PRIVACY AND DATA PROTECTION POLICY
What is a Privacy and Data Protection Policy?
This document sets out how Fleetsauce Ltd intends to use and protect any information given to us by any means of communication. It ensures that Fleetsauce Ltd does not breach your rights as laid out by the ICO.
Your Data Protection Rights
· Your right to Access: You have the right to ask us for copies of the data we hold about you.
· Your right to rectification: You have the right to ask us to rectify any inaccurate or incomplete information.
· Your right to erasure: You have the right to have your data erased.
· Your right to restriction of processing: You have the right to ask us to restrict the processing of your data in certain circumstances.
· Your right to object to processing: You have the right to object to us processing your data in certain circumstances.
· Your right to data portability: You have the right to ask that we transfer personal data to you or another third party.
Who are Fleetsauce Ltd?
Our registered office is Ellkat House, Coed Aben Road, Wrexham Industrial Estate, Wrexham, LL13 9UH.
We are a member of the BVRLA (British Vehicle Rental & Leasing Agency) – Membership Number 10818.
We are a member of a group which includes V4B Ltd, Ellkat Brokers Ltd, V4B Business Finance Ltd, R.A.D.S t/a The Car Shop, ACV Hire & Autolease Spain.
Fleetsauce Ltd has Introducer/Appointed Representatives/Agents/Sub-Franchises who act on behalf of Fleetsauce Ltd.
Who regulates us?
Fleetsauce Ltd is registered with the Information Commissioners Office (ICO). Our registration number is ZA050736. If you have any questions regarding Data please contact our Data Protection Officer Tracey Jones
Post :- Fleetsauce Ltd, Ellkat House, Coed Aben Road, Wrexham Ind Est, Wrexham. LL13 9UH.
Email :- [email protected]
What information will Fleetsauce Ltd collect?
We may collect and process the following categories of personal data, as necessary to provide our services and meet our legal, contractual, and security obligations:
· Identity Data: Name, date of birth, title, job title, username, or other identifiers.
· Contact Data: Postal address, email address, telephone number, and postcode.
· Demographic & Preference Data: Interests, preferences, and other info relevant to customer surveys and/or offers.
· Account and Access Data: User IDs, login details, access permissions, and authentication information.
· Professional or Employment Data: Job title, employer name, and business contact details.
· Financial and Transactional Data: Financial information relevant to Funder Applications, payment details, billing information, credit commitments, payment history, and transaction records.
· Technical and Usage Data: IP address, device information, browser type, operating system, access logs, and website usage activity.
· Security and Audit Data: System logs, monitoring records, access records, and incident-related information.
· Communications Data: Correspondence, emails, and records of interactions with us.
· Compliance and Risk Data: Records required for regulatory, audit, due diligence, or public record information.
Source of Personal Data
We may collect personal data about you from:
· You directly.
· Employers/clients when you apply for a role or are considered for an opportunity.
· Referees (where relevant and permitted).
· Publicly available sources (for example, professional networking sites, business websites, and public records).
· Credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks.
· Third-party service providers used to support recruitment, screening, and compliance processes.
Credit Reference and Affordability Checks
To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.
· Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 742313).
· TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 805757).
The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.
CRA Privacy Notices
Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:
Transparency Notice | Customers & Suppliers
· TransUnion CRAIN (Credit Reference Agency Information Notice): TransUnion CRAIN
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
· TransUnion Bureau Privacy Notice: TransUnion Bureau Privacy Notice
https://www.transunion.co.uk/legal/privacy-centre/pc-bureau
What do Fleetsauce Ltd do with the information its gathered?
We require this information to understand your needs, provide you with a better service, and process data lawfully, fairly, and transparently.
The information will be used for:
· Internal record keeping and application for agreements with funders/dealers.
· Improving our products and services.
· Periodically sending promotional emails about new products, special offers, or other information using your provided email address.
· Contacting you for market research purposes (by email, phone, fax, or mail).
· Customising our website according to your interests.
Core Data Principles
When processing personal data, we ensure that:
· It is collected for specified, explicit, and legitimate purposes.
· It is adequate, relevant, and limited to what is necessary.
· It is accurate and kept up to date. It is kept in an identifiable form for no longer than is necessary.
· It is processed securely against unauthorised processing, accidental loss, destruction, or damage.
Lawful Basis for Processing Personal Data
Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases:
· Your Consent: Where required by law, and where individuals have been provided with a clear choice. You are able to remove your consent at any time by emailing [email protected].
· Performance of a Contract / Contractual Obligation: Where processing is necessary to deliver services, enter into or perform contracts (including obligations involving TransUnion, processing orders, managing accounts, and delivering vehicle/finance goods).
· Legal Obligation: Where processing is required to comply with applicable laws, regulatory requirements (such as FCA or HMRC rules), or statutory obligations.
· Vital Interest: Where processing is necessary to protect someone's life.
· Legitimate Interests: Where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals. Appropriate assessments are conducted to ensure data subject rights are protected.
Provision of Personal Data: Statutory/Contractual Obligations
Is the provision of personal data statutory or contractual?
The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.
Personal data is required to:
· Enter into and perform contracts with customers, suppliers, or business partners.
· Process orders, manage accounts, and deliver goods and services.
· Verify identity and prevent fraud.
· Comply with applicable legal, regulatory, accounting, and tax obligations.
What are the consequences of not providing personal data?
If you choose not to provide the personal data we request:
· We may be unable to enter into a contract with you.
· We may be unable to fulfil orders, supply goods, or provide services.
