×
Business Driver is a leading UK global provider of Practical Driver Training & Risk Management Solutions

Privacy Policy

PRIVACY POLICY

  1. WHAT IS THIS?
    1. At Business Driver Fleet Risk Management Limited we take privacy seriously and we are committed to protecting it.
    2. This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
    3. This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
    4. This policy was last updated on 1st April 2020.
  2. WHO WE ARE
    1. Business Driver Fleet Risk Management Limited (company number 7078081) is the data controller in relation to the processing activities described below. This means that Business Driver decides why and how your personal information is processed.
    2. We also carry out processing activities on behalf of our clients as data processor. Where this is the case our client will be the data controller in respect of any personal data processing this way, and that client will decide why and how your personal information is processed.
  3. HOW WE COLLECT YOUR PERSONAL INFORMATION
    1. How we collect personal information from you

We may collect and process the following information about you:

Personal information you give to us: this is information about you that you give to us by entering information via our company website (including via our portal) or on the site of one of our partners, when completing a quote request on behalf of an organisation. It may also come from the completion of a Fair Processing Declaration provided to you on behalf of an organisation, entering answers into an audit or risk excellence questionnaire, making a vehicle declaration, providing an insurance certificate, or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give us may include your name, home address, email address, telephone number, driving licence details, vehicle details, employer details, general driving information and health information.

Personal information we collect about you We may automatically collect the following information: with regard to each of your visits to our site we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and in addition, if you make use of our Compliance Management System (“CMS”) we will collect username details and information regarding your use of the CMS which will be used for statistical analysis, troubleshooting and compliance auditing.

Personal information we may receive from other sources: We collect the following personal information about you from the following sources, which we use in the way described in the section below:

Source of personal information

Privacy policy

The categories of personal information we obtain from these sources

Driver and Vehicle Licensing Agency (“DVLA”)

https://www.gov.uk/government/organisations/driver-and-vehicle-licensing-agency/about/personal-information-charter

Driving licence details for DVLA issued Licence plus any  convictions held:

  • Name
  • Address
  • Licence categories
  • Licence codes
  • Expiry dates
  • Unspent convictions
  • CPC dates
  • Tachocard dates

N.b. this is information that we process on behalf of our clients. Please see Where acting as a DATA PROCESSOR for our clients for more details.

Driver and Vehicle Agency Northern Ireland (“DVANI”)

https://www.nidirect.gov.uk/articles/your-privacy

Driving licence details DVANI Ireland driving licences only:

  • Name
  • Address
  • Licence categories
  • Licence codes
  • Expiry dates
  • Unspent convictions

N.b. this is information that we process on behalf of our clients. Please see Where acting as a DATA PROCESSOR for our clients for more details.

Driver and Vehicle Standards Agency (“DVSA”)

https://www.gov.uk/government/organisations/driver-and-vehicle-standards-agency/about/personal-information-charter

Vehicles registered in the UK

  • Vehicle registration details,
  • MOT expiry
  • VED expiry

Your Organisation

Please contact your organisation to obtain a copy

Organisation may provide any of the following:

  • Name
  • Address
  • Email address
  • NI Number
  • Employee ref
  • Date of Birth
  • Incident data
  • Courses undertaken

Our partners (third parties that act as resellers of our services)

Please contact your organisation to obtain a copy (they will be able to provide a copy of the partner’s privacy policy)

Partner may provide any of the following:

  • Name
  • Address
  • Email address
  • Employee ref
  • Date of Birth
  • Incident data
  • Courses undertaken

In vehicle driver training provider

Please contact your organisation to obtain a copy

The provider will supply

  • Certificate of training completion
  • Report on training performance

 

Please see How we use your personal information for details of the purposes for which we use the personal information we obtain from these sources, and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.

  1. WHAT TYPE OF PERSONAL INFORMATION DO WE PROCESS ABOUT YOU

We may process a range of personal information about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers.

 

We process the following types of personal information about you:

Category

Personal information included in this category

Contact

information which can be used to address, send or otherwise communicate a message to you

Geo-location

information which contains or reveals the location of your electronic device or your vehicle whilst undertaking our services

Identification

information contained in a formal identification document or other unique reference relating to you

Special category

any information that allows us to address your special requirements such as medical conditions or religious beliefs

Monitoring

information relating to the surveillance or monitoring of your driving activities

Employment

your previous, current or future employment details

Insurance

your insurance applications and any information relating to your insurance claims, including vehicle details associated with the insurance

Legal

information relating to legal claims made by you or against you or the claims process

Correspondence

information contained in our correspondence or other communications with you about our products, services or business

 

 

 

  1. HOW WE USE YOUR PERSONAL INFORMATION

           Where you have provided CONSENT  

  1. We may use and process your personal information where you have consented for us to do so for the following purposes:
  • to contact you via email or text with marketing information about our services if you register an account with us online or when you refresh your marketing preferences when responding to a request from us to do so; and

 

  • processing your medical details as part of an audit we are carrying out for a client, where we will have sought your explicit consent.

 

  1. You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent for further details.

Where there is a LEGITIMATE INTEREST  

  1. We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
  • performing services to fulfil our contractual services with our clients, including (but not limited to):
    • preparing risk assessment or audit reports in relation to your driving safety/compliance;
    • contacting you to take any actions found in these reports to be required, including but not limited to chasing where renewal of motor insurance is required;
    • registering and enrolling you in e-learning or training courses;
    • updating your qualification and/or training records;
    • managing your use of your own vehicle for business purposes as part of our Grey Fleet management services; and
    • to “de-activate” your record, which is a process for flagging an individual’s record as “terminated”, for example, if the employee has left our client’s employment, but is still within the retention period for keeping such personal information.

