Privacy Policy

CHANGE HISTORY

Any changes made to this policy shall be clearly documented with a change history log. This shall include the latest version number, date of the amendment and changes made. The purpose is to identify quickly what changes have been made.

Version Number	Changes Made
V1.3 August 2019	Addition Connect and Network members to section 5.
V1.2 August 2019	Minor amends following annual review and inclusion of specific retention periods. Branding changes also made.
V1.1 April 2018	Minor amends (following legal review)
V1.0 April 2018	Policy finalised for publication

1. POLICY STATEMENT

POLICY STATEMENT

Please read this Privacy Policy carefully as it describes All Fleet Services collection, use, disclosure, retention and protection of your personal information. This Policy applies to any website, application or service which references this Privacy Policy.

ABOUT THIS POLICY

All Fleet Services takes the privacy of its customers (and their drivers) very seriously and is committed to protecting personal information. This Privacy Policy sets out the way in which any personal information you may provide to us is used and kept secure by All Fleet Services. It applies whenever we collect your personal data (including when you use our website or other digital products), so please read it carefully. This policy does not apply to our employees who have a separate Privacy Policy.

This policy forms part of the All Fleet Services Information Security Management Systems group of policies.

This policy does not form part of any All Fleet Services employee’s contract of employment and may be amended at any time.

KEY OBJECTIVES

To protect the privacy of individuals dealing with All Fleet Services
To explain how we collect, use, disclose and store Personal Information

2. DEFINITIONS

INFORMATION

Means information or data (including critical business information) which is stored electronically, on a computer or authorised device (such as company provided mobile phones, tablets or in-car system), or in paper-based filing systems / locations.

PERSONAL DATA

Means any data relating to an identified or identifiable living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (for example, a name, address, date of birth, identification number, location data), or it can be an opinion about that person, their actions and behaviour. Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of Data Protection Legislation depending on how difficult it is to attribute the pseudonym to a particular individual.

SENSITIVE PERSONAL DATA (SPECIAL CATEGORIES OF PERSONAL DATA)

Means the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

DATA PROTECTION LEGISLATION

Means the Data Protection Act 2018 (which incorporates the General Data Protection Regulations (EU) 2016/679 (“GDPR”), and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK.

DATA SUBJECTS

Means all the identified or identifiable living individual to whom the personal data relates. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information.

DATA SUBJECT RIGHTS

Means the Data Subjects rights to be informed of the data being held about them, have access to the data (known as a Subject Access Request), ability to be able to rectify the data, to be forgotten – have that data erased, to restrict processing of the data (the data can be stored but nor processed), to be able to have the data transfer easily between IT environments (portability), to be able to object to certain processing aspects (such as marketing), as well as rights relating to automated decision making and profiling.

PROCESSING

Means any activity that involves the use the data. It includes collection, recording, structuring or storage of the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.

COOKIES

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.

3. ABOUT ALL FLEET SERVICES

WHO WE ARE

This Privacy Policy applies to all products and services offered by All Fleet Services Limited (a company incorporated in England with company registration number 04831078) whose registered office address is Beechdene Building 8, Floor 3, Vantage Point Business Village, Mitcheldean, Gloucestershire, GL17 0DD

IF YOU HAVE ANY QUESTIONS

If you have any questions about this privacy notice, please contact our Data Protection Officer (DPO) by email; dataprotection@allfleetservices.co.uk

4. INFORMATION WE COLLECT

WHAT INFORMATION DO WE COLLECT AND WHY?

We collect different information depending on what your relationship with us, the services you use, or your contracts with us (e.g. vehicle maintenance, fine management). We need to tell you what we use your information for and the legal grounds we have to use this information.

In broad terms, we use your data for the following purposes:

to administer and provide products and services for our customers, our customers customers or their drivers and to provide potential customers with information about products and services they have expressed an interest in
to perform services that we are contracted to deliver
for fraud screening and prevention purposes
for record keeping purposes e.g. financial records
to track your activity on our websites or portals
where you have given us permission to do so i.e. you have opted in, for marketing purposes

When you interact with our websites or digital platforms, we may also automatically collect the following information about your visit. This is primarily to help us better understand how our website visitors use our digital platforms to inform our marketing, enable us to create a better user experience or content and create more relevant communications:

how you have reached our website or digital platform and the IP (internet protocol) address used
your browser type, versions and plug-ins, and your operating system
your journey through our website, including which links you click on and any searches you made, how long you stayed on a page, and other page interaction information which may enhance user experience

5. HOW WE USE YOUR DATA

CUSTOMERS (AND THEIR CUSTOMERS)

