Privacy Policy

How we collect, use, and protect your personal data

Last Updated: March 2024

1. Introduction

HERWAY ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our taxi services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the UK GDPR and Data Protection Act 2018.

Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

  • Booking Information: Name, phone number, email address, pickup and destination locations, travel dates/times, number of passengers
  • Account Information: For registered users, username, password, profile information
  • Payment Information: Credit/debit card details, billing address (processed securely via third-party payment providers)
  • Driver Application: Personal details, identity documents (copies), vehicle information, insurance details, DBS check information, employment history, references
  • Communication: Messages, feedback, complaints, survey responses
  • Special Category Data: Information about disabilities or accessibility requirements to provide appropriate service

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, IP address
  • Usage Statistics: Pages visited, time spent on pages, links clicked, referral source
  • Location Data: GPS coordinates of pickup/dropoff locations (only when using our service)
  • Cookies: Session identification, user preferences, analytics

2.3 Information from Third Parties

  • DBS (for background checks)
  • DVLA (for driving license verification)
  • Payment processors
  • Reference providers

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Consent: Where you have given explicit consent (e.g., marketing emails)
  • Contract: When necessary to provide services you have booked
  • Legal Obligation: To comply with laws (e.g., tax, licensing requirements)
  • Legitimate Interests: To operate our business, improve services, prevent fraud
  • Public Task: Where necessary for public safety
  • Vital Interests: To protect lives in emergency situations

4. How We Use Your Information

  • Service Delivery: To process bookings, arrange pickups, handle payments, provide customer support
  • Driver Management: To assess applications, conduct background checks, manage driver accounts and conduct
  • Communication: To send booking confirmations, updates, important notices, customer support
  • Marketing: To send promotional information (only with your consent)
  • Safety & Security: To prevent fraud, detect misuse, comply with law enforcement requests
  • Quality Assurance: To improve services, conduct audits, gather feedback through surveys
  • Legal Compliance: To meet regulatory requirements for tax, licensing, safeguarding
  • Analytics: To understand user behavior and optimize the website/app

5. Data Sharing

We do NOT sell your personal data. However, we may share data with:

  • Service Providers: Payment processors, email providers, hosting companies (under data processing agreements)
  • Drivers: Your name and pickup location when arranging your ride
  • Law Enforcement: When legally required (court orders, police investigations)
  • Regulatory Bodies: Local authorities, DBS, DVLA for licensing/background checks
  • Insurance Providers: For claims and coverage verification
  • Employees/Contractors: Team members who need data to perform their roles

We do NOT share data internationally without specific legal basis and appropriate safeguards.

6. Data Security

We implement appropriate security measures to protect your data:

  • Encrypted data transmission (SSL/TLS)
  • Secure password storage (hashed and salted)
  • Access controls limiting employee access
  • Regular security audits and penetration testing
  • Secure disposal of data when no longer needed
  • PCI-DSS compliant payment processing

However, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep them confidential.

7. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected:

  • Booking Information: 7 years (for tax and dispute resolution purposes)
  • Driver Records: 7 years after employment ends (legal requirement)
  • DBS/Background Checks: Updated periodically as required by regulations
  • Complaint/Dispute: 6 years (limitation period for legal action)
  • Marketing Data: Until you opt-out
  • Web Analytics: 12-24 months

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your data (Subject Access Request)
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Obtain your data in a portable format
  • Right to Object: Opt-out of marketing and certain processing
  • Right to Withdraw Consent: Withdraw consent you've given at any time
  • Rights Related to Automated Decision-Making: Object to decisions made solely by automated means

To exercise these rights, contact: privacy@herway.co.uk

9. Cookies & Tracking

Our website uses cookies for:

  • Essential: Session management, security
  • Functional: Remembering preferences
  • Analytical: Understanding user behavior (Google Analytics)
  • Marketing: Retargeting and advertising (only with consent)

You can control cookies through your browser settings. Disabling essential cookies may impact website functionality.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

11. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect data from children. If we become aware of such collection, we will delete it immediately.

For children 13-18, parental consent is required for data processing.

12. Complaints & Regulation

If you have concerns about our privacy practices, you can:

  1. Contact us directly at privacy@herway.co.uk
  2. Lodge a complaint with the Information Commissioner's Office (ICO):
    Website: ico.org.uk
    Phone: 0303 123 1113

13. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or applicable laws. We will notify you of significant changes via email or through prominent notice on our website.

Continued use of our services constitutes acceptance of updates.

14. Contact Us

For questions about this privacy policy or your data:

Email: privacy@herway.co.uk

Contact form: Submit an enquiry

General support: info@herway.co.uk

© 2024 HERWAY. All rights reserved.