PRIVACY POLICY

The type of information and when we may collect it

  • We collect the information you provide us when you contact us via email, telephone, or otherwise. In addition information may be collected when signing up to our newsletters, alerts, or by creating an account and then using our services.

  • Information may be provided to us by your company/employer. Corporate customers may provide us with information about you when they sign up to use our services, this could include your name and business email address and phone number or other relevant information to assist the performance of our services.

  • Information provided to us by a third party and/or collected from public records in the case of fraud or suspected fraud. We may obtain information from third parties and from public records to prevent and detect fraud.

  • Many of the vehicles in our fleet are fitted with outward-looking dashboard cameras. Whilst these cameras do not film or record audio inside the vehicles, your image may be collected.

 How we use your information

To perform our contract with you, we will use your information:

  • To communicate with you;

  • To provide you with ground transportation.

In order to provide you with the most effective and appropriate service, we will use your information:

  • To identify bona fide users;

  • To detect and prevent fraud and/or crimes;

  • To meet customer service requirements and where required, for complaint handling and feedback;

  • For reporting and data analysis purposes and to monitor and assess the quality of service;

  • To administer any promotion, survey or feature available through our various services.

  • For insurance purposes;

  • To comply with our statutory and regulatory obligations, as required by the relevant licensing authorities;

  • To assist in hosting events on behalf of a client/s;

  • To provide quality assurance information including complaints, compliments and evaluations about our drivers;

  • To sign you up for our newsletters or alerts;

  • To contact you via telephone, email, or SMS.

  • To utilise the information you provide to provide a more effective and responsive service. Such as vehicle types, specific collection points, support needs etc.;

  • To enforce our terms and conditions;

  • Where you have opted into a marketing opportunity, the email address you provide for order processing, may be used to send you information and updates pertaining to your order. These updates may on occasion also include company news, updates, related product or service information, etc.

Profiling

  • Fraud prevention: We use a combination of risk screening tools and manual intervention to ensure that customer profiles are not fraudulent. To do this, we match the personal data provided by customers against data fields such as name, email address, mobile number and we use this to accept or decline bookings.

Disclosure of any information to outside parties

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

Categories of recipients include:

  • Cloud storage providers located in the UK, to store your personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;

  • IT Services providers that provide us with SaaS services;

  • Partner drivers based in the territory in which you request services.

  • IT support service providers who support and maintain our booking platform and have access at our premises working on a secure server; and

  • Our insurance company and claims handling companies, for the purpose of investigating and settling any insurance claims.

We may also release your information when we believe release is appropriate. For example, this may be to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Retention Policy

To limit the retention period of your personal data, we consider several criteria to ensure that we do not retain your personal data for longer than is necessary or appropriate. These criteria include:

  • The purpose for which we hold your personal data;

  • Our legal and regulatory obligations in relation to that personal data, for example our regulatory obligations to our licensing authorities, alternatively financial reporting obligations and;

  • Whether we have a continuing relationship, for example, you have an active account with us, you continue to receive marketing communications, or you regularly browse our website.

  • Any specific request from you in relation to the deletion of your personal data; and

  • Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.

We will retain your information as follows:

  • If you contact us via email, we will keep your data for 3 years;

  • Records of bookings, lost property, and complaints for a minimum of 12 months (we are required to retain such data to comply with our regulatory requirements).

Where personal data is held

Davids of London Ltd holds personal data in secured environments, these can include: Our own secure servers, email accounts, desktops, employee-owned devices, paper files and backup storage.

We cannot guarantee the security of your information transmitted over email or via our call centre; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

Procedures in place for deletion

Accounts related data that is processed via our two database servers are subject to a 90 day non-usage review of the account, followed up by a 6 month review before the erasure or separation of any personal or sensitive data. Also upon request by the authorised account holder data will be deleted from both database servers within 30 days of the request followed up by a privacy notification and confirmation of the deletion. This can be done by contacting the CISO David Teixeira on 020 7371 8835 or email info@davidsoflondon.co.uk

Employee and mobile users including sub-processors who process data on behalf of our company are subject to a systematic 30 days deletion policy after the completion of a contractual obligation. This is achieved via our Dispatch by dever software which is downloaded onto mobile devices. On board encryption is also enabled on all our mobile devices which are set to delete all information on the device after multiple failed password attempts.

Your rights as a data subject

We have a robust process for dealing with costumer queries and subject access request is in place, this includes but not limited to the right to withdraw any processing of your personal data and to remove any personal or sensitive data. The request can be made via email or telephone to the CISO David Teixeira on 020 7371 8835 or email info@davidsoflondon.co.uk

Our consumer query process is also used to monitor our customers, our data partner and our product/processes. Root cause analysis is applied to every enquiry, allowing us to identify if further action is required.

Your right to request from the controller restriction of processing of personal data can be applied upon request by the authorised account holder.

You have a right to lodge a complaint with a supervisory authority in regards to how your information has been handled. Please contact the Information Commissioner’s Office (ICO).

https://ico.org.uk/concerns/handling/

  • Access: You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.

  • Correction: You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.

  • Portability: Where you have provided your personal data to us under contract, you have the right to ask us to share (port) this data to another data controller in a structured, commonly used, and machine-readable format.

  • Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.

  • Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data, save for storage.

  • Objection: In certain circumstances, the right to restrict or object to our processing of your personal information (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data where your request is considered). You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.

Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.