Crawfords’ – (“we”, “our”, “us”)
This is the collective term used to describe all those who have access to the Crawfords information and information systems
Or contact us directly:
Crawfords, 8 Concord Business Centre, Concord Road, London, W3 0TR.
The type of information and when we may collect it
- We collect the information you provide us when you contact us via our websites, mobile apps, email, telephone, social media or otherwise. In addition information may be collected when signing up to our newsletters, alerts, or by creating an account and then using our services.
- Information may be provided to us by your company/employer. Corporate customers may provide us with information about you when they sign up to use our services, this could include your name and business email address and phone number or other relevant information to assist the performance of our services.
- Information provided to us by a third party and/or collected from public records in the case of fraud or suspected fraud. We may obtain information from third parties and from public records to prevent and detect fraud.
- Many of the vehicles in our fleet are fitted with outward-looking dashboard cameras. Whilst these cameras do not film or record audio inside the vehicles, your image may be collected.
How we use your information
To perform our contract with you, we will use your information:
- To communicate with you;
- To provide you with ground transportation and/or courier services;
In order to provide you with the most effective and appropriate service, we will use your information:
- To identify bona fide users;
- To detect and prevent fraud and/or crimes;
- To meet customer service requirements and where required, for complaint handling and feedback;
- For reporting and data analysis purposes and to monitor and assess the quality of service;
- To administer any promotion, survey or feature available through our various services.
- For insurance purposes;
- To comply with our statutory and regulatory obligations, as required by the relevant licensing authorities;
- To assist in hosting events on behalf of a client/s;
- To provide quality assurance information including complaints, compliments and evaluations about our drivers;
- To sign you up for our newsletters or alerts;
- To contact you via telephone, email, SMS or via our apps;
- To utilise the information you provide to provide a more effective and responsive service. Such as vehicle types, specific collection points, support needs etc.;
- To enforce our terms and conditions;
- Where you have opted into a marketing opportunity, the email address you provide for order processing, may be used to send you information and updates pertaining to your order. These updates may on occasion also include company news, updates, related product or service information, etc.
Technical usage information
When accessing our services via our App or Website, we automatically collect the information sent to us by your device (computer, mobile, or other). This information includes:
- Your IP address;
- Device information such as, but not limited to, identifier, name, and type of operating system;
- Mobile network information;
- Standard web information, including the browser type and pages you access on our website;
- Hardware models, software, file names and versions, preferred languages, advertising identifiers, unique device identifiers, serial numbers and device motion information.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
To provide effective services and useful content to you, we collect this information in order to:
- To utilise the information you provide to provide a more effective and responsive service. Personalising our Websites and apps to ensure the content is presented in the most effective manner for you and your device;
- To monitor and analyse trends, usage and activity in connection with our websites, apps and services and to improve our services;
- To administer our websites and apps, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical analysis; or
- To maintain the safety and security of our websites and apps.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow). This enables the sites or service providers systems to recognize your browser and capture and remember certain information
If you would like to find more information about cookies and how to manage them please visit http://www.allaboutcookies.org/.
We receive information from other sources such as from analytic companies in the case of in-car wifi data usage and in the case of telematics data.
We use Google Analytics, which is a web analytic tool that helps us understand how users interact with our web services. Google Analytic uses first-party cookies to track user interactions, such as how users use our websites. This information is used to help us improve our websites. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our websites. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
- Fraud prevention: We use a combination of risk screening tools and manual intervention to ensure that customer profiles are not fraudulent. To do this, we match the personal data provided by customers against data fields such as name, email address, mobile number and we use this to accept or decline bookings.
- Marketing: We manually carry out customer segmentation for marketing purposes based on journey history. We use this to make our newsletters more relevant for market segments, such as promoting relevant journey types.
Disclosure of any information to outside parties
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
Categories of recipients include:
- Cloud storage providers located in the UK, to store your personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
- IT Services providers that provide us with SaaS services;
- Partner drivers based in the territory in which you request services.
- IT support service providers who support and maintain our booking platform and have access at our premises working on a secure server; and
- Our insurance company and claims handling companies, for the purpose of investigating and settling any insurance claims.
We may also release your information when we believe release is appropriate. For example, this may be to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
To limit the retention period of your personal data, we consider several criteria to ensure that we do not retain your personal data for longer than is necessary or appropriate. These criteria include:
- The purpose for which we hold your personal data;
- Our legal and regulatory obligations in relation to that personal data, for example our regulatory obligations to our licensing authorities, alternatively financial reporting obligations and;
- Whether we have a continuing relationship, for example, you have an active account with us, you continue to receive marketing communications, or you regularly browse or book on our websites or apps.
- Any specific request from you in relation to the deletion of your personal data; and
- Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
We will retain your information as follows:
- If you contact us via email, we will keep your data for 5 years;
- Records of bookings, lost property, and complaints for a minimum of 12 months (we are required to retain such data to comply with our regulatory requirements).
Where personal data is held
Crawfords’ holds personal data in secured environments, these can include: Our own secure servers, email accounts, desktops, employee-owned devices, paper files and backup storage.
We cannot guarantee the security of your information transmitted through the websites, apps, over email or via our call centre; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
Procedures in place for deletion
Accounts related data that is processed via our two database servers are subject to a 90 day non-usage review of the account, followed up by a 6 month review before the erasure or separation of any personal or sensitive data. Also upon request by the authorised account holder data will be deleted from both database servers within 30 days of the request followed up by a privacy notification and confirmation of the deletion. This can be done by contacting the CISO Ahmed Kamara on 020 8752 8099 or email email@example.com.
Data processed via email are subject to the Office 365 on board retention policy, this includes the purging of unfiled mail after 30 days.
Employee and mobile users including sub-processors who process data on behalf of our company are subject to a systematic 30 days deletion policy after the completion of a contractual obligation. This is achieved via our Freedom software which is downloaded onto mobile devices. On board encryption is also enabled on all our mobile devices which are set to delete all information on the device after multiple failed password attempts.
Your rights as a data subject
We have a robust process for dealing with costumer queries and subject access request is in place, this includes but not limited to the right to withdraw any processing of your personal data and to remove any personal or sensitive data. The request can be made via email or telephone to the CISO Ahmed Kamara on 020 8752 8099 or email firstname.lastname@example.org.
Our consumer query process is also used to monitor our customers, our data partner and our product/processes. Root cause analysis is applied to every enquiry, allowing us to identify if further action is required.
Your right to request from the controller restriction of processing of personal data can be applied upon request by the authorised account holder.
You have a right to lodge a complaint with a supervisory authority in regards to how your information has been handled. Please contact the Information Commissioner’s Office (ICO).
- Access: You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
- Correction: You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
- Portability: Where you have provided your personal data to us under contract, you have the right to ask us to share (port) this data to another data controller in a structured, commonly used, and machine-readable format.
- Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.
- Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data, save for storage.
- Objection: In certain circumstances, the right to restrict or object to our processing of your personal information (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data where your request is considered). You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act). We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.