top of page

Data Privacy & Protection Policy

 The purpose of this policy is to establish the principles and practices for the protection of personal and sensitive data collected and processed by Jeff Vehicles. This policy ensures compliance with data protection laws and regulations and outlines  our commitment to safeguarding the privacy and confidentiality of individuals’ data. 

Data Protection Principles

  • Lawful processing: Jeff Vehicles will only collect, process, and use personal and sensitive data when there is a lawful basis for doing so, such as consent, contract necessity, legal obligation, legitimate interests, or the protection of vital interests. We adhere to all relevant legislation, including the General Data Protection Regulation (GDPR). 

​

  • Transparency: Individuals (candidates) will be informed about the purpose, use, and processing of their data at the time of collection or as soon as practicable thereafter, to include length of time it is preserved, how it’s used, and whether and how it is shared with other entities. 

​

  • Data minimisation: Jeff Vehicles will only collect data that is necessary for the specified purpose and will retain it only for as long as required. Jeff Vehicles will conduct and update periodically an inventory of all data that requires privacy protection and security.

​

  • Data accuracy: Reasonable efforts will be made to ensure the accuracy of data, and individuals have the right to request correction of inaccuracies. 

​

  • Security: Appropriate security measures, including encryption, access controls, and data breach response plans, will be implemented to protect data from unauthorised access, disclosure, alteration, or destruction. 

Data Collection and Consent 

Wherever required by law, Jeff Vehicles will obtain clear and unambiguous consent from individuals before collecting or processing their personal data, using the user agreement on the use of data and disclosures (provided separately to customers when signing up to our service). All customers have the option to decide how their data will be used. 

Continuity of Personal Data 

  • Legal compliance: In the event of business closure, sale, or acquisition, personal data will be transferred, retained, or securely deleted in accordance with legal requirements. 

​

  • Secure data disposal: If operations cease, data will be securely disposed of to prevent unauthorised access. 

Data Subject Rights 

  • Access and rectification: Data subjects have the right to access their data and request corrections, updates, or deletions. 

​

  • Data portability: Data subjects may request their data in a structured, commonly used, and machine-readable format for portability. 

​

  • Objection and restriction: Data subjects have the right to object to the processing of their data and request restriction under certain circumstances. 

​

  • Withdrawal of consent: Data subjects have the right to withdraw their consent at any time where processing is based on consent. 

Data Breach Response

Jeff Vehicles will promptly investigate and report data breaches to the appropriate regulatory authorities and affected individuals, as required by law. Steps will be taken to mitigate the impact of data breaches, prevent recurrency, and address vulnerabilities. 

Third-Party Data Processors 

When Jeff Vehicles engages third-party data processors, contracts will be established to ensure they comply with data protection regulations and safeguard the data in their custody. 

Policy Review 

This policy will be reviewed annually. Updates or changes to the policy will be communicated to all relevant personnel to ensure continued adherence to data protection and privacy laws and guidelines. We will not change, or modify this policy without prior notice to stakeholders, or before providing the opportunity to opt out. 

​

Reviewed by: Caitlin MacClay on 08/09/2025. 

bottom of page