Client Data Protection
information
information
The document below MUST be signed by a Responsible person - either the Pupil if 18 years old, or older, or a Parent or Responsible Adult
The General Data Protection Regulations must be complied with by 25th May 2018.
To comply with these Regulations, Andrew Knight Driving needs to officially inform you, and you need to consent in writing about: 1. What data Andrew Knight Driving may keep about you
2. How Andrew Knight Driving will or may use your data and information 3. How Andrew Knight Driving will store it. What precautions Andrew Knight Driving will take to keep your data secure 4. With whom Andrew Knight Driving might share it 5. What happens to your data after our work is finished 1. What data Andrew Knight Driving may keep about you We may need to keep a record of your: Name Address Email address Phone number Social Media “address’ Driving licence, and the information stored on it Emails, texts, and social media “conversations” Lessons planned and completed, with details of each lesson Meeting point for lessons Payments to us, and for what the payments are for Your Theory Test Test date, and Test Test Pass date and Certificate Number Your Practical Test date and time, location, reference number, and result 2. How Andrew Knight Driving will or may use your data and information We will need your data to be able to keep records of your progress and payments To be able to prove that we have made reasonable efforts to ensure you are allowed to drive a car Know when and where we will meet for driving sessions, and payment details We may book your tests using your data, and sharing it online with DVSA Share details with HMRC for tax purposes 3. How Andrew Knight Driving will store your information Your data will be stored by Andrew Knight Driving, digitally on a number of digital devices. Each device is password-protected, or thumb-print-protected. Data is encrypted wherever we can protect it that way. Written records may be made, copied to digital format, and then shredded as soon as reasonably possible. First names and the first two letters of your surname will be used where others may routinely see your name. This should stop others from being able to identify you. 4. With whom Andrew Knight Driving might share it We might need to share your data with: HMRC DVSA and its staff DVLA Lloyds Bank My car insurance brokers and providers My Accountant Police and other Emergency Services if required I will be using an “App” named MyDriveTime (https://www.mydrivetime.co.uk) to keep financial and progress records. 5. What happens to your data after our work is finished We will keep all records until our working relationship has finished. During the next financial year, your detailed records will be deleted, except: Financial and lesson dates and amounts will need to be kept for possible HMRC use, as well as checking by my Accountant. Article 5 of the GDPR requires that personal data shall be: “a) processed lawfully, fairly and in a transparent manner in relation to individuals; b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” The Basis upon which we are basing the information is one of “Legitimate Interests” Checklists ☐ We have checked that legitimate interests is the most appropriate basis. ☐ We understand our responsibility to protect the individual’s interests. ☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision. ☐ We have identified the relevant legitimate interests. ☐ We have checked that the processing is necessary and there is no less intrusive way to achieve the same result. ☐ We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests. ☐ We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason. ☐ We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason. ☐ If we process children’s data, we take extra care to make sure we protect their interests. ☐ We have considered safeguards to reduce the impact where possible. ☐ We have considered whether we can offer an opt out. ☐ If our LIA identifies a significant privacy impact, we have considered whether we also need to conduct a DPIA. ☐ We keep our LIA under review, and repeat it if circumstances change. ☐ We include information about our legitimate interests in our privacy information. |
|