Privacy Policy

This privacy notice tells you what to expect us to do with your personal information if you are a client, prospective client or are visiting our website or social media channels.

Your privacy is important to us. We respect your privacy and are committed to protecting your personal data. Personal data refers to any information that may allow an individual to be directly or indirectly identified, for example, their name, address, gender etc. The term data refers to any digital, automated data or manual information gathered by a company.

Fleet Alliance Limited is a data controller where you have direct dealings with us. We take our obligation to comply with the UK General Data Protection Regulation (UK GDPR) and any other Data Protection Legislation very seriously. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.

Should you have any questions regarding how we use your personal data, please contact us at the details below:

Post

Fleet Alliance, 9/1 The Skypark, 8 Elliot Place, Glasgow, G3 8EP

Telephone

0345 601 8407

Email

compliance@fleetalliance.co.uk

What data do we collect, use and why?

Clients

If you or your employer has engaged us to provide you with our services, we maycollect or use the following information to provide you our services, for the operation of your e-Fleet account and to provide service updates:

  • Names and title
  • Email address
  • Mobile number
  • Addresses
  • Date of birth
  • Job Role/Position
  • Employee Number
  • Driving Licence No
  • Additional Driver Name
  • Identification documents
  • Vehicle Registration Number
  • Vehicle Make and Model
  • Fuel card numbers
  • Vehicle Identification Number
  • Bank Account information
  • E-Fleet usernames and passwords
  • Purchase or viewing history
  • Call recordings
  • Records of meetings and decisions
  • Information relating to compliments or complaints

Personal data will generally only be collected directly from you. However, sometimes we may collect your personal data from another person, for instance, your employer or a fleet manager, where the nature of your business with us necessitates this or if you are using our fleet management software, e-Fleet or e- Fleet Mobile.

Prospective Clients

If you make an enquiry through our website or contact us directly to enquire about our services, we may collect or use the following personal information to respond to your enquiry:

  • Name
  • Telephone number
  • Email address
  • Call recordings

We may also request additional business information such as your company name, number of employees or fleet size.

If you contact us through our website, we will retain the content of your e-mail, any contact details provided, and your e-mail address to respond to your message and handle any follow up. If you contact us via phone, your phone call may be recorded.

Website and Social Media Channel Users

If you visit our website or social media channels we may collect or use the following personal information to help us analyse how you use the website, store your preferences, provide the content and advertisements that are relevant to you, and respond to any posts or comments you make:

  • Website user information (including user journeys and cookie tracking)
  • IP addresses
  • Username or social media handle

Our website and social media channels may contain links to other websites or channels. Please note that we have no control over how your data is collected, stored, or used by other websites or channels and we advise you to check the privacy policies of any such websites or channels before providing any data to them.

Any personal data shared on our social media channels will be shared with those social media providers.

Website Security

We will take all reasonable steps to protect your data. All information received by us through our website is retrieved and stored using secure technology. Our website host maintains a safe and secure environment for your personal information and uses up-to-date technology with a view to protecting that information against loss, misuse or unauthorised alteration.

Cookies, Google Analytics and IP Address.

When you visit our website, we may automatically collect some information about your device through the use of cookies. A cookie is a small data file that the website creates as you perform actions on certain pages of this website. The only personal information a cookie can contain is information you supply. A cookie can’t read data from your hard disk or read cookie files created by other sites. We use cookies to enhance our website’s performance by personalising your experience on our site or making use of our website more convenient.

These cookies are not used to record personal information or to associate personal information you supply with any other parties. You can refuse cookies by turning them off on your web browser however in certain circumstances this may affect the performance of this website. For more information about how to disable cookies, visit http://www.allaboutcookies.org.

We also receive and record information by tracking user traffic patterns throughout our pages to maintain a record of the movements of visitors to our site such as the page visited, and the information, activity or service requested.

We also use Google Analytics to help us understand how our customers use our website. Find out more about how Google uses your personal information here: Privacy Policy – Privacy & Terms – Google. You can also opt-out of Google Analytics here: Google Analytics Opt-out Browser Add-on Download Page

We may collect your IP address for the purposes of systems administration and to audit the use of our site. We do not link IP addresses to individual user information, and we gather IP addresses anonymously, however, users may be identified by their IP address where it is necessary to enforce compliance with the website’s terms of use.

