Privacy at Shire

Purpose and Applicability

This Privacy Policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR), enacted under the Data Protection Act 2018. It governs the collection, processing, storage, and disclosure of personal data by SHIRE in connection with its provision of Hackney Carriage and related services. The scope extends to data acquired via our website, booking infrastructure, digital communication platforms, and operational systems.

​

Lawful Collection of Personal Data

Pursuant to Articles 5(1)(a) and 6(1)(a)-(f) of the UK GDPR, SHIRE collects personal data only where there is a lawful basis. No automatic processing of personally identifiable data occurs upon access to our digital platforms. Personal data is collected solely upon voluntary submission by the data subject, including but not limited to name, contact details, and service preferences, through contact forms, emails, messaging applications, or during use of our licensed transportation services.

​

Purpose Limitation and Processing Conditions

In accordance with Article 5(1)(b) and (c), data shall be processed for explicit, legitimate purposes, and only to the extent that is necessary for the fulfilment of such purposes. Processing is limited to and as permitted for legitimate interest only; such as facilitation of bookings, customer service functions, compliance obligations, and performance evaluation, and shall not be further processed in a manner incompatible with those original purposes unless permitted under Article 6(4).

​

Audio Recordings of Telecommunication

SHIRE records inbound telephone communications under the lawful basis of legitimate interests (Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)). Recordings are to serve training, evidentiary, and safeguarding functions. Although verbal notification may not be issued on each call, this written statement constitutes notice in accordance with transparency obligations under Article 13. Retention periods do not exceed 30 days except where further retention is mandated by legal, regulatory, or investigatory necessity—in which case recordings may be lawfully retained for a maximum of ten (10) years.

​

*Visual and Audio Surveillance via Dashcams* - inactive effective 22/05/2025

SHIRE vehicles are fitted with dashcams capturing visual, and where necessary, audio data under Article 6(1)(f) UK GDPR—legitimate interest in safety, fraud prevention, and legal claims. Audio is disabled before each journey and activated only when absolutely required under purpose limitation and processing conditions. Signage is clearly displayed, fulfilling legal obligations under the Data Protection Act 2018. Audio and Video recording auto-deletes after 48 hours unless needed for legal purposes, in which case retention may extend up to ten years, consistent with Article 5(1)(e).

Data Retention Practices

Personal data shall be retained only for as long as necessary to fulfil the purpose for which it was collected, subject to statutory obligations and audit requirements, in accordance with Article 5(1)(e). SHIRE maintains a retention schedule aligned with sector-specific guidance and regulatory expectations. Access is restricted to designated personnel, and processing is governed by confidentiality, data minimisation, and integrity principles.

Advertising and Feedback

SHIRE processes limited contact data to request feedback and share updates, relying on Article 6(1)(f)—legitimate interests in improving services and ensuring public confidence. Feedback requests are sent via SMS, WhatsApp, or email, with no more than three reminders per service. Where applicable, SHIRE uses the soft opt-in exemption under PECR or seeks prior consent. Users can opt out at any time via links or replies included in each communication.

 

Marketing Communications and Feedback Solicitation

SHIRE may contact past customers for feedback or related offers under Article 6(1)(f) UK GDPR—legitimate interest—and, where relevant, PECR’s soft opt-in clause. Communications are limited to three per service and never involve third-party marketing. All messages include clear opt-out options. Where consent is legally required, SHIRE obtains it in advance and honours any withdrawal requests without delay.

Permitted Disclosures Without Consent

Personal data may be shared without consent under Article 6(1)(c) or (e) of the UK GDPR, where required for legal compliance or public duties. Typical recipients include police, licensing authorities, and regulatory bodies. Each request is assessed to confirm legal grounds and proportionality. SHIRE will not release data without lawful justification and protects data subjects’ rights where disclosure lacks a statutory basis.

