TC Cars ltd – Privacy Notice
Last updated: 25 May 2018
TC Cars ltd is committed to protecting and respecting your privacy.
TC Cars ltd is a limited liability company established in England with a registered office at 10 Saxon Way, Birmingham, B37 5Ay.
And for the purpose of the General Data Protection Regulation (the “GDPR”), if you book services as a passenger in England, the data controller is TC Cars ltd or Autocab International (as set out in your booking confirmation).
This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our websites at rafflestaxis.co.uk, our mobile apps (the “Apps”) or our services. Please read this notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this Privacy Notice in general or any part of it, you should not access the Websites, the Apps or use our services.
What types of information do we collect and how do we use it?
- Information you give us. You may provide information by contacting us via our Websites, Apps or by email, telephone, social media or otherwise, or by signing up for our newsletters or alerts, or by creating an account and then using our services.
- If you use our services through your company, information provided to us by your employer. In the case of our corporate customers only, your employer may provide us with information about you when it signs up to use our services, for example your name and business email address.
- Information provided to us by a third party and/or collected from public records in the case of fraud or suspected fraud. In the case of fraud or suspected fraud, we may obtain information from third parties and from public records to prevent and detect fraud.
To perform our contract with you, we will use your information:
- to communicate with you;
- to provide you with ground transportation and/or courier services;
- to create records of bookings and to send you booking acknowledgments, confirmations, receipts and invoices; and
- to maintain records of lost property.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our services and organisation, we will use your information:
- to detect and prevent fraud and crime;
- for reporting and data analysis purposes;
- to administer our membership and loyalty scheme(s);
- for insurance purposes;
- to comply with our legal and regulatory obligations imposed by Birmingham City Council, Solihull Metropolitan Borough Council and any other licensing authority where we provide services;
- to meet customer service requirements and for complaint handling and feedback;
- to monitor and assess the quality of our service;
- to host events for our customers;
- to pass on feedback such as ratings or compliments about our drivers;
- to sign you up for our newsletters or alerts;
- to contact you via telephone, email, SMS or via our Apps;
- to identify our users;
- to personalise our services for you, for example, to provide you with an accessible vehicle where you request such a vehicle and if you have opted in to marketing, to send you promotions and offers tailored to your use of the services, for example, discounts on airport bookings where you frequently make airport bookings;
- to enforce our terms and conditions;
- if you have opted in to marketing, to communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- to provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
Technical usage information.
When you visit our Websites or use our Apps, we automatically collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
- your IP address;
- device information including, but not limited to, identifier, name, and type of operating system (including versions);
- mobile network information;
- standard web information, such as your browser type and the pages you access on our Websites;
- mobile device UUID (Unique Download ID) and/or mobile device fingerprint; and
- hardware models, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers and device motion information.
As it is in our legitimate interests to process your data to provide effective services and useful content to you we collect this information in order to:
- personalise our Websites and Apps to ensure content from our Websites and Apps is presented in the most effective manner for you and your device;
- monitor and analyse trends, usage and activity in connection with our Websites, Apps and services and to improve our services;
- administer our Websites and Apps, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- keep our Websites and Apps safe and secure; or
- measure and understand the effectiveness of the content we serve to you and others.
We receive information from other sources, such as from fraud prevention tools in the case of fraud or suspected fraud, from analytics companies in the case of in car wifi data usage and in the case of telematics data (including crash/impact detection, GPS location data, vehicle usage/driving style data and odometer readings), from third party data validation tools such as Experian and from publicly accessible data such as Companies House, the Land Registry, the Electoral Register and information you post online.
- Fraud prevention: We use risk screening tools to ensure that customer profiles are not fraudulent. To do this, we match the personal data provided by customers against data fields such as name, email address, mobile phone number, and we use this to accept or decline bookings. This is an automated process..
- Marketing:We manually carry out customer segmentation for marketing purposes based on journey history. We use this to make our advertisements more relevant for market segments, such as promoting relevant journey types.
If you would like details of the information we used to create your profile, please contact email@example.com. You can request a manual review of our automated processes or object to profiling, including profiling for marketing purposes by contacting firstname.lastname@example.org.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our Websites. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
How do we share your personal data?
We do not sell, rent or lease your personal information to others except as described in this Privacy Notice. We share your information with selected recipients. These categories of recipients include:
- cloud storage providers located in the UK, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
- IT Services providers that provide us with SaaS services, including Autocab International, who provide both passenger and driver apps;
- analytics and search engine providers located in the UK that assist us in the improvement and optimisation of the Websites and Apps;merchant acquirers located in the UK which store your personal data in the UK for the purpose of processing payments;
- fraud prevention tools located in the UK & USA for the purposes of preventing fraud;
- IT support service providers who support and maintain our booking platform and have access at our premises working on a secure server.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospectivebuyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Where do we store your personal data?
Your data is stored in the following Microsoft Azure datacentres:
• North Europe (Primary)
• West Europe (Secondary).
Your personal data is also processed by staff operating within the UK who are employed by us. Such staff are engaged in, among other things, the fulfilment of your booking, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.
The security of your personal data
Microsoft Azure is both ISO 27001 and ISO 27018 certified. Your data is stored in a secure data centre, with multiple levels of security including crash barriers, complete CCTV coverage, motion sensors, trip lights, state of the art alarms, and roving guards. The centre has reinforced access doors, digital key storage systems, multiple pin entry systems, electronic and physical access logging, and an array of other physical security measures designed to stop someone getting into the building. Even if they do, the servers are all physically and separately secured. The servers are all protected with a digital gateway which means multiple layers of security requiring different levels of authorisation.
Our servers can only be accessed directly by specific people from specific locations. The only people who can access the servers are the people that need to access the servers to ensure out booking platform can operate.
How long do we store your personal data?
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
- the purpose for which we hold your personal data;
- our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations and our regulatory obligations to Transport for London and other local licensing authorities;
- whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase off our Websites/Apps);
- whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our Websites, or share user generated content;
- any specific requests from you in relation to the deletion of your personal data; and
- our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
We will retain your information as follows:
- your customer profile and account information (including your technical usage data), for 7 years after you last use our services;
- if you contact us via email we will keep your data for 5 years;
- records of bookings, lost property and complaints for a minimum of 12 months (we are required to retain such data to comply with our regulatory requirements).
After you have terminated your use of our services, we will store your information in an aggregated and anonymised format.
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. We have described these situations below, as well as how you can exercise your rights. To exercise any of your rights, please contact us at email@example.com.
- Access: You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
- Correction: You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
- Portability: Where you have provided your personal data to us under contract, you have the right to ask us to share (port) this data to another data controller in a structured, commonly used and machine-readable format.
- Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.
- Restriction:In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data, save for storage.
- Objection:In certain circumstances, the right to restrict or object to our processing of your personal information (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data while your request is considered). You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or company trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you marketing communications, including where we build profiles for such purposes, and we will stop processing the data for that purpose. You can change your marketing preferences by clicking unsubscribe at the bottom of any newsletter you receive from us.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.