This privacy notice describes our collection, use, disclosure, retention and protection of your personal information. Where you provide us with your personal information, you agree that we may collect, store and use it (a) in order to perform our contractual obligations to you, (b) based on our legitimate interest for processing (i.e. for keeping you informed about us and our services, internal administrative purposes or for the detection or prevention of crime) or (c) based on your consent, which you may withdraw at any time, as described in this notice.
1. Who are we and how you can contact Us
This notice applies to all websites, applications and services offered by THE DRIVER Co. (a company in France with a registered office at 33 Boulevard Général du Leclerc, 06420 Beausoleil, France).
If you need to contact us regarding this notice, please contact us by email at email@example.com. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
2. Our collection of your personal data
“Personal data” means information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include your name and contact details that you provide to us when making an enquiry, information relating to your travel requirements when making a booking with us (or when you are engaged to perform a shipment for us), payment details for a booking, information on how you use our websites or information from your other interactions with us (including via telephone, fax, SMS, email or post). It does not however include data where the identity has been removed (anonymous data).
We collect some personal data from you, for example when you are applying for an employment position with us or wish to register with us to supply services to us, make an enquiry about our services, book and use our services, visit our websites, register your details in order to receive communications from us, or interact with us by telephone, post, email, social media or industry events.
We may also receive your personal data from third parties who act on your behalf, for example travel agents, your employer or other parties who, for example, book a car for you. We may also receive data about you from:
- other members of our group of companies from whom you have purchased services or to whom you have provided data;
- related suppliers that we engage on your behalf to provide the services that we offer;
- payment processing and credit referencing agencies;
- analytics providers;
- recruitment agencies or internet based recruitment platforms.
We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for client due diligence purposes), but in each case as permitted by applicable laws.
If you intend giving us personal data about someone else (for example, you are booking a car for or otherwise representing someone else), you are responsible for ensuring that you have sufficient lawful grounds to do so under applicable data protections laws. If required by applicable data protection laws, you must ensure that before you share someone else’s personal data you have their explicit consent to do so. This could include situations where you are sharing ‘special category’ data (for example data which reveals health or ethnic or racial origin). In such circumstances, you are responsible for explaining to them how we collect, use, disclose and retain their personal information or direct them to read this notice.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We may collect and process the following categories of information about you (or about other individuals where you provide this on their behalf):
|Categories||Main circumstances of collection|
|Identity and contact details (name, email address, telephone number and postal address, job title, including potentially your business/company name). We may also ask you to provide information about your business and your preferences with regards to our services.||When you make an enquiry/express an interest in our services; when you make a booking; or if you are a supplier engaged or interested in being engaged to provide services to us, or if you are applying for an employment position with us|
|Booking and travel itinerary information, including changes to booked arrangements, specific dietary requirements, special assistance that you may require; this will include information about other passengerstravelling on your booking (including children where relevant).||When you make a booking or we are managing your booking|
|Health information where you have a medical condition that may affect your flight.||Where this information is provided to us in the context of a booking for our services|
|Financial information such as payment card details or bank account details.||When making payment for our services|
|Passenger information required in relation to air transportation (including full name, nationality, date of birth, gender (where required), the number and type of travel document (e.g. passport or ID), its expiry date and country of issue), both in respect of you and any other passenger you represent/in your group; this may include photographic identity information where you provide it; potentially, it may be necessary to obtain visa/work permit information where this is required by the authorities in any destination.||When we are managing your booking|
|CV or employment application data.||When you are applying for an employment position with us or potentially interested in being a supplier of handcarry cargo or equine groom services to us|
|Marketing and communications data, including any stated preferences in receiving marketing from us and any other communications preferences you have stated.||When you contact us or we contact you|
|Communications you exchange with us (for example, emails, letters or calls), including any feedback you provide to us regarding our services (Contact history).||When you contact us or we contact you|
|Transaction history data including details of services which you have engaged us to perform for you or on your behalf, information you provide us in connection with such services and associated contacts with us.||When we are managing your booking and administering your interaction history with us; when you contact us|
|Information about your use of our websites, such as what pages you have visited, how you arrived on our website, navigated around it and browsed away from it (including dates and times), page response times, download errors, length of visits to certain pages. Cookies may be used to help us do this – see our Cookie Notice.
Information about the device you are using to access our websites, such as the type of device, its operating system, browser, IP address).
|When navigating our websites|
Special category personal data
In the course of providing services to you (or for any passengers that you represent), we may collect information that could reveal your racial or ethnic origin, physical or mental health or religious beliefs; for example, you may inform us:
- of a specific medical condition which may affect your (or another passenger’s) travel needs;
- that you (or another passenger) require special assistance for a car/tour;
- about specific dietary requirements that you (or another passenger) may have.
