GDPR compliant and Data Protection Policy.
Purpose and Background
LOGISTIFIE LTD holds information about customer’s business details provided at the time of application signup, customers and other people involved with our business activities. LOGISTIFIE LTD has a responsibility to look after this information properly, and to ensure we comply with the EU General Data Protection Regulation (GDPR) which comes into force in the UK from 25th May 2018. It is expected that the GDPR will continue to form the basis of UK Data Protection legislation, even once the UK has left the EU, so it is therefore fully taken into account in this policy.
Data Protection good practice is not just a matter of legal compliance and ticking boxes. Data Protection is about taking care of our drivers and clients and ensuring that we are respecting their privacy. Poor practice or a serious breach could not only harm individuals but would also have a serious effect on the reputation of LOGISTIFIE LTD and we value our good name.
This policy applies to information relating to customer’s (who use our product and services) which is held by LOGISTIFIE LTD
Our legal basis for using people’s data
Everything we do with records about individuals – obtaining the information, storing it, using it, sharing it, even deleting it – will have an acceptable legal basis. There are six of these:
Where we are basing our processing on consent we will be able to ‘demonstrate’ that we hold consent. This means having a record of who gave consent, when they gave it, how they gave it (e.g. on the website, on a form, verbally), and what they actually consented to.
In the case of legitimate interests, we will do a balancing test, and be confident that our legitimate interests in using the data in a particular way – for example in providing our services – are not overridden by the interests of the individual.
Data Protection Principles
Data Protection compliance is based largely on a set of Principles.
The six GDPR Principles say that:
This policy reflects each of these principles.
Transparency & purposes (first and second principles)
We will make key information available to people at the time we collect information from them.
Other information will be made available where relevant. This includes:
In both cases, we will only tell people things they won’t already know. When a customer signs up for our LOGISTIFIE LTD service they know that we will keep a record of them and their activities with us.
One explicit right that people have is to stop us from sending them marketing material (by post, phone, email, or text) if they don’t want it.
When we collect information from people that might be used for marketing we will say so at the time and ask them if they are happy to hear from us. The wording will be along the lines of: “We would like to keep you up to date with information about LOGISTIFIE LTD services. Please tick here to indicate which method(s) you are happy for us to use: Mailo, Phone o, Email o, Text o”
These rules are only for marketing. They do not stop us from contacting people in whatever is the most convenient way to give them information about things they have already signed up to, or for other administrative purposes.
Data quality, record keeping, and retention (third, fourth and fifth principles)
Our activities will be more effective and appropriate if we have good quality records about the people we are working for and with, our customers. GDPR insists on this. We will ensure we have the information we need, but no more (it must be adequate, relevant, and limited to what is necessary) and it will be as accurate as we can make it and – where necessary – kept as up to date as possible. We will not keep it longer than necessary.
We will ensure that our staff is fully aware that the individual concerned has the right to see all the information recorded about them by LOGISTIFIE LTD. LOGISTIFIE LTD has a clear policy on how long to keep personal information and this is directly linked to the retention for our compliance with Transport for London obligations of service. We have established a process for ensuring that data is deleted or destroyed at the appropriate time to comply with this requirement.
Security (the sixth principle)
We will take good care of the information we hold, whether on our computer systems or on paper and make sure that all our staff has the appropriate guidance and training so that they treat your information appropriately.
Responsibility for compliance with the GDPR lies with LOGISTIFIE LTD, not with any specific individual. However, LOGISTIFIE LTD has designated someone to lead on, keeping up to date with any developments, checking that we are complying and have the evidence to prove it, giving advice to drivers/clients, and handling any issues such as a data breach or a Subject Access Request.
The individual currently designated can be contacted at the following email address