Privacy Policy

RevLock LTD is a company registered in England under company number 83948311. We are fully committed to protecting your personal information and are registered with the Information Commissioners Office in the UK under registration number ZB89392. This privacy statement outlines how we collect, use, and protect your personal information, in line with our legal obligations and your rights. Please read this statement carefully.

GDPR Principles

This policy ensures compliance with the EU Regulation 2016/679 General Data Protection Regulation (GDPR). The GDPR mandates that any party handling personal data must adhere to the following principles. All personal data must be:

  • Processed for specific purposes and not in a manner incompatible with those purposes
  • Adequate, relevant, and not excessive
  • Accurate
  • Retained no longer than necessary
  • Processed in accordance with your rights
  • Secure
  • Not transferred to countries lacking adequate data protection

Definition of Personal Data

The General Data Protection Regulation (GDPR) defines personal data as any information relating to an identifiable person who can be directly or indirectly identified, particularly by reference to an identifier. This includes any information that can identify you. Below is a summary of the personal data we collect or receive about you.

Information We Collect or Receive About You

To provide our products or services and for related purposes, we need to collect or receive data from the various data subjects listed below.

Data Subjects

Type of Data Collected

Partners and Suppliers

Contact name, address, telephone numbers, profession, industry, financial details, business name, company status, FCA status, directorship details, email address, bank details

Customers

Full name, contact telephone number, email address, vehicle registration, home address, copy of V5C, vehicle insurance certificate, copy of photo ID

Employees, Contractors, and Applicants

Full name, date of birth, full address, title, employment history, employer reference, bank details, NI number, passport copy, medical information, criminal convictions, nationality, email address, license copy, next of kin details, credit information, sick leave records, prescribed medication, disabilities, interview notes, CVs, application forms, performance reviews, salary information, disciplinary records, grievances

Cookies

We may also collect information about your interactions on our website, including IP addresses, browser types, and other related data. Some of this information is gathered through cookies.

How Your Information Is Collected

We collect or receive data from the following sources:

Data Subjects

Source of Data

Partners and Suppliers

Through phone calls, emails, letters, in-person meetings, service registrations, website usage, government agencies, regulatory bodies, fraud prevention agencies, credit reference agencies, social networks, introducers, and insurance companies

Customers

Through phone calls, emails, letters, in-person meetings, service registrations, website usage, API submissions

Employees, Contractors, and Applicants

Through application forms, website usage, online job sites, recruitment agencies, social networks, CVs, emails, letters, interview notes, pre-employment checks, HMRC, credit reference agencies, fraud prevention agencies, previous employers, performance reviews, remuneration, benefits and expenses, disciplinary and grievance matters, medical conditions, return to work interviews, sick leave details, disabilities, prescribed medication, GP reports, occupational therapists

We may also monitor or record phone calls to ensure we meet your requests, resolve concerns, comply with industry regulations, and improve our customer service. We take steps to ensure that the personal data we collect, process, and hold is accurate and up-to-date, with checks conducted annually.

Who We Share Your Information With

To process your data and fulfill our legal and contractual obligations, we may need to share your personal information with relevant organizations:

Data Subjects

Recipients of Data

Partners and Suppliers

Fraud prevention agencies, government bodies, customers, other partners, financial institutions

Customers

Our employees, sub-contractors, authorities, selected third-party companies

Employees, Contractors, and Applicants

Future employers, government bodies, local and central authorities, third-party companies offering employee benefits, financial institutions, occupational therapists, legal representatives if necessary

We continue to ensure that your personal data is safeguarded in line with our obligations and your rights. All parties involved in handling data on our behalf must safeguard it as part of their contractual and legal obligations. In certain circumstances, we may be legally required to share your personal information, such as complying with legal obligations or providing information to a governmental authority.

Data Transfers

We do not transfer any of your personal information outside of the UK.

Legal Grounds for Processing Your Data

Your personal data will always be processed on a lawful basis, which may include:

  • Processing under the authority of our Partners
  • Necessity for performing a contract with you
  • Your consent for specific reasons
  • Legal obligations requiring processing
  • Legitimate business interests

Specifically, we may use your information in the following ways:

Data Subject

Purpose

Legal Basis

Partners and Suppliers

To perform and receive services stated in our agreement with you

Contract

To comply with legal and regulatory obligations

Legal obligation

 

To assess performance through surveys and offer additional services/products (with your consent)

Consent

 

To compile statistics about site usage, traffic, and other relevant data

Legitimate interests

 

To assess industry sector performance

Legitimate interests

 

Customers

To ensure service level adherence, quality assurance, and complaint monitoring

Contract

As part of the defense of a legal claim

Legitimate interests

 

To use service providers supporting our business

Contract

 

To assess service delivery through surveys and offer additional services/products (with your consent)

Consent

 

To conduct market research for business development

Legitimate interests

 

For fraud prevention, audit, and compliance purposes

Legal obligations

 

To investigate complaints

Legal obligations

 

To update you with changes to terms and privacy policies

Legal obligations

 

Employees, Contractors, and Applicants

Due to the contractual relationship between you and us

Contract

To collect data as part of your employment

Legal obligations

 

For the provision of health and pension schemes via third parties

Consent

 

To assess performance through surveys and offer additional services/products (with your consent)

Legitimate interests

 

To update you with changes to terms and privacy policies

Legal obligations

 

To share data with medical professionals for attendance monitoring and to assess health, wellbeing, and welfare

Consent

 

To share data with medical professionals for workplace adaptations and special needs accommodations

Consent

 

To share data with government agencies when assessing suitability for certain types of employment

Consent

 

Data Retention

Data Subjects

Retention Period

Partners and Suppliers

Personal data is retained only as long as necessary to fulfill contractual obligations, unless required by law to retain it longer.

