1. Introduction & Our Commitment

ClearDrive UK ("we," "us," "our") is deeply committed to protecting your privacy and personal information. This Privacy Policy explains in clear, straightforward language how we collect, use, store, and protect your data when you use our driving instruction services.

We strictly comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

2. Who We Are (Data Controller)

As the Data Controller, we determine how and why your personal data is processed. We're responsible for ensuring your data is handled lawfully, fairly, and transparently.

3. What Personal Data We Collect

We only collect data necessary for providing driving lessons and meeting our legal obligations. Here's exactly what we collect:

3.1 Personal Identification Information

• Full Name: To identify you and address you correctly
• Date of Birth: To verify you meet age requirements
• Contact Details: Phone number, email address, home address
• Emergency Contact: Name and phone number (optional but recommended)

3.2 Driving Licence Information

• Driving licence number
• Licence issue and expiry dates
• Entitlement categories
• Endorsements or penalty points (if applicable)
• National Insurance number (for DVSA licence checks)

3.3 Lesson & Progress Information

• Lesson dates, times, and durations
• Pickup and drop-off locations
• Instructor notes on your progress and performance
• Skills assessment records
• Mock test results
• Areas requiring improvement

3.4 Financial Information

• Payment history and invoices
• Bank transfer reference numbers
• Payment method (card/cash/bank transfer)

3.5 Health & Medical Information (Where Disclosed)

• Medical conditions affecting driving ability (voluntarily disclosed)
• Physical disabilities or adaptations required
• Eyesight information (if you require corrective lenses)

This is Special Category Data under GDPR and is handled with extra care.

3.6 Website & Technical Data (Automatically Collected)

• IP address and approximate location
• Browser type and version
• Device information (computer, tablet, phone)
• Pages visited and time spent
• Referring website addresses
• Cookies and similar tracking technologies

See our Cookie Policy for full details.

3.7 Communications

• Emails, texts, and phone call records with us
• Contact form submissions
• Live chat transcripts
• Feedback and survey responses

4. How We Collect Your Personal Data

We collect your personal information through various channels during your interaction with our services.

4.1 Information You Provide Directly

• Contact Forms: When you fill out our website contact form or booking request
• Phone & Email: When you call, text, or email us to enquire about lessons
• Registration: When you create an account on our website or student portal
• Booking Process: When you schedule lessons or purchase packages
• During Lessons: Information shared with your instructor during lessons
• Surveys & Feedback: When you complete satisfaction surveys or provide reviews
• Social Media: When you message us or interact with our social media pages

4.2 Information We Collect Automatically

When you visit our website, we automatically collect:

• Device Information: Browser type, operating system, device model
• Usage Data: Pages visited, time spent, navigation paths
• Location Data: Approximate location based on IP address
• Cookies: Session cookies, preference cookies, analytics cookies (see Cookie Policy)
• Referral Source: How you found our website (search engine, social media, direct link)

4.3 Information from Third Parties

We may receive information about you from:

• DVSA: Driving licence verification and check results
• Payment Processors: Transaction confirmations and payment status
• Social Media: Public profile information if you connect via social login
• Referrals: Your name and contact details if someone refers you to us
• Other Students: If you're added as an emergency contact

4.4 Information from Instructors

Your instructor records:

• Lesson attendance and punctuality
• Driving skills assessment and progress notes
• Areas requiring improvement or focus
• Test readiness evaluation
• Any incidents or concerns during lessons

5. Why We Use Your Personal Data (Purposes & Legal Bases)

Under UK GDPR, we must have a lawful basis for processing your data. Here's what we use your data for and why we're legally allowed to do so:

5.1 To Provide Driving Instruction Services

5.2 To Process Payments

5.3 To Communicate with You

5.4 For Safety & Legal Compliance

5.5 To Improve Our Services

5.6 Marketing (Only with Your Consent)

5.7 Special Category Data (Health Information)

If you disclose medical conditions or disabilities:

6. Legal Basis for Processing - Quick Reference

Under UK GDPR, we must have a lawful basis for all data processing. Here's a quick reference table:

7. Who We Share Your Personal Data With

We share your data only when necessary for service delivery, legal compliance, or with your consent. We NEVER sell your data to third parties.