Anonymised Statistical Data

Where personal data is aggregated and anonymised in a manner that renders the individual no longer identifiable, such data ceases to fall within the scope of data protection legislation per Recital 26 of the UK GDPR. SHIRE may use such anonymised datasets for internal analysis, service optimisation, and performance reporting, including sharing with third parties for research or public interest purposes.

Use of Website Cookies
Standard email encryption is employed by Shire. Emails to and from Shire are not entirely impervious to digital vulnerabilities such as malware, trojans, ransomware, or akin threats.

Data Security Measures

SHIRE implements appropriate technical and organisational measures pursuant to Article 32 of the UK GDPR to ensure the confidentiality, integrity, and availability of personal data. This includes encrypted storage, access controls, and regular security reviews. While all reasonable precautions are taken, absolute data security cannot be guaranteed due to the evolving nature of cyber threats.

Electronic Communication Risks

SHIRE utilises standard encryption protocols for email transmission. However, it cannot warrant immunity from malware, phishing, ransomware, or other digital threats. Users are advised to implement robust security practices on their own systems when interacting electronically with SHIRE.

Legal Basis for Processing Activities

All personal data is processed on one or more of the lawful grounds specified under Article 6 of the UK GDPR, including consent, contractual necessity, legal obligation, protection of vital interests, public task, or legitimate interest. Special category data, if ever processed, shall only be handled in accordance with Article 9 and relevant provisions of the Data Protection Act 2018.

​

Consent and Notification of Policy Changes

By submitting personal data through any SHIRE channel (web, email, WhatsApp, SMS, or social media), the data subject affirms informed consent to the terms herein. SHIRE reserves the right to amend this policy in response to legislative updates, judicial rulings, or regulatory guidance. Continued use following modification constitutes implied acceptance.

​

Minors and Parental Authority

Where personal data is submitted by or on behalf of individuals aged 16 or under, verifiable consent from a parent or legal guardian is required prior to processing, in accordance with Section 9 of the Data Protection Act 2018. SHIRE disclaims liability for data collected without such disclosure.​

​

​Data Subject Rights

​​Pursuant to Articles 12–23 of the UK GDPR, data subjects have the right to access, rectify, restrict, erase, object to processing, and request data portability. Requests must be submitted in writing, accompanied by proof of identity. SHIRE shall respond without undue delay, and in any event within ninety (90) days, as permitted under Article 12(3), taking into account complexity and volume.

​​

Contact Information for Data Protection Matters

All queries, complaints, or subject access requests should be directed to our Data Protection Officer:
userdata@shirecabs.co.uk

European Resident Rights
If you are a European resident, you have the following rights related to your personal data:
• The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights. This is the purpose of this privacy policy.
• The right of access: You have the right to obtain access to your personal data to know what information is being processed and how.
• The right to rectification: If your personal information is inaccurate or incomplete, you have the right to have it corrected or completed.
• The right to erasure: Also known as the 'right to be forgotten,' you have the right to request the removal or deletion of your personal data where there is no compelling reason for its continued processing.
• The right to restrict processing: You have the right to restrict the processing of your personal information in certain circumstances.
• The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
• The right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Facilitation of these rights is pledged. Contact our Data Protection Officer at userdata@shirecabs.co.uk to invoke any of these rights.

Data Model
SHIRE employs a single-thread data model with all data associated with specific users. User data is not accessed unless for prognostication or in-house research or reporting. A reasonable amount of time and expenses may be requisite to furnish certain data due to its intricacy. In the event of authorities or court orders soliciting data in contravention of GDPR regulations, SHIRE will evaluate any request against applicable laws and only disclose where required or permitted by law

Contact Information
Information Commissioner’s Office 2nd Floor, Churchill House Churchill Way, Cardiff, CF10 2HH Telephone: 0330 414 6421 Email: wales@ico.org.uk Web: Information Commissioner’s Office (ICO)
Note: Non-European residents may also contact us to inquire about and exercise their data rights as outlined in this section.