Customers

Data is retained according to our data retention policy, kept for a minimum of 7 years, or longer if required by legal or regulatory obligations.

Employees, Contractors, and Applicants

Personal data is retained only as long as necessary to fulfill contractual obligations, unless required by law to retain it longer.

Your Rights Regarding Your Personal Information

As a data subject, you have the following rights under GDPR:

  • The right to be informed about how we handle your personal data, as outlined in this Privacy Statement. Our Partners are also responsible for providing their Privacy Statements, informing you of how your data will be shared with us and how we will process it.
  • If you are a Partner, Supplier, Employee, Contractor, or Applicant, you have the right to request a copy of the personal data we hold about you or to ask for corrections. If you are a customer of one of our Partners (e.g., you purchased an insurance policy from a broker or insurer), you should refer to their Privacy Statement and exercise your rights directly with them. However, we will keep our Partners informed if we receive a direct request.
  • You may also request the deletion of the information we hold, prevent us from processing it, or object to our processing of your data (withdraw consent). Note that these rights may not apply where our processing is based on legal or contractual obligations.

For more information about your rights or to exercise them, please contact:

For the attention of: Mariam Gbadamosi (Data Protection Officer)
Email: info@revlock.co.uk
Phone: 0208 123 5633
Address: Tanglewood Offices, Burhill Road, Surrey, KT12 4BJ

Refer to the section below on “Accessing Your Personal Data” for more details on exercising your rights.

Accessing Your Personal Data

This Privacy Statement explains the type of personal data we hold about you. You can request a copy of your personal data at any time through a “subject access request” (SAR).

Subject access requests should be made in writing to the Data Protection Officer, either by email or post, using the contact details provided above.

We typically do not charge for subject access requests; however, if repetitive requests are made, we may charge a fee to cover administrative costs. We aim to respond to your request within one month, providing a copy of your data within this period. For complex requests, we may require up to two months to gather the information, but you will be kept informed of our progress.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments for all new projects and uses of personal data. The Data Protection Officer oversees these assessments, considering the following:

  • The types of personal data to be collected, held, and processed
  • The purpose of processing
  • How the data will be used
  • The parties (internal and/or external) to be consulted
  • The necessity of collecting, holding, and processing the data
  • The risks posed to our company and data subjects
  • Measures proposed to minimize and manage identified risks

Complaints

If you are dissatisfied with how we have handled your personal information, please give us the opportunity to address your concerns by contacting us via phone, email, or in writing:

For the attention of: Mariam Gbadamosi (Data Protection Officer)
Email: info@revlock.co.uk
Phone: 0208 123 5633
Address: Tanglewood Offices, Burhill Road, Surrey, KT12 4BJ

If we are unable to resolve your issue, you have the right to contact the Information Commissioners Office (ICO) at:
Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: https://ico.org.uk

Data Storage and Security

Data security is of paramount importance to us, and we employ physical, technological, and organizational measures to protect your data from loss, theft, and unauthorized access or use. The steps we take include:

  • Using SFTP protocols for secure file transfers
  • Encrypting all data transferred via email
  • Ensuring personal data is transmitted over secure networks only
  • Prohibiting the transmission of personal data over unsecured or wireless networks unless absolutely necessary
  • Requiring secure storage of physical and electronic copies of personal data in locked and secure containers
  • Storing data only on approved devices and not on personal devices
  • Backing up data on a SQL server stored in the UK
  • Implementing IP protection within our claims management system and weblink
  • Maintaining robust security and data protection policies
  • Conducting regular staff training on data protection

We also require our Partners and Suppliers to adhere to stringent data protection standards and legal requirements.

We only retain your personal data as long as necessary to use it as described in this Privacy Statement, or as long as we have your permission to retain it. Your data is stored exclusively in the UK.

Despite our security measures, no system can guarantee absolute protection against all potential security breaches.

Changes in Business Ownership

If ownership of our business changes, any personal information you have provided that is relevant to any part of the business being transferred will be transferred as part of that change. The new owner or controlling party will be permitted to use your data only for the purposes for which it was originally collected, under the terms of this Privacy Statement.

Controlling Your Data

We want to ensure that you have control over how your data is used for direct marketing purposes. You can opt out of receiving marketing emails by using the unsubscribe links provided, or by contacting us via email, phone, or in writing.

You may also choose to sign up for preference services in the UK, such as the Telephone Preference Service (TPS), the Corporate Telephone Preference Service (CTPS), and the Mailing Preference Service (MPS), to reduce unsolicited marketing. However, these services will not prevent you from receiving marketing communications to which you have consented.

Changes to Our Privacy Statement

We may update this Privacy Statement periodically to reflect changes in the law or our business practices. Any updates will be posted immediately on our website, and your continued use of our website will signify your acceptance of the updated terms. We recommend checking our website regularly to stay informed.