Drive HGV

Menu
Call free on 0333 335 5927
Menu
Call free on 0333 335 5927

NORTH WEST

NORTH WEST

SOUTH EAST

SOUTH EAST

SOUTH WEST

SOUTH WEST

cancel png

NORTH WEST

NORTH WEST

Menu
Call free on 0333 335 5927

Privacy Policy

Privacy Policy – Drive HGV (Driver Education Ltd)

Last updated: February 2025

1. Introduction

This Privacy Policy explains how Driver Education Ltd (“we”, “us”, “our”) trading as Drive HGV, collects, uses and protects personal information.
We are committed to handling data lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Driver Education Ltd (Company No. 14526326)
Registered office: Champion House, 2 Wella Road, Basingstoke RG22 4AG
Email: info@drivehgv.com

2. Scope

This policy applies to:

  • All customers, enquirers and users of our websites and services.
  • All data processed in connection with HGV training, testing, payments and related support.
  • Data processed via our partners, suppliers and digital platforms acting on our behalf.

3. Information We Collect

CategoryExamplesLawful basisTypical retention
Identity dataName, date of birth, driving-licence numberContract Art.6(1)(b)6 years
Contact dataAddress, postcode, email, phoneContract / Legitimate interest6 years
Financial dataPayment method, amounts paid (via GoCardless or bank transfer). No full card numbers stored.Contract / Legal obligation6 years (HMRC)
Training dataCourse booked, progress, test results, fulfilment providerContract6 years
Marketing dataPreferences, communication historyConsent / Legitimate interestUntil withdrawn
Technical dataIP address, browser, usage stats (via website analytics)Legitimate interest2 years

We do not intentionally collect special-category data (medical, religious, etc.). If a fulfilment partner gathers such data for a medical exam or DVSA test, they act as an independent data controller.

4. How We Collect Data

  • Enquiry forms on our websites.
  • Telephone conversations and recorded call notes.
  • Email or WhatsApp communication.
  • Referrals from affiliates and partner training schools.
  • Automated CRM entries from our advertising and booking systems.

5. Purposes of Processing

  • Responding to enquiries and providing quotes.
  • Managing training bookings and payments.
  • Arranging DVSA tests and practical training via approved partners.
  • Issuing invoices and maintaining tax records.
  • Customer service and support.
  • Sending information and offers about related training services (where consent exists).
  • Fraud prevention and system security.

6. Lawful Bases for Processing

We rely on the following bases under UK GDPR:

  1. Contract [Art 6(1)(b)] – processing necessary to perform our agreement with you.
  2. Legitimate interests [Art 6(1)(f)] – customer relationship management, analytics, service improvement.
  3. Consent [Art 6(1)(a)] – optional marketing communications.
  4. Legal obligation [Art 6(1)(c)] – tax and accounting retention requirements.

Where legitimate interest is used, we have balanced our interests against your rights and concluded processing is proportionate.

7. Data Sharing and Recipients

We share data only when necessary:

Operational partners

  • Approved training schools to deliver practical training. These partners act as independent controllers for the data they generate.
  • Approved Medical Test Partners – These partners act as independent controllers for the data they generate.
  • The DVSA to book tests and confirm licence status.
  • Finance providers (if you apply for credit) – they act as independent controllers for credit assessment.

Service providers (processors)

  • GoCardless or TakePayments – payment collection.
  • Monday.com – CRM and course management system.
  • Brevo (formerly Sendinblue) – email delivery.
  • Yay.com – SMS gateway and call system
  • WhatsApp – business messaging.
  • IT and cloud hosting providers.

All processors are bound by written contracts containing confidentiality and data-processing clauses meeting Article 28 requirements.

We never sell or lease personal data to third parties.

8. International Transfers

Some processing occurs outside the UK:

  • Monday.com servers may be located in the EU or US.
  • One employee located in the Philippines accesses systems securely under restricted login and confidentiality agreement.

We rely on UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses and technical safeguards (2-factor authentication, least-privilege access).

9. Data Retention and Deletion

  • Financial and training records – 6 years after course completion (HMRC compliance).
  • Enquiry records – 2 years from last contact if no booking.
  • Marketing records – until you opt out.
  • System back-ups – cycled and overwritten regularly.
    When data is no longer required, it is securely deleted or anonymised.

10. Security Measures

We maintain appropriate technical and organisational measures including:

  • Encrypted connections (SSL/TLS) and secure servers.
  • Password management with 2-factor authentication.
  • Antivirus and endpoint protection.
  • Role-based access controls and audit logging in Monday.com.
  • Regular staff training on data protection.
  • Confidentiality clauses in all employment and supplier contracts.
  • Physical security at office premises.

11. Automated Processing and Profiling

We use limited automation within our CRM (Monday.com) and email platform (Brevo) to streamline communication and schedule follow-ups.
No automated decisions produce legal or similarly significant effects on individuals.

12. Data Ownership and Third-Party Marketing

All customer data collected via Drive HGV remains the property and under the control of Driver Education Ltd.

13. Your Data Protection Rights

You have the right to:

  1. Access your data (Subject Access Request).
  2. Request correction of inaccurate data.
  3. Request erasure where data is no longer needed or processing is unlawful.
  4. Restrict processing in specific circumstances.
  5. Object to processing based on legitimate interests or direct marketing.
  6. Request data portability where processing is automated and based on consent or contract.

Requests should be sent to info@drivehgv.com. We will respond within one calendar month.

14. Data Breaches

Any suspected personal data breach will be logged and assessed immediately. Where a breach poses a risk to individuals’ rights and freedoms, the ICO will be notified within 72 hours and affected individuals will be informed without undue delay.

15. Complaints

If you believe we have not handled your data correctly, please contact us first at info@drivehgv.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113

16. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on our website and the revision date will be updated accordingly.