| Privacy Policy CCL – Vehicle Hire & Handover Management Application Effective Date: 3 June 2026 | Published by CCL Taxi Hire |
1. Introduction
CCL Taxi Hire (“we”, “our”, or “us”) operates the CCL mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our App.
The App is a business-to-business (B2B) tool used by authorised employees and operators of vehicle hire companies. By accessing or using the App, you agree to the practices described in this Policy.
| Important: The App is intended solely for use by authorised business personnel. It is not directed at consumers or individuals under the age of 18. |
2. Scope and Applicability
This Policy applies to all personal data processed through the App on Android and iOS devices. It covers data relating to:
- Registered operator/staff accounts
- Customers (vehicle hire clients) whose details are entered during a handover
- Drivers whose licence and personal details are recorded
3. Information We Collect
3.1 Account & Authentication Information
When you log in to the App, the following credentials are transmitted to our servers at api.supacab.com:
- Company code — identifies your organisation
- Username — your unique operator identifier
- Password — transmitted over HTTPS and never stored locally in plain text
Upon successful authentication, a secure token pair (access token and refresh token) is issued and stored on your device using encrypted secure storage (iOS Keychain / Android Keystore). Biometric authentication (fingerprint / Face ID) may be used on supported devices to unlock the App; biometric data is processed entirely on-device by the operating system and is never transmitted to our servers.
3.2 Customer & Driver Personal Data
During a vehicle handover workflow, the following personal data relating to the customer or driver is recorded:
- Full name
- Email address
- Residential address
- Driving licence number
- Driving licence expiry date
- DVLA check confirmation status
This data is sourced from the operator’s booking system and is displayed in the App for verification purposes.
3.3 Vehicle & Inspection Data
As part of the pre-handover vehicle inspection, the following data is collected:
- Fuel level reading
- Odometer reading (km or miles)
- Vehicle condition notes
- Presence of tools and spare wheel
- Damage assessment markers (position and damage type)
- Photographs: front, nearside (left), offside (right), rear, and odometer
3.4 Digital Signatures & Consent Records
The App captures legally-binding digital signatures and consent records, including:
- Customer liability waiver signature and acceptance timestamp
- Customer insurance agreement signature and acceptance timestamp
- Operator / staff member name and countersignature
Signatures are captured as vector image data, timestamped, and submitted to our servers as part of the completed handover record.
3.5 Customer Photograph
A photograph of the customer may be taken using the device camera at the point of handover for identity verification purposes. The customer’s informed consent is required before the photograph is captured.
3.6 Device & Technical Data
We do not use third-party analytics SDKs (e.g. Firebase Analytics, Mixpanel). Basic technical information may be transmitted in standard HTTP request headers (e.g. user-agent, IP address) when the App communicates with our API, as is standard for any networked application.
4. How We Use Your Information
Service Delivery
To authenticate users, retrieve booking data, and record completed vehicle handovers.
Legal Compliance
To maintain auditable records of vehicle condition, signatures, and consent at the point of hire, as required by applicable vehicle hire regulations.
Identity Verification
To verify the identity of the driver/customer against their driving licence and booking record.
Damage & Liability Records
To create timestamped, photographic, and signature-backed records that protect both the operator and the customer in the event of a dispute.
Security
To detect and prevent unauthorised access to operator accounts and booking data.
Service Improvement
Aggregated, anonymised usage patterns may be analysed to improve App functionality. No individual user is identified in this process.
5. Legal Basis for Processing (UK / EU GDPR)
Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:
Contractual necessity (Art. 6(1)(b))
Processing operator account data and handover records is necessary to perform the vehicle hire service contract.
Legitimate interests (Art. 6(1)(f))
Maintaining vehicle condition records, damage assessments, and audit trails serves the legitimate interests of the operator and their customers.
Legal obligation (Art. 6(1)(c))
Certain records may be required to be maintained under applicable vehicle hire and consumer protection legislation.
Consent (Art. 6(1)(a))
The customer photograph is captured only with the individual’s explicit consent, which can be withdrawn at any time.
6. Data Sharing and Disclosure
We do not sell, rent, or trade personal data. We may share data in the following limited circumstances:
- With the operator organisation that employs the App user, as part of their booking and fleet management records.
- With trusted infrastructure providers (cloud hosting, databases) who process data on our behalf under binding data processing agreements.
- Where required by law, court order, or regulatory authority.
- In connection with a merger, acquisition, or sale of all or part of our business, subject to standard confidentiality protections.
7. Data Storage and Security
All data submitted by the App is transmitted over HTTPS (TLS 1.2+) to our API at api.supacab.com. Authentication tokens are stored on-device using platform-level encrypted secure storage (iOS Keychain / Android Keystore).
We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. However, no method of electronic transmission or storage is 100% secure.
| On-device storage: authentication tokens use encrypted secure storage. App preferences (non-sensitive) use standard shared preferences. No personal customer or driver data is persisted locally beyond the active session. |
8. Data Retention
Handover records, photographs, and signatures are retained for as long as necessary to fulfil the purposes outlined in this Policy and to comply with applicable legal, regulatory, and contractual obligations — typically a minimum of seven (7) years for vehicle hire liability records.
Operator account data is retained for the duration of the business relationship. Upon termination of a contract, data is anonymised or securely deleted within 90 days unless a longer retention period is required by law.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete data.
Right to erasure
Request deletion of your data where there is no compelling reason for its continued processing.
Right to restriction
Request that we limit how we use your data in certain circumstances.
Right to data portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent
Where processing is based on consent (e.g. customer photograph), withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@ccltaxihire.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk/concerns.
10. Children’s Privacy
The App is designed exclusively for use by adult business professionals in a commercial vehicle hire context. We do not knowingly collect personal data from individuals under the age of 18. If you become aware that a minor has provided data through the App, please contact us at privacy@ccltaxihire.co.uk and we will take steps to delete that information.
11. Third-Party Services and Links
The App does not currently integrate third-party advertising networks, social media plugins, or consumer analytics platforms. If this changes, this Policy will be updated accordingly.
Our API backend is hosted at api.supacab.com. Any links to external websites displayed within the App are subject to those websites’ own privacy policies, for which we are not responsible.
12. International Data Transfers
If personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure that appropriate safeguards are in place (e.g. Standard Contractual Clauses, adequacy decisions) to protect your data in accordance with the UK GDPR and applicable law.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this document and notify users via an in-app notice or email. Continued use of the App after changes are posted constitutes acceptance of the revised Policy.
We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
| Company | CCL Taxi Hire |
| Address | 5 Conhope Ln, Newcastle upon Tyne NE4 8XL |
| privacy@ccltaxihire.co.uk | |
| Website | ccltaxihire.co.uk/privacy-policy |
This Privacy Policy was last updated on 3 June 2026. It applies to the CCL application (Android & iOS) published by CCL Taxi Hire, 5 Conhope Ln, Newcastle upon Tyne NE4 8XL.