This notice explains how [COMPANY NAME] uses your personal data when we check your driving record through Driver Codes as part of our compliance, fleet-risk or operational processes.

You should read this notice alongside the Driver Checks Privacy Notice published by Driver Codes at driver.codes/legal/checks-privacy, which explains how Driver Codes processes your data when you sign your authority and complete a check. That notice and this one cover different parts of the same overall process.

1. Who we are

[COMPANY NAME], [REGISTERED ADDRESS], company number [NUMBER]. We are the data controller for the processing described in this notice.

If we have a Data Protection Officer or other privacy lead, their contact is: [CONTACT].

2. What data we process

When we invite you to complete a driver check through Driver Codes, we receive from Driver Codes:

• your name and the contact details we provided when inviting you;
• your driving licence entitlements and any restriction codes;
• any endorsements (penalty points and other recorded offences);
• any disqualifications;
• where relevant to your role, Certificate of Professional Competence (CPC) information, Driver Qualification Card (DQC) status and digital tachograph card details.

We also keep records of when checks were carried out, the outcomes, and any follow-up actions we took.

3. Why we process this data

We process your driving record for the following purposes:

• to confirm that you are entitled to drive the vehicles required for your role;
• to assess fleet-risk and inform decisions about driver assignment and route allocation;
• to comply with our regulatory and operator-licence obligations [DELETE IF NOT APPLICABLE];
• to comply with our duty of care to you, other employees, contractors and the public;
• to investigate or respond to road incidents or driving-related complaints.

Lawful basis under Article 6 UK GDPR

Variant A — for direct employees: We rely on Article 6(1)(b) UK GDPR (necessary for performance of your employment contract) and Article 6(1)(c) (necessary for compliance with our legal obligations, including operator-licence and road traffic law obligations) for most processing, and Article 6(1)(f) (legitimate interests in managing fleet risk and driver compliance) where neither contract nor legal obligation applies.

Variant B — for contractors and self-employed drivers: We rely on Article 6(1)(b) UK GDPR (necessary for the contract under which you provide driving services to us) and Article 6(1)(f) (legitimate interests in managing fleet risk and ensuring drivers we engage are entitled to drive).

Variant C — for drivers engaged through an agency or labour-hire arrangement: We rely on Article 6(1)(f) UK GDPR (legitimate interests in managing fleet risk and ensuring drivers we engage are entitled to drive). Your employment relationship sits with your agency.

Where we rely on legitimate interests, we have carried out a documented Legitimate Interests Assessment and balanced our interests against your rights, freedoms and reasonable expectations. You can ask us for a summary.

4. Criminal offence data

Endorsements and disqualifications appearing in your driving record are personal data relating to criminal convictions and offences under Article 10 UK GDPR.

Variant A — for employees: We process this data under Schedule 1 Part 1 paragraph 1 of the Data Protection Act 2018 (employment, social security and social protection).

Variant B — for contractors, agency drivers, or other non-employee relationships: We process this data under Schedule 1 Part 2 paragraph 10 (preventing or detecting unlawful acts) and/or paragraph 12 (regulatory requirements relating to unlawful acts and dishonesty). We maintain an Appropriate Policy Document under Schedule 1 Part 4, available on request.

5. Who we share your information with

Driver Codes (RSMT Limited, Information Commission registration ZA788385) provides the check service. Driver Codes' role and processing is set out in its Driver Checks Privacy Notice at driver.codes/legal/checks-privacy.

DVLA holds your driving record and is the source of the information we receive via Driver Codes. DVLA's processing is governed by its own privacy notice.

[INSERT OTHER RECIPIENTS] — for example: your line manager; our fleet team; our HR system; our insurer; any third party we instruct to investigate a road incident; your union representative if you have appointed one.

We do not sell your personal data and we do not share it for the purposes of anyone else's direct marketing.

6. How long we keep your information

[ADJUST TABLE TO MATCH YOUR ACTUAL RETENTION SCHEDULE.]

7. Where your data is stored

Your data is stored in the United Kingdom on Driver Codes' systems and on our own systems. [IF YOU TRANSFER OUTSIDE THE UK, ADD: We may transfer your data outside the UK in connection with [REASON]. Where we do, we rely on [TRANSFER MECHANISM] supported by a documented Transfer Risk Assessment.]

8. Your rights

Subject to UK data protection law, you have the right to:

• request access to your personal data;
• ask for inaccurate information to be corrected;
• ask for deletion or restriction of processing, where the conditions apply;
• object to processing based on legitimate interests, where you have particular reasons relating to your situation;
• receive a portable copy of certain information, where the conditions apply;
• not be subject to solely automated decisions producing legal or similarly significant effects;
• complain about our handling of your data (see clause 10 below).

To exercise a right, contact us using the details in clause 11.

9. Automated decision-making

We do not make solely automated decisions about you based on driving record information that produce legal or similarly significant effects. A human makes the relevant decisions about your role, assignment or engagement.

[DELETE THE ABOVE AND REPLACE WITH AN EXPLANATION IF YOU DO USE AUTOMATED DECISION-MAKING — for example, automated risk-scoring that triggers immediate suspension. You'll need to explain the logic, the significance, and the safeguards.]

10. Complaints

You have the right to complain about how we handle your personal data. The fastest route is to contact us at [PRIVACY CONTACT]. We will acknowledge your complaint within 30 days and aim to provide a substantive response within the same period for routine complaints.

If you are not satisfied with our response, you have the right to complain to the Information Commission (formerly the Information Commissioner's Office), the UK's data protection regulator. Their website is ico.org.uk.

You can also complain directly to Driver Codes about its own processing of your data — see the Driver Checks Privacy Notice.

11. Contact