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
Customer contacts Invoicing details Service level agreements Fleet vehicle details Driver personal details and contact information Information from the driver’s vehicle Information from fine issuing authorities	To manage the account on a day to day, month to month basis. To provide contracted services to the Customer and their drivers as per the service level agreement. To enhance the driver experience and make aspects like vehicle maintenance or fine management as simple as possible. To provide information to our customers e.g. vehicle maintenance costs, vehicle availability, fine trends analysis.	Performance of a Contract. To allow us to complete the performance of our contract with you, we require you to provide the stated information (or access to the information). Marketing Consent. Where the customer opts into marketing, we will send them marketing information in accordance with the wording of the opt in statement that we believe will be of interest to the customer.

PROSPECTIVE CUSTOMERS

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
Contact details provided by the prospective customer at the point and time of them making initial contact and making an enquiry. This might be in person, over the phone or via an All Fleet Services website	To respond to the enquiry and provide any information required to fulfil the initial query and any subsequent queries.	Legitimate Interest. It is in the legitimate interests of a person or organisation enquiry that we are able to contact them to provide them with the information necessary to satisfy their enquiry. Marketing Consent. Where in the process of making an enquiry of that enquiry being fulfilled the prospective customer opts into marketing, we will send them marketing information in accordance with the wording of the opt in statement that we believe will be of interest to the prospective customer.

DRIVERS (FLEET / FLEET CUSTOMER DRIVERS)

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
Vehicle details such as VRM, make and model Driver personal details (name and address) Information from the driver’s vehicle Information from fine issuing authorities where the driver has committed an offence	To provide contracted services to drivers as per the service level agreement with the customer. To enhance the driver experience and make aspects like vehicle maintenance or fine management as simple as possible. To respond to an issuing authority regarding fines and charges incurred by the driver. To provide notifications via email, SMS or post (as contracted) to the drivers for services such as service bookings, fine notifications and MOT reminders for example.	Performance of a Contract. To allow us to complete the performance of our contract with our customer we require them to provide the stated information (or access to the information). Legal Obligation. In terms of fine management All Fleet Services have a legal obligation to provide issuing authorities with the information necessary to process a fine or charge (such as Notice of Intended Prosecution, Penalty Charge Notices etc). Legitimate Interest. It is in the legitimate interests of a person or organisation enquiry that we are able to contact them to provide them with the information necessary to satisfy their enquiry.

SUPPLIERS

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
Supplier contacts Invoicing details Service level agreements and capabilities.	To be able to place work with and direct work to the supplier, to enable All Fleet Services to meet its contractual obligations with customers and provide the best possible service and experience to drivers. To be able to pay for services delivered by the supplier.	Performance of a Contract. To allow us to complete the performance of our contract with our customer we require the supplier to provide the stated information (or access to the information).

CONNECT AND NETWORK MEMBERS

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
Contact details Brand details Order information	To be able to utilise member introductions and services to key members and All Fleet Services partners	Performance of a Contract. To allow us to complete the performance of member contracts.

MONITORING

We may monitor or record telephone calls for training and evidence purposes and to improve the quality of services that we provide to you.

ADDITIONAL INFORMATION

We may collect additional information as we develop new systems and services. This policy will be updated with the details if this is the case as outlined in section 11 of this policy.

6. COOKIES

WHAT COOKIES WE USE

We primarily use cookies on our website known as performance cookies, as well as authorisation cookies for our systems. All Fleet Services do not use tracking cookies.

AUTHORISATION COOKIES

What information is collected?	What is it used for?	What is the legal basis for collecting this information?
No personal data is collected only a session ID and token	It is used as a session identifier to verify user credentials	Session cookies – the information is only gathered for that session They are encrypted (standard .Net) and only accessible by the application they are used for

PERFORMANCE COOKIES

Cookie Type	What personal information is collected?	What is it used for?	Further Information
Google Analytics	No personal data is collected	To collect anonymous information about how visitors, use our websites We use the information to compile analytical reports which help us improve our website The cookies collect information such as the number of visitors to our website, how they arrived there (e.g. directly from the internet or through linking from another website) and tracking which webpages they visited.	Persistent cookies Examples of such cookie names are: _utma _ga Google privacy details can be found here
YouTube	IP address and location	We may embed YouTube videos onto our websites, YouTube will then track your usage of the video, how long you watch it for, your IP address and location.	Session cookies – we do not retain or use this information YouTube privacy details can be found Here
Google Maps	IP address and location	Some of our systems may have a google maps option Google may then track your usage of maps, your IP address and location	Session cookies – we do not retain or use this information Google privacy details can be found here

7. SHARING YOUR INFORMATION

WHO WE SHARE YOUR DATA WITH

To provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf.

