Frequently Asked Questions
Q. Can I have access to my personal data?
A. Yes, under GDPR you can request DriveTech to make available all information held about you personally.
Q. What information does DriveTech collect from the DVLA?
A. Once you have completed your Licence Check Document and sent it to DriveTech / IDS we will request that the DVLA releases your record to verify:
- Your first and last name
- Your driving licence number and issue number
- That you hold a full driving licence which is current and valid
- If your driving licence has expired and/or has been revoked
- The expiry date of your driving licence
- The category(ies) of vehicle category(ies) that you are entitled to drive
- The expiry date(s) of the vehicle categories
- Live endorsements on your DVLA record
- Offence code(s)
- Offence/conviction date(s)
- Number of points on your licence/DVLA record*
* The information provided by DVLA will be current information only and may refer to endorsements which have occurred in the past but we will only receive details of these endorsements if they are current. Specifically, all endorsements remain on a driver’s record for a total of 4 years with the exception of certain careless driving or drink or drugs related endorsement or a previous ban – in which case, they remain on record for 11 years.
Q. What happens to the data held by DriveTech / IDS?
A. Once your DVLA record has been received, we will update your employer’s database and remove expired endorsements. The data will be used only for the purpose for which it is intended (i.e. to validate that you hold a current valid licence / assess risk).
Q. Where is personal data held and how do I know this is secure?
A. DriveTech and IDS are a Data Controller within the requirements of the GDPR and have been assessed by The British Standards Institution (BSI) and have gained the following accreditations: Quality Management Systems - ISO 9001:2015 Certificate No: FS 685400 and Information Security Management System - ISO/IEC 27001:2014 Certificate No: IS 685399
DriveTech and IDS treat data security extremely seriously and ensure that access to the information is very tightly controlled. Two of the UK’s major clearing banks and one of the UK’s major insurance companies represent just 3 of our extensive customer list and we have demonstrated to them as well as the DVLA that we have very strict procedures in place. We have undergone rigorous IT audits in order to ensure full IT compliance to all parties. Access to driver data is only available to named authorised users via secure login using user name and password to the named account only.
The DriveTech / IDS database (which holds driver information) is held electronically on secure dedicated servers within our facilities. As a part of our Business Contingency Plan, we have back up servers hosted by a specialist company who are certified to ISO/IEC 27001:2014 so that in the event of any unforeseen circumstance, we are able to replicate our operations with little or no disruption to the services we provide to our Customers.
All laptops are encrypted and driver information is never transferred onto removable storage such as flash drives, CDs, DVDs or removable hard drives. Access to these devices is controlled and limited through end-point protection software to maintain integrity and security of systems and data. All driver information is sent to and received from the DVLA via dedicated encrypted lines.
Q. How will DriveTech store my Licence Check Document?
A. Once your Licence Check Document has been processed, and in order for DriveTech to comply with its contractual obligations with DVLA, your Document will be stored electronically for 7 years from date of signature after which time your Document will be deleted. All Paper Documents are destroyed using a confidential waste facility.
Q. What will happen to my personal data? Will DriveTech sell it to a third party?
A. DriveTech fully complies with the GDPR, and when it comes to your privacy, we never compromise. Our Privacy Notice, which can be found on our web site, lets you know what happens to any personal data that you give us or any that we may collect from or about you. It applies to all products and services and case/examples where we collect your personal data. DriveTech will not pass on or sell your information to any third party and will not use the data for any purpose other than to verify your entitlement to drive. Under the terms of DriveTech’s contract with DVLA, no information will be sold to third parties or marketing organisations or abused in any way. Any such contravention would lead to DriveTech’s Data Protection Licence and contract with the DVLA being revoked. We would be unable to continue to provide a licence checking service.
Q. Why does DriveTech need to hold driver related data?
A. Under Duty of Care requirements, your employer must be able to demonstrate an audit trail should any issue relate to a Health & Safety matter concerning a driver / driving related incident. In the event that either the police or HSE asks your employer to prove that a driver’s licence had been checked, your employer can provide the output from FRM. If we were to delete a driver’s details in between licence checks, there would be no record of those details.
Q. What assurance can DriveTech provide for misuse of information?
A. Under the agreement between DriveTech and your employer, and the contract between DriveTech and DVLA, DriveTech cannot use any information they hold as a result of a driving licence check for any other purpose other than to report on driving licence information. The contract with DVLA also means that no information will be sold to a third party. In effect, the information cannot be misused or abused. Were DriveTech to misuse or abuse the terms of its contracts, it would risk losing its customers and its supplier (DVLA) and would be unable to operate.
Q. What reassurance can DriveTech provide in respect to the data being used for identity theft?
A. Apart from the driving licence number, DriveTech only holds personal information available in the public domain (e.g. electoral roll). DriveTech does not hold critical information which may lead to identify theft. This would need to include information such as place of birth, National Insurance number, financial information, mother’s maiden name etc, none of which requested or is held as part of the licence checking process.
Q. Will you pass on my personal data to my employer’s insurance company?
A. DriveTech will only release personal data to an interested party, such as an insurance company, if it is required to do so by a Court of Law.
Q. How can you satisfy me that DriveTech operates within DVLA guidelines?
A. DriveTech has a contract with the DVLA and its processes and procedures are subject to regular audit. The DVLA has the power to audit DriveTech and IDS processes on demand at any time, and without notice.
Q. What will happen to my personal data once I leave my employer?
A. Immediately your employer notifies DriveTech that you are no longer an employee, or that you no longer drive on business, your record will be archived. In accordance with DVLA requirements, your Licence Check Document will be archived for seven years from the date of signature and subsequently destroyed using a confidential waste facility.