· We may be unable to conduct necessary verification, compliance, or fraud prevention checks. As a result, our services may be delayed, restricted, or declined.
Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.
Who else do Fleetsauce Ltd share your information with?
We only share your data with third parties who will use it according to our instructions, in compliance with data protection laws. Organisations we may share your information with include:
· Credit reference agencies & Fraud prevention tools: To propose you for vehicle finance and perform ongoing routine checks. This includes exchanges regarding settled or unpaid debts. Your data will also be linked to the data of your spouse, joint applicants, or financial associates.
· Finance providers & Supplying dealer groups: To generate finance agreements, order, and deliver vehicles.
· Service Providers: Electricity/energy suppliers (for home EV charging), car/van hire providers (for agreements up to 90 days), vehicle management companies (for maintenance), and insurance companies (GAP, warranty, assist).
· Group Companies: Our group companies (Group including V4B Ltd, Ellkat Brokers Ltd, etc.), affiliates, and partners where there is a potential benefit for customers to learn about products.
· Authorised Persons: Anyone authorised and named on your account who has given permission on your behalf.
· Debt Collectors & Recovery Agencies: Where we have to recover sums or vehicles owned by us.
· Legal/Regulatory Obligations: Disclosing information to investigate crime, theft, or fraud when legally obligated.
International Data Transfers & Safeguards
We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).
Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.
How long do Fleetsauce Ltd retain your data?
Fleetsauce Ltd retains personal data only for as long as necessary to meet legal, regulatory, and business requirements. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.
Retention periods are determined in line with FCA regulatory expectations, HMRC requirements, the Limitation Act 1980, BVRLA guidance, and contractual obligations.
Standard Retention Periods:
· Customer and transaction records: Up to 6 years after the end of the customer relationship or contract.
· Finance application and supporting documentation: Up to 6 years after completion, decline, or closure.
· Complaints records: Up to 6 years from final resolution.
· Marketing consent records: Retained until consent is withdrawn plus up to 24 months to evidence compliance.
· AML / fraud prevention records: Up to 5–10 years depending on legal obligation.
How do Fleetsauce Ltd keep my information secure and dispose of it?
We have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect. When data is no longer required, it is securely and permanently disposed of so it cannot be recovered or reconstructed.
Electronic Data Destruction
· Secure deletion using approved data wiping software.
· Permanent removal from CRM systems and backups (in line with backup cycles).
· Secure overwriting of stored electronic files.
Physical Records Destruction
· Confidential shredding using cross-cut shredding or certified destruction services.
· Secure disposal through accredited confidential waste contractors.
Non-Automated Decision Making and Profiling
We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.
These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review. The use of these tools may influence the speed or level of review applied to an application, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.
How do Fleetsauce Ltd use cookies?
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the cookie helps analyse web traffic and allows web applications to respond to you as an individual by gathering and remembering your preferences. We use traffic log cookies to identify which pages are being used. This information is used strictly for statistical analysis purposes, after which the data is removed. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share. You can modify your browser setting to decline cookies, though this may prevent full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. Once you leave our site, note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such sites.
Controlling Your Information & Access Rights
You may choose to restrict or control your personal information in the following ways:
· Look for checkbox options on website forms to indicate you do not want data used for direct marketing.
· If you change your mind about marketing or data use, email us at [email protected]. We will clarify any operational impacts before removing consent.
· We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law.
What do I do if the information you have about me is incorrect?
If you believe that any information, we are holding on you is incorrect or incomplete, please write to Ellkat House, Coed Aben Road, Wrexham Industrial Estate, Wrexham. LL13 9UH or email [email protected] as soon as possible. We will promptly correct any information found to be incorrect.
How can I access the information you have on me?
You have the right to request access to the personal data that Fleetsauce Ltd holds about you. This is known as a Subject Access Request (SAR) under the UK General Data Protection Regulation (UK GDPR).
We will normally provide this information free of charge. However, in accordance with UK GDPR and guidance issued by the Information Commissioner’s Office (ICO), we may charge a reasonable administrative fee where a request is manifestly unfounded, excessive, or repetitive. Where a fee is applicable, it will be based on the actual administrative costs incurred in responding to the request. This may include, for example:
Time spent locating, retrieving, and reviewing information
Time required to redact third-party or sensitive information
Administrative preparation and secure delivery of the response
Any fee will be proportionate, fully justified, and communicated to you in advance, before we proceed with your request.
In all cases, we aim to ensure that charges do not create a barrier to individuals exercising their data protection rights.
Before releasing any personal data, we may require proof of identity to ensure information is only disclosed to the correct individual and to protect your data from unauthorised access.
We will respond to all valid requests without undue delay and within one calendar month of receipt, in line with UK GDPR requirements. Where a request is particularly complex or multiple requests are received, we may extend this period by up to a further two months, and we will inform you within the first month if this extension is required and explain the reason.
If we refuse to act on your request or apply a fee, we will clearly explain our decision and inform you of your right to complain to the Information Commissioner’s Office (ICO).
If you would like to submit a Subject Access Request, please email [email protected].
Breaches
If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, and you, without undue delay.
What do I do if I have concerns about how Fleetsauce Ltd are using my data?
If you have any concerns about our use of your personal data you can make a complaint to us
Post :- Fleetsauce Ltd, Ellkat House, Coed Aben Road, Wrexham Ind Est, Wrexham. LL13 9UH.
Email :- [email protected]
You can also complaint to the ICO if you are unhappy with how we have used your data.
Post :- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Telephone:- 0303 123 1113
Website:- www.ico.org.uk
To access this policy in another format please email [email protected]