Privacy Policy

1. Purpose of this Privacy Policy

This Privacy Policy explains how SwindonYoungDrivers collects, uses, discloses and protects personal data when you visit or use the website swindonyoungdrivers.co.uk and related services, including enquiries, lesson bookings and communications. It also explains your rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

By using our website or providing personal data to us, you acknowledge this Privacy Policy. You can contact us at any time to exercise your rights or ask questions about our privacy practices.

2. Who We Are and How to Contact Us

Controller: SwindonYoungDrivers (operator of the website swindonyoungdrivers.co.uk) is the controller responsible for your personal data.

Contact for privacy matters: privacy@swindonyoungdrivers.co.uk

If you make a privacy request, please include enough information for us to identify you and your request. We will respond within one month of receipt (or inform you if we need more time in complex cases).

3. Data Protection Officer

We are not required to appoint a Data Protection Officer. If you have any questions or concerns about how we handle your personal data, please contact our Data Protection Lead at privacy@swindonyoungdrivers.co.uk.

4. Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with us:

  • Identity and contact details: name, email address, telephone number, postal address, and (where relevant) age or date of birth of the learner and contact details of a parent/guardian.
  • Booking and service information: lesson preferences, availability, location details relevant to lessons, communications about your booking, and records of training provided.
  • Payment and transaction data: details of payments made and invoices issued. We do not store your full card details; payments are processed by secure third-party payment providers.
  • Communications: enquiries, emails, messages, feedback, complaints and testimonials (including any photos or media you choose to provide).
  • Technical and usage data: IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, time spent, and other diagnostic and analytics data collected via cookies and similar technologies.
  • Marketing preferences: your choices regarding receiving marketing communications and your cookie consent preferences.
  • Sensitive data (special category): information you choose to provide about health or accessibility needs relevant to lessons or safety. We only process such data with your explicit consent or where necessary to protect vital interests.

5. How We Collect Your Data

  • Directly from you: when you complete forms, make an enquiry or booking, communicate with us, or provide reviews or testimonials.
  • Automatically: through cookies and similar technologies when you browse our website.
  • From third parties: payment processors, service providers supporting our website and communications, and (where applicable) a parent/guardian who books on behalf of a learner.

6. Purposes and Legal Bases for Processing

We process personal data only when we have a lawful basis under the UK GDPR. The purposes and legal bases include:

  • Providing and managing services: to handle enquiries, process bookings, deliver lessons, manage your account and customer service. Legal basis: performance of a contract or steps prior to entering into a contract.
  • Payments and invoicing: to process payments, issue receipts and maintain financial records. Legal basis: performance of a contract and legal obligations (tax and accounting).
  • Communications: to respond to your requests, send booking confirmations, reminders and service updates. Legal basis: performance of a contract and our legitimate interests in efficient customer service.
  • Marketing: to send news, offers and updates by email or SMS. Legal basis: your consent, or our legitimate interests under the PECR “soft opt-in” for existing customers where permitted. You can opt out at any time.
  • Testimonials, photos and media: to publish feedback or images for promotional purposes. Legal basis: your consent.
  • Analytics and site improvement: to understand usage, improve our website and services, and measure performance. Legal basis: your consent (for non-essential cookies) and our legitimate interests in service improvement for aggregated or anonymised analysis.
  • Safety and security: to protect the security of our systems, prevent fraud or misuse, and ensure the safety of learners and instructors. Legal basis: our legitimate interests in security and safety, and legal obligations.
  • Legal and regulatory: to comply with laws, insurance and audit requirements, and to establish, exercise or defend legal claims. Legal basis: legal obligations and our legitimate interests.
  • Sensitive data: to accommodate health or accessibility needs or in an emergency. Legal basis: your explicit consent or vital interests of you or another person.

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and adopt safeguards to minimise privacy impacts.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, remember your preferences, and measure performance. Categories include:

  • Strictly necessary cookies: required for the website to function. These do not require consent.
  • Functional cookies: to remember choices (such as language or settings). Used with your consent where required.
  • Analytics cookies: to understand website usage and improve our services. Used with your consent.
  • Advertising/marketing cookies: to measure campaign effectiveness and, where applicable, show relevant content. Used with your consent.