7.1 Internal Sharing

7.2 Essential Service Providers

7.3 Legal & Regulatory Authorities

We may share data with authorities when legally required:

• DVSA: Licence verification, instructor compliance, test administration
• HMRC: Tax records, financial reporting
• Police: If required for investigations or legal proceedings
• Courts: In response to court orders or subpoenas
• ICO: If requested during data protection investigations
• Local Safeguarding Authorities: If child protection concerns arise

7.4 Insurance Companies

In the event of an accident or insurance claim:

• Your name and contact details
• Lesson details (date, time, location)
• Incident reports and dashcam footage
• Instructor statements and witness accounts

7.5 Third Parties We DON'T Share With

7.6 Data Protection Agreements

All third-party service providers are required to:

• Sign Data Processing Agreements (DPAs) ensuring GDPR compliance
• Implement appropriate security measures
• Only process data for specified purposes
• Delete or return data when services end
• Notify us of any data breaches immediately
• Allow audits of their security practices

8. How We Protect Your Data (Security Measures)

We take data security seriously and implement industry-standard technical and organizational measures to protect your information from unauthorized access, loss, or misuse.

8.1 Technical Security Measures

8.2 Organizational Security Measures

• Staff Training: All staff receive mandatory GDPR and data security training
• Background Checks: Enhanced DBS checks for all instructors and relevant staff
• Confidentiality Agreements: All staff sign confidentiality and data protection agreements
• Need-to-Know Basis: Staff only access data necessary for their specific job functions
• Secure Disposal: Confidential shredding of physical documents, secure wiping of electronic devices
• Clean Desk Policy: No sensitive information left visible or unsecured
• Visitor Controls: Sign-in procedures and escorted access in our offices

8.3 Physical Security

• Secure, locked offices with restricted access
• CCTV monitoring of office premises
• Alarm systems and security guards (where applicable)
• Secure storage for physical records in locked filing cabinets
• Controlled access to server rooms and IT infrastructure

8.4 Website Security

8.5 Your Role in Security

While we protect your data, you can help by:

• Using strong, unique passwords for your account
• Not sharing your login credentials with others
• Logging out of your account when using shared devices
• Keeping your contact details up to date
• Reporting any suspicious emails or communications claiming to be from us
• Enabling two-factor authentication (if available)

8.6 Payment Security

8.7 Regular Security Reviews

We continuously improve our security through:

• Annual penetration testing by independent security firms
• Quarterly vulnerability assessments
• Regular reviews of access permissions and logs
• Ongoing staff security awareness training
• Incident response drills and testing
• Compliance audits for GDPR, PCI-DSS, and industry standards

9. Your Rights Under UK GDPR

You have powerful rights over your personal data:

How to Exercise Your Rights

Contact us at:

• Email: info@cleardrivedrivingschool.com
• Phone: +447478472584

10. How Long We Keep Your Data

We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

10.1 Retention Periods by Data Type

10.2 Legal Retention Requirements

Some data must be retained for legal and regulatory reasons:

• Tax & Accounting: 7 years after end of relevant tax year (HMRC requirement)
• Insurance Claims: 7 years after policy expiry or claim settlement
• Contract Documentation: 6 years after contract end (Limitation Act 1980)
• Health & Safety Records: 3-50 years depending on record type
• Safeguarding Records: Until child reaches 25 or indefinitely if serious concerns

10.3 Secure Deletion

When retention periods expire, we securely delete or anonymize your data:

• Electronic records are permanently deleted using secure deletion methods
• Physical records are confidentially shredded or destroyed
• Backups are purged according to our data lifecycle policy
• Anonymization is used where data has statistical or quality improvement value

11. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve your experience. For full details, please see our dedicated Cookie Policy.

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and understand how you use our site.

11.2 Types of Cookies We Use

11.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner (appears on first visit)
• Your browser settings (see our Cookie Policy for browser-specific instructions)
• Google Analytics Opt-out Browser Add-on

12. Privacy Protection for Children & Young People

We take extra care when processing the personal data of children and young people under 18.

