Driver vehicle monitoring & dashcam privacy notice

The following privacy Notice explains how we Sciensus Pharma Services Limited (SPSL) intend to use the information which is collected from your vehicle monitoring devices, along with your rights, our reasons for requesting it and who will have access to it.

The Privacy Notice will be displayed on our Hub Page and sets out how we process your personal information. This notice is regularly reviewed, and changes made from time to time.  Any changes we make will be posted on the Hub Page.

We do not carry out automated decision making or make a significant decision based solely on automated processing unless that decision is required or authorised by law.

Where we get your information from

From you – Information you provide during your employment
Human Resource – Unique employee identification number
Third Party – Information which is collected via the vehicle monitoring software, daschcam and vehicle mileage portal.

 

What Information do we collect from you and our lawful grounds to process your information?

We collect information that is specifically provided by you as part of your employment with us. We will collect the following (but not limited to):

Type of Data Why do we need this data? What is our lawful ground for processing?
·        First Name

·        Surname

·        Unique Employee Identification number

·        Location data

·        Work contact details

·        Driving behaviour

·        Vehicle tracking

·        Dashcam imagery/audio

·        Vehicle registration

 This data can be used for a variety of purposes such as:

 

·        Ensuring the health and safety of our colleagues

·        For effective work efficiencies and effectiveness

·        Manage the use of the fleet and resources

·        Cost efficiencies

·        HMRC requirements and compliance

·        monitoring the behaviour of staff

·        To prevent or detect an unlawful act

·        Defend  disputes or claims.

·        Share with law enforcement (fines)

·        Claim business mileage

 

 

 

 Article 6 (C) Legal Obligation

processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Article 6 (F) Legitimate Interest
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Article 6 (B) Performance of a Contract processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

 

 

Who do we share this Information with and who will have access to it?

Your Information will only be shared internally within Sciensus and be accessed by authorised management as part of their role.

We will also share limited information with insurers and law enforcement when required to satisfy legal requirements.

How long will we keep your information?

We will only hold your information for as long as it is needed to able us to provide a service to you and in line with our retention schedule, which is aligned with Legal & regulatory guidance including good practice.

We may hold onto your data for longer due to meet the following:

Necessary or required to meet Legal or Regulatory requirements
Resolve disputes & claims & fines.
Prevent fraud and abuse

 

How we keep your information safe

During your service with us, we collect lots of personal about you, and we take keeping your data safe very seriously. To accomplish this, we have our own expert teams and use a mature information security management system so that your data will be treated appropriately and won’t end up in the wrong hands. To achieve this, we use a three-layered approach: People, Processes and Technology.

We use a number of technology systems to control how your data is accessed and secured. Our technology covers multiple levels of our systems to ensure we can control your data from end to end. All our users are trained in the best ways of handling personal data and confidentiality and follow strict policies and procedures to ensure security is kept to a high level.

We operate role-based access control which means users access to your personal information is limited dependant on the task they carry out as part of their role.

We test our systems regularly using both internal and external testers and auditor to ensure weaknesses are identified and rectified.

In all our operations we will:

  • Keep your information confidential
  • Only share your information with authorised personnel’s.
  • Use it lawfully, fairly and in a transparent way
  • Keep your personal information for as long as necessary for the purposes we have told you about
  • Protect your data and keep it secure
  • Have contractual obligations for data management and protection when outsourcing functions to third parties to process your personal information on our behalf
  • Carry out security and cyber security checks

 

Your Rights

You have a number of rights regarding how SPSL use your data including the Right to: Access, Rectify, Erase, restrict, transport, and object to the processing of your personal information.

These rights will not all apply in every situation but to exercise them at any time, have a complaint or just have a question contact us on the following:

Information Governance & Security Team

Telephone number: 0800 917 4980

Email Address: DPO@sciensus.com

Address: 107, Station Street, Burton Upon Trent, DE14 1SZ.

 

Your right of access

You have the right to ask us for copies of your personal information we hold on you, whether in paper or electronic form. Each request will be dealt with on an individual basis.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances, including automated processing and profiling and where automated processing operations are taking place for human intervention.

Your right to object to processing

You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability

You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances where it is technically feasible. This is not an absolute right and may not be possible on all occasions.

Your right to complain to the data protection regulator

You also have a right to lodge a complaint with the relevant data protection regulator if you believe your personal data is not being processed in accordance with applicable data protection law. To contact the Information Commissioners Office Click Here.

The Information Commissioners Office normally ask you to raise your concerns firstly with us, but it is important you know you can go directly to the Regulator in the first instance.