Privacy at Shire

Purpose and Applicability

This Privacy Policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR), enacted under the Data Protection Act 2018. It governs the collection, processing, storage, and disclosure of personal data by SHIRE in connection with its provision of Hackney Carriage and related services. The scope extends to data acquired via our website, booking infrastructure, digital communication platforms, and other operational mechanisms.

​

Lawful Collection of Personal Data

Pursuant to Articles 5(1)(a) and 6(1)(a)-(f) of the UK GDPR, SHIRE collects personal data only where there is a lawful basis. No automatic processing of personally identifiable data occurs upon access to our digital platforms. Personal data (excluding audio and video recording though VPIS) is collected solely upon voluntary submission by the data subject, including but not limited to name, contact details, and service preferences, through contact forms, emails, messaging applications, or during use of our licensed transportation services.

​

Purpose Limitation and Processing Conditions

In accordance with Article 5(1)(b) and (c), data shall be processed for explicit, legitimate purposes, and only to the extent that is necessary for the fulfilment of such purposes. Processing is limited to and as permitted for legitimate interest only; such as facilitation of bookings, customer service functions, compliance obligations, and performance evaluation, and shall not be further processed in a manner incompatible with those original purposes unless permitted under Article 6(4).

​

Subcontracted Service Provision

To fulfil certain bookings, SHIRE may share limited personal data—such as name, contact number, and pickup/drop-off locations—with trusted third-party service providers or subcontractors. This processing is carried out under Article 6(1)(b) and (f) UK GDPR for contract fulfilment and legitimate interest. All subcontractors are required to handle data securely and only for the intended purpose.

​

Audio Recordings of Telecommunication

SHIRE records inbound telephone communications under the lawful basis of legitimate interests (Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)). Recordings are to serve training, evidentiary, and safeguarding functions. Although verbal notification may not be issued on each call, this written statement constitutes notice in accordance with transparency obligations under Article 13. Retention periods do not exceed 30 days except where further retention is mandated by legal, regulatory, or investigatory necessity—in which case recordings may be lawfully retained for a maximum of ten (10) years.

​

*Visual and Audio Recordings via Dashcams* - inactive effective 22/05/2025

Vehicles are equipped with 360° four-channel (4CH) dashcams capturing visual and audio data under Article 6(1)(f) of the UK GDPR, on the basis of SHIRE’s legitimate interests in ensuring public safety, monitoring driver conduct, preventing fraud, and supporting compliance with legal or regulatory duties. In some cases, processing may also be supported under Article 6(1)(c) where required by law.

Audio recording functionality is enabled by default for these limited purposes. However, dashcams in use do not record audio continuously; captured in short buffered intervals, ensuring compliance with data minimisation and proportionality principles under Article 5(1)(b)–(c).

Clear signage is displayed in each vehicle to meet transparency requirements under the Data Protection Act 2018. Recorded footage is not accessed unless a legitimate interest arises in connection with an incident, investigation, or statutory duty. All recordings are auto-deleted after 48 hours unless lawful grounds justify extended retention, in which case data may be retained for up to ten years in accordance with Article 5(1)(e).

Data Retention Practices

Personal data shall be retained only for as long as necessary to fulfil the purpose for which it was collected, subject to statutory obligations and audit requirements, in accordance with Article 5(1)(e). SHIRE maintains a retention schedule aligned with sector-specific guidance and regulatory expectations. Access is restricted to designated personnel, and processing is governed by confidentiality, data minimisation, and integrity principles.

Feedback, Advertising and Marketing

SHIRE processes limited contact data to request feedback, share updates, and occasionally provide related offers, relying on Article 6(1)(f) UK GDPR—legitimate interests in improving services and maintaining public confidence. Feedback and marketing communications are sent via SMS, WhatsApp, or email, limited to no more than three messages per service, and never include third-party marketing. Where applicable, SHIRE relies on the PECR soft opt-in exemption (Regulation 22(3)) to send such communications without prior consent, provided customers were informed at the point of data collection and are always given clear, easy options to opt out via links or replies. Where explicit consent is legally required, SHIRE obtains it beforehand and respects any withdrawal of consent promptly.

