Applied Driving Techniques handles and stores all data securely and does not share this with any undisclosed third party without prior written consent. Applie Driving Techniques is registered under the Information Commissioners Office - https://ico.org.uk/ (Ref: ZA007952) and accredited to standard ISO 27001.
The information obtained is only shared with your organisation and will not be given to any third party without express written consent.
For more information, review our Data Protection & Fair Processing Notice below.
DATA PROTECTION
ADT are registered with the Information Commissioner's Office, https://ico.org.uk (Ref: ZA007952). As a signatory to General Data Protection Regulations and the Data Protection Act, ADT are bound by its terms.
ADT offices are in a secure building with a manned front desk during office hours (Monday to Friday) and 24/7. CCTV, access is only available to authorised staff through an electronic key system to access the main building and further locks to access individual units.
Access to client information is to ensure there is no data crossover and ADT systems are password protected. ADT has a full systems maintenance and back-up plan in place along with a business continuity plan for both systems and processes.
All staff are required to handle controlled confidential data including reference to enquiries on DVLA driver licence data which must be explicit and transparent for any individual licence holder. ADT are vetted by a PVG Check and staff are provided with both initial induction training and ongoing refresher training regarding GDPR and the Data Protection Act.
Data protection is a key element of staff contracts of employment with clear disciplinary procedures.
We have never been compromised to date, but have a procedure for notifying clients should a compromise occur.
FAIR PROCESSING NOTICE
In order to conduct our business ADT need to collect and use information about our clients and especially our client’s employees. The data held is composed of:
- Driver Licence Information containing the bare minimum of required information
- DVLA Records – licence information received from the DVLA in response to our request for licence information
- ADT handle and store data securely and do not share information with any undisclosed third party without prior written consent. The information obtained from the DVLA is only shared with a driver's Company for the purpose of confirming details held by the DVLA in respect of an employee entitlement to drive and stored in compliance with ADT's GDPR/Data Protection Policy and security of classified information. This is required as part of your organisation’s duty of care.
- Driver Consent Information is provided as part of ADT’s Driver Safety Compliance Programme and valid for up to three years from the date of consent/signature, or until driver ceases to drive in connection with the organisation concerned. If you have any queries concerning this programme, please contact 01489 663788 or by email: datasecurity@applied-driving.com.
- Driver may request removal of information at any time without reason by the data subject by contacting ADT in writing or via e-mail: compliance@applied-driving.com.
INTRODUCTION
- Applied Driving Techniques (Global Solutions) Ltd (ADT) needs to gather and use information about individuals on behalf of their clients to ensure that organisations are operating within the law and fulfilling their duty of care to ensure their fleet is managed with minimum risk.
- This policy describes how this personal data must be collected, handled and stored to meet GDPR data protection standards — and to comply with the law.
WHY THIS POLICY EXISTS
- This policy ensures ADT:
- Complies with general data protection regulations (GDPR) law and follows good practice
- Protects the rights of staff and clients about how it stores and processes individuals' data
- Is open about how it stores and processes individuals's data
- Protects itself from the risks of a data breach
GDPR DATA PROTECTION LAW
- The Data Protection Act 1998 in association with General Data Protection Regulation (GDPR) describes how organisations including ADT must collect, handle and store personal information.
- ADT adhere to GDPR and the Data Protection Act which underpin the following principles:
1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date where appropriate
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the European Economic Area (EEA)
POLICY SCOPE
Policy applies to all data that the Company holds relating to identifiable individuals, even if that information technically falls outside of GDPR and Data Protection Act 1998.This can include:
1. Names of individuals
2. Postal addresses
3. Email addresses
4. Telephone numbers
5. ...plus any other information relating to individuals
GENERAL PRINCIPLES
The following are principles on which effective information security is based:
- Anyone with access to ADT’s information must be made aware of ADT’s expectations about the use and care of that information and that information provided is appropriately secured.
- All information and related resources held by ADT even unclassified information, must be handled with due care. Information may include personal information which requires particular protection.
- The availability of information should be limited to those who need to use or access the information to do their work.
- Once information has been security classified, all users of the information must observe the minimum procedural requirements for the use, storage, transmission and disposal of that information
- On behalf of our clients ADT are authorised to request driver record information. Should a concern arise by any driver ADT will initially advise their accreditation to ISO27001. ADT personnel are briefed that any refusal to provide authorisation to validate driver licence detail will be notified to the relevant client contact. The authority to record this information expires when driver ceases to drive with the Company and in any case three years from the date receipt of a driver's electronic fair processing declaration or upon request by the data subject.
- Sensitive Personal Information will not be shared with any other organisation not listed within the electronic fair processing – any data breach would be recorded on ADT Risk Log and notified to Information Commissioner’s Office
- Information is not transferred overseas
- Clients and their employees have the right to complain via ADT’s complaint process or directly to the Information Commissioner’s Office.
- All staff review the DPA Risk Assessment & Control Measures and follow stated control measures, these are periodically audited by ADT.
SUBJECT ACCESS REQUESTS
All individuals who are the subject of personal data held by ADT are entitled to:
- Ask what information the Company holds about them and
- Ask how to gain access to information
- Be informed how to keep information up to date
- Have the right to erasure to delete personal data (this excludes data held for regulatory purposes). Requests are handled on a case by case basis and if a request is refused ADT will provide a reason without undue delay and at the latest, within one month.
- Be informed how ADT is meeting its GDPR data protection obligations
- If an individual contacts the Company requesting this information, this is called a subject access request. Subject access requests should be sent via email, addressed to the Data Protection Officer at datasecurity@applied-driving.com. The Data Protection Officer can supply a standard request form, although individuals do not have to use this
- The Data Protection Officer must verify the identity of anymore making a subject access request.
DATA AND PROCESSES
DRIVER LICENCE VERIFICATION AND LICENCE INFORMATION
- The licence check results that we receive from DVLA are encrypted and stored in a secure database.
- The paper copies are temporarily stored in a secure and approved facility, compliant with the safeguards outlined in the Data Protection Act 1998. ADT neither request nor receive medical information from the DVLA, except information relating to fitness to drive or information that has a direct impact on driver licensing and capability.
- ADT may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention or to improve the quality of our customer service.
DRIVER SUBMITTED INFORMATION:
- ADT do not share this information with any third-party company apart from with driver’s employer. The purpose of the check is only for entitlement to drive and for no other reason.
- Applied Driving Techniques regards the lawful and correct treatment of personal information as critical to the successful continuation of its operations and to maintaining customer confidence in its services. ADT fully endorse and adhere to the principles of data protection and General Data Protection Regulation:
1. Personal data shall be processed fairly and lawfully and, in particular shall not be processed unless specific conditions are met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall not be kept for longer than is necessary.
5. Personal data shall be processed in accordance with the rights of data subjects under this Act and aligned to GDPR.
6. Personal data shall not be transferred to a country or territory outside the European Economic Area.
IN SUMMARY, WHEN ASKING YOU FOR INFORMATION ADT WILL:
- Ensure you know why we need it
- Protect it and make sure nobody has access to it that shouldn't have
- Make sure we keep it no longer than necessary
- Under no circumstances use it for marketing or any other purposes