Privacy policy

Privacy Policy of www.intack.co.uk

This Privacy Policy is applicable to this Site and not necessarily to other Intack Self Drive sites on the World Wide Web pages. When leaving this Site, please read the privacy policy applicable to the site you are visiting. If you do not agree with this Privacy Policy, please do not use this Site.

By accessing and using this Site, you hereby agree to the terms of this Privacy Policy.

Non-Personal Information Collected Automatically

Intack Self Drive is committed to the protection of the privacy of its web site visitors. Please note that we may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-parties, but these statistics will include no personally identifying information.

Under GDPR, all data communicated is lawfully collected for specified, explicit and legitimate purposes, accurately and in a transparent manner. The Company does not pass on any data or personal information for marketing or sales to outside entities.

Personal Information

In order to respond to your questions, fulfill your requests or manage interactive customer programs, it may be necessary to ask for personal information such as your name, address, e-mail address and telephone number. We may use this information to respond to your requests, or to contact you via mail, e-mail or phone to inform you of new products, services or promotions we may offer.

If you place an order for a product, request a service or submit content to this site, we may need to contact you for additional information required to process or fulfill your order and/or request. However, unless compelled by applicable legislation, we will not provide this information to a third party without your permission, except as necessary to process your order, fulfill your requests or manage interactive customer programs. You also hereby grant to Intack Self Drive the right to exchange any information provided by you between Intack Self Drive's affiliates for the purposes mentioned before.

In addition to the personal information that you may provide us, this Site may use technology that lets us collect certain technical information like your Internet protocol address, your computer's operating system, your browser type, traffic patterns and the address of any referring Web sites.

Security

Please note that while there are always risks associated with providing personal data, whether in person, by phone or over the Internet, and no system of technology is completely safe, "tamper" or "hacker- proof", Intack Self Drive has endeavoured to take appropriate measures to prevent and minimize risks of unauthorized access to, improper use and the inaccuracy of your personal information. For example, we use encryption technology when collecting or transferring sensitive data such as credit card information.

Accuracy of collected data

Intack Self Drive will on its own initiative, or at your request, replenish, rectify or erase any incomplete, inaccurate or outdated personal data retained by Intack Self Drive in connection with the operation of this Site.

Visitor identification

From time to time, information may be placed on your computer to allow us to identify you. This information is commonly known as "cookies". By showing how and when our visitors use this Site, this information can help us to continue to improve our Site. We will only use cookies to view information on your hard drive that was put there by a cookie from this Site. The use of cookies is an industry standard and many web sites use them. Cookies are stored on your computer and not on this Site. If you do not wish to receive cookies, or want to be notified of when they are placed, you may set your web browser to do so, if your browser so permits.

Minors

No information may be submitted to Intack Self Drive by persons under the age of 18 without the consent of a parent or legal guardian, nor may persons under the age of 18 make purchases or other legal acts on this Site without such consent, unless permitted by applicable legislation.

Changes

We may change this Privacy Policy, or change, modify or withdraw access to this Site, or the content of these pages at any time with or without notice.

Company Specific GDPR Policy

General Data Protection Regulation (GDPR) 25 May 2018

Intack Self Drive LTD

The company processes personal data, which is held in some circumstances manually and in others on computer for the purpose of vehicle rental, staff Administration, Accounts, Third Party Claims and Records.

Additionally it processes personal data with the use of CCTV.

All data collected is:

  • Lawfully collected for specified, explicit and legitimate purposes accurately and in a transparent manner 
    • Customer data is collected and stored to ensure their identity as well as to ascertain their driving entitlements for the purpose of hiring vehicles.
    • All employee’s data is collected to ensure they are legitimately employed and the company complies with legislation
    • All employees are contractually obliged to inform HO of any personal changes
    • As a backup, annually prior to the tax year end, personnel send a data form to each employee to be completed and returned, this is audited by personnel to ensure it is accurate 
  • Processed for limited purposes to what is necessary
    • See timescales below 
  • Adequate, relevant and not excessive
    • This is in place 
  • Not kept longer than necessary 
    • A maximum of six years plus the current year after the organisation or person is no longer associated with the company 
    • A Maximum of three years plus the current year to meet insurance third party claims timescales for any CCTV footage, Incident & Accident Reports
    • All third party personal data collected is for the legitimate process of  claims, accidents, injury and legislative notifications, such as RIDDOR and Insurance Companies 
  • No data is transferred outside the European Economic Area (EEA)
  • All data held on computer is also held on a backup file, updated on a daily basis through a secure Cloud remote location
  • Only directors and appointed personnel processors are authorised to pass on any personal data for legitimate purposes
  • The Company does not pass on any customer or employee data for marketing or sales purposes within or outside entities
  • The Company does not hold any information on Minors
  • The company is registered with the ICO and our registration number is ZA244155
  • Any request of information will normally be free of charge and handled quickly for most requests but all within one month
    • Any considered requests that are unfounded or excessive will be charged or refused
    • On refusing to provide any information who ever makes the request will be directed to the supervisory authority for a judicial remedy
    • Information will in most cases and where possible be sent electronically an paper based files scanned in.

Personal Data Breach

‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Any apparent breaches of security in access to data by persons other than those appointed must be immediately reported to a Director.

Should any individual or company contact you requesting details of information about themselves held by the Company, the request must be in writing and immediately forwarded to Head Office. 

Right to be Forgotten

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data, such as references.

The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.

Any request will be put forward by personnel and determined by a Director

Brexit

UK organisations handling personal data still need to comply with the GDPR, regardless of Brexit.

The Government has confirmed that it will follow the GDPR principles for data protection.

Remedies, Liability and Penalties

The Supervisory Authority can impose a fine of up to: 4% of annual global turnover; or €20 million whichever is the greater. The administrative fines will in each case be designed to be effective, proportionate, and dissuasive.