FleetGS

Last updated: April 2026

GDPR & Data Rights

FleetGS is committed to handling personal data responsibly and transparently. This page explains our approach to UK GDPR, the roles we play in processing your data, and — most importantly — how to exercise your rights.

1. Our commitment to UK GDPR

The UK General Data Protection Regulation (UK GDPR) — retained from EU GDPR following Brexit — is the primary data protection law in the United Kingdom. It gives individuals meaningful rights over their personal data and places obligations on organisations that process it.

FleetGS Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. We take our legal obligations seriously and have built data privacy into the platform from the ground up.

For detailed information about what data we collect and how we use it, see our Privacy Policy.

2. Our role in processing your data

Under UK GDPR, there is an important distinction between a Data Controller (who decides why and how data is processed) and a Data Processor (who processes data on the controller's behalf). FleetGS operates in both capacities depending on the context:

FleetGS as Data Controller

For account and billing data — including the name, email address, and payment details of the person or business subscribing to FleetGS — we are the Data Controller. We decide how this data is processed, and we're directly responsible for it.

FleetGS as Data Processor

For fleet and driver data entered into the platform by fleet managers — such as driver names, licence numbers, vehicle locations, and work hours — FleetGS acts as a Data Processor. The fleet manager (the business using FleetGS) is the Data Controller for this data and is responsible for ensuring it is processed lawfully.

Enterprise customers can request a formal Data Processing Agreement (DPA) from us. Email dpo@fleetgs.co.uk to request one.

3. Your data rights

UK GDPR gives you a range of rights over your personal data. Here's what each one means in practice:

Right to Access (Subject Access Request)

You have the right to request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR). We will respond within 30 days of receiving your request, providing a copy of the data along with information about how it's being processed.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. You can update most account information directly from your profile settings. For data that cannot be self-corrected, contact us and we'll fix it promptly.

Right to Erasure ("Right to be Forgotten")

In certain circumstances, you can ask us to delete your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

This right is not absolute — we may need to retain certain data to comply with legal obligations (e.g. HMRC records or DVSA compliance data).

Right to Restrict Processing

You can ask us to pause processing of your personal data in certain circumstances — for example, if you've contested the accuracy of the data and we need time to verify it. We will still store the data, but won't actively use it until the restriction is lifted.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format — and to transfer it to another service. FleetGS supports data export in CSV and JSON formats. You can request a full data export by contacting us or using the export feature in your account settings.

Right to Object

You have the right to object to processing of your personal data based on our legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately. For other legitimate interest processing, we will consider your objection and stop unless we have compelling legitimate grounds that override your interests.

Rights related to automated decision-making

You have the right not to be subject to decisions made solely by automated processing that produce legal or similarly significant effects. FleetGS does not currently make automated decisions of this nature. Where we introduce any automated scoring or profiling, we will update this page and inform affected users.

4. How to exercise your rights

To exercise any of your data rights, email us at:

dpo@fleetgs.co.uk

Please include your full name, the email address associated with your account, and a clear description of your request. We will respond within 30 days. In complex cases, we may extend this by a further two months — if so, we'll let you know within the first 30 days and explain why.

We may need to verify your identity before processing your request to prevent unauthorised access to personal data.

5. If you are a driver

If your employer uses FleetGS to manage their fleet, your personal data — such as your name, licence number, work hours, and vehicle location — may be held in the platform. In this situation, your employer is the Data Controller for that data, and FleetGS processes it on their behalf.

This means you should contact your employer in the first instance to exercise your data rights. They are responsible for responding to your request and can update or delete your data from within the platform.

If you believe your data is being processed unlawfully, or your employer is not responding to your request, you are welcome to contact FleetGS directly at dpo@fleetgs.co.uk and we will do our best to assist.

6. Data breach notification

In the event of a personal data breach, we will:

  • Notify the ICO within 72 hours of becoming aware, where the breach is likely to result in a risk to people's rights and freedoms
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • Keep a record of all breaches, including those that don't require notification

We have technical and organisational measures in place to minimise the risk of a breach, including encryption at rest and in transit, access controls, and regular security reviews.

7. Data Processing Agreement

Enterprise customers and organisations with specific compliance requirements can request a formal Data Processing Agreement (DPA) with FleetGS Ltd. A DPA sets out the obligations of each party in relation to personal data processing and is a requirement under UK GDPR where a controller uses a processor.

To request a DPA, email dpo@fleetgs.co.uk.

8. ICO registration and your right to complain

FleetGS Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. You can verify our registration on the ICO's public register.

If you are not satisfied with how we have handled your data or responded to your request, you have the right to lodge a complaint with the ICO:

We'd always appreciate the chance to address your concerns directly first — please contact us at dpo@fleetgs.co.uk before escalating to the ICO.