top of page

THE ISLES OF SCILLY COMMUNITY VENTURE CIC – THE GO-EV CAR SHARE PRIVACY POLICY

We ask that you read this privacy policy carefully as it contains important information about who we are, how and why we collect, store, use and share personal information when operating the GO-EV Car Share, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

This privacy policy is divided into the following sections:

  • Who we are

  • The GO-EV Car Share and Application

  • Our collection and use of your personal information

  • Our legal basis for processing your personal information

  • Further information - our processing activities

  • Who we share your personal information with

  • Transfer of your information out of the UK

  • Cookies and similar technologies

  • Marketing

  • Your rights

  • Keeping your personal information secure

  • How long we will keep you personal information for 

  • How to complain

  • Changes to this privacy policy

Who we are

This GO-EV Car Share is operated by the Isles of Scilly Community Venture C.I.C (“we”, “us” or “our”). We are the controller of you personal information which means that we are responsible for it under applicable data protection laws. 

The GO-EV Application and website (each referred to as the “Application” throughout this policy) are provided to you by the Isles of Scilly Community Venture CIC.

Please contact us using the following contact details, if you have any questions about this privacy notice or the information we hold about you:

The Isles of Scilly Community Venture: carshare@ioscv.co.uk

The GO-EV Car Share and Application

This privacy policy relates to your involvement with the GO-EV Car Share and in particular will apply when you register for and use an account on the Application (an “Account”), to enable you to rent our GO-EV vehicles (the “Vehicles”). 

Our collection and use of your personal information

We collect personal information about you when you register for an Account, contact us, send us feedback, rent our Vehicles via the Application, complete customer surveys or participate in competitions via the Application.

We collect this personal information from you either directly, such as when you register for an Account, contact us or rent a Vehicle, or indirectly, such as your Vehicle usage history collected via the Application and the telematics box.

We also collect personal information about you from the DVLA when we carry out driving licence checks.

The personal information we collect about you includes the following:

  • Identity Data which includes full name, marital status, title, date and place of birth, gender, driving licence details (specifically driving licence number and place of issues) as well as a photo or scanned copy of identification documentation such a driving licence or identity card and other information that may be contained in any proof of address documents that you share with us.

  • Contact Data which includes address, email address and telephone numbers.

  • Financial Data which includes payment card details.

  • Transaction Data includes details about payments to and from you and details of Vehicles you have rented from us.

  • Technical Data includes internet protocol (IP) address, your login data, operating system and other information relating to the device you use to access the Application.

  • Profile Data includes your username and password, bookings made by you, your interests, preferences and driving history information such as information about previous accidents, insurance claims or motor offences (also see information about our use and collection of “Criminal Offence Data” below below).

  • Usage Data includes information about how you use the Application (such as what pages you have visited and content you have viewed) and our car rental services for example information relating to the date and time of usage, the vehicle and equipment used  and other information collected via the telematics box.  

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

Criminal Offence Data

If your motor offence record contains criminal offence data, when you provide us with your DVLA driving licence check code to enable us to complete our driving licence checks as part of the sign up process, we will be collecting and processing criminal offence data about you. We will only do this where you have provided us with this information yourself and consent to our collection and processing of the criminal offence data for these purposes.

Special Category Data

We do not envisage that we will collect any special categories of more sensitive personal data about you. 

We use all of the above listed personal information to:

  • Create and manage your Account, including conducting DVLA driving licence checks 

  • Verify your identity

  • Rent vehicles to you

  • Notify you of any changes to the Application or to our services that may affect you

  • Improve our services

The Application is not intended for use by children and we do not knowingly collect or use personal information relating to children.

Our legal basis for processing your personal information

When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.

The legal bases we may rely on include:

  • Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract

  • Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)

  • Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to criminal offence data. You have the right to withdraw your consent at any time by contacting us using the details set out above. 

