Non-Personal Information Collected Automatically
Intack Self Drive is committed to the protection of the privacy of its web site visitors. Please note that we may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-parties, but these statistics will include no personally identifying information.
Under GDPR, all data communicated is lawfully collected for specified, explicit and legitimate purposes, accurately and in a transparent manner. The Company does not pass on any data or personal information for marketing or sales to outside entities.
In order to respond to your questions, fulfill your requests or manage interactive customer programs, it may be necessary to ask for personal information such as your name, address, e-mail address and telephone number. We may use this information to respond to your requests, or to contact you via mail, e-mail or phone to inform you of new products, services or promotions we may offer.
If you place an order for a product, request a service or submit content to this site, we may need to contact you for additional information required to process or fulfill your order and/or request. However, unless compelled by applicable legislation, we will not provide this information to a third party without your permission, except as necessary to process your order, fulfill your requests or manage interactive customer programs. You also hereby grant to Intack Self Drive the right to exchange any information provided by you between Intack Self Drive's affiliates for the purposes mentioned before.
In addition to the personal information that you may provide us, this Site may use technology that lets us collect certain technical information like your Internet protocol address, your computer's operating system, your browser type, traffic patterns and the address of any referring Web sites.
Please note that while there are always risks associated with providing personal data, whether in person, by phone or over the Internet, and no system of technology is completely safe, "tamper" or "hacker- proof", Intack Self Drive has endeavoured to take appropriate measures to prevent and minimize risks of unauthorized access to, improper use and the inaccuracy of your personal information. For example, we use encryption technology when collecting or transferring sensitive data such as credit card information.
Accuracy of collected data
Intack Self Drive will on its own initiative, or at your request, replenish, rectify or erase any incomplete, inaccurate or outdated personal data retained by Intack Self Drive in connection with the operation of this Site.
No information may be submitted to Intack Self Drive by persons under the age of 18 without the consent of a parent or legal guardian, nor may persons under the age of 18 make purchases or other legal acts on this Site without such consent, unless permitted by applicable legislation.
Company Specific GDPR Policy
General Data Protection Regulation (GDPR) 25 May 2018
Intack Self Drive LTD
The company processes personal data, which is held in some circumstances manually and in others on computer for the purpose of vehicle rental, staff Administration, Accounts, Third Party Claims and Records.
Additionally it processes personal data with the use of CCTV.
All data collected is:
- Lawfully collected for specified, explicit and legitimate purposes accurately and in a transparent manner
- Customer data is collected and stored to ensure their identity as well as to ascertain their driving entitlements for the purpose of hiring vehicles.
- All employee’s data is collected to ensure they are legitimately employed and the company complies with legislation
- All employees are contractually obliged to inform HO of any personal changes
- As a backup, annually prior to the tax year end, personnel send a data form to each employee to be completed and returned, this is audited by personnel to ensure it is accurate
- Processed for limited purposes to what is necessary
- Seetimescales below
- Adequate, relevant and not excessive
- This is in place
- Not kept longer than necessary
- A maximum of six years plus the current year after the organisation or person is no longer associated with the company
- A Maximum of three years plus the current year to meet insurance third party claims timescales for any CCTV footage, Incident & Accident Reports
- All third party personal data collected is for the legitimate process of claims, accidents, injury and legislative notifications, such as RIDDOR and Insurance Companies
- No data is transferred outside the European Economic Area (EEA)
- All data held on computer is also held on a backup file, updated on a daily basis through a secure Cloud remote location
- Only directors and appointed personnel processors are authorised to pass on any personal data for legitimate purposes
- The Company does not pass on any customer or employee data for marketing or sales purposes within or outside entities
- The Company does not hold any information on Minors
- The company is registered with the ICO and our registration number is ZA244155
- Any request of information will normally be free of charge and handled quickly for most requests but all within one month
- Any considered requests that are unfounded or excessive will be charged or refused
- On refusing to provide any information who ever makes the request will be directed to the supervisory authority for a judicial remedy
- Information will in most cases and where possible be sent electronically an paper based files scanned in.
Personal Data Breach
‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Any apparent breaches of security in access to data by persons other than those appointed must be immediately reported to a Director.
Should any individual or company contact you requesting details of information about themselves held by the Company, the request must be in writing and immediately forwarded to Head Office.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data, such as references.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Any request will be put forward by personnel and determined by a Director
UK organisations handling personal data still need to comply with the GDPR, regardless of Brexit.
The Government has confirmed that it will follow the GDPR principles for data protection.
Remedies, Liability and Penalties
The Supervisory Authority can impose a fine of up to: 4% of annual global turnover; or €20 million whichever is the greater. The administrative fines will in each case be designed to be effective, proportionate, and dissuasive.