dh Licence Check* takes the security of your personal data extremely seriously. We recognise our responsibilities in this area and the following policies outline these responsibilities.
How we handle your data – Who is Responsible?
Data Controller or Data Processor?
The GDPR identifies different obligations of Data Controllers and Data Processors.
It is important to understand these definitions to make sure that the right arrangements are in place.
- Data Controller is defined as an organisation or a person that determines the purposes for which and the manner in which any personal data is processed
- Data Processor is an organisation or a person who processes personal data on behalf of the Data Controller
A variety of different relationships are possible in relation to sharing personal data. These include:
- Data Controller to Data Processor where an agreement should be in place identifying how the Processor will manage the Controller’s personal data
- A Data Controller to Data Controller data sharing arrangement where the nature of the arrangement should be identified
So what is our Relationship?
You will be the Data Controller of information relating to your workers or prospective workers in relation to limited personal information that might be provided by you to allow access to our services.
In relation to the personal data that we engage with, both that provided in relation to individual workers and that gained from the DVLA as an authorised intermediary of the DVLA we are a separate Data Controller.
Arrangements with the DVLA make it compulsory that we are the Data Controller when acting as an intermediary providing licence check services, and we have obligations to manage the purpose and manner in which personal data is processed accordingly, this includes in respect of arrangements with customers who may access driver information.
Should there be a Data Processing Agreement between us?
As we are not your Data Processor the new Data Laws do not require us to enter into a data processing agreement in relation to you as a Data Controller. However, as you may know, the DVLA have recently changed their process and requirements for access to driver data and require existing driver consents under the old regime to be replaced with new declarations by drivers, which need to be in place by 25th August 2018, DVLA are also imposing obligations on all accessing driver information originating from DVLA driver records.
Accessing driver licence information via us as an intermediary supplier of driver licence services will, therefore, be subject to updated GDPR obligations required by DVLA which apply to us and you as a customer accessing driver data, this is the same obligation for everyone accessing driver information originating from the DVLA. The DVLA requirements substantially reflect the requirements each of us would have under GDPR obligations. We are providing updated information forming part of the Driver Hire / dh Licence Check terms of service which reflect those obligations, and which will apply to future engagement between us.
*Who is dh Licence Check?
dh Licence Check is a trading style of Driver Hire Training (DHT). DHT is Driver Hire Group Services Limited (incorporated and registered in England and Wales, company number 02216564) and/or DH People Plus Limited t/a Driver Hire Training (incorporated and registered in England and Wales, company number 04698770) whose registered offices are at Bradford Business Park, Kings Gate, Bradford, West Yorkshire, BD1 4SJ.