and

  • to satisfy vehicle insurance requirements.

Transferring your personal information internationally

In most circumstances, information you provide to use is stored on our, or our suppliers’, secure servers, which are located within the UK and European Economic Area (EEA).

 

However, in limited circumstances the people to whom we may disclose personal information as mentioned in the “Who we share your personal information with” section above may be located outside of the UK and EEA and as a result, the personal information we collect may be transferred to and stored in countries outside of the UK and the EEA.

 

There may not be an adequacy decision in place in relation to some of the jurisdictions outside of the UK and EEA and they may require different levels of protection in respect of personal information. In certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. In these cases we will impose any legally required protections to the personal information as required by law before it is disclosed. We will also take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your personal information on our behalf, we will put in place appropriate safeguards as required under data protection laws. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal information in the overseas location; alternatively, we use standard data protection clauses. This means that when a transfer outside of the UK or EEA takes place you can expect a similar degree of protection in respect of your personal information. For further details please contact us by using the details set out in the “Contacting us” section below.

 

If you use our services or are monitored by our products and/or services whilst you are outside the UK and EEA, your information may be transferred outside of the UK and EEA, in order for us to provide you or our customers with those products and/or services.

 

Our directors and other individuals working for us may in limited circumstances access personal information outside of the UK and EEA if they are on holiday abroad outside of the UK or EEA. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal information within the UK.

 

In limited circumstances the people to whom we may disclose personal information may be located outside of the UK and EEA and we will not have an existing relationship with them, for example a foreign police force. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.

If you require more details on the arrangements for any of the above then please contact us using the details in the “Contacting us” section below.

Direct Marketing

Email, post, telephone, SMS/MMS and social media marketing: from time to time, we may contact you by email, post, telephone or SMS/MMS or via targeted advertising delivered online through social media and other platforms with information about products or services we believe you may be interested in.

 

We will only send marketing messages to you in accordance with the marketing preferences you set when you create your account, when you refresh your marketing preferences after a request from us to do so, that you otherwise tell us you are happy to receive or where you have purchased similar services or goods from us previously.

 

From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue to receiving marketing information from us.

 

You can let us know at any time that you do not wish to receive marketing messages by sending an email to us at yourdata@ttc-uk.com or by using the details set out in the “Contacting us” section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any electronic marketing messages we send to you.

How long do we keep personal information for

We will keep your personal information for as long as is necessary for the purpose for which it has been obtained and then for as long as there is any risk of a potential dispute or claim, which will be dependent upon the limitation period for the particular type of claim (typically either 6 years or 12 years). We have set out below the main retention periods which will apply:

For individual contacts at customers and suppliers this will be for as long as we have a contract with that customer or supplier and then generally for a period of 3 years afterwards.

For customer or supplier accounting information or other related information this will be for as long as we have a contract with that customer or supplier and then generally for a period of 7 years afterwards.

For marketing contacts it will be until we receive confirmation of your wish to opt-out of marketing communications or if no such opt out is received, it will generally be a period of 3 years after we were last in contact with you.

For website and applications users it will generally be a period of 6 years after you last used our website or applications.

For persons (for example, drivers or course attendees) whose personal information is processed as part of the provision of our products and/or services to our customers, it will generally be a period of 3 years after our relationship with the relevant customer ends.

For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 6 years.

For individuals attending an event (such as a marketing event) it will generally be a period of 3 years after the event.

For individuals whose images are captured during the video recording of online driver CPC courses it will generally be a period of 30 days.

For individuals whose images are captured on a CCTV system operated by us it will generally be up to 30 days (after that time the recording media is generally overwritten) unless a request for access to the relevant CCTV images has been made to us during that period, in which case the relevant CCTV images will be retained for as long as they remain relevant. In the case of investigations, e.g. a criminal prosecution, that may be many years.

For cookie data, please refer to our Cookie Policy https://www.thettcgroup.com/media/2507/cookies-policy-ttc-group-v1-feb21.pdf.

For driving licence information, vehicle data, incident management information, licence bureau driver data, reports generated as part of the services that we provide to our customers and any other personal information collected from you in the provision of our services to our customers (including audit, vehicle declaration and insurance certificates) we will generally keep this for a period of 3 years after our relationship with the relevant customer ends. This enables organisations to run a 3 year cycle “Health and Safety Programme” to establish continued improvement.

For information provided to us for the provision of Magistrates Court preferred training courses, we will generally keep this for 7 years from the set course completion date.

For information provided to us for the provision of police referred training courses, we will generally keep this for 1 year from completion of the associated course or for 5 days if no course was booked or 7 days from the expiry date of the course if the course was booked but not attended.

We will keep data protection declarations (both hard copy and electronic) and contact details relating to the processing of driving licence details as part of our driving licence checking services provided to our customers, for 7 years from the date that the form is received by us. This is mandated by the DVLA, in case the information is needed to establish, defend or bring legal claims.

Whichever time period applies, we do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period.

 

However where any personal information becomes relevant to legal proceedings or an investigation, then it may be retained for longer periods than those set out above and retained for as long as it remains relevant to the legal proceedings or investigation.

 

It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address. you can contact us by using the details set out in the “Contacting us” section below.

 

To the extent that we act as a processor, we will only process personal information required to be processed pursuant to that role for as long as is necessary in order for us to carry out our duties and obligations as a processor.

Security

We have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures will protect information in all cases. We do, however, take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.

You should take all reasonable steps to keep your personal information secure, including choosing a secure password if you have an online account with us and not disclosing your passwords or username to anybody else.

LINKS TO OTHER WEBSITES

Our website may contain links to and from other websites or applications run by other organisations. Please note that these websites and applications and any services that may be accessible through them have their own privacy notices and this privacy notice does not apply to those other websites or applications. We therefore encourage you to read the privacy notices of these other organisations before you submit any personal information to their websites or applications or use their services. We cannot be responsible for the privacy notices and practices of other websites and applications, even if you access them using links that we provide.

 

In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy notices and practices of the owners and operators of that third party website and recommend that you read the privacy notices of that third party website.

Your rights in relation to your personal information

You have the following rights in relation to your personal information:

  • the right to withdraw any consent you have given to us in relation to our use of your personal information;

  • the right to be informed about how your personal information is being used;

  • the right to access the personal information we hold about you;

  • the right to request the correction of inaccurate personal information we hold about you;

  • the right to request the erasure of your personal information in certain circumstances;

  • the right to restrict processing of your personal information where certain requirements are met;

  • the right to object to the processing of your personal information;

  • the right to object to us sending you direct marketing materials;

  • the right to request that we transfer elements of your information either to you or another service provider in certain circumstances; and

  • the right to object to certain automated decision making processes using your personal information.

You should note that some of these rights, for example the right to require us to transfer your information to another service provider or the right to object to automated decision making, may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. However some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.

To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below. To obtain a copy of the personal information we hold about you, to request the erasure of your personal information or to request the correction of inaccurate personal information we hold about you, you can also complete our subject access request form https://www.thettcgroup.com/privacy-policy/subject-access-request/.

If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. For complaints to the Information Commissioner’s Office, please see https://ico.org.uk/make-a-complaint/. However, we are here to help and we encourage you to contact us to resolve your complaint first. If you are based outside of the UK, you may have the right to complain to your local data protection regulator.

  1. CONTACTING US

In the event of any query or complaint in connection with the information we hold about you or in connection with this notice, please email our DPO at yourdata@ttc-uk.com or write to us at Attention of the Data Protection Officer, TTC Group (UK) Limited, Hadley Park East, Telford, TF1 6QJ. If you would prefer to speak to us by phone, please call 0330 024 1805.