Privacy Policy 

Comprehensive Regulatory Framework, Data Processing Protocols, and Terms of Engagement

1. Preamble and Scope of Application

 

 

 

 

By accessing brighouseminibushire.co.uk you signify your irrevocable assent to these protocols in their entirety.

2. Corporate Identity and Statutory Disclosures

 

 

 

 

 

 

 

  • Data Protection Officer (DPO) Liaison: Enquiries regarding data sovereignty should be directed to the administrative department at: contact@brighouseminibushire.co.uk

3. Taxonomic Definitions of Personal Data

“Personal Data” as defined herein encompasses any information relating to an identified or identifiable natural person. We collect and process various categories of data, including but not limited to:

  • Identifier Data: Surnames, forenames, aliases, and digital signatures.
  • Contact Metadata: Electronic mail addresses, telephonic contact numbers, and geographical billing coordinates.
  • Psychographic and Behavioural Data: Navigation paths, dwell times, and interaction heatmaps.
  • Special Category Data (Declarative): While we do not proactively seek Special Category Data (as defined by Article 9 of the UK GDPR), any such data voluntarily disclosed (e.g., specific accessibility requirements or medical transport needs) shall be processed under the lawful basis of explicit consent.

4. Lawful Basis for Processing (The “Article 6” Mandate)

The Controller processes Personal Data under the following hierarchical lawful bases:

  • Contractual Necessity (Art. 6(1)(b)): Processing is requisite for the formulation of a quotation or the execution of a transport agreement.
  • Legitimate Interests (Art. 6(1)(f)): Processing is necessary for the purposes of preventing fraudulent bookings and optimising logistical fleet deployment.
  • Legal Obligation (Art. 6(1)(c)): Processing is mandated by the Public Passenger Vehicles Act 1981 and subsequent safety regulations.

5. Third-Party Dissemination and Cross-Border Transfers

To facilitate the execution of transport services, the Controller operates within a broader logistical ecosystem.

  • Sub-Contracting and Partner Networks: Journey details may be transmitted to “Partner Carriers” (independent PSV operators) who act as Processors or Joint Controllers.
  • Digital Infrastructure: Data may be stored on servers managed by third-party Cloud Service Providers. While we prioritise UK-based storage, occasional processing may occur in jurisdictions deemed to provide “adequate protection” by the Secretary of State.

6. Technical and Organisational Measures (Security)

The Controller implements a rigorous “Privacy by Design” architecture. This includes, but is not limited to:

  • AES-256 Bit Encryption for data at rest.
  • TLS 1.3 Protocols for data in transit.
  • Pseudonymisation of non-essential identifiers within internal administrative databases.

7. Data Subject Rights (The “Chapter III” Rights)

Under current legislation, you possess the following non-absolute rights:

  • The Right of Access (Art. 15): To obtain confirmation of processing.
  • The Right to Erasure (Art. 17): Also known as the “Right to be Forgotten,” subject to statutory retention periods for transport logs (15 months) and financial records (7 years).
  • The Right to Data Portability (Art. 20): Transmission of data in a machine-readable format.

8. Comprehensive Cookie and Tracking Protocol

Our Site employs a multi-layered approach to tracking technologies.

  • Strictly Necessary: Essential for session management and anti-bot validation.
  • Persistent Performance Cookies: Utilised by Google Analytics 4 (GA4) to generate aggregate statistical models.
  • Targeting/Retargeting Beacons: We employ Meta Pixels and Google Tag Manager to synchronise our marketing efforts with your demonstrated interests. You may exercise your right to opt-out via the “Global Privacy Control” (GPC) signal or individual browser settings.

9. Limitation of Liability and Indemnification

To the maximum extent permitted by the laws of England and Wales, the Controller shall not be liable for any indirect, incidental, or consequential damages arising from the use of this Site. The User agrees to indemnify the Controller against any claims arising from the User’s breach of these Terms.

10. Modification and Severability

We reserve the right to amend this Framework at any time without prior notification. Should any provision be deemed unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

11. Regulatory Oversight

If you believe your data has been handled in a manner inconsistent with this Framework, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). However, we request the opportunity to address your concerns internally in the first instance.

12. Statutory Compliance: Cookies, AI Transparency, and Consumer Verification

In accordance with the Data Use and Access Act 2025 (DUAA) and the Digital Markets, Competition and Consumers Act (DMCC), the following protocols are strictly enforced:

  • 12.1 Cookie Consent Modernisation: Under the DUAA 2025, the Site distinguishes between ‘strictly necessary’ and ‘non-essential’ cookies. While consent is not required for fundamental site functionality (including load balancing and secure authentication), the Data Subject retains the right to refuse performance and targeting cookies. Our cookie banners comply with the 2026 ‘Transparency Standard’ by offering an equal ‘Reject All’ and ‘Accept All’ functionality.
  • 12.2 Testimonial and Review Verification: In compliance with the DMCC Act, the Controller takes reasonable and proportionate steps to ensure that all customer testimonials displayed on the Site are derived from genuine service users. Any incentivised reviews are clearly marked as such to prevent consumer deception.
  • 12.3 Automated Interaction (AI Disclosure): Should the Site employ the use of Large Language Models (LLMs) or generative artificial intelligence for customer support (Chatbots), the Data Subject shall be explicitly notified of the non-human nature of the interaction at the point of inception.
  • 12.4 Accessibility Standardisation: This Site aims to achieve the WCAG 2.2 AA standard. We utilise high-contrast visual elements and semantic HTML to ensure compatibility with screen-reading software and assistive technologies, in accordance with the 2025 updates to the Equality Act protocols.
Call Now Button