These may include for example, fine issuing authorities, garages, recovery organisations or other suppliers. They only use the information to provide their services to us.

We only give them the information that they need. We always keep control of your data and our suppliers must act in accordance with our instructions.

In some circumstances, we may also have to disclose your personal information by law, because a court or the police or other law enforcement agency has requested it.

Where you opt-in to receive marketing information from us we will not share this information with third parties, except where they are integral to the process of creating or sending the marketing material.

CRITERIA FOR SHARING YOUR DATA

We only share your data with third parties if:

They have a need to know the information for the purposes of providing the contracted services;
Sharing your Personal Data complies with this Privacy Policy and, if required, the Data Subject’s consent has been obtained;
The third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place;
The transfer complies with any applicable cross border transfer restrictions; and
Where an appropriate written contract or agreement that contains data protection clauses has been agreed

8. RECORD KEEPING

HOW WE RECORD THE DATA WE HOLD

We are required to keep full and accurate records of all our data Processing activities; including records of Data Subjects’ consents and procedures for obtaining consents.

9. YOUR CHOICES AND OBLIGATIONS

HOW LONG WE KEEP YOUR DATA FOR

We only hold your personal information for as long as is necessary to provide services to you unless there is a requirement to hold that information for a longer period – for example where we are subject to a statutory obligation to keep hold of your information e.g. financial records.

To be able to fulfil our contractual obligations with our customers we typically retain any necessary data to meet these obligations for the duration of the contract (plus an additional 6 months to fulfil contract survival clauses or for legal obligations such as for fine management).

SPECIFIC RETENTION PERIODS:

Type	Retention Period
Call recordings There are strict guidelines for disclosing call recordings – primarily if requested they are provided as written transcripts that have personal and sensitive data redacted. Listening to calls is only permissible under controlled conditions; unless we are required by law to share them.	6 months
Copies of fine notifications (to drivers)	3 months

If there is a possibility that you may have a legal claim against us or you have made a complaint against us, then we will hold your information for the duration of any statutory limitation period associated with the claim.

Where you opt in to receive marketing material All Fleet Services, this will apply for a period of four years before we are required to ask you again. You can of course ask to unsubscribe at any time. All our marketing emails have an unsubscribe option clearly visible and you can also unsubscribe at any time by emailing us dataprotection@allfleetservices.co.uk

SECURITY OF YOUR DATA

All Fleet Services are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place robust physical, electronic and managerial procedures to safeguard and secure the information we collect, including for example data encryption and electronic password protection.

If at any point you become aware of a security incident or you have reason to suspect that your data may have been compromised (e.g. you receive a suspicious communication about you or your vehicle), please forward the communication to us or report the incident by email to dataprotection@allfleetservices.co.uk

If you have been the victim of a fraudulent transaction whether or not this relates to your dealings with All Fleet Services, you should always contact the police and/or your bank in the first instance to ensure your own finances are secure.

MORE ABOUT YOUR INFORMATION – YOUR RIGHTS

You may request a correction or update your personal information at any time by emailing dataprotection@allfleetservices.co.uk

Please include your name, address and email address when you contact us as this helps us to ensure that we accept amendments only from the correct person and can contact you to verify your identity should this be necessary. We encourage you to promptly update your personal information if it changes and we will action these as quickly as we reasonably can.

We will securely retain your information for as long as is reasonably necessary and in accordance with law applicable at the time. If you wish to submit a request that your data be deleted, please email us using dataprotection@allfleetservices.co.uk

You have the right to receive a copy of the personal information that we hold about you. Please email us using dataprotection@allfleetservices.co.uk if you wish to exercise this right.

If you have opted in to receive marketing from All Fleet Services, you can unsubscribe at any time.

10. COMPLAINTS

COMPLAINTS TO THE REGULATOR

If you do not think that we have processed your data in accordance with this notice, please contact us by email at dataprotection@allfleetservices.co.uk

If you are not satisfied with our response, you can refer the matter to the Information Commissioner’s Office. Information about how to do this is available on their website at www.ico.org.uk.

11. CHANGES TO THIS POLICY

NOTIFICATION OF CHANGES

All Fleet Services reserve the right to change this policy at any time.

Any changes will be detailed on the document control sheet accompanying this policy and will be version controlled. These changes will be submitted to the All Fleet Services Management Review Board for approval and sign off.