Privacy Policy

Information about our privacy policy

1. This policy was last amended on 7th May 2021 to comply with the GDPR law which supersedes the DPA, by using our website and our services you consent to this privacy policy.

2. If we decide to change this policy, we will post those changes on this page, and update the privacy policy modification date above.

3. We are a “data controller” for the purposes of the Act, as we process personal data on your behalf. With this deadline approaching, we are currently in the process of contacting all our data subjects to inform them of our terms of business that meet the requirements of GDPR.

4. If you have any questions regarding this privacy policy, you may contact our Operations Manager at info@adlexecutivecars.co.uk or contact us directly:
   ADL Executive Cars LTD, Unit 66 Stakehill Industrial Estate, Touchet Road, Middleton, M242FL

What information do we collect?

1. We collect information from you when you place an order, fill out a form or make a payment.

2. When contacting us from this site you may be asked to enter your name, e-mail address or phone number as appropriate. You may, however, visit our site anonymously.

3. For placing orders online we you to use a separate site:
   (https://book.icabbidispatch.com/52d4c962ceaa19187afe92827478832370ef3cea/public/login)

4. We implement a variety of security measures to maintain the safety of your personal information when you place an order:

   1. Our booking site is maintained via Icabbi and their secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology. It is only to be accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.

   2. After a transaction, sensitive private information (financials, etc.) will not be stored on our servers and will be destroyed.

What do we use your information for?
Any of the information we collect from you may be used to:

1. Improve customer service. Your information helps us to more effectively respond to your customer service requests and support needs.

2. Process transactions.

Lawful basis for processing your personal data

1. Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract.

2. If customers do not provide the information required for processing transactions, then we will be unable to provide a service to the customer.

Processing of your personal data

1. Description of processing
   We process personal information to enable us to promote our goods and services, to maintain our accounts and records and to support and manage our staff.

2. We process information relevant to the above reasons/purposes. This may include:

   1. Personal details.

   2. Financial details

   3. Goods or services provided.

3. We may at times need to share the personal information we process with the individual themselves and with other organisations. Where this is necessary, we are required to comply with all aspects of the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons

4. Where necessary or required we share information with:

   1. family, associates, and representatives of the person whose

   2. personal data we are processing

   3. employment and recruitment agencies

   4. current, past, and prospective employers

   5. central government

   6. credit reference agencies

   7. suppliers and service providers

   8. debt collection and tracing agencies

   9. financial organisations

   10. CCTV is used for maintaining the security of property and premises and for prevention and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance, and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.

Do we disclose any information to outside parties?

1. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

2. Our third-party partners are ICabbi and Webrise Ltd.

3. We may also release your information when we believe release is appropriate. For example, this may be to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

Confidentiality

1. We as a company understand the importance of confidentiality. We can confirm that any of our employees or sub-contractors working on behalf of ourselves for work performed, in respect of matters related to your account, are required to sign a confidentiality agreement as part of their contracts.

2. If you would like more information regarding our confidentiality policy as part of the sub-contractor’s agreement, please contact info@adlexecutivecars.co.uk

Retention Policy
ADL Executive Cars LTD will no longer be holding data which we have not gained contractual obligations for after 30 days, depending on the sensitivity of this data, it will be deleted instantly. Ranks of sensitivity will be outlined below, as well as some exceptions where data may be held longer lawfully.

Where personal data is held
ADL Executive Cars Ltd holds personal data in a few different locations, these can include: Our laptops, email accounts, desktops, employee-owned devices, paper files and backup storage.

Procedures in place for deletion

1. Data is manually deleted after thirty days after the completion of a contractual obligation.

2. Exceptions where data may be held longer than our 30-day retention period

3. Financial data stored on our accounts server or stored as hard copies are held for up to 7 years before disposal due to TAX and VAT legalities.

4. Ranks of sensitive data – Different retention periods
   Security criticality of sensitive or personal data which we process will be described and provided below, this policy contains requirements for the deletion of any data we process either personal or sensitive ranked ‘low’, ‘medium’ and ‘high’.

System data ranking

1. High – For the requirement of our business and the completion of contractual obligations with our clients it is very important to us that any financial data we store or process for or on behalf of our clients is subject to immediate tokenisation/masking of card details which include CVV/CVV2 information, card number and expiration date. However, if data is to be processed as a one-off request this data will be deleted after processing with immediate effect unless contractual consent is gained.

2. Medium – Account data which may include but not limited to personal data and goods or services provided will be subject to regular review of the data stored for the purpose of maintaining account records. This data allows us to complete our contractual agreements and can include but not limited to the client’s name, address, and contact details. Upon request by the authorised account holder this data can be deleted from our systems within 30 days of the request.

3. Low – Sensitive classes of information that may include physical or mental health issues, racial or ethnic origin, religious or other beliefs of a similar nature and trade union memberships are stored for legalities but are not processed. We do not use profiling nor automated decision-making systems as a part of our company policies. Deletion of this data is subject to but not limited to either upon request or legal obligations.

Your rights as a data subject

1. We have a robust process for dealing with customer queries and subject access request is in place, this includes but not limited to the right to withdraw any processing of your personal data and to remove any personal or sensitive data. The request can be made via email to the Operations Manager on info@adlexecutivecars.co.uk

2. Our consumer query process is also used to monitor our customers, our data partner, and our product/processes. Root cause analysis is applied to every enquiry, allowing us to identify if further action is required.

3. Your right to request from the controller restriction of processing of personal data can be applied upon request by the authorised account holder.

Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.