12.1 Parental Consent & Involvement

• Under 16: We require verifiable parental/guardian consent before processing personal data
• 16-17 year olds: May consent themselves but parents/guardians should be informed
• Parents/guardians have the right to access their child's data and request deletion
• We communicate lesson progress and any concerns to parents/guardians

12.2 Safeguarding Measures

• All instructors undergo enhanced DBS checks
• Lessons are conducted according to strict safeguarding policies
• Parents/guardians are kept informed of lesson times and locations
• We maintain professional boundaries at all times
• Any safeguarding concerns are reported to appropriate authorities

12.3 Data Minimization for Minors

We collect only the minimum data necessary:

• No marketing communications without explicit parental consent
• No sharing of data with third parties unless legally required
• Limited collection of sensitive information
• Age-appropriate communication and transparency

13. International Data Transfers

We primarily store and process your data within the United Kingdom. However, some third-party services we use may transfer data internationally.

13.1 Where Your Data May Be Transferred

• Google Analytics: Data may be processed in the USA (adequate safeguards in place)
• Email Services: Our email provider may use EU and UK servers
• Cloud Backup: Encrypted backups stored in UK and EU data centers

13.2 Safeguards for International Transfers

When we transfer data internationally, we ensure appropriate safeguards:

• Adequacy Decisions: Transfers to countries deemed adequate by the UK government
• Standard Contractual Clauses (SCCs): Legally binding contracts approved by the ICO
• Privacy Shield Alternatives: Updated frameworks for US data transfers
• Encryption: All data encrypted in transit and at rest
• Data Processing Agreements: Contracts ensuring GDPR-level protection

13.3 Your Rights Regarding International Transfers

You have the right to:

• Request information about where your data is transferred
• Obtain copies of safeguards in place (SCCs, adequacy decisions)
• Object to transfers if you believe safeguards are inadequate

14. Data Breach Notification & Response

While we implement robust security measures, no system is 100% secure. We have comprehensive procedures for handling data breaches.

14.1 Our Breach Response Process

14.2 When We'll Notify You

We will notify you directly if a breach:

• Poses a high risk to your rights and freedoms
• Involves sensitive personal data (health, financial)
• Could result in identity theft, fraud, or discrimination
• Significantly affects your privacy

14.3 What We'll Tell You

Our breach notification will include:

• Nature of the breach and data affected
• Likely consequences and potential risks
• Steps we're taking to address the breach
• Recommended actions you should take (e.g., password changes)
• Contact details for more information

14.4 Reporting a Suspected Breach

If you suspect a data breach involving your information, contact us immediately:

15. CCTV, Dashcam & In-Vehicle Recording

Some of our instructors use dashcams and in-vehicle recording devices for safety, training, and insurance purposes.

15.1 What We Record

• Dashcam Footage: Forward and rear-facing road view during lessons
• In-Vehicle Camera: Interior view for training quality assurance (with consent)
• Audio Recording: Lesson instructions and feedback (with consent)
• GPS Tracking: Route taken during lessons for training analysis

15.2 Why We Record

• Insurance claims and accident investigation
• Evidence in case of traffic incidents or disputes
• Training quality improvement and instructor monitoring
• Student progress review and feedback
• Security and safety of students and instructors
• Protection against false allegations

15.3 Recording Notices

You will be informed about recording:

• Clear signage in vehicles indicating recording is in progress
• Verbal notification from instructor before first lesson
• Written consent for audio and interior video recording
• Information about retention periods and access rights

15.4 Storage & Retention

• Standard Footage: Automatically deleted after 30 days
• Incident Footage: Retained for 7 years for insurance/legal purposes
• Training Review: Specific clips retained with your consent for progress review
• Storage: Encrypted and password-protected

15.5 Your Rights Regarding Recordings

• Request copies of footage featuring you (subject access request)
• Withdraw consent for audio/interior recording (may affect lesson booking)
• Request deletion after incident resolution (subject to legal retention)
• Object to use of footage for training purposes

16. Marketing & Promotional Communications

We only send marketing communications with your consent and make it easy to opt out at any time.