Such information is considered ‘special category’ personal data under applicable European data protection legislation. By providing any special category personal data you explicitly consent that we may collect and use it in order to provide our services and in accordance with this notice; if you are representing another person whose special category persona data is being provided to us, you are responsible for obtaining that person’s explicit consent to such processing. If you do not allow us to process any special category personal data, this may mean we are unable to provide all or parts of the services you have requested from us, and we may not be able to guarantee your safety on board.
3. How we use personal data
Our use of your personal data will always have a lawful basis. Most commonly, we use your personal information:
- Where we need to perform any contract we have entered into with you;
- Where we need to comply with a legal obligation;
- Where we have your consent;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interest
“Legitimate interest” means our interest in conducting and managing our businesses to enhance our services and experiences for our clients, users and contacts. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). The legitimate interests that we pursue include:
- Performance of our services: it is in our legitimate interests to be able to perform our services in a timely and professional manner and to enable compliance with legal and regulatory requirements, and to ensure that appropriate suppliers are utilised to achieve the same. In particular, the arrangement of passenger air transportation necessitates that certain passenger related data is required to be processed in order to enable carriage by air by the relevant air carrier.
- Administering, developing and improving our services and developing and maintaining our business relationships: we have an interest in understanding what kinds of people and businesses use our services (or may wish to act as a supplier in relation to our services), why and when. Accordingly, we have an interest in keeping in touch with, and maintaining, our relationships with our clients and prospective clients who have previously enquired about our services, as well as suppliers and potential suppliers to our businesses and clients.
- Understanding and maintaining awareness of the wider markets that we operate in: we have an interest in maintaining our awareness of developments, trends, activities and opportunities in the industries that we operate in; this includes maintaining our awareness of utilisation of services similar to ours by potential clients and awareness of the services which are on offer by suppliers and potential suppliers to the business sectors that we operate in.
- Communicating and marketing our services and growing our businesses: like any commercial organisation, we seek to earn revenue through the services that we provide to our clients and seek to develop and increase awareness and understanding of, as well as demand for, our services with potential clients with an interest in our services, or who we have reason to believe would find our services of interest due either to their utilisation of services similar to ours or who we consider have the potential to do so.
- Monitoring and securing our systems and data: Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through them are kept secure and only made available to the correct people.
- Reorganising our business operations and corporate structure.
- Fraud prevention.
- Disclosure to appropriate authorities of potentially criminal acts or security threats.
- Engaging personnel/suppliers/subcontractors
- Ensuring we operate suitable and appropriate IT systems and website content.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests);
- Where it is needed in the public interes
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. You also have the right to object to our using your personal data for particular purposes. In each case, please contact us (see section 1 above).
Situations in which we will use your personal information
We need many of the categories of information listed in section 2 above to allow us to perform a contract with you. We may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. Specifically, we may process your data for the following purposes, in each case in reliance on the stated lawful basis (some of the below stated grounds for processing will overlap and there may be several grounds which justify our use of your personal information):
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|Performance and management of engagements for our services (including the related performance of our suppliers for our clients) and responding to requests for our services, This will include:
· Carrying out our obligations under contracts for or related to our services
· Informing you about services that you have previously enquired about or contracted with us for (including any changes to the them) or to provide you with any information that we are required to send you to comply with legal obligations to which we are subject
· Invoicing and payment for our services (including payment card verification)
· Collection of any outstanding monies owed to us
· Replying to emails or other communications from you with respect to enquiries or interest in our services or working with us as a supplier business partner
· Managing and administering our relationship with you and the services you have engaged us to provide or have enquired about
· Obtaining/receiving feedback on our provision of services
Travel, visa and work permit information
|Performance of a contract with you.Necessary for our legitimate interests (to ensure timely and professional performance of our services, engagement of appropriate qualified suppliers, maintaining knowledge of supplier network, and to recover debts due to us).
Necessary to comply with a legal obligation
|Validation of client and enquiry information||IdentityContact
|Performance of a contract with you.
Necessary for our legitimate interests (to ensure we retain accurate records relating to you and to performance of engagements for our services (including enquiries made for our services).
|Direct marketing communication (only in compliance with applicable privacy laws) with you (either electronic or postal or by telephone) to inform you about or recommend: similar services which we offer that we consider may be of interest based on your prior enquiries or purchase history or based on our knowledge of your business activities and potential requirement for services similar to ours, service availability announcements, changes to our services or organisation, and administrative messages and other communications relating to our services.
Enhancing, personalising, improving and tailoring our services or communications.
Market research, surveys or user analysis to understand your needs and improve our service offering.
