GDPR Compliant Logo

(As Updated July 2020)

JSF Driving School collects and processes your personal information or data in accordance with this Privacy Policy.  This policy aims to help you understand what information we might collect about you and how we use it.

We are committed to protecting and respecting your privacy and we will only use your personal data lawfully in accordance with the General Data Protection Regulation (GDPR).

If you have any questions about our Privacy Policy, please get in contact with us by calling 0333 200 7275 or send an email to office@jsfdrivingschool.co.uk

What We May Collect From You

We may collect the following data about you:

  • Information directly from you during telephone conversations, via email, text messaging, Facebook messenger or from your parent or anyone else that you give permission to provide such data required to book driving lessons and form a contract with us
  • Payment data through telephone conversations and BACS transfers
  • As part of providing a professional service for you, under contract, we are legally required to record some personal driving-related data, including your driving licence number, and on occasion, your theory test certificate number
  • Technical data about how you use our website to help us improve your website experience, including your IP address, browser, length of visit to pages on our website
  • Information you provide about your marketing and communication preferences
  • Information should you enter a JSF Driving competition or complete a survey

How We May Use Your Personal Data

We will use your personal data to:

  • Provide our services or products to you. Telephone, text, email and send you post (direct mail), to ensure you are fully aware of our terms and conditions, booking confirmation and any other data we deem necessary to fulfil our contract with you
  • Reply to any enquiries you make about our services or products
  • Inform your allocated driving instructor (employed or franchised) so that he or she can provide you with driving lessons. They will also receive data regarding payments made but this will not include any card details unless you choose to make a payment to them directly. All of our employees and franchisees have completed GDPR training and signed a letter of compliance for your protection
  • Send you marketing communications where you have expressed consent, and we are allowed to by law
  • Personalise your experience on our website
  • Monitor the use of our website and online services
  • Ask you to complete surveys, or invite you to enter competitions or prize draws
  • Keep records of communications
  • Upon the successful passing of your practical driving test, it’s our standard operating practice to request a photograph that we can place on our website and social media such as Facebook and Google My Business for marketing purposes. We will also ask for an accompanying written review. It is your absolute right to refuse or consent to have a photo taken and for its use as part of our marketing strategy

We respect your privacy at all times. Your data will never be disclosed or shared with others without your consent unless required to do so by law.

Our Lawful Grounds of Processing

GDPR Regulations state that we are only allowed to process your personal data where we have a lawful ground for doing so. These are as follows:

  • Where Customer Data is obtained when you place an order with us and we hold that data for the purpose of fulfilling a contract with you, informing you about updates to the service or product, and keeping records of the contract, our lawful grounds of processing is legitimate interests so that we can maintain responsible business operations
  • Where Prospect Data is obtained when you enquire about our services or products and we use that data in order to reply to your enquiry, taking recorded steps prior to entering into a contract with you, our lawful grounds of processing are legitimate interests so that we can maintain responsible business operations
  • Where Prospect Data is obtained when you sign up for any of our free resources and we hold that data in order to send you those free resources, reply to your communications about those resources, and keep relevant records, you have given consent and the lawful grounds of processing is legitimate interests so that we can maintain responsible business operations
  • Where Marketing Data is obtained when you told us of your marketing preferences, consenting to us sending you details of our products and services, and we measure the effectiveness of this marketing, the lawful grounds of processing are legitimate interests so that we can develop our marketing strategy in order to grow our business
  • Where User Data is obtained including data about how you use our website and our online services, together with any data that you post for publication on our website or through other online services, we process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests to enable us to properly administer our website and our business
  • Where Technical Data is obtained that includes data about your use of our website and online services such as your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests to properly administer our website and our business and to grow our business and to decide our marketing strategy
  • Where we process your data in order to comply with legal requirements, such as required by a government department such as the DVSA or HMRC, the processing is necessary to comply with our legal obligations as a responsible business operation
  • We do not collect any Sensitive Data about you. Sensitive data includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect information about criminal convictions and offences

Sharing or Disclosing Your Personal Data

Whilst we will never disclose or share your data with others without your consent, which includes accepting the use of cookies on our website, we use third party processors to enhance some of our services.

We only work with companies that we believe are the best for you and our business, and that follow GDPR guidelines where they need to process or store your information on our behalf.

We may share and receive data from third parties such as:

  • Theory Test Pro to provide Theory test preparation and training. Theory Test Pro is GDPR compliant. For more information about their privacy policy please follow this link //theorytestpro.co.uk/privacy/
  • Hotjar to better understand our website users’ needs and to optimise the service and experience received when visiting our website. Hotjar is GDPR compliant, using cookies and other technologies to collect data on users’ behaviour and their devices which is captured and stored only in anonymised form. For further details, please follow this link //www.hotjar.com/legal/policies/privacy
  • Service providers who provide IT and system administrative services 

International Transfers

Your personal data may be processed outside the EU by us or the third parties we use. All are GDPR compliant as well as being part of the EU – US Privacy Shield, maintaining the same high standard of protection for your personal data at all times.

