TreadTracker

Your all-in-one solution for tyre maintenance and reporting

Contact us

GDPR and Data Protection Policy

Effective Date: 2nd November, 2024
Last Updated: 14th November, 2024
Review Date: 2nd November, 2025

Data Protection Policy

Policy

TreadTracker Limited is committed to safeguarding the privacy and security of personal data. We recognise the importance of data protection and will comply with all relevant provisions of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Scope

This policy applies to all staff, contractors, suppliers, and others who process or control personal data on behalf of TreadTracker Limited. It covers all data collected, stored, processed, or shared by TreadTracker Limited in any format or medium.

Definitions

  • Personal Data: Information relating to an identifiable person who can be directly or indirectly identified from that information.
  • Processing: Any operation performed on personal data, including collection, storage, use, transfer, and destruction.
  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: TreadTracker Limited, which determines the purpose and means of processing personal data.
  • Data Processor: Any person or organisation processing data on behalf of the data controller.

Data Protection Principles

TreadTracker Limited adheres to the principles outlined in the Data Protection Act 2018 and GDPR, which mandate that personal data must be:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes.
  • Limited to what is necessary.
  • Accurate and kept up-to-date.
  • Retained only for as long as necessary.
  • Processed securely.

Lawful Basis for Processing

We will process personal data only where we have a legal basis to do so, such as consent, contractual necessity, compliance with a legal obligation, or legitimate interests.

Data Subject Rights

We respect the rights of data subjects, including the rights to:

  • Access their personal data.
  • Rectify incorrect or incomplete data.
  • Erase their data, where applicable.
  • Restrict processing.
  • Data portability.
  • Object to processing and automated decision-making.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures include:

  • Secure storage and encryption of data.
  • Regular data access reviews.
  • Limited access based on job function.

Data Retention and Disposal

We retain personal data only as long as necessary for the purposes for which it was collected. Data no longer needed will be securely deleted or anonymised.

Data Breach Response

All staff must report any suspected data breach immediately to the Data Protection Officer (DPO). The DPO will assess and, if necessary, report the breach to the Information Commissioner’s Office (ICO) within 72 hours, if feasible.

Data Protection Officer (DPO)

The DPO is responsible for monitoring compliance, providing guidance on data protection matters, and acting as the primary point of contact with the ICO.

Responsibilities

  • Senior Management: Ensure compliance with data protection regulations and provide necessary resources.
  • Employees: Must process data in line with this policy and report breaches immediately.
  • Data Processors: Must follow contractual obligations and data protection laws when processing data on our behalf.

Training and Awareness

All employees must complete data protection training as part of onboarding and receive periodic refresher courses.

Policy Review

This policy will be reviewed annually or as necessary to reflect any changes in legal requirements, our operations, or best practices.

Contact

For questions about this policy or data protection concerns, please contact:

Data Protection Officer
Steve Richardson
Director & Data Protection Officer

TreadTracker Limited
PO Box 1458
Thornton Cleveleys
Lancashire
FY1 9TL

Email: enquiries@treadtracker.com

Signed: S. Richardson
Steve Richardson
Director & Data Protection Officer

TreadTracker Ltd, PO Box 1458, Thornton Cleveleys, FY1 9TL

Registered in England No. 05312582.