Maintain our general market awareness in the sectors that our businesses operate in
|Identity ContactTransaction history
|Where we have your consent.Necessary for our legitimate interests (to administer, develop and communicate our services, enhance knowledge about them, grow and manage our business, to keep in contact with our clients and prospective clients (relationship management), to maintain our understanding of developments and activities in the business sectors we operate in, and in the context of a business or group reorganisation).|
|Administration of files and records; business management and planning, including accounting and auditing.||IdentityContact
|Necessary for our legitimate interests (for running our business, complying with audit processes, provision of administration and IT services).
Necessary to comply with a legal obligation
|Detect, prevent, investigate or remediate, crime (such as fraud), illegal or prohibited activities or to otherwise protect our legal rights.||IdentityContact
Booking and travel itinerary information
|Necessary for our legitimate interests (to prevent fraud).
Necessary to comply with a legal obligation
|Compliance with applicable laws, regulations, court orders, government and law enforcement agencies’ requests, to operate our systems properly and to protect ourselves, our users and clients and to solve any client disputes.
Performance of sanctions and other embargo screening/due diligence checks.
|Where we need to comply with a legal obligation.
Necessary for our legitimate interests (ensuring that our activities do not involve or relate to any potential breach of existing sanctions and embargoes).
|Processing applications for employment positions or to work for us as a supplier and/or subcontractor.||IdentityContact
|Necessary for our legitimate interests (engaging personnel/suppliers/subcontractors).|
|Maintaining and enhancing the operation, functionality and security of our websites and client relationship management systems (including internal testing to improve security and performance).
Monitoring, measuring, improving and protecting our websites to provide enhanced and relevant user experiences.
Analysing your use of our websites to enable Us to continually improve our websites and your user experience.
Providing and managing your access to our websites.
Personalising and tailoring your experience on our websites
|Necessary for our legitimate interests (ensuring we operate suitable and appropriate systems, and have relevant and appropriate website content).|
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may use your personal data for marketing purposes which may include contacting you by email, telephone, text message or post with information and news about us or our services which we feel may be of interest to you. However, we will only do this where we have a lawful basis and in compliance with our obligations under applicable laws governing personal data and privacy (in particular, laws requiring your prior opt-in consent for specific methods of direct marketing). Accordingly, this notice will operate subject to the operation of any more restrictive laws regarding marketing which take effect in any country where a member of our group is incorporated and trades.
We may use your identity and contact data, as well as information provided by you when communicating with us and information obtained from public sources, to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and news items may be relevant for you when considering communicating for marketing purposes.
You may receive marketing communications from us if you have requested information or a quotation from us or have purchased services from us previously (either in your own name or in the name of your employer) or if we are aware from public sources that, for example, your corporate employer has purchased similar services to those we offer.
We will not share your personal data with any company besides THE DRIVER for purposes of allowing them to market their products or services to you unless we have obtained your prior express opt-in consent.
Third party platform advertising: We may share your information with third party platform providers (such as Facebook, Google and Twitter) to serve targeted advertising/content to you via the relevant third party platform based on your profile/interests. Your information is used by the third-party platform provider to identify your account and serve advertisements to you. You can control what advertisements you receive via the privacy settings on the relevant provider’s platform and you should consult the third party’s help/support centre for more information.
Opting Out: You can ask us to stop sending you marketing messages at any time by following the opt-out/unsubscribe links on any marketing message sent to you or by contacting us at any time at firstname.lastname@example.org; please use the header “Unsubscribe” for your email in such circumstances).
Where you opt out of receiving these marketing messages we will file your contact details on a ‘marketing suppression list’ to make sure that we respect your marketing choices in the future.
4. Sharing your information
We may share some of your information with the following categories of third parties:
- representatives or agents acting on our behalf with respect to the promotion of our services in particular territories;
- suppliers where necessary in performance of services which you have (or your organisation has) contracted for with or through us (which may include sharing data in order to perform and process payments associated with performance of such services).
- information technology companies undertaking services for us in connection with maintenance, support, development or enhancement of our websites or our other information technology platforms and infrastructure;
- internet platform providers which process information so that they may help us to provide you with applications, services and information you request or which we believe will be of interest to you.
- third parties that we engage to perform market surveys/client feedback surveys;
- third parties which we engage to securely host emails and act as suppliers to distribute our newsletter and other marketing email communications on our behalf, both where you have requested information and where we believe that information will be of interest to you;
- credit and debit card companies used to facilitate payment transactions arising from engagement of our services;
- credit reference agencies for the purposes of determining potential payment credit terms;
- fraud prevention agencies;
- recruitment agencies or website recruitment platforms in the context employment;
- law enforcement agencies, regulators or other applicable third parties, where necessary to enable us to comply with our regulatory and legal obligations (including statutory or regulatory reporting or the detection or prevention of unlawful acts ), or where necessary to assist them in the conduct of their investigations;
- agencies engaged to perform criminal records checks;
- our clients (if you are a supplier), in the course of performance of any engagement for services;
- relevant third parties in the context of actual or threatened legal proceedings (for example in response to a court order or enforcement of the terms of a contract);
- our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
- another organisation if we sell or buy (or negotiate to sell or buy) any of our companies, business or assets;
- another organisation to whom we may transfer our agreement with you.