Permitted Disclosures Without Consent

Personal data may be shared without consent under Article 6(1)(c) or (e) of the UK GDPR, where required for legal compliance or public duties. Typical recipients include police, licensing authorities, and regulatory bodies. Each submission or data share is assessed to confirm legal grounds and proportionality. In compliance with Articles 5 and 6 of the UK GDPR, SHIRE limits personal data sharing with third parties to cases with lawful basis, including statutory or regulatory obligations. Requests from police or local authorities with prior data breach records are subject to strict scrutiny to ensure lawfulness, necessity, and proportionality. SHIRE will refuse disclosure lacking a lawful basis to protect data subjects’ rights under Articles 12–23 of the UK GDPR.

Anonymised Statistical Data

Where personal data is aggregated and anonymised in a manner that renders the individual no longer identifiable, such data ceases to fall within the scope of data protection legislation per Recital 26 of the UK GDPR. SHIRE may use such anonymised datasets for internal analysis, service optimisation, and performance reporting, including sharing with third parties for research or public interest purposes.

Use of Website Cookies
Standard email encryption is employed by Shire. Emails to and from Shire are not entirely impervious to digital vulnerabilities such as malware, trojans, ransomware, or akin threats.

Data Security Measures

SHIRE implements appropriate technical and organisational measures pursuant to Article 32 of the UK GDPR to ensure the confidentiality, integrity, and availability of personal data. This includes encrypted storage, access controls, and regular security reviews. While all reasonable precautions are taken, absolute data security cannot be guaranteed due to the evolving nature of cyber threats.

Electronic Communication Risks

SHIRE utilises standard encryption protocols for email transmission. However, it cannot warrant immunity from malware, phishing, ransomware, or other digital threats. Users are advised to implement robust security practices on their own systems when interacting electronically with SHIRE.

Legal Basis for Processing Activities

All personal data is processed on one or more of the lawful grounds specified under Article 6 of the UK GDPR, including consent, contractual necessity, legal obligation, protection of vital interests, public task, or legitimate interest. Special category data, if ever processed, shall only be handled in accordance with Article 9 and relevant provisions of the Data Protection Act 2018.

​

Consent and Notification of Policy Changes

By submitting personal data through any SHIRE channel (web, email, WhatsApp, SMS, or social media), the data subject affirms informed consent to the terms herein. SHIRE reserves the right to amend this policy in response to legislative updates, judicial rulings, or regulatory guidance. Continued use following modification constitutes implied acceptance.

​

Minors and Parental Authority

Where personal data is submitted by or on behalf of individuals aged 16 or under, verifiable consent from a parent or legal guardian is required prior to processing, in accordance with Section 9 of the Data Protection Act 2018. SHIRE disclaims liability for data collected without such disclosure.​

​

​Data Subject Rights

​​Pursuant to Articles 12–23 of the UK GDPR, data subjects have the right to access, rectify, restrict, erase, object to processing, and request data portability. Requests must be submitted in writing, accompanied by proof of identity. SHIRE shall respond without undue delay, and in any event within ninety (90) days, as permitted under Article 12(3), taking into account complexity and volume.

​​

Contact Information for Data Protection Matters

All queries, complaints, or subject access (SAR) requests should be directed to our Data Protection Officer:
userdata@shirecabs.co.uk

European Resident Rights
If you are a European resident, you have the following rights related to your personal data:
• The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights. This is the purpose of this privacy policy.
• The right of access: You have the right to obtain access to your personal data to know what information is being processed and how.

• The right to rectification: If your personal information is inaccurate or incomplete, you have the right to have it corrected or completed.
• The right to erasure: Also known as the 'right to be forgotten,' you have the right to request the removal or deletion of your personal data where there is no compelling reason for its continued processing.
• The right to restrict processing: You have the right to restrict the processing of your personal information in certain circumstances.
• The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
• The right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Facilitation of these rights is pledged. Contact our Data Protection Officer at userdata@shirecabs.co.uk to invoke any of these rights.

Data Model
SHIRE employs a single-thread data model with all data associated with specific users. User data is not accessed unless for prognostication or in-house research or reporting. A reasonable amount of time and expenses may be requisite to furnish certain data due to its intricacy. In the event of authorities or court orders soliciting data in contravention of GDPR regulations, SHIRE will evaluate any request against applicable laws and only disclose where required or permitted by GDPR regulation.

Contact Information
Information Commissioner’s Office 2nd Floor,

Churchill House Churchill Way, Cardiff, CF10 2HH

Telephone: 0330 414 6421

Email: wales@ico.org.uk 

Note: Non-European residents may also contact us to inquire about and exercise their data rights as outlined in this section.