GDPR & Privacy

Data Processing & Storage

The following policies explain how Arrow Taxi Group obtain, store and process your personal information. We are committed to ensuring that your privacy is protected and are registered with the information commissioner’s office (UK) to ensure transparency and GDPR provision compliance (GDPR (EU) 2016/679). Should we ask you to provide certain information by which you can be identified when using our products and services, you can be assured that it will only be used in accordance with this privacy statement.

What Personal Data Do We Collect?

We may collect the following information when you use our products or services:

  • Name, telephone number and email address
  • Taxi booking information including the date & time, pickup location and destination
  • Additional information including Aeroplane flight number, luggage and child seat requirements

What Sensitive Data Do We Collect?

We will only collect the following information upon receiving specific authority to do so from individuals who have agreed to our terms & conditions and privacy policies.

  • Debit or credit card details (card number, expiry date, CVC and AVS)

How Do We Collect Or Obtain Your Personal Data?

  • When you input your data through electron forms on our website
  • When you input data through our mobile booking application
  • When you contact us by phone, email and writing
  • When you order goods or services from us
  • When you post or react to our social media channels

How Do We Collect Or Obtain Your Sensitive Data?

  • When you verbally tell us over the phone
  • When you input data through our mobile booking application

How Do We Process Your Personal Data?

All personal data relating to the booking of our services and products is processed using our cloud-based computer software provided by “icabbi limited”. Icabbi is registered as a data handler for the purposes of GDPR provision compliance (GDPR (EU) 2016/679). For full details of their privacy policies please visit:

https://www.icabbi.com/apps-privacy-policy

How Do We Process Your Sensitive Data?

All sensitive personal data relating to the payment of our services and products is processed using our cloud-based merchant providers “Judopay” and “Stripe”. Both Judopay and Stripe are PCI data security standard (PCI-DSS) level 1 compliant. This is the most stringent level of security certification available for card payments and ensures GDPR provision compliance (GDPR (EU) 2016/679).

For full details of their privacy policies and terms & conditions please visit https://www.judopay.com/legal/privacy-policy/ and https://stripe.com/gb/privacy

How Long Do We Store Your Personal & Sensitive Data

As required by law, all data is stored for a minimum period of six months from the point of service or purchase. After this period has lapsed, data can be deleted upon request.

Who Do We Share Your Personal & Sensitive Data With?

All data that is collected, processed and stored is secure and we do not share it with third parties. For details on how icabbi, Judopay & Stripe handle your data please visit the respective links above.

Upon lawful request from authorities, we are obliged to assist and share personal data.

What Happens In The Unlikely Case Of A Data Breach?

If a data breach was to occur the ICO and affected consumers would be notified within 72 hours. Arrow Taxi Group.

How Do We Detect A Data Breach?

Although unlikely, we must remain vigilant that a data breach could occur. Arrow Taxi Group have the latest cyber security and anti-virus software to ensure early detection and intervention.

Arrow Taxi Group have kept the “supply chain” very compact, communicating directly with icabbi, Judopay & Stripe, so that we can work in partnership to detect and inform of data breaches. Each member of the supply chain has stringent data policies and security and they have a duty of care to inform us of any data issues at the earliest possibility.

Data Protection Officer & What They Do?

We have a sole dedicated data protection officer who is registered with the ICO. You can contact our officer at anytime for enquiries or more information. The officer is responsible for overseeing the security and protection of both personal

and sensitive data. Our data protection officer is the only person who has access to sensitive data for the purpose of refunds and monitoring.

What Measures Do We Take To Ensure The Security Of Your Personal & Sensitive Data?

All members of office staff & drivers have received training and adhere to strict privacy & data protection policies. Arrow Taxi Group have kept the “supply chain” very compact, working directly with icabbi, Judopay & Stripe, so that we have a complete overview of how data is collected, processed and stored. Personal data is retained within our booking office cloud software (icabbi) at all times and only trained office staff have restricted access. Our data protection officer is the sole person who has restricted access to your sensitive data.

Schematic of our data collection methods and process supply chain