Further information—our processing activities

For further details on when we collect personal information, what we collect and our lawful basis for doing so, please read the following table:

Screenshot 2021-05-07 at 15.35.56.png
Screenshot 2021-05-07 at 15.36.22.png
Screenshot 2021-05-07 at 15.36.29.png

Who we share your personal information with

We routinely share you personal information with the following third parties:

  • Your data is held on servers hosted by Digital Ocean and Amazon Web Services. Automated emails are sent through Sendgrid and Amazon Web Services, and automated SMS messages are sent through The SMS Works;
     

  • The Council of the Isles of Scilly and our vehicle insurance providers from time to time in the event of needing to process a vehicle insurance claim which requires us to share you information with these third parties; and 

  • Stripe our payment processor.  

We will also share personal information with law enforcement or other authorities if required by applicable law, for example if we are notified of a parking ticket, speeding fine or other penalty which relates to your use of a Vehicle. We will also share your personal information with private third parties if you have obtained a private parking fine. 

We will share aggregated and anonymised data with Hitachi, a strategic partner of the GO-EV Car Share. However, as you cannot be identified from this it does not comprise your personal data. 

Transfer of your information out of the UK

We store any personal information on servers in the UK and Ireland. Any countries within the EEA are deemed to be an adequate data transfer location which means that they afford personal data an equivalent level of protection as the UK data protection framework. 

In order to provide you with the services we may also need to appoint third party service providers which are located outside of the UK and EEA, or that may themselves share your personal information outside the UK and/or EEA with their service providers. 

These transfers are subject to special rules under UK data protection law. This is because non-UK  countries do not have the same data protection laws as the UK and as a result in some cases the legal framework in the destination country may not afford personal data an equivalent level of protection. We will, however, ensure the transfer complies with applicable data protection laws and all personal information will be secure. 

As an example Stripe our payment processor, is a global company and may transfer personal data outside of the UK and EEA, including to the United States. Similarly, Amazon Web Services, Sendgrid and Digital Ocean have a global infrastructure and may transfer personal data outside of the UK and EEA. When each party does this it relies upon standard contractual clauses which ensure that data subjects have enforceable rights and remedies in respect of their personal data. 

If you would like further information please contact us. 

Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you access a website. 

When you access the Application, we may use cookies or other tracking technologies. These help to recognise you and your device and store some information about your preferences or past actions. 

If you do not want to accept any cookies, you can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Application, if the cookies are necessary for certain functionality to operate.

Marketing

We may use your personal information to send you updates (by email or text message) about our products, including exclusive offers, promotions or new products. We will do this where it is in our legitimate interests to do so because you are not a consumer or you are a consumer that has previously booked with the GO-EV Car Share.

We will always treat your personal information with the utmost respect and never sell it to other organisations for marketing purposes.

You always have the right to opt out of receiving further promotional communications by: 

OR

  • Using the ‘unsubscribe’ link in emails

Please note that we may also send you other communications in relation to your use of our services or in order to respond to queries you have raised, such communications are service communications and are not a form of marketing.

Your rights

Under the UK GDPR you have a number of important rights free of charge. In summary, those include rights to:

  • Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address

  • Require us to correct any mistakes in your information which we hold

  • Require the erasure of personal information concerning you in certain situations

  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

  • Object at any time to processing of personal information concerning you for direct marketing

  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

  • Object in certain other situations to our continued processing of your personal information

  • Otherwise restrict our processing of your personal information in certain circumstances

If you would like to exercise you right to access your personal information, please make your request for copies of this information by emailing carshare@ioscv.co.uk.

If you would like to exercise any other rights, please:

  • contact us using the contact details at the start of this privacy policy;

  • let us have enough information to identify you e.g. you Account information, name or user name;  

  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

  • let us know the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long we will keep your personal information for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Different retention periods apply for different types of personal information. 

When it is no longer necessary to retain your personal information, we will delete or anonymise it.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The UK GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/.

Changes to this privacy policy

This privacy policy was last updated in January 2023. We keep our privacy policy under regular review to make sure it is up to date and accurate. If we change our privacy policy from time to time, we will post the details of any changes here. We may also take reasonable steps to notify you if such changes affect how your personal data is processed.

bottom of page