16.1 Types of Marketing

• Email Newsletters: Driving tips, special offers, company news
• SMS Messages: Exclusive deals and time-sensitive offers
• Phone Calls: Follow-ups and personalized offers (with consent)
• Post: Promotional materials (rarely used)

16.2 Your Marketing Preferences

You have complete control:

• Opt in or out at any time via your account settings
• Choose which communication channels you prefer
• Unsubscribe from emails using the link in every message
• Reply "STOP" to SMS messages to unsubscribe
• Contact us to update all preferences at once

16.3 Service vs. Marketing Messages

16.4 Third-Party Marketing

16.5 How to Opt Out

Unsubscribe anytime:

• Email: Click "Unsubscribe" link at bottom of any email
• SMS: Reply "STOP" to any text message
• Phone: Ask to be removed from calling list during any call
• Account: Update preferences in your online account
• Contact Us: Email info@cleardrivedrivingschool.com to opt out of all marketing

Processing Time: We'll action opt-out requests within 2 working days (legally required: 28 days).

17. Third-Party Websites & Services

Our website may contain links to third-party websites, services, or platforms. This Privacy Policy applies only to our website and services.

17.1 External Links

We may link to:

• DVSA Website: Official government driving test information
• Theory Test Resources: Study materials and practice tests
• Social Media: Our Facebook, , profiles
• Payment Processors: Secure payment gateways
• Review Platforms: Trustpilot, Google Reviews
• Mapping Services: Google Maps for location finding

17.2 Our Responsibility

17.3 Third-Party Services We Use

17.4 Social Media Integration

Our website may include social media features (like buttons, widgets, or embedded content). These features may:

• Collect your IP address and pages visited
• Set cookies to enable proper functionality
• Be governed by the privacy policy of the providing company

18. Exercising Your Rights - Detailed Guide

Here's a comprehensive guide to exercising each of your rights under UK GDPR.

18.1 Right to Access (Subject Access Request)

18.2 Right to Rectification

18.3 Right to Erasure ("Right to be Forgotten")

18.4 Right to Restrict Processing

Request we limit how we use your data while we:

• Verify accuracy of disputed data
• Investigate objections to processing
• Determine whether our legitimate interests override yours

During restriction, we can still store the data but won't use it without your consent (except for legal claims).

18.5 Right to Data Portability

Request your data in a machine-readable format (CSV, JSON, XML) to:

• Keep personal records
• Transfer to another driving school
• Use with other services

This right only applies to data you provided to us based on consent or contract.

18.6 Right to Object

Object to processing based on:

• Legitimate Interests: We'll stop unless we demonstrate compelling legitimate grounds
• Direct Marketing: Absolute right - we'll stop immediately
• Scientific/Statistical Research: Unless research serves public interest

18.7 Rights Related to Automated Decision-Making

We don't currently use automated decision-making or profiling that significantly affects you. If we do in future:

• You'll be clearly informed
• You can request human intervention
• You can express your point of view
• You can contest the decision

19. How to Complain About Data Handling

We hope to resolve any concerns directly, but you have the right to complain to the ICO if dissatisfied.

19.1 Complain to Us First

We encourage you to contact us first:

19.2 Information Commissioner's Office (ICO)

You can complain to the UK's data protection authority:

19.3 What Happens Next

• ICO will acknowledge your complaint
• They may contact us for information
• Investigation can take several months
• ICO may issue guidance, warnings, or enforcement action
• You'll be kept informed throughout

20. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

20.1 How We Notify You of Changes

• Minor Changes: Updated "Last Revised" date at top of page
• Significant Changes: Email notification to registered users + prominent website notice
• Material Changes: May request renewed consent where required by law

20.2 Version History

20.3 What You Should Do

• Review this policy periodically
• Check the "Last Updated" date
• Read notifications about significant changes
• Contact us with questions about any changes
• Exercise your rights if you disagree with changes

20.4 Archive of Previous Versions

Previous versions of this Privacy Policy are available upon request. Contact info@cleardrivedrivingschool.com specifying which version you'd like to review.

21. Contact Us About Privacy

For any questions, concerns, or requests regarding this Privacy Policy or your personal data: