OptiFleetLegal & Compliance
Privacy Policy
ICO Registration: OptiFleet Limited is registered with the Information Commissioner's Office (ICO) as a data controller.
If you have any questions about this policy, contact us at hello@optifleetuk.com.
1. Who We Are
1.1OptiFleet Limited ("OptiFleet", "we", "us") is a company registered in Scotland (company number SC883979). We provide a web-based fleet cost management platform accessible at optifleetuk.com and optifleetpt.com.
1.2For personal data relating to visitors to our website and to our direct business contacts (prospective and current customers), OptiFleet acts as the data controller.
1.3For personal data relating to drivers and employees that our customers upload to the platform, OptiFleet acts as a data processor on behalf of the customer (who is the data controller). This is governed by the Data Processing Agreement entered into at onboarding.
2. Personal Data We Collect
Website Visitors
2.1When you visit optifleetuk.com or optifleetpt.com we may collect: your IP address, browser type, referring URL, pages visited, and time of visit. This is collected automatically by Cloudflare's infrastructure for security and performance purposes.
2.2If you submit an enquiry or contact form on our website, we collect your name, email address, company name, and the content of your message.
Platform Customers (Fleet Managers / Account Holders)
2.3When you create an OptiFleet account or enter into a subscription, we collect: your name, job title, email address, company name, company address, and billing information.
2.4We also collect data you enter into the platform, including: fleet vehicle records, service history, fuel card data, supplier and cost information, and account notes.
2.5We record the time and content of actions taken within the platform for audit trail and security purposes (e.g. login events, data exports, document signings).
Driver Data (Processed on Behalf of Customers)
2.6If your organisation uses the driver management features of the platform, we process personal data relating to your drivers on your instructions. This may include: full name, date of birth, driving licence number, licence categories and endorsements, home address, and vehicle assignment records.
2.7Where driver licence checking is enabled, we transmit driver data to the DVLA's Automated Digital Declaration (ADD) service and/or Safe2Drive on your behalf. This data is used solely for the purpose of verifying driver licence status and is not retained by OptiFleet beyond what is necessary to return results to you.
Note for drivers: If you are an employee whose data has been entered into the OptiFleet platform by your employer, your employer is the data controller for that data. Please contact your employer with any queries about how your personal data is being used. OptiFleet can be contacted at hello@optifleetuk.com if you have concerns about how we handle data on their behalf.
3. Lawful Bases for Processing
| Activity | Lawful Basis |
|---|---|
| Website analytics and security | Legitimate interests — to maintain secure and well-functioning services |
| Responding to website enquiries | Legitimate interests / Pre-contractual steps |
| Providing the platform to subscribed customers | Performance of contract |
| Sending invoices and billing communications | Performance of contract / Legal obligation |
| Sending service notices and updates | Legitimate interests — keeping customers informed about the service |
| Processing driver data on behalf of customers | We are a data processor; the lawful basis is that of the data controller (the customer) |
| Retaining financial records | Legal obligation (Companies Act 2006, HMRC requirements) |
| Cookies (essential only) | Legitimate interests / Consent where required |
4. Cookies
4.1Our public website uses minimal cookies. We do not use advertising, tracking, or third-party analytics cookies.
4.2The platform uses a single, essential session cookie (
crm_session) to maintain your authenticated session. This cookie is HttpOnly, Secure, and SameSite=None. It contains no personal data and is deleted when your session expires.4.3We do not use Google Analytics, Facebook Pixel, or any similar third-party tracking tools.
5. Who We Share Data With
5.1We do not sell, rent, or trade personal data. We share data only with the sub-processors listed below, and only to the extent necessary to deliver our services.
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, content delivery, storage (KV/R2), Workers compute | EEA / UK |
| Resend, Inc. | Transactional email delivery (invoices, notifications, magic links) | USA (Standard Contractual Clauses in place) |
| DVLA / Safe2Drive | Driver licence verification (only where this feature is enabled by the customer) | United Kingdom |
5.2We may disclose personal data if required to do so by law, court order, or a regulator, or to protect the rights, property, or safety of OptiFleet, its customers, or others.
6. International Transfers
6.1Platform data (fleet records, driver data, customer data) is stored on Cloudflare infrastructure within the EEA and UK. We do not transfer this data outside these regions.
6.2Email delivery via Resend may involve processing in the United States. Resend participates in appropriate data transfer mechanisms (Standard Contractual Clauses) to ensure adequate protections are in place.
6.3We will not transfer subscriber or driver data outside the EEA and UK without your prior written consent.
7. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Platform customer account data | Duration of subscription + 7 years | Legal / tax obligations |
| Driver and fleet data (after termination) | 30 days post-termination | To allow data export; then securely deleted |
| Signed contracts and agreements | 7 years | Legal obligation / dispute resolution |
| Invoice and billing records | 7 years | HMRC / Companies Act requirement |
| Website enquiry data | 12 months | Legitimate interests |
| Platform session logs / audit trail | 12 months | Security and accountability |
| Website visitor / server logs | Up to 30 days (Cloudflare) | Security and performance |
8. Your Rights Under UK GDPR
8.1If we are processing your personal data as a controller, you have the following rights. To exercise any of these rights, contact us at hello@optifleetuk.com. We will respond within one calendar month.
✅ Right of Access
Request a copy of the personal data we hold about you (Subject Access Request).
✏️ Right to Rectification
Ask us to correct inaccurate or incomplete personal data.
🗑️ Right to Erasure
Ask us to delete your data where there is no compelling reason for continued processing.
⏸️ Right to Restriction
Ask us to restrict processing of your data in certain circumstances.
📦 Right to Portability
Receive your data in a structured, machine-readable format and transfer it to another service.
🚫 Right to Object
Object to processing based on legitimate interests. We will cease unless we have compelling grounds.
8.2If you are a driver whose data is processed by OptiFleet on behalf of your employer, your rights should be exercised with your employer as the data controller. We will cooperate with your employer to assist in responding to such requests.
8.3You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: ico.org.uk · 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO.
9. Security
9.1We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include: TLS encryption in transit, encrypted storage at rest, HMAC-signed session tokens, role-based access controls, and audit logging.
9.2In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where required.
10. Changes to This Policy
10.1We may update this Privacy Policy from time to time. Where changes are material, we will notify active platform customers by email. Continued use of the platform after changes are posted constitutes acceptance of the revised policy.
10.2The current version of this policy is always available at optifleetuk.com/privacy.
11. Contact Us
OptiFleet Limited
Registered in Scotland · Company No. SC883979
Email: hello@optifleetuk.com
Website: optifleetuk.com
Registered in Scotland · Company No. SC883979
Email: hello@optifleetuk.com
Website: optifleetuk.com
11.1For any questions, complaints, or to exercise your rights under UK GDPR, please contact us by email. We aim to respond to all privacy-related enquiries within 5 business days and to formally respond to rights requests within one calendar month.