London Personal Chauffeur Ltd - GDPR Compliant Data Protection Policy

Purpose and Background

London Personal Chauffeur Ltd holds information about drivers, customers, and other individuals involved in our business activities. London Personal Chauffeur Ltd has a responsibility to safeguard this information and ensure compliance with the EU General Data Protection Regulation (GDPR), which came into force in the UK on May 25th, 2018. The GDPR continues to serve as the foundation of UK Data Protection legislation even after the UK’s departure from the EU, and this policy fully considers its requirements.

Data protection best practices extend beyond mere legal compliance. At London Personal Chauffeur Ltd, we prioritize taking care of our drivers and clients and respecting their privacy. Poor practices or serious breaches could not only harm individuals but also significantly impact the reputation of London Personal Chauffeur Ltd, and we value our standing in the industry.

Scope

This policy applies to all information concerning individuals (drivers, customers/clients) held by London Personal Chauffeur Ltd.

Our Legal Basis for Data Processing

Every action we take involving individuals’ records, including obtaining, storing, using, sharing, and deleting information, must have an acceptable legal basis. The following six legal bases apply:

• Consent from the individual (or someone authorized to consent on their behalf).
• Necessity in connection with a contract between London Personal Chauffeur Ltd and an individual.
• Necessity due to a legal obligation imposed by the law.
• Necessity in an emergency to protect an individual’s vital interests.
• Exercise of a public function, such as activities of government bodies, local authorities, and other public entities.
• Necessity in pursuit of our legitimate interests, provided they do not outweigh the interests of the individual.

When relying on consent as the legal basis for processing, we will be able to demonstrate that we have obtained consent. This entails maintaining records of who granted consent, when and how it was given (e.g., through the website, a form, or verbally), and the specific scope of the consent.

In the case of legitimate interests, we will conduct a balancing test to ensure that our legitimate interests in using the data for specific purposes, such as providing our services, do not override the interests of the individual.

Data Protection Principles

Data Protection compliance primarily rests on a set of principles. The six GDPR principles dictate the following:

• Fair and legal treatment of people’s information is essential. This includes ensuring individuals are aware of how their information is used.
• When obtaining information, we must clearly state the purpose(s) and subsequently use it solely for those stated purposes.
• The information we hold must be appropriate, relevant, and limited to what is necessary for our intended purposes.
• We must strive to ensure the accuracy and, if necessary, the timeliness of the information we maintain.
• Information should not be retained longer than necessary.
• Appropriate security measures must be in place to prevent loss, damage, or unauthorized access to the information. This policy adheres to each of these principles.

Transparency and Purposes (First and Second Principles)

We will provide individuals with key information at the time of collecting their data. This information includes:

• The identity and contact details of London Personal Chauffeur Ltd and the designated person responsible for Data Protection.
• The intended purposes of data usage and the legal basis for processing.
• If we rely on legitimate interests as the basis for processing, we will specify our legitimate interests.
• Any specific recipients of the data (e.g., TfL or Google Analytics).

Additional relevant information will be provided, such as:

• The duration for which personal data will be stored, or if not determinable, the criteria used to determine the storage period.
• Details of the individual’s rights, including the right to request a copy of all data held.
• The right to withdraw consent if it serves as the legal basis for processing (not retroactively).
• Whether the provision of personal data is mandatory due to statutory or contractual requirements, or as a prerequisite to entering into a contract. We will also clarify the consequences of not providing such data.

We will only inform individuals of things they are not already aware of. When drivers or clients sign up for our services at London Personal Chauffeur Ltd, they already expect that we will maintain records related to their activities with us.

Direct Marketing

Individuals have the explicit right to opt out of receiving marketing material from us (via mail, phone, email, or text). When collecting information that may be used for marketing purposes, we will explicitly state this at the time and request the individual’s consent. The wording will resemble the following: “We would like to keep you informed about London Personal Chauffeur Ltd services. Please indicate your preferred contact method(s): Mail, Phone, Email, Text.”

These rules strictly apply to marketing communications. They do not prevent us from contacting individuals through the most convenient means to provide information about services they have already subscribed to or for other administrative purposes.

Data Quality, Record Keeping, and Retention (Third, Fourth, and Fifth Principles)

Our operations become more effective and suitable when we maintain high-quality records of the individuals we work for, our customers, and our drivers. GDPR mandates this practice. We will ensure that we possess the necessary information without excessive data (adequate, relevant, and limited to what is necessary). Moreover, we will strive to keep the information accurate and up to date. We will not retain information longer than necessary. Our staff will be fully aware that individuals have the right to access all the information recorded about them by London Personal Chauffeur Ltd.

London Personal Chauffeur Ltd has a clear policy regarding the retention of personal information, directly tied to our compliance with Transport for London’s service obligations. We have implemented a process to ensure that data is deleted or destroyed at the appropriate time to fulfil this requirement.

Security (Sixth Principle)

We prioritize the security and proper handling of the information we hold, whether in our computer systems or on paper. We ensure that all our staff receive appropriate guidance and training to handle information in a responsible manner.

Responsibilities

London Personal Chauffeur Ltd bears the responsibility for GDPR compliance, rather than any specific individual. However, we have designated an individual to oversee compliance, stay updated on any developments, verify our adherence to regulations, maintain the necessary evidence, provide guidance to drivers and clients, and handle any issues such as data breaches or Subject Access Requests.

The current designated individual can be contacted via email at info@londonpersonalchauffeur.com . For any questions or comments or complains regarding this GDPR Compliant Data Protection Policy, please contact: London Personal Chauffeur, Call us at: +44 7400 130777 / +441784640344, email: info@londonpersonalchauffeur.com .

Thank you.