Please see our Cookie Policy for more information.

Data we collect or use for Marketing Purposes

We may collect or use the following information to send you marketing materials, including financial promotions:

  • Names and contact details
  • Marketing preferences
  • Purchase or viewing history
  • IP addresses
  • Website and app user journey information
  • Records of consent, where appropriate
  • Records of opt-out

If you are an individual (as defined in the Privacy and Electronic Communications (EC Directive) Regulations 2003) we will only ever send marketing materials by email to you where you have explicitly opted in to receive marketing by email. We will only ever call you for marketing purposes where you have explicitly opted in to receive marketing calls from us. Personal data used for marketing will be obtained directly from you, from our records of your previous transactions with us or from your use of our website. If you opt in to receive marketing by email or telephone you will be able to unsubscribe at any time.

If your business is classed as a corporate subscriber (as defined in the Privacy and Electronic Communications (EC Directive) Regulations 2003) we may send marketing materials by email to your business email address. We will never disguise or conceal our identity in these emails and will always provide an unsubscribe link in our messages. We may call you using your telephone number for marketing purposes where you have not previously objected to our marketing calls and if you are not registered with the Corporate Telephone Preference Service (CTPS).

Business contact details will be collected directly from you, your employer or fleet manager. We may also obtain your name and business contact information from a third-party business data provider, Experian BI, where we have engaged them to provide us with business contact information of corporate/limited companies for direct marketing purposes. We may also obtain contact information through publicly available sources, such as social media channels. This applies to both existing and prospective corporate clients.

Sensitive Personal Data

We do not collect any sensitive data, except where a physical or mental health vulnerability is disclosed directly to us during our interactions with you or a representative contacting us on your behalf. We will only record the information that is proportionate and necessary for us to understand your circumstances so that that we can provide you with the assistance you need.

Where do we get personal information from?

We collect personal information from the following sources:

  • You directly
  • Your employer or fleet manager
  • Your nominated representative e.g. a lawyer, Power of Attorney or next of kin
  • Our website and social media channels
  • Our software e-Fleet and e-Fleet Mobile
  • Experian BI (corporate/limited businesses only)

What is our Lawful Basis for processing your personal data?

Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to direct marketing), we have a legal obligation, or because it is in our legitimate interests.

Contract

Where you or your employer has engaged us to provide you with our services or a quote, we will process the data necessary to fulfil these obligations.

Where we are processing data on the basis of contract, your right to object and right not to be subject to a decision based solely on automated processing will not apply.

Consent

 We will only market directly to individuals and use cookies on our website where you have explicitly consented to this.

We will only collect and process health information with your consent if you have a vulnerability and it is necessary for us to know this information to better support you.

Where we use consent as our lawful basis you have the right to withdraw your consent at any time.

Legal Obligation

We have a regulatory obligation to investigate and resolve complaints about regulated financial products.

Legitimate Interest

We use legitimate interest as our lawful basis for processing your personal data in the following circumstances:

  • Sending you ongoing contract communications, in-life contract services, notifications, and any other important information about products and services you may request from us.
  • Sending marketing communications to corporate subscribers which you may unsubscribe from at any time by clicking the unsubscribe link at the bottom of any of our emails or OPT-OUT on SMS messages.
  • Sharing the name, email address, telephone number and job title of contacts at our clients (corporate subscribers only) with our data processors to verify that the contact details we hold are accurate and up to date for direct marketing purposes.
  • Sharing your name and email address with our data processors to send marketing, service and feedback survey emails.
  • Notifying you about changes to our service or this privacy policy.
  • Responding to comments or posts on our website or social media channels.
  • Recording calls for quality, training and complaint resolution purposes.
  • Investigating and resolving complaints about non-regulated porducts.

We will always ensure that processing your data for our legitimate interests does not cause you harm and that it is targeted, proportionate, and has a minimal privacy impact. We will only process the personal data that is necessary for our legitimate interests, and we will store it securely and only for a long as is necessary.

We will only use your personal data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, or we will seek your consent if required.

How is Personal Data stored at Fleet Alliance?

We have physical, technical and organisational systems in place to ensure the safeguarding of your personal data. We have adopted strict confidentiality and data protection policies in relation to your data which all staff must adhere to and are trained in annually.

