DriveLink Ltd — Privacy Policy

Last updated: 11 June 2026

DriveLink Ltd ("DriveLink", "we", "us") is registered in England and Wales. We provide fleet compliance, fine notification, and operational services to fleet operators and their drivers.

1. Information we collect

Depending on how our services are used, we may collect and process the following categories of information.

Business and fleet data — company name and contact details, fleet size and operational metadata, client email domain, contract information.

Driver-related data provided by fleet operators — phone number as the primary contact identifier, name and email address where provided, vehicle assignment information, a persistent pseudonymous identifier assigned to each driver to enable continuity of compliance records across fleet engagements over time. This identifier is separate from personal contact details and is used for service delivery, quality improvement, and future driver-facing product development.

Vehicle and compliance data — vehicle registration numbers, fine and citation details including reference numbers, dates, locations, issuing authorities, and penalty amounts, payment confirmation references submitted by drivers, resolution timestamps and outcomes, notice types and contravention categories.

Usage and interaction data — message delivery and response events, action page interaction events, payment confirmation submissions, appeal notifications, resolution timelines, and exception handling records.

We do not collect national identity numbers, driving licence numbers, dates of birth, or home addresses as part of our current service.

2. How we use information

We use collected information to notify drivers of fines and compliance deadlines on behalf of their fleet operator, to facilitate fine payment workflows, to maintain complete operational audit trails, to measure response times and resolution outcomes, to produce aggregated operational insights for fleet clients, to assign and maintain a persistent pseudonymous driver identifier enabling continuity of compliance records across different fleet operators over time, and to develop internal analytics relating to compliance behaviour and operational performance.

3. Legal basis for processing

We process personal data on the following legal bases.

Fleet operator and vehicle data — legitimate interests in providing the contracted compliance service.

Driver contact details and fine information — legitimate interests where processing is necessary for the performance of the fleet compliance service on behalf of the fleet operator as data controller. Where drivers are contractor or agency workers, the fleet operator confirms prior to onboarding that their contracts permit DriveLink to contact those individuals about fine management on the operator's behalf.

Driver consent records — legal obligation to maintain immutable evidence of consent events.

Persistent pseudonymous identifiers — legitimate interests in service continuity and quality improvement. Where the persistent identifier is used for future driver-facing services beyond the current employer relationship, explicit consent is obtained through our driver opt-in process before any such processing begins.

Aggregated anonymised analytics — legitimate interests in service improvement where no individual driver or fleet operator is identifiable in the output.

4. Future services

DriveLink may develop additional services in the future that use compliance and interaction data collected through the current service. Drivers and fleet clients will be informed of any material expansion of data uses before those services are introduced, and where required by law, explicit consent will be sought before any new processing begins.

5. Driver opt-in and consent

When a driver is onboarded by their fleet operator, they receive an initial welcome message containing a link to our opt-in page. This page explains how DriveLink operates on behalf of their employer and invites drivers to confirm their details.

Drivers are asked to confirm acknowledgement of the service through a required tick box. A separate optional tick box invites drivers to consent to DriveLink retaining their compliance record for future driver-facing services beyond their current employment relationship. This second tick box is entirely optional and the service operates fully without it. Drivers may withdraw this consent at any time by contacting us at the details below.

All consent events are recorded immutably with a timestamp and the exact wording shown to the driver at the time of consent.

6. Messaging and communications

Drivers may receive SMS messages and, where applicable, WhatsApp messages relating to fines, deadlines, or compliance actions associated with vehicles they operate on behalf of their employer. Messages are sent on behalf of the fleet operator as data controller. Communications are transactional and operational in nature and are not marketing communications. Drivers who wish to stop receiving messages should confirm payment or appeal status through the link provided in any message they receive, or contact their fleet manager directly.

7. Payments

DriveLink does not process payments directly. Drivers are directed to the issuing authority's own payment portal to complete payment. DriveLink records payment confirmation references voluntarily submitted by drivers through our action page as part of the compliance audit trail but does not handle, store, or process payment card information.

8. Data sharing

We may share personal data with the following categories of third party service providers who process data on our behalf as data processors — cloud database and storage providers, workflow automation platforms, SMS and messaging providers, and document processing services. All third party processors are bound by data processing agreements requiring them to process data only on our documented instructions and in accordance with UK GDPR.

We may share data with issuing authorities where required for the resolution of a specific fine or compliance matter.

We do not sell personal data to any third party under any circumstances. A full list of our current subprocessors is available on request.

9. Data retention

We retain data only for as long as necessary for the purposes for which it was collected, subject to the following.

Fine and citation records are retained for the duration of the client contract plus three years for dispute resolution and legal compliance purposes. Driver contact details are retained for the duration of the active client relationship and deleted or anonymised within 90 days of contract termination unless the driver has provided explicit consent for retention beyond that period. Driver consent records are retained indefinitely as immutable legal evidence that consent was freely given. Anonymised and aggregated data in which no individual is identifiable is retained indefinitely. Payment confirmation references are retained for seven years for financial record purposes. Exception queue and audit trail records are retained for the duration of the client contract plus three years.

10. Data controller and processor responsibilities

In relation to driver and vehicle data, the fleet operator acts as the data controller and DriveLink acts as the data processor, processing data only on the documented instructions of the fleet operator under a formal data processing agreement. DriveLink acts as an independent data controller in relation to anonymised aggregated data and in relation to any data processed under explicit driver consent for future driver-facing services.

11. Security

DriveLink implements appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include database-level access controls and row-level security policies, encrypted data transmission, role-based access restrictions, credential management controls, and regular security testing prior to and during live operation. We notify affected individuals and relevant supervisory authorities of any data breach in accordance with our legal obligations under UK GDPR.

12. Your rights

Under UK GDPR you have the right to access personal data we hold about you, to request correction of inaccurate data, to request deletion of your data subject to legal and contractual obligations, to restrict or object to certain processing, to data portability where processing is based on consent or contract, and to withdraw consent at any time where processing is based on consent without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights please contact us at ceo@drivelink.co.uk. We will acknowledge your request within 72 hours and respond in full within one month in accordance with UK GDPR requirements. Where requests are complex or numerous we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.

You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk if you believe your data has been processed unlawfully.

13. Changes to this policy

We may update this policy from time to time. Where changes are material we will notify affected clients and drivers in advance. The current version will always be available on our website. The date at the top of this policy reflects when it was last updated.

14. Contact

DriveLink Ltd ceo@drivelink.co.uk Registered in England and Wales