Document
Taxi and private hire: Privacy Notice
The following Privacy Notice applies to Taxi/Private Hire Licensing.
This Notice explains how personal information is going to be used, what it is used for, who it might be shared with and why and for how long it is to be kept.
Horsham District Council (HDC) is fully committed to complying with The Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR). We ensure that your personal data is processed fairly, lawfully kept safe and secure and retained for no longer than is necessary.
Data Controller
HDC is registered as a Data Controller with the Information Commissioner's Office (registration number: Z7294458). As a Data Controller we take all necessary steps to comply with the Data Protection Act (DPA) 2018 and the UK GDPR when handling any personal information.
What information does the Council collect?
We collect and process a range of information about you, including:
- Name
- Contact details (postal address, telephone number, email address, etc)
- Date of birth
- Gender
- DVLA or overseas driving licence details
- Photographs
- Nationality/Country of origin
- Medical Information
- Proof of Identity
- Proof of right to work in UK
- Certificate of good conduct from any countries
- National Insurance Number
- Criminal conviction information(DBS) checks and complete history(the Rehabilitation of Offenders Act 1974 does not apply to taxi trade so no conviction is therefore ever considered spent
- Vehicle Registration Marks(VRMs) and Vehicle Identification Numbers (VINs)
- Complaints made about drivers and operators
- The licence and badge number issued to you or the vehicle
- Address history
- Relevant employment history
- Insurance details
Why does the Council process personal data?
We have a statutory duty under the Local Government (Miscellaneous Provisions) Act 1976, Town Police Clauses Act 1847 (and associated regulations and amended legislation) to ensure that those we licence are fit and proper persons.
To deliver these we need to collect and use personal information of those using or affected by these services.
Who has access to data?
- Internal departments
- Other local authorities/ County Council
- Councillors who sit on the Councils Licensing Committees (in case of a review)
- Third party organisations
- Partner agencies
- Central Government (e.g. DWP, HMRC)
- Housing Associations
- Court Services
- Benefits Agency
- Police (duty to cooperate organisations)
- Disclosure and Barring Service (DBS)
- Contractual suppliers
- Department for Environment, Food & Rural Affairs – we share information with DEFRA as required by The Air Quality (Taxis and Private Hire Vehicles Database) (England and Wales) Regulations 2019. The information we are required to share with DEFRA includes: Vehicle Registration Mark, the start and expiry date of the vehicle licence, whether the vehicle is a taxi or PHV, the name of the licensing authority, the licence plate number and an indication of whether it is a wheelchair accessible vehicle
- Publicly available – we are required to hold some of your data in Public Registers. The information that is in the register is set down in the legislation
- Internal Council Departments (including Alternative Service Delivery Vehicles such as ANSA or Transport Service Solutions) who requires access to your information for the purpose of administration, regulation and law enforcement. From time to time we may share your information with other Council Departments if the law allows us to do so
- Cabinet Office (as part of the National Fraud Initiative). We have a legal duty to submit information to the Government as part of the National Fraud Initiative (NFI).You can read about the type of information we have to disclose to the NFI on their website
- HM Revenue & Customs - we have a statutory duty under schedule 23 of the Finance Act 2011 to submit returns to the HMRC. National Anti-Fraud Network (NAFN) – we share information with NAFN as part of the national database of taxi and PHV driver licence refusals, suspensions and revocations
- Department for Transport – we will share some information with the DFT for statistical purposes. This would not normally include personal or sensitive information
- Department for Environment, Food & Rural Affairs – we share information with DEFRA as required by The Air Quality (Taxis and Private Hire Vehicles Database) (England and Wales) Regulations 2019. The information we are required to share with DEFRA includes: Vehicle Registration Mark, the start and expiry date of the vehicle licence, whether the vehicle is a taxi or PHV, the name of the licensing authority, the licence plate number and an indication of whether it is a wheelchair accessible vehicle
We do not sell your personal information to anyone else, nor do we share your personal data with third parties for marketing purposes.
Details of transfers to third country and safeguards
If your personal data needs to be transferred outside of the EEA we will make sure that an adequate level of protection is in place.
How does the Council protect data?
HDC takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
The personal information that we collect from you must be handled and dealt with properly, covering how it is collected, recorded and used whether it is on paper, in computer records or recorded by other means and how long it is kept.
For how long does the Council keep data?
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion. Once your information is no longer needed it will be securely and confidentially destroyed
We keep the following information for the following periods:
- Information submitted as part of an application - 6 years after the date in which the application is refused
- Information held in respect of a licence - 6 years after the date from which the licence ceases to be held
- Information received as part of an enforcement investigation – for a minimum of 6 years and then for only so long as may be necessary to inform a decision to protect the public
- Information held on the NR3 database will be held for a period of 25 years
What is the Legal Basis to allow us to use your personal information?
There are a number of legal reasons why we need to collect and use your personal information, including:
- To perform a function or provide a Service
- To comply with a legal obligation we have a statutory duty under the Local Government (Miscellaneous Provisions) Act 1976, Town Police Clauses Act 1847 (and associated regulations and amended legislation) to ensure that those we licence are fit and proper persons.
- Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract
- Where disclosure is in the vital interests of yourself or another person
- With your explicit consent
If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please email the Data Protection Officerand tell us which service you are using so we can deal with your request.
What if you do not provide personal data?
If you don’t provide us with your information we will not be able to assess your application and you may not be granted a licence.
Your rights
You have the right to:
1. Be informed of data processing (which is covered by this Privacy Notice).
2. Access information (by making a Subject Access Request).
3. Have inaccuracies corrected.
4. Have information erased.
5. Restrict processing.
6. Data portability.
7. Intervention in respect of automated decision making and profiling.
8. Withdraw consent (see above).
9. Complain to the Information Commissioner’s Office (See below).
To exercise any of these rights please contact:
Information Governance Team
Parkside
Chart Way
Horsham
West Sussex
RH12 1RL
Email: dpa@horsham.gov.uk
Data Protection Officer
As a public authority we are required to have a Data Protection Officer who is responsible for:
- Monitoring the Council's compliance with the UK GDPR and other data protection laws. Monitoring our data protection policies, awareness-raising, training, and audits.
- Advising the council in respect to their data protection obligations.
- Providing advice and monitoring the Data Protection Impact Assessment process.
- Acting as a point of contact for the Information Commissioner's Office (ICO) and members of public on any matter relating to Data Protection.
If you need to contact the Data Protection Officer, contact details are:
Data Protection Officer
Parkside
Chart Way
Horsham
West Sussex
RH12 1RL
Email: dpa@horsham.gov.uk