Privacy Policy | Ensure Your Privacy Now

Beacon Telematics Ltd

Privacy Policy

Effective Date: 10/03/2026 | Last Updated: 10/03/2026

Compliant with UK GDPR, EU GDPR (Regulation 2016/679), and the UK Data Protection Act 2018

This Privacy Policy explains how [Company Name] ("we," "us," or "our") collects, uses, and protects your personal data when you use our vehicle and equipment asset tracking platform and associated services (the "Services"). It applies to all users of our Services, including business customers (B2B) and individual consumers (B2C).

We are the data controller for the purposes of UK GDPR and EU GDPR. Our registered address is 71-75 Shelton Street,Covent Garden ,UK,WC2H 9JQ. Our registration number is 16676941.

ℹ️ This policy uses plain language to explain your rights. Technical legal references are included in brackets for compliance purposes.

1. What Personal Data We Collect

1.1 Account & Contact Information

When you register for an account or contact us, we collect:

• Full name

• Email address

• Username and hashed password

1.2 Vehicle & Equipment Tracking Data

Our Services are built around tracking physical assets such as vehicles, plant machinery, tools, and equipment. We collect:

• Asset name, type, make/model, registration number, and serial number

• Real-time GPS location coordinates and historical location trails

• Journey logs, mileage, speed, and route data (for vehicles)

• Geofence entry/exit events and zone breach alerts

• Engine status, ignition events, and idle time data

• Equipment utilisation data, operating hours, and service schedules

• Check-in/check-out records, custodian assignments, and transfer history

• Photos, condition notes, and documents attached to asset records

1.3 Driver & Operator Data

Where your organisation configures driver identification features (e.g. driver ID fobs, mobile app logins), we may process:

• Driver name and employee/operator ID

• Trips assigned to individual drivers

• Hours of operation and driving behaviour data (harsh braking, acceleration, etc.)

ℹ️ If you collect driver behaviour data, you must ensure your employees are notified in accordance with employment law and UK/EU GDPR. See Section 9 for guidance.

1.4 Technical & Usage Data

When you access our platform (web or mobile), we automatically collect:

• IP address, browser type, and device identifiers

• Operating system and app version

• Pages and features accessed, session duration, and click-path data

• Error logs and crash reports

2. How We Use Your Data and Our Lawful Basis

Under UK GDPR / EU GDPR Article 6, we must have a lawful basis for processing personal data.

Where we rely on Legitimate Interests, we have carried out a Legitimate Interests Assessment (LIA) to ensure our interests are not overridden by the rights and freedoms of affected individuals. You may request a copy of our LIA by contacting us at info@beacontelematics.com

3. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipients:

3.1 Sub-processors & Service Providers

We use trusted third-party service providers who process data strictly on our instructions under Data Processing Agreements (DPAs) in accordance with Article 28 UK/EU GDPR. These include:

• Cloud infrastructure providers (e.g. AWS, Google Cloud, or Microsoft Azure)

• Payment processors (PCI-DSS compliant; they process card data directly)

• Email and notification delivery services

• Customer support software providers

• Analytics and platform performance monitoring tools

A current list of our sub-processors is available on request at info@beacontelematics.com

3.2 Within Your Organisation (B2B)

If you access our Services as part of a business account, your account administrators and authorised users within your organisation can access asset data, location history, and reports associated with that account. The account-holder organisation acts as a separate data controller for their employees' and operators' data.

3.3 Legal & Regulatory Disclosures

We may disclose data where required by law, court order, or a regulatory authority (e.g. ICO, national data protection authorities), or where necessary to protect the safety, rights, or property of any person.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of the business, personal data may be transferred to the successor entity. We will notify affected users via email and/or a prominent platform notice at least 30 days in advance.

4. International Data Transfers

Our Services are primarily operated from within the UK and/or EEA. Where we use sub-processors located outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs) under Article 46 GDPR

• Transfers to countries with a UK adequacy decision (e.g. EU member states) or EU adequacy decision

You can obtain a copy of the relevant transfer mechanism by contacting Info@beacontelematics.com

5. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Account and contact data: Duration of your account plus 7 years (for financial/legal compliance)

• Asset location history & journey logs: Up to 3 years from the date of recording, unless a shorter period is requested

• Driver behaviour data: 12 months rolling, unless your organisation configures a shorter window

• Technical/usage logs: 12 months

• Payment records: 7 years (UK financial record-keeping obligations)

When data is no longer required, it is securely deleted or anonymised. You may request early deletion of your data — see Section 6 for your rights.

6. Your Rights Under UK/EU GDPR

You have the following rights in relation to your personal data. These rights apply to individual consumers and, in some cases, to employees of B2B customers.

Right of Access (Article 15)

You can request a copy of all personal data we hold about you (a Subject Access Request or SAR). We will respond within one calendar month.

Right to Rectification (Article 16)

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure / 'Right to be Forgotten' (Article 17)

You can ask us to delete your personal data where there is no compelling reason for us to continue processing it. Note that some data may need to be retained to comply with legal obligations.

