Privacy Policy

Categories

Business privacy policy – Fleetworx

We are Fleetworx Ltd. We are wither a data controller or data processor in respect of information you provide to us (i.e. the organisation making decisions about how and why your personal information is used). We are registered with the Information Commissioners Office under registration ZA243989.

This privacy notice is for our customers, clients and suppliers. As a data controller we are committed to protecting your personal information and being transparent about what information we hold. 

Where we provide a service to, or work on behalf of an organisation it is likely that we are a data processor and the contracting organisation is the data controller. If you do not have a direct contract with Fleetworx but you do have a direct relationship with one of our business customers (e.g. As an employee of the business customer, or as a customer of that business) It is likely that they are the data controller and will be best placed to help you.
The purpose of this policy is to give you a clear explanation about how, where we are a data controller, we collect and use the personal information you provide to us, whether online, via phone, email, in letters or in any other correspondence, or where we receive data from third parties. We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. 

Processing your information in accordance with the law means:

  • Being fair and transparent with you.
  • Clearly identifying our purpose for processing your information and checking any additional purpose is compatible with data protection legislation. We document these purposes and periodically review these purposes.
  • Making sure that the information we process is adequate, relevant and limited to what is necessary for the purpose of processing your information.
  • We take all reasonable steps to make sure the information we hold, and process is accurate and where information is incorrect take remedial action to correct this.
  • We do not keep information for longer than is required, we identify personal information we no longer need and erase or anonymise information where appropriate.
  • Ensuring that we have appropriate technical security measures in place to maintain the integrity and confidentiality of your information.
  • How we get the personal information and why we have it

We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.

Personal data may be provided to us by you directly, or it may be provided to us from other sources, and we have shared below a variety of examples of when and why we process personal information. This list is not exhaustive, and due to the nature of our services there may be times when new categories of personal information may be shared with us for new and evolving reasons, and as a result, we keep this policy under constant review.

  • To deliver, manage and audit our services
  • To protect our customers, suppliers and employees
  • Helping train staff and support research
  • To recruit new members of our team
  • To help us identify and manage improvements to our services
  • To comply with our legal obligations
  • To investigate queries, incidents, complaints or legal claims
  • For internal administrative and management purposes, such as record keeping of enquiries, feedback or complaints
  • We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for our processing of this information are:

  • Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us.
  • We have a contractual obligation. For example, where the processing is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you.
  • We have a legal obligation. For example, where processing is necessary in order for us to meet our requirements under the company and finance legislation, or to provide information to law enforcement organisations or the Courts.
  • We have a legitimate interest. For example, where it is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you)

To determine this, we shall consider several factors such as, what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you.

When we process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). Examples of processing based on legitimate interest grounds are: 

  • To measure and understand how our services are used. For example, generating analytics on the demographics of our customers and services to ensure our services and programmes meet the needs of our customers.
  • To determine this, we shall consider several factors, such as what you were told at the time you provided your data, what your expectations are about the processing of your personal data, the nature of the personal data, and the impact of the processing on you.

For sensitive personal data, also known as special category data, the lawful bases we rely on for this processing includes:

  • Explicit consent

Or on rarer occasions:

  • Where we need to protect your vital interests (or someone else’s interests); and/or
  • Where it is needed in the public interest or for official purposes

The type of personal information we collect

To be able to provide you with services and support we must process your personal data. The type of personal data we collect depends on the way you interact and use the Fleetworx services. For example, accessing our services as a customer may be a different experience than interacting with us as a supplier.

We may collect and process the following personal data from you:

  • Information you give us. You may give us information by enquiring about or using our services, corresponding with us by phone, email, post, in person or otherwise. The information you give us may include both company and personal details such as your company name, your name, address, work email address and phone number, and company financial information.
  • Information given about others. Where you provide us with information about your employees or the drivers in your fleet, you will be giving us information about another person. When sharing this data with us you may be the data controller of this data, with Fleetworx being the data processor providing you with a service. In this case please ensure the appropriate information about your data sharing with us is provided to the data subject via your own internal privacy notices and processes.
  • Information we collect from your use of our site. With regard to each of your visits to our site we may automatically collect the following information:
    • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, device details
  • Information about your visit, including date and time, page response times, and forms you have submitted.
  • Your company financial details e.g. details of how we pay you, or information about your financial status

Special Categories of Personal Data

Some categories of personal information are regarded by the law as more sensitive than others. This is known as ‘special category’ or ‘sensitive personal data’ and covers things like information about your health, ethnic origin, religious beliefs, political opinions or any genetic or biometric data that is used to identify you.

We do not routinely process sensitive personal data, but there may be rare occasions when this is shared with us by a customer or supplier e.g. to arrange a delivery.

Information sharing
Where necessary and in accordance with data protection legislation we share information internally within Fleetworx and with third parties as required and where we have a legal basis to do so.

We share information where there is a legal, regulatory or professional obligation to disclose your personal information, in order to apply the relevant rules and/or to protect the rights or safety of our customers, supplier and employees past and present.

We may also be required to share information with Statutory and Regulatory authorities, law enforcement agencies and courts, or in the event of a transfer of all or a part of our organisation.

Sometimes we might share your data with third parties. This could include:

  • Engaging third-party service providers to perform a variety of business operations on our behalf. For example, service providers we use for specific purposes, such as for our IT systems or legal counsel for the provision of legal advice and guidance.
  • Regulatory authorities, law enforcement agencies and courts.
  • In the event of a transfer of all or a part of our organisation, for example new owners, directors or their professional advisers.
  • f we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or to protect the rights, property, or safety of our company, our client, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Third party (Sub-Processor) organisations

For our general day-to-day data processing activities, we use third party organisations or systems to help us administer, deliver and monitor the services we provide:

  • For the provision of IT and software services (e.g. Microsoft who provide our office software) to enable the management of the Fleetworx and office administration
  • For financial transactions and accounting
  • To help us improve our organisation
  • For the administration of our website and online platforms
  • For any legal and regulatory guidance regarding the provision of our services

Access to your personal information is only allowed when required by the law or is required as part of fulfilling our service obligations.  We do not, and will never, sell your personal information to other third parties.

International transfers

Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with the UK data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place. We carry out a detailed assessment to ensure the companies receiving your data can comply with these clauses. Please contact us if you wish to know more.

There are also some occasions when you may be based outside the UK. Where this is the case, as we are a UK organisation, you will be sharing your personal information with us here in the UK.

Keeping your information safe and secure.

We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.

How long we keep your data

We will only keep your information for as long as necessary to perform our obligations and to fulfil the original processing purpose. Based on the legal basis we may need to keep some information for longer i.e. to comply with tax and accounting law and in some cases, we will anonymise your information so that it can no longer be associated with you.

Due to periods set by the Limitation Act, we will keep information for a maximum of 6 years after our relationship with you ends unless we are otherwise required to remove such data from our records.

When establishing our Retention Schedule, we consider the legal basis, sensitivity of information, the type of information and once the retention period has ended, how we deal with the information.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Keeping your data correct

We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct.

Your data protection rights 

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Your rights in relation to automated decision making and profiling – As a matter of principle, you have the right not to be subject to a decision based solely on automated processing, including profiling.  However, we may automate such a decision if it is necessary for the entering into or performance of a contract between us, authorised by law or regulation or if you have given your explicit consent.  However, we do not currently make any decisions by automated means.

You are not usually required to pay any charge for exercising your rights. If you make a request, we have a calendar month to respond to you.

Where requests are manifestly unfounded or excessive, in particular where they are repetitive, we may charge a reasonable fee, taking into account the administrative costs of providing the information, or we may refuse to provide the information. Where we refuse a request, we will explain our reasons for the refusal and remind you of your right to complain.

If you would like further information on your rights or wish to exercise them, please email privacy@fleetworx.com or write to: Fleetworx Ltd, Unit 1, Charles Court, Budbrooke Industrial Estate, Warwick, CV34 5LZ

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at:

Information Commissioner’s Office (ICO) 
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 
ico.org.uk/make-a-complaint/

Changes to this policy

We’ll amend this privacy policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. Please check back regularly to see if there have been any updates.  
This Privacy Policy was last updated in April 2025.