Privacy Policy

Last updated: April 2026  ·  This policy is reviewed regularly. We recommend you have your own legal adviser review it before relying on it.

1. Who We Are (Data Controller)

VDrive Private Hire (company number 17177362, registered in England & Wales) ("we", "our", "us") is the data controller for the personal information described in this Privacy Policy. Our registered office is Paymal House, Stepney Way, London, United Kingdom, E1 3HR. Our trading address is 78 Mill Street, Mill Lane, Kidderminster, DY11 6XJ. You can contact us at admin@vdrive.uk or by phone on 07777964171.

We are registered with the UK Information Commissioner's Office (ICO) as a data controller. Our Data Protection Lead can be contacted at the email address above with the subject line "Data Protection".

This Privacy Policy explains how we collect, use, store and share your personal information when you use our website, apply to hire a vehicle, are an active hirer, or are a partner company. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

2. Categories of Personal Data We Collect

2.1 Identity and contact

• Full name, date of birth, gender (where required by an insurer);
• Home address and previous address(es);
• Email address, phone number(s);
• Photo identification (passport, BRP, share-code);
• Right-to-work documentation.

2.2 Licence and regulatory

• UK driving licence number, expiry, endorsements and DVLA check code;
• PCO/PHV badge details, issuing authority and expiry;
• National Insurance number where required for HMRC;
• Vehicle plate, V5 details and council compliance information (Partners).

2.3 Financial

• Payment-card or bank details for hire payments and deposits (handled by our payment processor — we do not store full card numbers);
• Hire history, deposit balance, late-fee history, PCN administration history;
• Partner remittance bank details and payment records.

2.4 Vehicle and operational

• Check-out and check-in inspection photos and videos;
• Damage reports and incident reports;
• Mileage at hand-over and return;
• Telematics data, where a vehicle is fitted with a tracker (location and journey data, usually for security/recovery only);
• PCN, congestion-charge, ULEZ and similar notice records.

2.5 Device and usage

• IP address, browser type, device type, operating system;
• Pages visited, dates and times, referrer;
• Cookies and similar local-storage keys (see our Cookie Policy).

2.6 Special-category data

We collect special-category data only where strictly necessary, and only with a lawful basis. The most common example is medical conditions you must declare to our fleet insurer (e.g. eyesight, epilepsy, diabetes managed with insulin) because they affect fitness to drive. We treat this with extra care and only share it with the insurer or licensing authority where the law requires.

3. Sources of Personal Data

We collect personal data from the following sources:

• Directly from you — when you apply, sign up, complete checkouts, or contact us;
• From the DVLA, where you give us a check code to verify your driving licence;
• From local councils, TfL and parking-enforcement bodies, when a PCN is issued against a vehicle you have hired;
• From Partner companies, where they have referred a vehicle to us for management;
• From fraud-prevention databases and identity-verification providers we use to validate applications;
• From our own platform and devices (logs, cookies, vehicle telematics where fitted).

4. How We Use Your Personal Data & Lawful Basis

We use your personal data only where we have a lawful basis under UK GDPR. The main purposes and bases are:

5. Sharing Your Personal Data

We share personal data with the following categories of recipient, only to the extent necessary:

• Payment processors — to take card payments and remit deposits. We use Stripe for card processing, including the online vehicle-reservation fee. We share your name, email, billing address, the payment amount, and a vehicle reference with Stripe so the payment can be taken and matched to your booking. Stripe handles the card details directly on its own systems — we never see or store your full card number;
• DVLA — for licence-status checks;
• TfL and local councils — for PCNs, vehicle plates, and licensing compliance;
• Insurance brokers and underwriters — for fleet cover, claims and recoveries;
• Recovery agents and debt-collection partners — to recover vehicles and unpaid balances;
• Accountants, auditors and legal advisors — under professional confidentiality;
• HMRC and other regulators — where the law requires;
• Fraud-prevention databases — to validate applications and prevent abuse;
• IT, hosting, email, SMS and cloud-service providers — under written data-processing agreements;
• Partner companies — limited to the operational data needed to manage their vehicle (driver name, hire dates, payment status, PCN history for their vehicle).

We do not sell your personal data to any third party, and we do not share it for unrelated marketing purposes.

6. International Transfers

We host and process personal data in the UK and the European Economic Area (EEA) where possible. Where a service provider processes data outside the UK/EEA (for example, certain cloud or email providers), we put in place appropriate safeguards — the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), or a relevant adequacy decision — so your data continues to receive equivalent protection.

7. How Long We Keep Your Data

We only keep personal data for as long as we need it. The retention periods are summarised in the table at section 4. In broad terms:

• Account data — for the duration of your relationship with us, plus up to 6 years for limitation purposes;
• Financial records — 7 years from the end of the financial year (HMRC requirement);
• PCN and legal records — up to 7 years;
• Inspection photos and videos — 24 months from the date of the inspection (longer if there is an active dispute, deposit deduction or insurance claim), after which the check-out and matching check-in are automatically deleted together by a scheduled retention sweep;
• Marketing preferences — until you withdraw consent.
• Cookie-banner consent records — 24 months from the date the choice was recorded, after which they are automatically deleted by a scheduled retention sweep.

When the retention period ends, we securely delete or anonymise the data.

8. Automated Decision-Making and AI

We do not make any decision about you that has a legal or similarly significant effect using solely automated means. Where we use AI to assist (for example, AI-assisted reading of uploaded driving licences or PCN photos), the output is reviewed by a human before any decision is taken about your account.

9. Marketing & Cookies

We only send marketing communications to you with your consent and you can opt out at any time via the unsubscribe link in any email or by emailing us. For information on cookies and similar technologies, please see our Cookie Policy.

10. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you;
• Rectification — ask us to correct inaccurate or incomplete data;
• Erasure — ask us to delete your data in certain circumstances ("right to be forgotten");
• Restriction — ask us to limit how we process your data;
• Portability — receive your data in a structured, machine-readable format;
• Object — object to processing based on legitimate interests, including direct marketing;
• Withdraw consent — where we rely on consent, withdraw it at any time (this does not affect lawful processing already carried out).

To exercise any of these rights, please email admin@vdrive.uk. We will respond within one calendar month. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we have handled your data.

11. Children

Our services are not directed at children under 18. We do not knowingly collect personal data of children. If you believe we hold a child's data, please contact us immediately and we will delete it.

12. Security

We take appropriate technical and organisational measures to protect your personal data, including:

• TLS encryption for all data in transit;
• Encrypted backups and access-controlled hosting;
• Role-based access controls so staff only see what they need to;
• Two-factor authentication on administrator accounts;
• Regular review of permissions, devices and supplier security;
• Staff data-protection training.

If we ever suffer a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, in line with UK GDPR, and will notify affected individuals where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For non-material changes (typos, formatting, clearer wording) the updated policy applies on publication. For material changes (new categories of data, new purposes), we will give at least 30 days' notice by email and on this page before the change takes effect. Continued use of our services after a change constitutes acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact:
VDrive Private Hire — Data Protection Lead (Company No. 17177362)
Trading address: 78 Mill Street, Mill Lane, Kidderminster, DY11 6XJ
Registered office: Paymal House, Stepney Way, London, United Kingdom, E1 3HR
Email: admin@vdrive.uk
Phone: 07777964171