We may compile statistics about the use of our websites including data on traffic, usage patterns, user numbers, and other information. All such data will be anonymised and will not include any data which can be used to identify you either by itself or when combined with other data. We may share non-personally identifiable information about the use of our website, applications, products or services publicly or with third parties but this will not include information that can be used to identify you.
We do not sell personal data to third parties for marketing purposes.
5. Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage. We will do our best to protect your personal information but we cannot guarantee the security of your information which is transmitted to our websites, applications or services or to other websites, applications and services via an internet or similar connection.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
6. Where your data is stored and sent
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. Our office is based in France and your information will be accessed and used here and elsewhere in the European Economic Area (EEA) where we also have partner companies.
While countries within the EEA all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection of your personal data. In each case referenced in section 4, your data may, for purposes described in this notice or otherwise approved by you, be transferred to, processed by and stored by persons operating outside of the EEA and the third party may require access to all or some of your data. For example:
- our staff, suppliers or agents located outside of the EEA may need to access and process personal data , for example to fulfill your booking, operate ground handling services, or provide other support services
- we may use cloud-based technology hosted outside of the EEA to host some of our applications;
- we may use service providers based outside of the EEA to help us support some of our information technology infrastructure and these service providers may need to access your personal data in order to provide and support that infrastructure.
When we send personal data outside of the EEA we take steps to put in place appropriate safeguards to protect the information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in accordance with applicable data protection laws. We protect your personal data, for example, by:
- requiring THE DRIVER Co. to be subject to data protection policies designed to protect data in accordance with EU data protection laws;
- where possible, putting in place standard model clauses for transfers of personal data outside the EEA which have been approved by the European Commission;
- limiting access to your personal information to those employees, agents, contractors and other third parties who have a business need to know;
- ensuring they will only process your personal information on our instructions, for the reasons we specify.
We may also from time to time rely on one or more of the ‘derogations’ available in applicable data protection laws, for example:
- The transfer is necessary for the establishment, exercise or defence of legal claims; or
- We have the individual’s explicit consent; or
- The transfer is necessary for the conclusion or performance of a contract in the interest of the individual concerned, and we are party to that contract;
- The transfer is necessary in order to perform a contract between us and the individual concerned, or the implementation of pre-contractual measures taken at the individual’s request.
We may also be compelled by law to disclose your personal data to a third party and will have limited control over how it is protected by that party in such circumstances.
If you are giving us personal data about someone else so that it can be transferred outside of the EEA (for example you are booking transport for a passenger on a flight departing the EEA), you are responsible for obtaining that person’s explicit consent to us transferring the personal data to the country in question.
7. How long is personal data kept for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal information in accordance with applicable laws and regulations.
8. Automated Profiling
We do not perform automated decision-making and profiling activities using your personal data. (When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups).
9. Your information and your rights
If you are based within the EEA or within another jurisdiction with similar data protection laws, you have a number of rights under applicable data protection laws. Those rights relevant to our activities are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
- Information and Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
- Withdrawal of consent: When we rely on your consent to use your data, you have the right to withdraw that consent at any time.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes. If you do this we will stop using it for those purposes.
Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
With effect from 25 May 2018 you also have the following rights:
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
- Objection to use of legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data, you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: You have the right to receive some limited kinds of information in a portable format.
You have the right to lodge a complaint with your relevant supervisory authority responsible for data protection matters (for example, in the UK, the Information Commissioner’s Office; in Germany, the Bundesbeauftragete für den Datenschultz und die Informationsfreiheit). You can do this online through the authority’s website or by any other means they specify.
Your right to restrict the processing of your data for certain purposes, including marketing purposes, may be exercised at any time; for example at the point of submitting an enquiry on our websites, or by unsubscribing using the links provided in our emails, or by contacting us at any time (see section 1).
If you wish to exercise your right to ask for a copy of any of your personal data held by us (where such data is held), no fee is chargeable by us. We will provide any and all information in response to your request free of charge, unless your request for access is clearly unfounded or excessive. We will aim to respond within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made a number of requests. In this case, we will notify you and keep you updated. Please contact us using the contact details in section 1.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
10. What Happens If Our Business Changes Hands?
We may, from time to time, expand or reduce our business operations and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
11. Links to other websites
Our websites may contain links to other websites which are not operated by a member of THE DRIVER Co. We have no control over how your data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
We may change this notice from time to time (for example, if the law changes). Any changes will be immediately posted on our websites. We recommend that you check this page regularly to keep up-to-date.
Version - May 2018