  • We use WP Engine to host our website. For more information about WP Engine please read their privacy policy on this link //wpengine.co.uk/legal/privacy/
  • We use Active Campaign to provide a database. Active Campaign is GDPR compliant. For more information about Active Campaign, please read their privacy policy on this link //www.activecampaign.com/privacy-policy/
  • We use Pipedrive to provide a database. For more information about Pipedrive please read their privacy policy on this link https://www.pipedrive.com/en/privacy
  • We use Google as analytics providers. For more information please read their privacy policy on this link //policies.google.com/privacy
  • We use G Suite as our email and business platform provider. For more information about G Suite please read their privacy policy on this link //cloud.google.com/security/privacy/
  • We use Creative 6 Media dba OptimizePress to provide opt-in landing pages on our website. For more information about Creative Media dba OptimizePress please read their privacy policy & terms on this link //www.optimizepress.com/legal-privacy/

We ensure all processors acting on our behalf act in accordance with this privacy policy.

Security and Safe Guarding Measures

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Our team is trained on the importance of Privacy and Data Protection and will adhere to our internal policies. We also use two-step verification security access procedures on all digital devices used for personal data handling.

Please note however, that we cannot guarantee that the measures we maintain will guarantee the security of the information.

We have in place procedures to quickly deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are required to do so.

How Long We Retain Your Data

JSF Driving School only retains personal information for as long as is necessary, including for the purposes of satisfying any legal, accounting or reporting requirements.

For tax purposes we are legally required to keep basic information about our customers for six years after they stop being customers.

In some circumstances we may anonymise personal data for statistical purposes in which case we may use this information indefinitely without further notice to you. For further details on our data retention periods please contact us.

Your Legal Rights

Under GDPR you have the right to access personal information that JSF Driving School processes about you. You can request from us information about:

  • The personal data we hold about you
  • The categories of personal data concerned
  • The purposes of the processing
  • Details to whom your personal data has/will be disclosed
  • How long we retain your personal data
  • If we did not collect the data directly from you, information about the source

You may also request from us the following:

  • That we update any incomplete or inaccurate data about you
  • Request that we delete your personal data in accordance with GDPR

You can find more information about your rights at //ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

You may request we action your rights by contacting us at JSF Driving School, 37 Rushyleaze, Lydney, Gloucestershire, GL15 5QW or by emailing us at office@jsfdrivingschool.co.uk

To ensure your data is protected, if we receive a request from you to exercise your rights, we will ask you to verify your identity before acting on the request. Once verified, we will try to respond to your request in an easily understandable format within one month. If the request is particularly complex or if you have made a number of requests it may take us longer to respond and we will inform you of this at the time.

No fee is chargeable to access your personal data or exercise your rights. Please note however that we may charge a reasonable fee if your requests are clearly unfounded, repetitive or excessive, or we may refuse to comply with your request at that point.

If you are unhappy with how we collect and use your data you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would be grateful if you would contact us first if you do have a complaint so that we can have the opportunity to resolve any issue you have with our data collection.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Cookies

You can set your browser to refuse some or all browser cookies or alert you when they are in use. Please note that if you disable or refuse cookies some areas of this website may become inaccessible or not function correctly. For more information about the cookies we use please see //jsfdrivingschool.co.uk/cookie-policy/

Changes to This Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

NHS Track & Trace Service Update: 4th July 2020

During the Covid-19 pandemic, in accordance with advice as set out by Public Health England & the government, JSF Driving School will fully cooperate with the NHS Track & Trace service providing personal data relating to health when necessary or requested. Health checks, as described on this website & explained at the start of each lesson by your instructor, are a requirement for any lesson to go ahead as is consent to this data being shared with the NHS Track & Trace service. Should consent be refused then the lesson will not go ahead & further lessons cancelled until consent is given. 

The Independent Commissioners Office (ICO) state that data retention periods must relate to the purpose of processing & must not be disproportionate, only being processed for the duration of the Covid-19 crisis, based on scientific or epidemiological considerations (e.g. period of infection). Afterwards, as a general rule, the data should be erased or anonymised by the NHS service. 

The ICO will keep these recommendations under review, taking into account how the COVID-19 pandemic develops and the particular proposals under development to respond to the crisis. During the period contact tracing app Collection of personal data relating to health shall be allowed only where the processing is either based on explicit consent, is necessary for reasons of public interest in the area of public health, is for health care purposes, or is necessary for scientific research or statistical purposes.