 

  • analysis to inform our business strategy, and to enhance and personalise your experience;

 

  • for product development purposes (for example to improve courses and training quality and performance);

 

  • for market research in order to continually improve the services that we deliver to you and our clients;

 

  • marketing activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same);

 

  • prevention of fraud and other criminal activities;

 

  • to verify the accuracy of data that we hold about you and create a better understanding of you as a user of our site and/or services;

 

  • to correspond or communicate with you;

 

  • network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

 

  • to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

 

  • assess and improve our service to customers through recordings of any calls with our contact centres; and

 

  • management of queries, complaints, or claims.

 

Where there is a LEGAL REQUIREMENT

  1. We will use your personal information to comply with our legal obligations: (i) to assist the DVLA and/or DVANI or any other public authority or criminal investigation body; (ii) to identify you when you contact us; (iii) to verify the accuracy of data we hold about you;  and/or  (iv) to assist any third party with whom we have shared your personal information in accordance with this policy (please see Others who have receive or have access to your personal information) where necessary to assist these third parties to comply with their legal requirements

Where it is required to complete a CONTRACT

  1. We may use and process your personal information where it is necessary to fulfil a contract we have with you, your employer, a public authority body or because you have asked us to take specific steps before entering into a contract. This will include information that we process in order to enable you to make use of our site and the services we provide through it, or to complete a contract for services that we have entered into with you including without limitation:
  • Contact details.

Where acting as a DATA PROCESSOR for our clients

  1. We will often carry out processing activities on behalf of our clients, such as when we perform driving licence checking services utilising information provided by our clients’ employees on D906 Fair Processing Declarations. This processing will be governed by our clients’ privacy policies. If we are carrying out driving licence checking services with your personal data, please contact your employer/ the organisation for whom you work to obtain a copy of the relevant privacy policy.

 

  1. OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
    1. Our suppliers and service providers

We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management), the DVLA or DVANI, DVSA, address matching service providers, training organisations, our partners, or other third parties who provide services to us.

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

  1. Your employer

We may disclose personal information to your employer when we have entered into a contract to provide services to them. This may be when we report on audits and/or risk assessments carried out in relation to your driving.

  1. Our partners (third parties that act as resellers of our services)

We work with a number of third party partners who act as resellers of our services. We may disclose personal information to one of our partners if they have a contract with your employer who has entered into a contract with this partner to provide our services to them. This may be when we report on audits and/or risk assessments carried out in relation to your driving.

  1. Other ways we may share your personal information

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers.

However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.

  1. WHERE WE STORE YOUR PERSONAL INFORMATION
    1. All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
    2. If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA].
    3. If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
  2. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR

 

  1. If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
  2. We do not retain personal information in an identifiable format for longer than is necessary.
  3. We will retain your personal information as set out in the table below, except where:
  • the law requires us to hold your personal information for a longer period, or delete it sooner
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing); or
  • in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
    1. We retain your personal information as follows:

Data category/document

Retention period/criteria

Consent Forms/Fair Processing Declarations for processing of driving licence details (hard copy and electronic):

For 7 years from the date the form is received by us, as mandated by the DVLA, in case the information is needed to establish, defend or bring legal claims.

Personal data collected from you in the provision of our services, including Audit, vehicle declaration and insurance certificate.

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Reports generated as part of the services we provide

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Incident management data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Vehicle data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Driving licence data

For 3 years. This enables organisations to run a three year cycle Health and Safety Programme to establish continued improvement.

Cookies data

As per the Cookies Policy.

Contact details

For 7 years from the date the data is received by us if provided as part of a Consent Form/Fair Processing Declaration as mandated by the DVLA, in case the information is needed to establish, defend or bring legal claims.

 

 

  1. YOUR RIGHTS
    1. Your (data subject) rights:

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where not required, after we have received your request.

 

  1. Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy.  We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

  1. Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.

  1. Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by contacting us at the contact details set out below (Contact us).  If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our Unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

  1. Objecting to our use of your personal information and automated decisions made about you

Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our Unsubscribe tool.

You may also contest a decision made about you based on automated processing by contacting us at the contact details set out below (Contact us).

  1. Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.  We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings. 

  1. Transferring your personal information in a structured data file

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.

 

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

 

 

  1. Complaining to the UK data protection regulator

You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.

  1. SECURITY / COOKIES / LINKS
    1. Security measures we put in place to protect your personal information

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.

Where we collect any sensitive personal information about your ethnic background, sex life, political opinions, religion, trade union membership or criminal record, we will apply additional security controls to protect that data.

Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

  1. Use of 'cookies'

Like many other websites, our websites use cookies. 'Cookies' are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit.

It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit our Cookies Policy.

  1. Links to other websites

Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using links that we provide.

In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

  1. MARKETING
    1. We may collect your preferences to receive marketing information directly from us in the following ways:

·if you register an account with us online, we will ask you if you would like to provide your consent to receive marketing information directly from us; or

·if you make an enquiry we may contact you with marketing information in the ways mentioned in the notices presented to you, except where you indicate you would prefer otherwise.

 

  1. We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless you object.
  2. From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
  3. You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see Withdrawing your Consent and Objecting to our use of your personal information and automated decisions made about you above for further details on how you can do this.
  1. CONTACT US

Our Data Protection Officer is David Finney. Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using our contact details below.

 

The ADRRESS If you wish to write to us:

Attention of The Data Protection Officer,

Business Driver Fleet Risk Management Limited,

TTC Group,

Hadley Park East,

Telford, TF1 6QJ 

 

 

Our email address for data protection queries is info@businessdriver.com

 

If you would prefer to speak to us by phone, please call - 0844 443 8611