Consent management: Where required by law, we use a consent mechanism to obtain and record your choices before setting non-essential cookies. You can change your cookie preferences at any time using the controls presented or by adjusting your browser settings to block or delete cookies. Blocking some cookies may affect site functionality.

Cookie retention: Cookie lifespans vary by purpose. Session cookies expire when you close your browser. Persistent cookies typically last from 1 day to 24 months unless you delete them sooner.

8. Sharing of Personal Data

We share personal data only as necessary for the purposes described above, with appropriate safeguards and data processing contracts in place. Categories of recipients include:

  • Instructors and authorised contractors: to deliver lessons and manage bookings.
  • Hosting, IT and support providers: to operate our website, databases and communications.
  • Payment processors: to securely process your payments.
  • Analytics and marketing service providers: to measure performance and manage communications in accordance with your preferences.
  • Professional advisers and insurers: for advice, insurance and claims handling.
  • Law enforcement, regulators or courts: where required by law or to protect rights, safety or property.
  • Business transfers: in the context of a restructuring, merger or acquisition, subject to confidentiality and data protection safeguards.

We do not sell your personal data.

9. International Data Transfers

Your personal data may be transferred outside the UK (and, where relevant, the European Economic Area) when we use service providers that operate internationally. Where we transfer data internationally, we ensure an adequate level of protection by using one or more of the following safeguards:

  • A UK adequacy regulation for the destination country; and/or
  • UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, plus supplementary measures where necessary.

You can contact us for more information about international transfers and to request a copy of relevant transfer safeguards, subject to confidentiality.

10. Data Retention

We keep personal data only for as long as necessary for the purposes set out in this policy and to comply with legal, accounting and reporting obligations. Typical retention periods are:

  • Enquiries with no booking: up to 18 months after our last interaction.
  • Bookings and customer records: up to 6 years after the end of our relationship (to meet tax, accounting and insurance requirements).
  • Accident, incident and insurance records: up to 7 years from the event or as required by law.
  • Marketing preferences and communications: until you opt out, or up to 24 months after your last interaction with us, whichever is sooner.
  • Technical logs and security records: typically up to 12 months, unless needed longer for security or legal reasons.
  • Cookies: as described in the Cookies section above.

We may retain data longer where necessary to establish, exercise or defend legal claims. When retention ends, we securely delete or anonymise data.

11. Your Privacy Rights

You have the following rights under the UK GDPR (subject to conditions and exemptions):

  • Access: obtain a copy of your personal data and information about how we process it.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data in certain circumstances.
  • Restriction: ask us to limit processing in certain cases.
  • Data portability: receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
  • Objection: object to processing based on our legitimate interests or for direct marketing.
  • Withdraw consent: where processing relies on consent, you may withdraw it at any time without affecting prior processing.

To exercise your rights, contact us at privacy@swindonyoungdrivers.co.uk. We may request proof of identity. We will respond within one month, or within three months for complex requests (we will let you know if we need more time).

Marketing opt-out: You can opt out of marketing at any time by following the unsubscribe instructions in our messages or by contacting us. We will still send service messages (e.g., booking confirmations).

12. Children’s Privacy

Our services are often arranged by parents or guardians for young learners. We aim to collect personal data of children only with the involvement and consent of a parent or guardian where required. The UK age for consenting to online information society services is 13. If you are under 13, please ask a parent or guardian to contact us on your behalf.

We process children’s data only for the purposes of arranging and delivering lessons and ensuring safety. We do not send direct marketing to children.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage. Measures include:

  • Encryption in transit (TLS) and secure server configuration.
  • Access controls, authentication and least-privilege permissions.
  • Data minimisation and retention limits.
  • Staff/contractor confidentiality and awareness measures.
  • Regular updates, backups and monitoring for vulnerabilities.

While we take reasonable steps to protect data, no system is completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant regulator where required by law.

14. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects about you.

15. Third-Party Websites

Our website may contain references to third-party websites or services. This Privacy Policy does not cover how those third parties process personal data. We encourage you to read their privacy policies before providing personal data to them.

16. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@swindonyoungdrivers.co.uk so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or technology. We will post the updated version on our website and indicate the effective date below. We encourage you to review this page periodically.

Effective date: 1 February 2026

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2026 SwindonYoungDrivers