Right to Restriction of Processing (Article 18)

You can ask us to pause processing of your data in certain circumstances (e.g. while you contest its accuracy).

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you can receive your data in a structured, machine-readable format (e.g. JSON or CSV export).

Right to Object (Article 21)

You can object to processing based on Legitimate Interests, including profiling. You also have an unconditional right to object to your data being used for direct marketing.

Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent (e.g. marketing emails, non-essential cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Rights Related to Automated Decision-Making (Article 22)

We do not make solely automated decisions that produce significant legal or similarly significant effects about you. If this changes, we will update this policy and give you the right to request human review.

To exercise any of your rights, please contact us at [privacy@company.com] or write to [postal address]. We will respond within one calendar month. We do not charge a fee for requests unless they are manifestly unfounded or excessive.

If you are a B2B customer's employee, you should contact your employer in the first instance, as they may be the data controller for your data. We will direct such requests accordingly.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and platform. We comply with the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive.

7.1 Types of Cookies We Use

• Strictly Necessary: Required for the platform to function (login sessions, security tokens). No consent required.

• Functional: Remember your preferences (e.g. language, dashboard layout). Require consent.

• Analytics: Measure how you use the platform to help us improve it (e.g. page visit counts, errors). Require consent.

• Marketing (if applicable): Used to show relevant information about our Services. Require consent.

7.2 Managing Cookies

When you first visit our platform, you will be presented with a cookie consent banner. You can manage, update, or withdraw your consent at any time by clicking the "Cookie Settings" link in the footer of our website. You can also control cookies through your browser settings — note that disabling essential cookies may affect platform functionality.

8. Security of Your Data

We implement appropriate technical and organisational measures (TOMs) to protect your personal data against unauthorised access, accidental loss, destruction, or damage, in line with Article 32 UK/EU GDPR. Our measures include:

• TLS/SSL encryption for all data in transit

• AES-256 encryption for data at rest

• Role-based access controls and principle of least privilege

• Multi-factor authentication (MFA) for platform access

• Regular penetration testing and vulnerability assessments

• ISO 27001-aligned information security policies (or equivalent)

• Staff training on data protection and security awareness

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO (or relevant supervisory authority) within 72 hours in accordance with Article 33 UK/EU GDPR, and affected individuals without undue delay where required under Article 34.

To report a security concern, contact Info@beacontelematics.com

9. Special Notice: Tracking Employees and Vehicle Operators

If you are a business customer using our Services to track vehicles or equipment operated by your staff, you are acting as a data controller for your employees' personal data (including location and behaviour data). You must comply with UK/EU GDPR independently of our privacy practices.

Your obligations include:

• Informing employees and operators that they are being tracked, and for what purpose, before tracking begins

• Establishing a lawful basis for processing (typically Legitimate Interests or Contract, supported by a LIA)

• Implementing a clear, written employee privacy notice covering vehicle tracking

• Limiting data collection to what is strictly necessary (data minimisation)

• Establishing appropriate retention periods for journey and behaviour data

• Ensuring employee Subject Access Requests can be fulfilled

ℹ️ Covert tracking of employees is unlikely to be lawful under UK/EU GDPR without exceptional justification. Always seek independent legal advice if you intend to track staff without their knowledge.

We provide Data Processing Agreements (DPAs) for B2B customers to satisfy Article 28 GDPR requirements.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18 (or under 16 for B2C consumers in the UK and EU). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data about a minor, please contact us at Info@beacontelematics.com and we will delete it promptly.

11. Marketing Communications

We will only send you marketing emails or promotional communications if you have opted in to receive them. You can withdraw your consent and unsubscribe at any time by:

• Clicking the 'Unsubscribe' link in any marketing email

• Updating your preferences in your account settings

• Emailing Info@beacontelematics.com

We will process your opt-out within 5 working days. Note that you may still receive transactional and service-related messages (e.g. billing alerts, security notices) even after unsubscribing from marketing.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, applicable law, or best practice. When we make material changes, we will:

• Notify you by email to your registered address at least 14 days before the changes take effect

• Display a prominent notice on our platform

• Update the "Last Updated" date at the top of this policy

If you continue to use our Services after the updated policy takes effect, we will treat this as acceptance of the revised terms. For significant changes, we may seek fresh consent where required.

13. Right to Complain to a Supervisory Authority

If you are concerned about how we handle your personal data and we have not resolved your complaint to your satisfaction, you have the right to lodge a complaint with the relevant supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113

• European Union: Your national Data Protection Authority (DPA). A full list is available at edpb.europa.eu

We encourage you to contact us first at Info@beacontelematics.com so we can try to resolve your concern directly.

14. How to Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact:

Data Controller:

Beacon Telematics Ltd

71-75 Shelton Street,Covent Garden ,UK,WC2H 9JQ

Data Protection Officer (DPO):

Email: Info@beacontelematics.com

General Privacy Enquiries:

Email: Info@beacontelematics.com

Phone: 0161 706 2665

Response time: We aim to respond to all requests within 7 working days.