Britannia Coaches Limited GDPR Privacy Policy

PRIVACY NOTICE
This notice explains how and why Britannia Coaches Limited uses personal information from service users, organisations and other members of the public.

1. Who we are

This privacy notice explains how Britannia Coaches Limited (“Britannia”, “we”, “us”) collects and uses personal data about service users, customers, suppliers, contractors, website visitors, and members of the public.

Our contact details
Britannia Coaches Limited
Britannia House, Hollow Wood Road, Dover, Kent CT17 0UB
Email: enquiries@britannia-coaches.co.uk
Telephone: 01304 228111

Who is responsible for data protection at Britannia
Ben Lawson oversees compliance with this privacy notice. If you have questions, contact us using the details above.

This notice is reviewed and updated from time to time. Please check our website periodically for updates. The “Last updated” date is at the end.

2. Key definitions

Personal data means any information relating to an identified or identifiable living person, for example name, address, email address, telephone number, booking details, and payment references.

Special category data is more sensitive data that needs extra protection, for example information about health, ethnicity, or religion. UK GDPR generally prohibits processing special category data unless a specific condition applies.

3. The personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact details: name, address, email, phone number.

  • Booking and service details: journey details, pickup and drop-off locations, dates and times, passenger information you provide, and communications with us.

  • Children’s data (home to school): child’s name, address, school, emergency contacts, and any information needed to provide the service safely.

  • Special category data (only where needed): for example, health information required to provide safe transport and appropriate assistance.

  • Payment-related information: payment status, transaction references, invoices, and limited payment details (note, card payments are processed by payment providers and we do not usually receive full card details).

  • Website and device data: when you submit forms, and information gathered via cookies or similar technologies (see our Cookies Policy).

  • Social media messages: if you contact us via social platforms.

If you do not provide information that is necessary to make or deliver a booking, we may be unable to provide the service.

4. How we use personal data and our lawful bases

UK GDPR requires a lawful basis for processing personal data. The lawful bases include contract, legal obligation, legitimate interests, and consent.

A) Individual and private hire transport services (customers)

What we do
We use personal data to respond to enquiries, create bookings, deliver transport services, manage payments, and handle queries and complaints.

Lawful basis

  • Contract: where processing is necessary to take steps at your request and to provide the service you book.

  • Legitimate interests: for service administration, quality assurance, fraud prevention, and record-keeping (balanced against your rights).

  • Legal obligation: where we must process data to comply with law, for example tax and accounting.

Special category data
Where we process special category data (for example health information needed for safe transport), we will identify both:

  • an Article 6 lawful basis, and

  • a separate Article 9 condition (most commonly explicit consent, or another applicable condition depending on the circumstances).

B) Home to school transport (schools and local authorities)

Where the data comes from
Schools or local authorities may provide us with personal data about pupils to enable transport delivery.

Our role: processor and controller

  • In most cases, when we deliver home to school transport using data supplied by a school or local authority, that organisation is the controller and we act as a processor for the day-to-day delivery of the service (processing on their instructions).

  • In some situations we may act as an independent controller for specific activities we must manage ourselves, for example handling complaints, incidents, insurance matters, and meeting legal and safeguarding obligations.

How we use and share the data
We share the minimum necessary information with drivers and passenger assistants (and, where applicable, supervisors or subcontractors) to deliver the service safely.

Lawful basis
Where we act as controller for parts of this processing, the lawful basis will typically be:

  • Legitimate interests: delivering a safe and reliable transport service and administering it appropriately, with additional care because children’s data needs particular protection.

  • Legal obligation: where required for compliance.

C) Queries, complaints, incidents, and insurance matters

What we do
We use personal data to investigate concerns, manage incidents, respond to correspondence, and liaise with relevant third parties.

Who we may share with (where necessary)
Insurers, legal advisers, auditors, relevant local authorities, DVSA where appropriate, and the Office of the Traffic Commissioner (not “Transport Commissioner”), and other regulators or authorities where required or appropriate.

