(As Updated July 2020)
We are committed to protecting and respecting your privacy and we will only use your personal data lawfully in accordance with the General Data Protection Regulation (GDPR).
What We May Collect From You
We may collect the following data about you:
- Information directly from you during telephone conversations, via email, text messaging, Facebook messenger or from your parent or anyone else that you give permission to provide such data required to book driving lessons and form a contract with us
- Payment data through telephone conversations and BACS transfers
- As part of providing a professional service for you, under contract, we are legally required to record some personal driving-related data, including your driving licence number, and on occasion, your theory test certificate number
- Technical data about how you use our website to help us improve your website experience, including your IP address, browser, length of visit to pages on our website
- Information you provide about your marketing and communication preferences
- Information should you enter a JSF Driving competition or complete a survey
How We May Use Your Personal Data
We will use your personal data to:
- Provide our services or products to you. Telephone, text, email and send you post (direct mail), to ensure you are fully aware of our terms and conditions, booking confirmation and any other data we deem necessary to fulfil our contract with you
- Reply to any enquiries you make about our services or products
- Inform your allocated driving instructor (employed or franchised) so that he or she can provide you with driving lessons. They will also receive data regarding payments made but this will not include any card details unless you choose to make a payment to them directly. All of our employees and franchisees have completed GDPR training and signed a letter of compliance for your protection
- Send you marketing communications where you have expressed consent, and we are allowed to by law
- Personalise your experience on our website
- Monitor the use of our website and online services
- Ask you to complete surveys, or invite you to enter competitions or prize draws
- Keep records of communications
- Upon the successful passing of your practical driving test, it’s our standard operating practice to request a photograph that we can place on our website and social media such as Facebook and Google My Business for marketing purposes. We will also ask for an accompanying written review. It is your absolute right to refuse or consent to have a photo taken and for its use as part of our marketing strategy
We respect your privacy at all times. Your data will never be disclosed or shared with others without your consent unless required to do so by law.
Our Lawful Grounds of Processing
GDPR Regulations state that we are only allowed to process your personal data where we have a lawful ground for doing so. These are as follows:
- Where Customer Data is obtained when you place an order with us and we hold that data for the purpose of fulfilling a contract with you, informing you about updates to the service or product, and keeping records of the contract, our lawful grounds of processing is legitimate interests so that we can maintain responsible business operations
- Where Prospect Data is obtained when you enquire about our services or products and we use that data in order to reply to your enquiry, taking recorded steps prior to entering into a contract with you, our lawful grounds of processing are legitimate interests so that we can maintain responsible business operations
- Where Prospect Data is obtained when you sign up for any of our free resources and we hold that data in order to send you those free resources, reply to your communications about those resources, and keep relevant records, you have given consent and the lawful grounds of processing is legitimate interests so that we can maintain responsible business operations
- Where Marketing Data is obtained when you told us of your marketing preferences, consenting to us sending you details of our products and services, and we measure the effectiveness of this marketing, the lawful grounds of processing are legitimate interests so that we can develop our marketing strategy in order to grow our business
- Where User Data is obtained including data about how you use our website and our online services, together with any data that you post for publication on our website or through other online services, we process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests to enable us to properly administer our website and our business
- Where Technical Data is obtained that includes data about your use of our website and online services such as your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests to properly administer our website and our business and to grow our business and to decide our marketing strategy
- Where we process your data in order to comply with legal requirements, such as required by a government department such as the DVSA or HMRC, the processing is necessary to comply with our legal obligations as a responsible business operation
- We do not collect any Sensitive Data about you. Sensitive data includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect information about criminal convictions and offences
Sharing or Disclosing Your Personal Data
We only work with companies that we believe are the best for you and our business, and that follow GDPR guidelines where they need to process or store your information on our behalf.
We may share and receive data from third parties such as:
- Hotjar to better understand our website users’ needs and to optimise the service and experience received when visiting our website. Hotjar is GDPR compliant, using cookies and other technologies to collect data on users’ behaviour and their devices which is captured and stored only in anonymised form. For further details, please follow this link //www.hotjar.com/legal/policies/privacy
- Service providers who provide IT and system administrative services
Your personal data may be processed outside the EU by us or the third parties we use. All are GDPR compliant as well as being part of the EU – US Privacy Shield, maintaining the same high standard of protection for your personal data at all times.
Security and Safe Guarding Measures
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Our team is trained on the importance of Privacy and Data Protection and will adhere to our internal policies. We also use two-step verification security access procedures on all digital devices used for personal data handling.
Please note however, that we cannot guarantee that the measures we maintain will guarantee the security of the information.
We have in place procedures to quickly deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are required to do so.
How Long We Retain Your Data
JSF Driving School only retains personal information for as long as is necessary, including for the purposes of satisfying any legal, accounting or reporting requirements.
For tax purposes we are legally required to keep basic information about our customers for six years after they stop being customers.
In some circumstances we may anonymise personal data for statistical purposes in which case we may use this information indefinitely without further notice to you. For further details on our data retention periods please contact us.
Your Legal Rights
Under GDPR you have the right to access personal information that JSF Driving School processes about you. You can request from us information about:
- The personal data we hold about you
- The categories of personal data concerned
- The purposes of the processing
- Details to whom your personal data has/will be disclosed
- How long we retain your personal data
- If we did not collect the data directly from you, information about the source
You may also request from us the following:
- That we update any incomplete or inaccurate data about you
- Request that we delete your personal data in accordance with GDPR
You can find more information about your rights at //ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You may request we action your rights by contacting us at JSF Driving School, 37 Rushyleaze, Lydney, Gloucestershire, GL15 5QW or by emailing us at email@example.com
To ensure your data is protected, if we receive a request from you to exercise your rights, we will ask you to verify your identity before acting on the request. Once verified, we will try to respond to your request in an easily understandable format within one month. If the request is particularly complex or if you have made a number of requests it may take us longer to respond and we will inform you of this at the time.
No fee is chargeable to access your personal data or exercise your rights. Please note however that we may charge a reasonable fee if your requests are clearly unfounded, repetitive or excessive, or we may refuse to comply with your request at that point.
If you are unhappy with how we collect and use your data you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would be grateful if you would contact us first if you do have a complaint so that we can have the opportunity to resolve any issue you have with our data collection.
Links to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
NHS Track & Trace Service Update: 4th July 2020
During the Covid-19 pandemic, in accordance with advice as set out by Public Health England & the government, JSF Driving School will fully cooperate with the NHS Track & Trace service providing personal data relating to health when necessary or requested. Health checks, as described on this website & explained at the start of each lesson by your instructor, are a requirement for any lesson to go ahead as is consent to this data being shared with the NHS Track & Trace service. Should consent be refused then the lesson will not go ahead & further lessons cancelled until consent is given.
The Independent Commissioners Office (ICO) state that data retention periods must relate to the purpose of processing & must not be disproportionate, only being processed for the duration of the Covid-19 crisis, based on scientific or epidemiological considerations (e.g. period of infection). Afterwards, as a general rule, the data should be erased or anonymised by the NHS service.
The ICO will keep these recommendations under review, taking into account how the COVID-19 pandemic develops and the particular proposals under development to respond to the crisis. During the period contact tracing app Collection of personal data relating to health shall be allowed only where the processing is either based on explicit consent, is necessary for reasons of public interest in the area of public health, is for health care purposes, or is necessary for scientific research or statistical purposes.