Customer Privacy Notice
Cresta Cars Manchester Ltd will be what is known as the ‘Controller’ of the personal data you provide to us. Cresta Cars Manchester Ltd company registration number is 01424229 and its registered address is 1 Knowsley Street, Manchester, M8 8QN.
If you wish to contact us regarding the data we hold on you please email firstname.lastname@example.org or send a letter to the Data Processing Officer, Cresta Cars, 1 Knowsley Street, Manchester, M8 8QN.
What we need:
Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any special categories of personal information about you (often known as sensitive personal data). This information does, however, include:
- Telephone numbers
- Email addresses
Account customers will be asked further information to validate the account customer details including Account codes, docket numbers, passwords and name of the person making the booking.
Why we need it:
Our lawful basis for processing your data is to fulfil our contractual obligations to you. If you do not wish to provide us with this information we are unable to process your booking request. We will not collect any personal data from you that we do not need in order to provide and oversee the services we have agreed to provide you with.
What we do with it:
All the personal data we hold about you will be processed by our staff, it will be input onto our Autocab (Ghost) booking systems and shared with your self-employed private hire driver for the purpose of fulfilling your requested journey. If you make a complaint or lost property enquiry we will store your data on our internal office systems. Also, all of our calls are recorded for quality and training purposes.
All staff and self-employed private hire drivers are situated in the United Kingdom and no third parties will have access to your personal data unless there is a legal obligation for us to provide them with this i.e. Police authority, Local Councils, Government Bodies etc. Please be aware, however, that your information may be stored on a cloud-based system whose servers are located within the European Union.
For our Account customers your booking information will be shared with our drivers at times they request their credit sheets, these credit sheets will hold information of journeys they have completed for you. Once the credit sheet is passed to a self-employed private hire driver the driver then becomes the ‘controller’ of the data they have supplied journeys for.
We will regularly process some of your data for legitimate interests such as analysis of routes, fares, booking statistics etc.
Personal data and booking information relating to debit or credit card bookings made via our office or on our booking App, maybe shared with third party companies such as Sage Pay, World Pay, Curb, Local Police Authority etc. Your information will only be shared in detail should your bookings be linked to fraudulent transactions of any kind. Please see our App Terms & Conditions for full details.
We take all reasonable steps to ensure that your personal data is processed securely.
Where is my data stored:
Ghost Cloud data is all stored on Microsoft Azure instances.
Microsoft Azure is both ISO 27001 and ISO 27018 certified. Autocab systems data storage is registered with the Information Commissioner’s Office (ICO), and comply with all data protection regulations.
Our internal systems utilises secure online hosting for the storage of business and personal data – this hosting is provided by Microsoft Corporation with all data hosted in secure EU-Based Tier 4 data centres. Access to these data centres is restricted and protected by several tiers of physical and logical security including bio-metric restricted access and 24x7x365 monitoring. Cresta Cars network is protected by industry leading security appliances with network access restricted to Cresta Cars and its authorised business partners only on a least-privilege model. All systems are protected by multiple layers of authentication and password protected to restrict user access.
How secure is my data:
Your data is stored in a secure data centre, with multiple levels of security including crash barriers, complete CCTV coverage, motion sensors, trip lights, state of the art alarms, and roving guards. The centre has reinforced access doors, digital key storage systems, multiple pin entry systems, electronic and physical access logging, and an array of other physical security measures designed to stop someone getting into the building. Even if they do, the servers are all physically and separately secured. The servers are all protected with a digital gateway which means multiple layers of security requiring different levels of authorisation. All booking and internal systems are name and password protected as are all driver PDA equipment.
How long we keep it:
We will generally keep your data for as long as you are a customer using our services, however booking details are removed from our systems every 6 months. Once a booking has been dispatched to a driver your information will be stored on the PDA device for a period of 24 hours. If you make a complaint or lost property enquiry this data will be kept for a period of no more than 2 years. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information.
Account customer details will be kept for a period of 7 years after you cease to be a customer. We may need to keep your information for longer in line with HMRC requirements.
You may request deletion of your records, to do so please use the contact information at the top of the page. Once your request has been received your records will be deleted. In certain circumstances, Cresta Cars may be unable to delete your records due to outstanding invoices, fares owed or any claims of abusive behaviour towards our staff or self-employed private hire driver.
If you are unhappy about how your personal data has been used please contact us on the details at the top of the page. You also have the right to make a complaint with the Information Commissioner’s Office (ICO) who regulates the processing of personal data.