Lawful basis

  • Legitimate interests: investigating issues, defending our position, and improving service.

  • Legal obligation: where disclosure is required by law or regulatory requirement.

D) Marketing

Marketing must comply with both data protection law and PECR rules. The ICO notes you generally need consent for email and text marketing unless the “soft opt-in” applies.

Email and SMS marketing

  • We will send marketing by email or text only where we have consent, or where the soft opt-in applies (for example, marketing our own similar services to existing customers who were given a clear opportunity to opt out at the time of data collection and in every message).

  • You can opt out at any time using the unsubscribe option in the message, or by contacting us.

Post marketing
We may send marketing by post where we consider it proportionate and where we have a lawful basis, typically legitimate interests. You can opt out at any time.

Telephone marketing
We may contact you by telephone for marketing only where permitted and we will screen against preference services where required. You can opt out at any time.

E) Website enquiries and online payments

If you complete a website form, we use the information to respond and, where relevant, provide services.

Lawful basis

  • Contract: taking steps at your request, or fulfilling a service request.

  • Legitimate interests: responding to enquiries, service improvement, and quality monitoring.

For payments, card payments are processed by payment providers. We receive confirmation and payment references.

5. Who we share personal data with

We do not sell personal data.

We share personal data only where necessary, including with:

  • Our staff and contractors who need it to perform their roles.

  • Drivers and passenger assistants, where necessary to deliver services safely.

  • IT, booking, accounting, communications, and storage suppliers acting as processors, under appropriate contractual terms.

  • Payment processors for handling payments.

  • Insurers, legal advisers, and regulators where relevant.

  • Authorities where required by law.

Where suppliers process data on our behalf, UK GDPR requires appropriate processor terms.

6. International transfers

Some of our suppliers may store or access personal data outside the UK.

If we make a “restricted transfer”, we will ensure appropriate safeguards are in place, for example the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses, plus any required risk assessment steps.

You can contact us for further information about the safeguards we rely on.

7. Data security

We use appropriate technical and organisational measures to protect personal data, including access controls, secure systems, backup procedures, and staff confidentiality obligations.

Access to personal data is limited to people who need it for their work. We also require appropriate security from suppliers who process data on our behalf.

No internet transmission is guaranteed to be fully secure, but we take reasonable steps to protect the data you send to us and to protect data once received.

We have procedures to handle suspected personal data breaches and will notify individuals and the ICO where legally required.

8. Data retention

We keep personal data only for as long as necessary for the purposes set out in this notice, including legal, accounting, reporting, safeguarding, and dispute resolution. The ICO expects organisations to tell individuals the retention period or the criteria used to set it.

Our typical retention periods are:

  • General customer and supplier records: usually up to 7 years after the end of the relationship or the relevant financial year, to meet accounting and legal obligations.

  • Children’s home to school records: typically until 7 years after the child reaches 18, unless a longer period is necessary for safeguarding or legal reasons.

  • Safeguarding or serious incident records: where necessary and proportionate, we may retain relevant records for up to 35 years, particularly where needed to protect individuals, manage safeguarding risks, or defend legal claims.

We may retain data for longer where required by law, or where it is necessary to establish, exercise, or defend legal claims, or where there is an ongoing investigation.

We review data periodically and securely delete or anonymise it when it is no longer needed.

9. Your rights

You have rights under UK GDPR, including:

  • Access to your personal data.

  • Rectification of inaccurate data.

  • Erasure in certain circumstances.

  • Restriction of processing in certain circumstances.

  • Objection to processing based on legitimate interests and to direct marketing.

  • Data portability where applicable.

You also have the right to withdraw consent at any time where we rely on consent.

To exercise your rights, contact us at enquiries@britannia-coaches.co.uk or 01304 228111. We may need to verify your identity before responding.

You have the right to complain to the Information Commissioner’s Office (ICO).

10. Automated decision-making

We do not make decisions about you based solely on automated processing where this produces legal effects or similarly significant effects.

Last updated: 27/01/2026

.
Published: By Britannia Coaches Limited