Personal data in digital format is stored in cloud data centres within the UK and the Republic of Ireland.

Personal data stored in marketing and communication platforms or email archives are stored in EU or US locations, however these are covered by UK adequacy regulations and the UK Extension to the EU-US Data Privacy Framework.

Physical data is stored securely in our head office.

Security Measures

Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure the data we process.

We currently implement appropriate technical and organisational measures that ensure a level of security appropriate to the risk and protect the personal data from being:

  • accidentally or unlawfully destroyed, lost or altered,
  • disclosed or made available without authorisation, or
  • otherwise processed in violation of applicable Data Protection laws.

The appropriateness of the technical and organisational security measures will be based on:

  • the current state of the art;
  • the cost of their implementation; and
  • the nature, scope, context and purposes of processing, as well as the likelihood of risks and the impact on the data protection rights and freedoms of data subjects.

How long do we keep your information?

We will keep your personal information for as long as you have a product or are using a service from us, and in most situations, for up to 7 years after. The reasons we may do this are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment.
  • To obey rules that apply to us about keeping records, for example HMRC requirements.

Your personal data will be removed from our marketing database within one week if you decide to unsubscribe from this service.

Who will we share your data with?

There are times when we are required to share personal information with other parties. However, the information we hold on our clients is an important part of our business and it is not our business to sell or rent this information to others.

We may however share personally identifiable information about our clients with selected third parties or suppliers in order to process your order or fulfil our contractual obligations with you, for example, to our select panel of finance providers, approved dealerships, manufacturers, third-party service providers, or salary sacrifice insurance provider where applicable. We aim to ensure that these third parties have sufficient data security measures in place when handling your data.

We may also share your information where we believe we have a legal obligation to do so. This may include sharing information about fixed penalty notices with the issuing authority or where we receive a Data Protection Access request from law enforcement agencies.

Data Processors

We use third party data processors to provide us with additional services. Please see the below list of key external providers with whom we share your data and the purpose of this sharing. These agents only have access to the information required for that purpose and may not use it for any other purpose.

  • Roswell IT Services: to provide our IT services and retrieve emails that we exchange with you.
  • Limitless Internet Solutions: to maintain our Client Relationship Management (CRM) system.
  • Focus Group: to provide our telephony and call recording solutions.
  • Experian BI: to check that the main contact information at our clients is correct for marketing purposes.
  • Digital Impact: to host and maintain our website.
  • Trust Pilot: to invite drivers to leave a review on TrustPilot.
  • Mailchimp (Inuit): to contact eligible employees of our Salary Sacrifice clients and to send marketing emails and manage opt-in/out.
  • Poppulo Harmony: to send marketing emails and manage opt-in/out.
  • Calendly: to schedule a callback via our our website.
  • B2B Connector: to manage sales leads, opt outs and communicate with prospective clients.
  • Direct Affinity: to manage customer surveys, opt outs and support with enquiry follow-ups via telephone, whilst providing out-of-hours calls support.
  • Lead Forensics: IP tracking to identify where businesses visit the site by cross checking against their corporate IP database.
  • Hotjar: to monitor website performance and and usage.
  • Firetext: to send SMS messages through our e-Fleet/CRM platforms.
  • Pipedrive: to manage our new client pipeline, leads and to help provide a more streamlined and automated customer contact process process.

We shall enter into a written agreement with each processor containing data protection obligations that uphold your data protection rights, to the extent applicable to the nature of the service provided by such processor; and we will be responsible for assessing that each processor is competent to process personal data in line with the UK GDPR’s requirements.

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place, such as adequacy decisions, the UK Extension to the EU-US Data Privacy Framework, the International Data Transfer Agreement (IDTA) or ITDA Addendum. Please contact us for more information.

Business Transfers

We are continually trying to expand and improve our business and we may sell or buy businesses or assets in these transactions. Client information is generally one of the transferred business assets in these situations and in the event that Fleet Alliance Limited or substantially all of its assets are acquired, client information may be one of the transferred assets. The new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

Your Data Protection Rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal data.
  • Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Changes to this Privacy Policy

We may update or amend this policy from time to time. If we make any substantial changes, we will notify you by email if we have this contact information.

Last updated 11th August 2024
BMS-P36.3.0824